Slashdot Mirror
Apple Seemingly Unable To Recover Data From 2018 MacBook Pro With Touch Bar When Logic Board Fails (macrumors.com)
An anonymous reader shares a report: In 2016, when Apple introduced the first MacBook Pro with Touch Bar models, the repair experts at iFixit discovered the notebooks have non-removable SSDs, soldered to the logic board, prompting concerns that data recovery would not be possible if the logic board failed. Fortunately, that wasn't the case. Apple has a special tool for 2016 and 2017 models of the MacBook Pro with Touch Bar that allows Genius Bars and Apple Authorized Service Providers to recover user data when the logic board fails, but the SSD is still intact. [...] But, unfortunately, it appears the tool will not work with the latest models.
Last week, iFixit completed a teardown of the 2018 MacBook Pro, discovering that Apple has removed the data recovery connector from the logic board on both 13-inch and 15-inch models with the Touch Bar, suggesting that the Customer Data Migration Tool can no longer be connected. MacRumors contacted multiple reliable sources at Apple Authorized Service Providers to learn more, and based on the information we obtained, it does appear that the tool is incompatible with 2018 MacBook Pro with Touch Bar models. Multiple sources claim that data cannot be recovered if the logic board has failed on a 2018 MacBook Pro. If the notebook is still functioning, data can be transferred to another Mac by booting the system in Target Disk Mode, and using Migration Assistant, which is the standard process that relies on Thunderbolt 3 ports.
Last week, iFixit completed a teardown of the 2018 MacBook Pro, discovering that Apple has removed the data recovery connector from the logic board on both 13-inch and 15-inch models with the Touch Bar, suggesting that the Customer Data Migration Tool can no longer be connected. MacRumors contacted multiple reliable sources at Apple Authorized Service Providers to learn more, and based on the information we obtained, it does appear that the tool is incompatible with 2018 MacBook Pro with Touch Bar models. Multiple sources claim that data cannot be recovered if the logic board has failed on a 2018 MacBook Pro. If the notebook is still functioning, data can be transferred to another Mac by booting the system in Target Disk Mode, and using Migration Assistant, which is the standard process that relies on Thunderbolt 3 ports.
Back up frequently, and always.
I store all my data in the Cloud where it is safe.
Bet that Apple's solution will be "make better backups, we'll sell you 1TB of iCloud for a low, low price." (push, push, nudge, nudge)
Ah well, one more reason not to buy "computers" with everything soldered in and no ports to speak of.
...or just buy a "computer" that works for you, and not to the manufactors agenda of complete and total vendor locking...
That's nice when you're traveling and don't want to carry an external storage device, and either choose not to trust the "cloud" with your data, or don't have the mobile bandwidth for it to work well. Why not give users a CHOICE of removing the internal storage device to recover their data?
Because Apple, that's why? Instead of a $100 SSD upgrade, they want to foist an entire new laptop on their users. Plus they can upsell iCloud space based on the risk of data loss.
Marketeers are arseholes, and Apple are the worst of the worst.
COURAGE!
Agile Spaceport - You will never find a more wretched hive of scrum and villainy. We must be cautious.
...or just buy a "computer" that works for you, and not to the manufactors agenda of complete and total vendor locking...
Because lots of other "vendors" have "stores" all over the place where you can take your "computer" to have the data restored.
Oh, and for God's sake, turn on backups people.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I really hated them before OS X came out.
Then I gained an admiration for their hardware and software.
Then I became a little disenfranchised over their attempts at lock-in, but still liked their hardware.
I adopted a policy of using non-Apple software on Macs (mostly cross-platform stuff) and using their hardware when available.
The price of their hardware ensured I didn't actually buy it, just used it when given to me or at work. I found PC to be a lot better bang for the buck.
Now I've got plenty of dated Apple hardware running Linux, but I'm not sure I'll even want future old Apple hardware with this crap in mind.
The preceding post was not a Slashvertisement.
Hey, any laptop older than five years isn’t going to get fixe for spectre or meltdown anyways. Don’t think its the last time Intel or AMD won’t take it upon themselves to make sure you need to upgrade.
Maybe devices are in fact just done after 5 years and most of the original folks who worked on it, moved onto something else.
Let’s pretend that technical debt doesn’t exist for any platform because it’s just easier that way to support our biases for or against Apple.
I feel like there is a ‘my ten year old laptop runs fine’ train waiting to go off the rails and if spectre/meltdown weren’t telegraphing it, then our industry and users aren’t paying attention.
If the computer has a removable HDD and only the motherboard failed, one can take the computer to a third-party repair shop which will stick the drive in a "sled" and recover the data. (Even if encrypted, as long as the user knows the appropriate passphrases.)
The ideal is NOT to need a specially blessed authorized dealer to work on the damn things.
Between having only USB Type-C ports, not being able to interface with most displays (even after you purchase the expensive adapter), that user unfriendly "touch bar", a kludgy keyboard and what I consider to be a rather slow boot-up and shutdown process, this latest MacBook is the worst I've ever owned
.
Considering the price premium you pay for that Apple symbol on the cover, this computer should cook you breakfast in the morning, including brewing the espresso and bringing it to your bedside.
I was shocked by how badly this system missed the mark
Yeah, actually, there are thousands and thousands of places nationwide in the USA that you can bring computers for data recovery if the main board fails. Have been for decades and decades.. Unlike "Genius" bars, these places will work on all manner and make of computer as well.
You pay for it one way or another. AppleCare, store warranty, out of pocket.
I've been recovering data from failed tech for way longer than this Apple craze.
I have a couple of robocopy scripts I wrote years ago for a client.
Nothing fancy, just copy everything from the source which is newer than the target.
I run one backup to a second internal HD, a second backup to an external HD, and a third backup to a second external HD. Each pass only copies what is newer, and ignores the rest so it doesn't take that long after the initial run.
I've given these to my wife and various friends for their own needs. My wife religiously backs up her data to an external HD now, as do several of the people I've given the scripts to.
The only way to be sure you're getting your data back is to run your own damned backup. And I don't mean some proprietary format you can't get the files from, I mean a straight up filesystem copy.
The last few times I've had an HD fail or a machine keel over, I just copy my own data back and I'm good to go in a fairly short time.
I'm still amazed to see people who work in IT lose everything because setting up some form of backup to a cheap HD was too inconvenient. Losing your data is inconvenient, setting up a backup, not so much.
a$$..es
As soon as I won't need it for iOS development , I will ditch it immediately.
iCloud is designed by idiots for idiots - yesterday I tried to sort image album by date. I have done it in many gallery softwares and cloud platforms and though it will take 5min. But Apple iCloud kindly arranges photos itself.
(Even if encrypted, as long as the user knows the appropriate passphrases.)
Unless the passphrase is made more secure by having it only gain access to the key through a secure enclave chip (so that you can't brute force the password). That chip is on the touch bar in these models.
I agree that sacrificing repairability to make a computer slimmer is a terrible idea, but it's 2018. If you're not encrypting a portable device then you shouldn't leave the house with it.
I can recover data from any non failed hard drive that uses a SATA or IDE connector. So like 99% of the consumer hard drives made in the past 20 years.
You cannot do that with these Macs. That makes them in this respect at least functionally inferior. You cant really claim they saved all that much money by removing the standard connector, or even their proprietary one. And looking at the price tag, even if they saved money, it didn't get passed on to the consumer.
what's a computer?
As the X4 link will limit high end flash storage + forced raid 0 is bad.
People may want choice of raid 1 / raid 5 / raid 6 / raid 10. Say with 4 flash cards that all can be done. But 4 flash cards one X4 link shared with other io and hopefully not stacked on the dmi bus. Also M.2 cards not the apple only cards.
Apple also needs to offer an build in cheaper sata ssd or even say at least one 1 spinner disk as an choice as well In there desktops. Maybe not the mini as it may be to big to fit.
Why is that not an choice?
With a removable hard drive/SSD, you can swap it for a "clean" one while traveling abroad to avoid border guards abusing their authority and (say) stealing sensitive corporate or medical data. Takes five minutes on an older MacBook or (better yet) a Thinkpad.
If the thing is soldered in, your only choice is full backup, zero, reformat, reinstall or carry two computers.
As a matter of fact, they do. For that matter, the job is well within the reach of a teen who's good with computers. If you don't know one, ask google for computer repair shop near you.
Stil no story about /.'s PEDO hero FElon Musk retutning parts to suppliers for refunds?
BIGLY what a grrrreat car company!
If you have your data on a removable drive, sure, take it wherever you want.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
This can be solved by requiring a passphrase of a certain length and complexity to allow boot. Design it so it decrypts a key that in turn decrypts another key that gives access to the drive. Make the entire initial process take a second or five to drastically slow down attempts at forcing encryption.
It might be able to be brute-forced in a few years...
no cash = fees and bullying small shops.
I'm sorry jay but your shop can't have an minimum on our card system.
And don't buy a ShitBook Poo
And there are no third-party shops that do Apple data recovery?
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I tried to backup my Macbook, but the battery dies before I can transfer to the external drive, and the usb port is also the charge port.................
better take away lesson...stop buying products from the most anti-consumer company on the planet
Soldered-on SSDs are common in ultrabooks. Notebooks are always a compromise between speed, size, cost, etc. You can certainly be careful to buy a notebook with a removable SSD if you want, but it's not a given if you simply avoid Apple.
Right, the important thing is to buy a reputable product like a Thinkpad. It isn't enough to just avoid one brand known for repair-unfriendly products.
Like most things, the positive logic is more useful than the negative; find what you do want and then you know what to buy, finding what you don't want only gets you to the next step of evaluation.
Fuck you faggots who modded my post down.
The statistics tell the story about you : you are FAR more likely to commit suicide, for example. Why ? BECAUSE YOU KNOW, DEEP DOWN, THAT YOU SHOULD NOT EXIST.
keep your files in a encrypted volume image file on external disk. Give that file a misleading name.
A mac with BOTH removable SSD & non-glued batteries
And magsafe and USB A ports, to boot
What's not to like?
*** Suerte a todos y Feliz dia!
Most people have no idea what is in their computer. They also seem to accept that when their computer/phone/tablet dies that they will lose everything they have on it, pictures, paid songs and ebook, purchased apps. It actually isn't worth your time explaining to people that they can upgrade many of these devices or that the music, books and apps could be moved to a new machine owned by them. Half the people on this site are the alpha geeks for their friends. We only help our friends because it pains us when they lose things. We care but we are a minority. Future shop, even if they paid minimum wage, probably couldn't turn a profit helping your grandmother recover her stuff. It's not the technical part that kills you, its the hours of hand holding. You really can't sell something to someone if they don't even know they want it.
The only positive here is that Time Machine "just works."
Having the logic board fail and nothing else is not a common failure mode. It's more likely that the entire laptop will be destroyed in an accident, or stolen, or infected with malware that hoses your entire disk. In all of these cases, there is nothing Apple or anyone else can do to get your data back. In short, if you don't backup your data as suggested, you're gonna have a bad time.
I think this is the case with SSDs in general. Worst case, a hard disk can be shipped to a clean room, and sectors that are not physically scraped off can be recovered. However, once the electrons bail the gates, that data is gone for good.
These days, backups are mandatory. Not just Time Machine, but something like Crashplan, Backblaze, or something that can do file backups offsite, so one had 3-2-1 protection.
Cool kids don't get to choose anything; their clothing brands, their cars, their friends, making personalized choices about that sort of thing is something nerds and individuals value. If you want to be cool, no you don't get to choose your personal digital assistant. And no, you don't get to worry about things like "mobile bandwidth." What are you... poor?!
They're not assholes. You're the asshole, for being jealous of something that is actually lame. They're just selling vapid products.
Not everyone needs or wants another damn dongle. Especially on Macbooks where some of them only have one USB port, which is also used for charging.
Instead of kludging via an external drive, why not have a swappable internal drive, like most real computers have? Use the computer at home or at work, keep the "normal" drive. Travel to Russia or China, swap it for a "clean" drive. Easy, peasy.
Actually, the issue has nothing to do with the fact that you can't remove the drive. The article spells out the actual cause of the issue: hardware encryption.
The data recovery port was likely removed because 2018 MacBook Pro models feature Apple's custom T2 chip, which provides hardware encryption for the SSD storage, like the iMac Pro, our sources said.
I.e. They removed the port because the port was useless in light of their change to using hardware encrypted drives. Even if the drive wasn't soldered in, even if you could remove the drive and plug it in elsewhere, it wouldn't help. This falls into the category of "it's a feature, not a bug" sort of issues, since this was an intentional change on their part to increase the security of the devices—something it does rather well—but it comes at the cost of data recovery in situations where the hardware fails.
Hopefully, the pros buying these models are aware of the importance of regular, frequent backups and already have a backup plan in place and tested, especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days (e.g. all iPhones and iPads have been hardware encrypted for years, two of the most popular Macs now have it enabled by default, numerous Android phones have it enabled out of the box, and the list goes on and on). There are, of course, stories about people losing access to their data after their devices get mangled, but for the most part, hardware encryption is widely hailed as being a good thing, particularly among the technically literate crowd, so it's a bit disappointing to see a /. summary focus on the downside without explaining the "why?" behind it.
I'm not jealous of Apple users -- I have no interest in owning their crippled products.
That was kinda the point... Places like this f*ck people by soldering the drive on the board AND THEN removing the diagport/interface option from the same area so now you're stuck with board failure and loss of data. Soldering the data storage like that and then removing all options of pulling the data is horrid design.
Nope, raises cost and is pointless on 99.99% of the macbooks sold. Engineering for the outliers and rare cases is wrong.
If you need to do that, your workplace will generally have blanked out 'loaners' so you don't have to take apart your normal work computer. In principle, though, I agree that the locked in storage sucks.
Doesn't that depend on the OS? If you were me, you'd have the power to use new software on old computers. Why are your technical capabilities so weak? Is installing an OS hard? Isn't that beginner stuff? You're a slave to your own ignorance. And like you say, you're not paying attention.
Yes, and to be clear my last laptop purchase was not an Apple - I'm not a fanboy, exactly - I just find that they get criticized for things that no other manufacturer even tries to do.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
The ideal is to avoid using passphrases at all, other than recovery phrases which can be extremely long (longer than the cipher's bit size), like BitLocker's or FileVault's personal recovery key. That way, an attacker has to guess from a 256 bit keyspace minimum.
There is nothing wrong with a TPM or Secure Enclave chip, provided it doesn't communicate with anything else, so the chance of it getting remotely backdoored is slim. From there, the machine can be configured to boot quietly to the OS login screen, but require a recovery code to mount the protected volume in any other state, require a PIN on boot, enforced by the security chip with ever-longer delays, or even after ten tries, erasing the stored key on the chip and on the drive, or similar. Bonus points if a duress code could be configured so the machine boots, then hits a kernel panic, with the key erased, and the SSD completely wiped by the TRIM command.
Until it doesn't. It seems common for it to pop up and say that a backup is corrupted, and prompts you to erase the stored backup and start fresh.
Might be a good time to become a PC.
We got hard drives and SSDs that you can actually REMOVE from the case, and many data recovery options.
I think I'll stay with my 2011 MBP with its oven baked logic board until this issue is addressed. This appears to be a step backwards in systems modularity. I'd rather have my fan on 100% and have modular hardware than have to deal with potential data loss when the motherboard fails...
They just don't care about people who use computers professionally, apple wants dump consumers that consume whats front of them, they should be able to ride like this shit for a some time before sales dry up and then they will be just another too big to fail meat grinder..
Assuming your workplace is a firm with a lot of employees, sure. If you're a freelancer/1099 or it's a startup, not so much. Even public universities sometimes don't have that kind of money.
Real nice MacBook Pro you've got there.
It'd be a shame if you couldn't recover any data from it, if the motherboard happened to fail.
The boss, see, he's got this great cloud storage backup service.
You put your data there, fuggedaboudit, no need to recover, 'cause it's already there.
The boss would be happy to put your data on his cloud.
All youse need is a credit card.
You got one of those, don't ya?
TPM / secure enclave again ties your data to specific hardware, they also tie you to more hw that can fail.
Being able to upgrade a computer's RAM or SSD for $150 instead of being reamed for a new computer every few years to the tune of $1500 isn't an edge case. Upgradability and repairability are important for the environment -- changing an SSD or RAM card generates much less e-waste than throwing an entire laptop away.
The engineers and marketeers who create this kind of junk should be forced to drink water that has percolated through an e-waste dump for the rest of their lives!
That's nice when you're traveling and don't want to carry an external storage device, and either choose not to trust the "cloud" with your data, or don't have the mobile bandwidth for it to work well. Why not give users a CHOICE of removing the internal storage device to recover their data?
They have a choice, buy an Apple or don't buy an Apple.
Because Apple, that's why? Instead of a $100 SSD upgrade, they want to foist an entire new laptop on their users. Plus they can upsell iCloud space based on the risk of data loss.
Apple does market research like most every company does. I suspect that Apple does far more research on this than other companies. There's a trade off here that had to be made, either make a laptop that's small and thin for the majority or make one with a removable drive for the minority that wants the ability to upgrade the drive and/or have the ability to remove the drive in case of a failure.
Marketeers are arseholes, and Apple are the worst of the worst.
"Marketeers" are aiming for the biggest market. What you are saying is that you are not in the market for an Apple. I'm guessing you have not ever bought an Apple product, so why should Apple "marketeers" care what you have to say about their products?
I am armed because I am free. I am free because I am armed.
it IS an edge case for the majority of their customers. The DO refresh that often, my employer buys me a new macbook every 3 years. That's the norm!
Don't bring irrelevant "greenie" concerns into this, the servers of the internet are 95% the hit on the environment, not laptops.
Yep, it's sad when a company that used to market to technical professionals (scientists, educators, designers) waters down their product line to cater to retarded hipsters with large trust funds.
Yeah I had a feeling this headline was spun a bit.
Weather or not you like it, apple is going the direction of moving their PC products in an am more iOS-like direction.
Sounds like this laptop's storage is modeled after something you'd find in an iPad or an iPhone - Flash encrypted, passkeys on the enclave. Not a traditional discreet storage unit (Even if said unit is soldered on to the motherboard)
This is custom apple storage and without the enclave on the touch bar it's inaccessible by design.
It may not be what the "techie" wants in ta laptop. You don't have to buy it. There are lots of alternatives.
Fact remains apple makes obscene amounts of money building devices consumers love and geeks hate. They may not sell the most laptops, but they make more money at it than anyone else.
I suspect that for the security conscious this is a feature, not a bug. Think about that.
I am armed because I am free. I am free because I am armed.
If the computer has a removable HDD and only the motherboard failed, one can take the computer to a third-party repair shop which will stick the drive in a "sled" and recover the data. (Even if encrypted, as long as the user knows the appropriate passphrases.)
The ideal is NOT to need a specially blessed authorized dealer to work on the damn things.
Why take it to a 3rd-party shop? USB sleds are dirt cheap; ~$30.
My point is that it shouldn't NEED to be the norm. Also, it really depends on the employer -- if your company is a large company or a startup flush with hot Wall Streeter VC money, then maybe. If it's a public university or a small business, not so much.
As far as "greenie" concerns, we're not talking about energy use here -- we're talking about physical devices being thrown out and polluting the Earth. Yes, even recycling pollutes -- the best model for the environment is long-term use.
Worse to the tune of billions, and being one of the most valuable brands on the face of the earth.
(Here's the part where you go on a laughably libertarian or disturbingly communist rant.)
Not that rare. I've used the fact that my internal storage hasn't been soldered in to swap the drives (either upgrade them, or, on a couple, just swap to play with multiple OSes) on multiple computers: MBP2010 (several times), MBP2008, several Dells and ThinkPads, ... I know from discussion with friends and coworkers and postings online that swapping drives, even if just to upgrade to something faster or higher capacity, isn't remotely uncommon.
I don't know enough about the engineering tradeoffs to make the determination that it is a "horrid design". I do know that it makes a backup scheme even more important if you decide to buy such hardware (to be honest, I have no idea whether my HP Envy has soldered-on storage or not, I backup).
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Think about this:
McDonald's is a multi-billion dollar corporation which made its billions selling food that isn't fit to be pig slop. Volume of sales doesn't imply goodness -- it often just speaks to the stupidity and vapidity of their target market.
I recall an SGI testimonial video, where Steve Jobs talks of needing 'tools not toys', and praising SGI's Octane. Now it's the reverse: as soon as a feature which differentiates Apple's offerings from a disposable toy are discovered, they are fixed in the next iteration. Welcome to the FoxConShinyElectricToyCompany.
wow, you sound just like the folks back in the 90s who complained when they removed the floppy drive and the composite video output
You have obviously never owned an Apple laptop — or, for that matter, any laptop containing a standalone GPU soldered onto the logic board. Now that we don't have spinning rust for storage, logic boards are likely the most common non-power-related failure mode by a large margin.
No professional in his or her right might should seriously consider a laptop in which a logic board failure results in the loss of access to storage. Even if you just lose the storage since the last backup, that could be a considerable loss, and this assumes that Time Machine is actually backing things up correctly and that no files on your backup drive have exhibited bit rot. In the worst case, you might lose considerably more, like your entire photo library or some other "why the hell did Apple mark this as a bundle" folder.
No, if true, this qualifies as a showstopper-level flaw, sufficient to get upper management fired. I can't imagine that even the "thin über alles" folks at Apple would be THAT stupid. It seems far more likely that somebody changed a connector, and that they don't have the right tools at the various Apple stores yet, which while qualifying as seriously incompetent, is probably a failure of the Apple Store and/or AppleCare management chain, rather than engineering.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I love Macbooks. I hate where Apple has taken them. When my 2013 Macbook finally crapped out, my best option was seemingly to buy a used Macbook three years old to avoid the problematic butterfly keyboard. The fact that they stuck with their bad choices in the 2018 model is so demoralizing. Get it together, Apple.
no worries, I'll just back up my disk to my USB-A thumb drive! ... oh, wait ...
especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days
. No. Stop right there. This is not the norm in any laptop from any manufacturer. I challenge you to name me a single laptop vendor who is soldering the NVMe drive to the motherboard rather than using the industry-standard m.2 slot. You can't because there's aren't any
I have experienced multiple NVMe disk failures on laptops I manage, I have also experience board failures of systems using NVMe disks. In the first case, it is a negligible repair taking minutes, in the second case, equally easy to pop out the drive, mount it in a PCIe bridge card, and grab the data off.
Stop trying to normalize this latest instance of apple's short-sided thinking, which appears to be driven by only one "long term" goal, that is to say replacement of hardware with new garbage the second it dies even a minute out of warranty.
The fact that you try to reduce this down to a "huhr duhr poer users need backups" argument is preposterous.
Well, Micro$oft with their $murface line of junk, but they seem to be in the business of compulsively aping Apple. Follow, the leader, the leader, the leeeeeaaaa-der.
People are so easy to manipulate and brainwash. It isn't enough to shovel shit into their face. It is only enough when they you get them to take joy and pride in acting against their own self interest.
Where do I sign up for Apple cult of proprietary connectors, no useful ports, flimsy design, nonreplicable batteries and non removable SSDs? I want to pay for overpriced hardware with a big glowing Apple logo on back of the screen that can't be disabled so everyone knows I'm a fellow cult member.
Soldiering in SSDs... what a bold, smart and brave move. I love Apple.
I don't want to start an OS war, but under Linux (and other *nix variants) you can put all of your sensitive data on a partition that isn't mounted at boot. Use an innocuous name for the mount point and actually have some appropriate files there, and unless your laptop is being examined by a Linux geek who looks through /etc/fstab and gets curious about why that partition's not normally mounted, nobody will ever know the difference.
Good, inexpensive web hosting
Forget the environmental advantages for a moment then. Used laptops that DO allow hard-drive replacement are easily re-purposed into secondhand markets, where they are bought and used by people who can't afford the price tag of a new unit. Not everyone has the benefit of being able to get the newest technology every couple of years, or even to update their technology *at all* every couple of years. There's a case for being able to keep a computer in useful service as long as possible.
However, this is clearly not Apple's target market. They are in a metaphorical arms race with other laptop manufacturers to make a lighter, thinner computer, because they can generate more sales to high-paying customers that way. It's the norm because all the manufacturers are fighting to make it the norm.
Nope, raises cost and is pointless on 99.99% of the macbooks sold.
Nope, 99.99% of MacBook users replace hard disks themselves.
Engineering for the outliers and rare cases is wrong.
This is what engineering is all about.
If you're prepared to pay the much higher cost of having someone attack the problem with a desoldering station, there are probably places that can do it even when Apple says they can't (due to the lack of the debugging port), but they will charge a hell of a lot more for that than a corner shop swapping drives on a PC and especially more than the above mentioned teen that's good with computers.
But if the failed logic board was under warranty, you may have to choose between paying through the nose for data recovery AND paying through the nose again for a new board since de-soldering definitely voids the warranty. Apple does state that an HD with a data recovery company's seal on it will still be replaced under warranty, but they say nothing about de-soldered logic boards.
For the older Macbooks with the data recovery connector, I have never seen any documentation and certainly haven't seen the device that connects to it available anywhere, so the third party shops don't have them. You're still stuck with either a very expensive de-soldering job (and connecting the ssd on a bench) or going to Apple. That's a pretty strong lock-in.
Frequent backups should always be done, but there's always those cases where it couldn't be done for a day or two on the road and you really want something back that wasn't in the last backup.
There will be a mass exodus.
---- The above post was generated by the Turing Institute. Maybe.
Hardware-accelerated crypto is great. Such a design does not necessitate storing keys in some special chip on the logic board, however, and in fact, designs that do so are quite commonly insecure by design, such as those "secure" USB sticks that you can crack by skipping the front end chip and talking directly to the storage controller. So the suggestion that the crypto could somehow be tied to hardware has me seriously concerned about whether the crypto is, in fact, as robust as in previous generations.
But even ignoring that issue, and even assuming the keys can be changed, unless you're a wacko who thinks someone is going to be able to feasibly brute-force your disk password, there is exactly zero benefit to storing the keys in the controller itself, rather than in external flash parts, and a huge loss in robustness from doing so.
Moreover, even if you assume that there is some benefit, there is no reason you couldn't put the contacts on the CPU side of that chip and provide a way for external hardware to talk to the T2 chip.
For that matter, there is no reason not to give users the choice in software when setting up the machine: More secure (risk of data loss from tying the key to the chip) or more recoverable (risk of a targeted attack in which someone unsolders the chips, solders them to a new controller, and brute-forces the password against the raw key, but in which that person is not quite skilled enough to extract the key from the T2 chip with an electron microscope and delamination).
So that explanation makes no sense to anyone who actually understands crypto. At best, it is an excuse to try to get out from under the lawsuits that will follow when users start losing data the next time an NVIDIA chip malfunction plagues their product line. At worst, it is a bunch of tech journalists who don't know what they are talking about spewing FUD. I'm hoping for the latter. If not, I think I'm going to start selling stock now, so that by the time the next NVIDIA/AMD nightmare happens, I'll be entirely divested. Just saying.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Are those USB sticks truly encrypted at all, or is the front-end merely acting as a "gatekeeper" to the unencrypted flash/NVRAM chips? i.e. it's an air-gap unless it's given the right password.
Seems to me the takeaway lesson is not to buy a computer where you cannot retrieve the data from the onboard storage should it fail, regardless of OEM. Backing up your computer regularly is a stopgap solution.
It's never come up for me since I neither have a Mac with a soldered on SSD, nor rely on data recovery for my backup needs, but a cursory Google search seems to show data recovery options for Macs at Geek Squad-like prices. You raise a good point about potentially voiding the warranty - yet another reason to backup. Have have some empathy for people who lose work while on the road. Hell, the reason I'm preaching is that I've lost data even though it was backed up, because it was backed up on the same machine that got hit by lightning - zotching both the main drive and the backup drive. But I don't have sympathy, because the mark of an intelligent ape is one that can learn from the experience of other apes. So if you are on the road, backup to a USB or SD card... just backup!
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Both lessons apply:
(1) Don't buy non-repairable junk.
(2) Back up frequently. Even a removable SSD or HDD can fail in a catastrophic manner.
"I just find that they get criticized for things that no other manufacturer even tries to do."
That's right, because they're fucking stupid things to do.
Oh no it isn't. That thing is made by a small consortium of "trusted" manufacturers, whose work cannot be verified. It's proprietary so no source code, and cannot be reprogrammed outside of the factory. It's generated keys cannot be verified to not be pre-compromised, because it prohibits the CPU from accessing it's data by design, and the key never leaves the chip by design. Further, this is the same consortium that refuses to allow a confimed physically present owner to force it to generate signatures. This same chip is also responsible for the secure I/O path used by modern DRM systems to prohibit you from accessing data on your device that someone else doesn't want you to access.
A TPM or anything like it very much CAN be backdoored easily, and even if it was, you'd have virtually no chance of detecting it yourself. Worse, these chips are given the privilege of being a root of "trust" for the entire device, in some cases being used to uniquely ID the device in question, or are used to perform hardware accelerated crypto operations. If these chips were compromised, there would be a large amount of affected devices and users for which there was no cure.
In short, I'd expect the internal NSA whitepaper on compromised TPMs to be up on wikileaks shortly. Assuming it isn't already, I'm just too lazy to go looking for it.
So now when my drive fails 1 day after the warranty ends I have to buy a whole new computer? That is actually really shitty.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
They are being (rightly) criticized for not providing ANY way of recovering your data.
If other manufacturers are just as bad, it would be helpful if you named and shamed any that solder on the drive and do not supply an alternate recovery operation.
Or having the TPM/Enclave protected key with reasonably usable or no passphrase required to boot if present, and a recovery password, which is much slower to access absent of the TPM (e.g. an ungodly number of ronuds of KDF).
XML is like violence. If it doesn't solve the problem, use more.
I actually happen to be one person that wanted to buy a MacBook Pro this year, never having bought an Apple before. I was looking at getting into App development. I've currently done a bit of development for Android and wanted to do some for iPhone as well.
I originally decided to wait until this year's model came out because I heard there was a keyboard issue with the 2017 model. When the 2018 models came out I noticed that to get one with 32GB RAM and a 4TB harddrive was a few thousand dollars more. I decided I was just going to buy a 16 (or maybe 32GB) for now and a 1TB SDD thinking that I would be able to upgrade it as needed. I went to the Apple Store about a week or so ago to inquire about the new model and told them about my plan. They told me the RAM was not upgradeable, but that the SDD should be upgradeable. After leaving the store I decided to look online to see if it was true that the RAM could not be upgraded. I found out that the sales person was incorrect. Neither the RAM nor the SDD could be upgraded.
I am now unsure whether I want to buy a Mac or not. I feel if I were to buy one I would be buying one expecting to be disappointed in the long run. I know that if I make a really good app I can probably afford to buy a new MacBook every year, but right now it is just a hobby and I am not planning to make much off of it. It is also a horrible idea for the environment to have to throw the entire machine away just to upgrade one component.
Maybe we need an open source TPM. The functionality for one of these chips is not exactly complicated. Take some values, hash them against previous values, then if the has matches a stored hash, pass the key, otherwise, pass a middle finger. A small ASIC likely could do this functionality, although economies of scale do come into play.
Neither am I; real men use FTP as backup. Just ask Linus.
>You don't have to buy it. There are lots of alternatives.
These phrases have never been a shield against criticism. Identification is a precursor to improvement. Fixing bad things is progress; ignoring them is stagnation, decay, rot.
You'll need better if you want immunity to accusations of inferiority or backwards decisions.
That will not stop it from having problems, where if you backed up your data you can save a lot of money and time.
An open system, that happens to solder a component in place, will still have that problem, especially if that component may be a bit more rare to handle.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
ThinkPads are not always the most repairable systems either. In the quest for smaller/lighter/thinner those bulky connectors for rather reliable parts will just get in the way.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Buy a Thinkpad X-series, run MacOS on it. You'll have a better computer and the satisfaction of sticking it to Apple. Win-win.
Interesting, my XPS 13 doesn't have a soldered on ssd. A quick search shows tha vast majority of thin and light laptops have removable SSDs.
How is that common?
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
That's why you don't buy just any Lenovo, but a business-grade Thinkpad. X- and T-series are dirt-cheap when the come off lease. Slightly bulkier is an acceptable compromise for the thing actually being fixable.
I've seen one that solders on the motherboard, but that's an exceptional case - the GPD Pocket. If it's not the smallest laptop on the market, it's got to be close to it. I imagine the same is true for most of those ultra-slim laptop/tablet convertibles.
Ironically, the GPD Pocket is still less crippled than Apple's hardware. At least it has a USB-A and micro-HDMI port built in, no dingle-dongles needed :D
No wonder you are blind!
Apple fan boy?
Wait, you\'re going to rely on data recovery over backups?
Sorry, I was laughing there for a second.
The last data recovery of a failed HD I performed ended up being successful, only about 25% of the files were corrupt and that exceeded expectations.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Some Macs have HDs or SSDs with sockets not unlike PCs. Those can be recovered using the same methods as used for a PC by third parties and skilled teens.
It's the Pros with the touch bar that are the problem.
It's possible that I'm talking out my ass and momentarily confused soldered-on RAM with SSD. I believe the Surface laptops have soldered-on SSDs. I know for a fact that some low-end Dell Inspiron laptops have soldered-on storage. And obviously things like Chromebooks, tablets, and phones. But it's entirely possible that this isn't that common at all and I just have some recent exposure to the few out there that do have soldered-on SSDs.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Dell Inspiron. Microsoft Surface. I'm not exactly an expert on this, but those are two with which I have recent experience as someone was asking me to help upgrade and they cannot be upgraded.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
No, I meant provide recovery options for soldered-in storage. Good luck getting that from Dell or MS.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
iCloud is the solution ,)
Nâ(TM)es ce pas?
It will take a couple of days to do a full backup.
But you you will iSoundly iSleep knowning that iCloud is taking good care of your iBackup while itâ(TM)s draining your iBank account
iGod bless apple
Surface is copycat junk from Microsoft designed to ape Apple's more stupid decisions. Inspirons -- maybe some low-end models, but the ones I've seen have removable SSDs, if not RAM.
iFixit's teardown of the 2018 touchbar macbook pro clearly shows the Lifeboat connector is there.
You should probably blame that "free market" stock market thing. They're the ones demanding Apple keeps growing, despite having far more money than it could ever spend ($285.1 billion as of Q1 2018). There's a point where you have to shift your audience when investors keep demanding you do better this quarter than you did last quarter - it is impossible sustain that in the long term. Apple won't take multiple SKUs when it has traditionally been about doing a handful of products and doing them well.
Yes, the Inspiron was a (very crappy) 3000 series with a ridiculously small SSD soldered on. Either way, those are two major players in the laptop that also do not offer on-board SSD recovery options. I'm sure if I looked into it I could find Lenovo, ASUS, etc models which commit the same sin.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Looks like the i3452, which was some kind of poor Dell attempt at a netbook, since discontinued. 2GB of RAM, 32GB soldered SSD, barely a laptop...
I don't know if one can call Surface a major player -- their market seems to be style-conscious people too poor to afford Apple, not serious-minded users.
Yep, short-sighted investors demanding short-term profits as opposed to long-term stability can be blamed for a lot of ills in the US and the world as a whole.
And complete with China Gov sanctioned backdoors? No thanks.
The cesspool just got a check and balance.
This is not the norm in any laptop from any manufacturer. I challenge you to name me a single laptop vendor who is soldering [...]
The feature I was rather clearly talking about in the quote you pulled was the addition of hardware encryption in these new models. That quote had nothing to do with whether or not Apple solders their drives, and I'm not even sure how you could come away thinking that it did.
Let me be clear: soldering a drive in is a horrible practice that needs to stop. I find it reprehensible. It is NOT a feature. It's an anti-feature.
That said, the issue being discussed here is that users with the new models can't recover their data. Whether Apple solders the drives or not has no bearing on that issue. As I already said, the actual reason people can't recover their data is due to the addition of hardware encryption as a security feature in the new models. I don't like that they solder the drives in either, but our complaints about their soldering drives in have as much to do with the issue at hand as our complaints about their ridiculous laptop keyboards do, which is to say, nothing at all.
With all of that in mind, when I gave my "huhr duhr poer users need backups" argument, I wasn't offering a defense of soldering drives in. I was offering a defense of hardware encryption. I was saying that hardware encryption is worth it, and was lamenting that Slashdot did such a poor job of laying out the facts of the situation.
(As a quick aside, Apple has been soldering these drives in for years, which the article makes clear. I suspect that the poor summarizing is why you and others have been misled into thinking that this is the "latest instance of apple's short-sided [sic] thinking", even though it's neither a new practice nor relevant to the actual news: that stronger security features are rendering previous data recovery techniques impossible to use. Apple should stop soldering the drives, to be sure (that way we could upgrade or replace them), but even if they stopped, you still wouldn't be able to recover that data.)
But they did make it so that they are likely to take in more money: when someone decides to buy one of these notebooks they know that they will not be able to upgrade their storage capacity so they are pushed in the direction of paying big bucks to buy the highest storage-equipped model.
"easy" LOL. But nobody's done it, nor can you describe how to do it.
I don't have a list of every Dell in front of me. It was indeed "barely a laptop". The point here is that Apple is not the only manufacturer using these things, but they were the only manufacturer as far as I can tell who ever made a way to access them. Maybe they set themselves up to be held to a higher standard, or maybe people just look for reasons to hate them. Either way, I've never seen MS or Dell - or any company except Apple - criticised on Slashdot for not having SSD recovery tools.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Would buy a computer with the drive and ram soldered to the board.
Sorry the size and price falls and I want in on that not going to give that right away.
Not surprised. I suppose they believe in 'you should have made a backup' on one of our cloud services. That's what you get for not giving us all your files.
If the computer has a removable HDD and only the motherboard failed, one can take the computer to a third-party repair shop which will stick the drive in a "sled" and recover the data. (Even if encrypted, as long as the user knows the appropriate passphrases.)
The ideal is NOT to need a specially blessed authorized dealer to work on the damn things.
Why take it to a 3rd-party shop? USB sleds are dirt cheap; ~$30.
Either way...the point is, with a modular SSD/HDD, you can remove the disk and connect it to another machine (whether that's yours, a friend's, or a repair shop's is irrelevant). With soldered-on storage, most consumers don't really have an option but to take it to an Authorized Repair Center.
If you're using "Pro" hardware and relying on data recovery to protect your data you're doing it wrong. You need a proper backup strategy, you don't want to carry external drives and you don't trust the cloud? Tunnel into your office system and backup there.
The drive has hardware data encryption with the key in a secure enclave so being able to remove the drive and plug it into another system wouldn't help you recover the data.
"Grab them by the pussy" -- President of the United States of America
dgatwood: Can you recover the data on this hardrive for me?
me: No, it's encrypted.
dgatwood: But, I took it out of my broken computer...
me: It's still encrypted.
dgatwood: Can't you "hack it" and bypass the encryption like they do on TV?
me: No. Keeping anyone from being able to access (recover) your data is the whole point of using encryption.
"Grab them by the pussy" -- President of the United States of America
With a removable hard drive/SSD, you can swap it for a "clean" one while traveling abroad to avoid border guards abusing their authority and (say) stealing sensitive corporate or medical data. Takes five minutes on an older MacBook or (better yet) a Thinkpad.
If the thing is soldered in, your only choice is full backup, zero, reformat, reinstall or carry two computers.
What’s the point in doing that? If you’re not bringing a burner laptop, you’re wasting your time. If they want your data, they will modify your firmware and will just take it from you the next time you boot up, and every time after that.
I have a T series Thinkpad, nice piece of hardware but the BIOS has a whitelist of alternate devices such as hard drives so you can't simply replace them.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
But they've taken away the recovery option...derp-a-derp!
How does having two computers help?
If the border guards see you're carrying two computers, do you think they'll give you the choice of which one they will inspect?
Yeah, actually, there are thousands and thousands of places nationwide in the USA that you can bring computers for data recovery if the main board fails. Have been for decades and decades.. Unlike "Genius" bars, these places will work on all manner and make of computer as well.
You pay for it one way or another. AppleCare, store warranty, out of pocket.
I've been recovering data from failed tech for way longer than this Apple craze.
Considering that this "Apple Craze" has been going on for more than 40 years, I kind of doubt it.
That was kinda the point... Places like this f*ck people by soldering the drive on the board AND THEN removing the diagport/interface option from the same area so now you're stuck with board failure and loss of data. Soldering the data storage like that and then removing all options of pulling the data is horrid design.
Yeah, especially since Apple makes automatic, HOURLY, backups so hard... [/s]
I can recover data from any non failed hard drive that uses a SATA or IDE connector. So like 99% of the consumer hard drives made in the past 20 years.
You cannot do that with these Macs. That makes them in this respect at least functionally inferior. You cant really claim they saved all that much money by removing the standard connector, or even their proprietary one. And looking at the price tag, even if they saved money, it didn't get passed on to the consumer.
The reasoning was that the T2 chip that does transparent data encryption without CPU intervention has made it impractical to offer this port. This chip did not exist in the 2016 and 2017 models, hence the port.
Time Machine works. Anyone who doesn't use it deserves exactly what they get.
And there are no third-party shops that do Apple data recovery?
Most, if not all, of the major ones do. But this is different.
Thinkpads made in the last 10 years or so don't check hard drive ID's -- I've had no problem swapping drives on a Thinkpad T4xx or T5xx. On the older ones, I think Lenovo updated the BIOS to allow booting from an "unapproved" hard drive after keying through a nag screen. See if there's a newer BIOS for your laptop.
Many newer Dells as well. A bunch of the new 5000 and 7000 Latitude series have soldered-on SSD now too. Pretty much anything that's portable these days have portable SSD. Still, I wouldn't rely on recovery tools, a good backup is absolutely necessary, spilling water fries the SSD as much as the logic board whether or not it's glued, soldered or not.
In many cases your laptop won't break but rather disappear (stolen, lost) and thus recovery options are rather scarce.
Custom electronics and digital signage for your business: www.evcircuits.com
If you're prepared to pay the much higher cost of having someone attack the problem with a desoldering station, there are probably places that can do it even when Apple says they can't (due to the lack of the debugging port), but they will charge a hell of a lot more for that than a corner shop swapping drives on a PC and especially more than the above mentioned teen that's good with computers.
But if the failed logic board was under warranty, you may have to choose between paying through the nose for data recovery AND paying through the nose again for a new board since de-soldering definitely voids the warranty. Apple does state that an HD with a data recovery company's seal on it will still be replaced under warranty, but they say nothing about de-soldered logic boards.
For the older Macbooks with the data recovery connector, I have never seen any documentation and certainly haven't seen the device that connects to it available anywhere, so the third party shops don't have them. You're still stuck with either a very expensive de-soldering job (and connecting the ssd on a bench) or going to Apple. That's a pretty strong lock-in.
Frequent backups should always be done, but there's always those cases where it couldn't be done for a day or two on the road and you really want something back that wasn't in the last backup.
Sorry. The SSD is encrypted by the on-board T2 chip.
Use Time Machine. It works.
Uh, no. Just no.
Why should a drive be physically tied to a computer? If the data is encrypted, then it shouldn't matter if you connect it to another computer; it is still encrypted. And if you have the key information (password, recovery key, etc.), it should be possible to decrypt it from a different machine. The problem with this design (if the story is true) is that some of the crypto is performed using a fixed, hardware-defined key that is stored inside a chip on the motherboard external to the flash, and rather than providing hardware that enables external copying of the flash *through* that chip (which would decrypt it, after the user provides it with the password), they just left off that ability entirely.
Of course, the real problem there is the permanent, unchangeable key in hardware. At best, this can have only three effects:
The only situations in which it would even have a small possibility of increasing security would be if you were trying to protect against a targeted attack from someone with the sophistication to unsolder the chips from the board and attach them to a new NAND flash controller, and even then, it would only provide a benefit if that attacker was not sophisticated enough to uncap the chip, remove the protective layers of metal, and use an electron microscope to read the hardware key off of the silicon. That's kind of a narrow window of hacking competence....
In practice, such a design just makes the computers less reliable, without increasing security. Unchangeable, unextractable keys have no place in real security. They are the computer security equivalent of a tiger-repelling rock. Protecting the key outside of the NAND flash is fine, but only if the user is in control of setting that key so that he/she can (if desired) produce a recovery key that does not require the chip to exist. Otherwise, it's a fundamentally flawed way of doing security/crypto.
Check out my sci-fi/humor trilogy at PatriotsBooks.
You can regenerate all the keys in TPM chip. Linux provides a very nice interface for it. Windows won't like it and they'll probably reprogram 'their' keys in the TPM anyway.
Custom electronics and digital signage for your business: www.evcircuits.com
The only positive here is that Time Machine "just works."
But that's a pretty fucking IMPORTANT "positive".
In fact, it completely obviates the need for any hinky dataport that lets someone do a data-suck on your stolen laptop.
BTW, since the 2018 MacBook Pro has an Apple T2 chip, the contents of the SSD are ALWAYS encrypted, with no CPU intervention.
Until it doesn't. It seems common for it to pop up and say that a backup is corrupted, and prompts you to erase the stored backup and start fresh.
I know someone who has been using Time Machine for 9 YEARS now without incident. Used it once for "whole disk" recovery when replacing an HDD, and once for Data/App migration when ugrading to a new Mac. Both times worked flawlessly and effortlessly.
You have obviously never owned an Apple laptop — or, for that matter, any laptop containing a standalone GPU soldered onto the logic board. Now that we don't have spinning rust for storage, logic boards are likely the most common non-power-related failure mode by a large margin.
No professional in his or her right might should seriously consider a laptop in which a logic board failure results in the loss of access to storage. Even if you just lose the storage since the last backup, that could be a considerable loss, and this assumes that Time Machine is actually backing things up correctly and that no files on your backup drive have exhibited bit rot. In the worst case, you might lose considerably more, like your entire photo library or some other "why the hell did Apple mark this as a bundle" folder.
No, if true, this qualifies as a showstopper-level flaw, sufficient to get upper management fired. I can't imagine that even the "thin über alles" folks at Apple would be THAT stupid. It seems far more likely that somebody changed a connector, and that they don't have the right tools at the various Apple stores yet, which while qualifying as seriously incompetent, is probably a failure of the Apple Store and/or AppleCare management chain, rather than engineering.
Time Machine works. Use it.
I'm not jealous of Apple users -- I have no interest in owning their crippled products.
Then why are you here posting?
it's a bit disappointing to see a /. summary focus on the downside without explaining the "why?" behind it.
That's the Apple Hating Slashtards for ya.
Another patented apple cultist stupid comment of the day.
or you could use cryptsetup in loopback on any old file. I reccommend a good key-size; I'd use one at about 8000+kb in size.
cryptsetup -c serpent-xts-plain64 -i 234567 -s 512 -h sha512 luksFormat /path/to/looped.file /path/to/8000kbkeyfile
looks done to me.
Lol. More like those who by apple deserve what crap they get.
Totally agree. Just bought a "new" late 2011 Macbook Pro to retain a modular system. If I wanted ultra portability I'll go with a tablet.
Unfortunately now that Apple has announced that 2012's are the cut off for Mac OS compatibility moving forward I'm thinking I'll be moving to Linux when my current Macbook dies.
Yes, but my suggestion doesn't leave an easily visible file sitting there that non-geeks can get curious about.
Good, inexpensive web hosting
Here, let me post a binary that will do it for you. There is certainly no value to be lost to me by doing so. It's not like that m agency having that capacity has any economic or security benefit. Oh wait, it does. Nevermind, then I absolutely do not have the ability to bypass TPM security.
Stupid comment remains stupid.
I have Time Machine backups. Those go pretty much continuously. I've never had an issue restoring from backup with them yet.
I have a small drive that gets plugged into my machine at home every few weeks. Then I take it with me to work. If there's a fire, I have a backup of stuff that's important that's a few weeks old. Better than nothing.
But I also have Backblaze backup, and that's $95 every two years. It has all my files, all the time. It does a small continuous background backup to the service all the time. It's encrypted well enough for my tastes, and it's cheap.
None of this is to absolve Apple, but if you're the kind of person with a Pro device, honestly, you should be doing the Pro thing and making multiple redundant backups all the time. You should never be faced with losing more than a day or two of data.
Just spend a hundred bucks and get a top of the line 200+GB microSD card and backup to that. The whole point of the premium price you pay for a premium product with Apple is the premium set of features, such as 100MB/sec capable microSD ports. That way you aren't gimping your transfer speed with a shitty usb1/2 grade connection.
That is why Apple laptop and phones are consistently the choice of top experts. Imagine they didn't include those features, the iPhoneX would have been a flop. May as well remove the headphone jack while you are at it.
Well that will certainly drive the price up.
I have a newish thinkpad, and I took it when I got it to add memory (lenovo RAM is too expensive) and everything is well built. Everything that could be removable is.
There is metal reinforcement at the critical points.
There is even an undocumented extra PCI-e mini slot if you don't have mobile data.
Did you buy the thinnest one, because you wanted something lighter? That's why you got one that was thinner and not as strong. Buy the business laptop with the traditional thinkpad shape and you'll get the traditional build strength.
So you expect people to haul around a massive drive that contains everything when they go on vacation?
There are many instances where backing up GB of data is not practical
...or just buy a "computer" that works for you,
A) That is Apple for a lot of people.
B) No computer that "just works for you" does not ALSO require vigilant backup. Never mind recovery, what happens if the laptop is stolen, or immolated in a fire? What happens if an SSD chip in any computer simply goes bad (yes I have had that happen).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
What you're describing is the Secure ATA protocol that has been in place for about 30 years now.
PATA and SATA drives have controller locked passwords that prevent just anyone from sucking up data
It's old enough that you need to use an unofficial BIOS, which is fine for me but maybe not the average person.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
If hearing other opinions offends you maybe you should be policing appleinsider instead.
You can put even the newest Mac in Target Disc Mode. That means even if the OS is corrupt or the system is having other issues, the laptop basically *becomes* a hard drive and nothing else matters, your an access the data.
It's not like the electronics in a SATA or IDE hard drive cannot fail. It's not like storage media itself cannot fail. What Apple is offering is not that much different in recovery option than being able to pull out the hard drive module as a separate unit, and for slightly less ease of access you get much faster performance and much better security than a removable drive would offer.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Yeah, not an issue for anything recent that people are actually likely to buy today, new or used.
No problem, just remove the SSD and errr.... yeah I guess that won't work.
Good job Johnny Ives, making everything so flat the it is irreparable.
Johnny, we don't like you and want you to go away. Please let someone who understands computing, upgrading, and repairability design the computers, ok buddy? We are willing to sacrifice the 2 mm in increased width for a card edge connector and a real fan that can cool the machine.
That's just fucking great advice if you're traveling and don't want to haul around an external HDD.
New Macbooks also had the SD/MicroSD slot removed along with all of the other non-USB-C ports. You'd need another dongle. Have fun!
Idiot. You are in the wrong place if you need the comfort of apple worshipers and apologists.
yeah, nothing like black boxes to achive peace of mind right?
... or you can just plug it into another computer. No repair shop is needed.
I don't respond to AC's.
...buy a comp from your company. Oh wait, I forgot.
You don't make anything. All you do is run your mouth. Fuck- twat.
It's possible that I'm talking out my ass and momentarily confused soldered-on RAM with SSD. I believe the Surface laptops have soldered-on SSDs. I know for a fact that some low-end Dell Inspiron laptops have soldered-on storage. And obviously things like Chromebooks, tablets, and phones. But it's entirely possible that this isn't that common at all and I just have some recent exposure to the few out there that do have soldered-on SSDs.
Never mind soldered-in stuff on the surface - isn't that the one that was given a 0 for repairability because it is one huge epoxy block under the covers? And you guys bitch about Apple ...
Apple thinks everything should just be recycled or thrown away. Everything they make is glued soldered, or impossible in some way to access without wrecking stuff. Yet Apple has the gall to call something "pro" is embarrassing.
Precisely, as you never know who is looking at your data. Best to take it to a trusted 3rd party unless you enjoy being probed by 3 letter agencies and snoopy techs looking to get rewarded: https://slashdot.org/story/338061
I'm sure it depends on the disk not dying that you have your backups on.
mac users probably upgrade faster than most and thus dont cross the 5 years rotational disk death threshold, where disks are far more likely to die after year 5.
All backups need to be tested. I just lost a drive, and i went to copy data to another drive to restore it, and that drive which was just as old and had no previous signs of failing, suddenly started re-allocating sectors like crazy and the speed dropped right off till it is now unreadable. It was probably failing for quite some time (nothing in event logs though..), but the act of dumping 500gb to it killed it for good.
Luckily i have lots of backups and the important stuff is also mirrored to the cloud services, and offsite physical copies once a month, so i didnt lose any data. But two drive failures can and does happen, especially with environmental conditions as a trigger like this crazy hot summer we are having.
As a potential lottery winner, I totally support tax cuts for the wealthy
You say "external HDD" as if it's something huge. Mine is half the size of a pack of cigarettes, and usb powered.
Don't want to lose data? BACK IT UP - ALL THE TIME.
It's really not hard.
2.5 HDD is pretty practical, and on USB 3 you get over 100MB/s and some decent power supply.
External SSD is another solution, 2.5" or smaller. No idea what a Thunderbolt to M.2 PCIe enclosure costs.
Any SSD is not massive in term of physical mass.
I see they now sell straight up external SSDs like 250, 500GB and such.
SD card even works except it has both lousy price/performance and price/storage.
So yes back up is practical!
The impractical aspect is the same as ever it is an annoying expense that 90+% people don't want to pay for.
Like every American corporation, McDonald's started out selling food that was pretty good. The french fries used to be fried in beef lard. Now they are sprayed with beef flavoring and fried in canola oil or some other equally evil fluid. McD's made their millions and initial billions on a decent idea, standardization of perfectly edible fast food; and they have lost their brand by abusing it.
This is the trajectory for every single brand. Brands are meaningless now--worse than useless, they are a form of fraud.
There are two different things here, the computer failing and is encrypted is fine as long as you make backups. I would want my laptop to be 100% encrypted, in case i decided to travel to america or something. Its always been ridiculous that you can just pull a harddrive out of a PC or pull the cmos battery and there is little other physical security going on there. I can see what you are arguing, that the current methods aren't strong enough, but at least its something. I'm not sure how exactly it works with these apple machines, but having a lock on my house does not mean that no one can possibly break in. It does stop all but the most dedicated though. I can't imagine that apples implementation is just security theatre. Police do seem to have a hard time cracking it and have to rely on exploits from what i understand.
A drive dying is fixed by making backups. You can do your own, or the cloud or whatever, as long as you do them! and check them every once in a while.
basically i am saying that if you rely on one computer's physical disk for all your storage, you are going to have a bad time. I dont think the solution is to not encrypt in this day and age. The solution is to have multiple backups of important data.
My greatest fear is natural disaster or physical theft. All hardware will die, that is a given, so you obviously have to expect that, and plan around it. I expect that one copy of all my data will burn to the ground one day.
TLDR, backups and hardware security are really separate domains. Youre confusing them to nitpick a point, but in the real world(tm) apple's crypto philosophy (while not perfect) has been shown to work for threats that are day to day real (police, snoopy employers, boarder guards and jealous spouses).
epilogue: I should say that i personally would never buy an apple product because they are borderline irreparable, so i'm not really arguing that apple doesn't suck, just that their crypo philosophy seems to be working (but maybe i am just the untrained eye)
As a potential lottery winner, I totally support tax cuts for the wealthy
Thats a hell of a lot of dongles to carry around to compensate for apples bullshit move
So the solution to apples hostile anti repair move is to buy more apple products. Total fucking isheep.
Well that will certainly drive the price up.
Unlikely.
The T2 chip is a relatively small, Apple ARM SoC. I believe it controls the TouchID fingerprint sensor, the TouchBar, and now SSD encryption. It as first debuted in the iMac Pro last December.
Remember, Apple gets these at "cost". No paying extortionous License Fees to Qualcomm. No paying for Intel or Samsung's profit margins.
I would bet that Apple's landed cost (minus R&D) is likely less than $10. Since it also does other things, the extra cost for the encryption engine is most like $2.
I'm sure it depends on the disk not dying that you have your backups on.
mac users probably upgrade faster than most and thus dont cross the 5 years rotational disk death threshold, where disks are far more likely to die after year 5.
All backups need to be tested. I just lost a drive, and i went to copy data to another drive to restore it, and that drive which was just as old and had no previous signs of failing, suddenly started re-allocating sectors like crazy and the speed dropped right off till it is now unreadable. It was probably failing for quite some time (nothing in event logs though..), but the act of dumping 500gb to it killed it for good.
Luckily i have lots of backups and the important stuff is also mirrored to the cloud services, and offsite physical copies once a month, so i didnt lose any data. But two drive failures can and does happen, especially with environmental conditions as a trigger like this crazy hot summer we are having.
If you're that worried, backup to a RAID, or use CarbonCopyCloner or rsync and backup your backup. The guy that I was taking about uses a LaCie RAID as his Time Machine target. If suffered a single HDD failure about 5 years ago without data loss, and after the RAID rebuild, we swapped-out the other 3 drives, one at a time, just because...
I was referring to the cost of data recovery if the logic board fails.
I agree that the T2 probably isn't all that expensive.
So Apple has had a mostly super easy backup tool called Time Machine , that gives you incremental deltas as files are modified - if you use it, you are taking snapshots at 1 hour intervals.
Users can scroll through different versions of a file to find the one they want to restore to.
It’s been around a long time, and is a very handy tool for Mac users.
The other thing is that the new MBP are like the new iMac Pro - the SSD is encrypted all the time and you can’t turn it off, and it is done by a hardware encryption engine whose key material is in HW on the MLB. This is similar to iOS devices, where you also can not transfer the SSD to a new device and retain any data.
New Macbooks also had the SD/MicroSD slot removed along with all of the other non-USB-C ports. You'd need another dongle. Have fun!
Then get any of the numerous USB-C drives out there. With Android devices embracing the USB-C port there should be plenty of them to choose from.
I don't get this, Apple is "bad" for having USB-C ports on the MacBook and "bad" because the iPhone does not. Every non-Apple phone I can see, except the very cheapest, have USB-C. If you have a charger, flash drive, or SD card reader, for your Android then you also have one for your MacBook.
I hate USB-A, they seem to have a 4 dimensional plug that I have to flip over three times before I can plug it in. The micro-USB-B cables I had for my old phone was worse. I'd like to get rid of all that old USB stuff and replace it with USB-C versions but I just have too much invested in it all.
Give it a rest. In a year or two those USB-A ports will disappear from anything new, Apple or not.
LOL - Surface is more expensive than Apple - typically you can buy a MacBook Pro AND and iPad for the same price as a Surface with similar specs to the MacBook .
Sure - if you buy a Surface at lower spec than the iPad itâ(TM)s cheaper
Yes, it's almost impossible to open up without damaging it.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Yup! That's my point. They are just back to baseline. For a while they were better - now they aren't. But they also aren't worse.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Appleâ(TM)s T2 is not from someone elseâ(TM)sspare Parts bin.
I've rummaged around inside mine. There's zero expandability in there - not so much as an unpopulated header. Yet it's still superior to modern Apple in one critical way. The battery is easily replacable. It' not covered in glue. No weird custom authenticated chip on it. No unusual size. Just your basic li-ion pouch cell.
Moving the physical storage to a new machine is irrelevant for the purposes of data migration if the contents of the drive are encrypted with key material that is on the logic board and you can not ever know.
That is what is the case here - itâ(TM)s not removable because there is no point in removing it
The soldering on of the SSD is completely irrelevant,
The contents of the SSD are encrypted AES 256, by a hardware encryptor that sits in the DMA path between the Intel CPU and the SSD, and whose key material generated by a hardware RNG in the Secure Enclave Processor & is controlled by the Secure Enclave Processor thatâ(TM)s part of the T2, which is effectively the southbridge of the MLB.
If you have an MLB failure, the data on the SSD is not able to be decrypted.
There is no value in it being removable - itâ(TM)s a surface mount soldering level repair of the MLB at best here - which means not field repairable.
Just like the ones apple is putting in iphones to make sales in China.
lol the paid apple shill bitching about Qualcomms fees and Intel and Samsungs profit margin. At least these companies made the backbone of the systems that apple is only to happy to exploit and profit off of without giving a damn thing back. apple is a true shithole of a company.
It is not possible to do data recovery on Macs with a T2, unless you can crack AES 256 with high entropy keys
short-sided thinking
Apple should be backing the key up to iCloud. Obviously allow the user to disable it, but when you have encryption by default (a good thing) you back the key up for the user too. The crypto is there to stop thieves accessing user data and to force law enforcement to go through the proper process.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Most manufacturers avoid soldered on SSDs because it would make their machines unsuitable for business use. Many businesses require removable storage so that it can be securely wiped/destroyed when they retire the laptop.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It seems to be because they added a new security chip that stores the encryption key and handles the fingerprint reader/power button combo. This has all sorts of negative consequences.
If the power button fails it looks like you won't be able to just replace it, similar to the iPhone fingerprint sensors that are authenticated and don't work property with third party repairs. If the keyboard fails and you need to replace the whole top part of the laptop, which includes the security chip, you will lose your crypto keys so the tech is going to have to do a full backup and restore of your data.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I guess this is your first argument with a true fan of Apple.
Their axiom is "Whatever Apple does is free from fault and good for the Apple customers. Zero exceptions.". The rest is just simple mental gymnastics to work reality around that one axiom. (ref. "You're holding it wrong" with that particular iPhone model)
Why is it one or the other? The purpose of th enclave is the same as TPM, provide a means to take a really long and secure passphrase with you on the road. There's no reason why you can't back it up anyway.
Take bit-locker for instance. Data is stored in the TPM to access the drive. Howerver if the drive is ultimately separated from the PC I can use a 48 digit recovery key to access that data. Since the use of the actual key to get past the encryption is rare that key doesn't need to physically be with me at any time and can at home, or in a safety deposit box, or with a trusted 3rd party, or if you really hate yourself back it up on the cloud and tie it to your MS account.
Except it doesn't need to be implemented in that way. While hardware is tied to the TPM for all normal purposes recovery keys offer a solution should that additional hardware fail. As a person never normally needs access to the key in question they also don't need to remember it or carry it with them.
TPM and secure enclave is just a storage mechanism. There's no reason that can't be backed up on a piece of paper and stuck in a safety deposit box somewhere. Or if you're Microsoft, convince your users to upload the key to the cloud and tie it to their Windows account presumably so the NSA can see what porn you like.
No professional in his or her right might
If the professionals are so mighty then they probably work around it. :-)
Jokes aside, you are making a lot of assumptions about said professionals. On the one side my laptop's TPM based encrytion has a recovery key should I need to extract the HDD from the case using a hacksaw. But on the other hand data loss in the age of the cloud? Seconds after I hit the save button my stuff is backed up. The kind of professional work I do permits this. I wouldn't attempt to recover the data on my drive if my computer fails.
There are of course professionals whose work doesn't permit this, the airplane coder who never has internet, the photographer / video producer who can't cloud backup a 200GB file every time he makes a change, etc. But for a large number of "professionals" the idea of losing data since last backup is a thing of the past.
I still backup by the way, but put a bullet through my PC right now and I won't need that backup. All I'll lose is this typed message. If on the other hand my cloud provider* fails then that backup may be more important and I may lose up to one weeks worth of work.
*Not a 3rd party :)
The article spells out the actual cause of the issue: hardware encryption.
The use of hardware encprytion does not preclude the ability to impliment a software recovery solution. Secure enclave, TPM, whatever hardware you want to use ultimately the user should have the ability to backup the key used. Normalising shitty implimentations from Apple and Android does not make it good.
Why are you carrying an internal HDD with you and why is your laptop empty? What are you hiding? Please step into this room.
Considering that this "Apple Craze" has been going on for more than 40 years, I kind of doubt it.
Ummm, just no. The iPhone came out in '07 and that's probably the start of the craze. If you want I'll be kind and give you '01 for the pod but before that apple were very much a niche computer company that arty types raved on about but no one else really gave a shit. So, less than half that at best.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Macs just work remember. So it doesn't matter if they are unable to recover in event of a failure, it's never going to fail. Right.....right?
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Current year argument.
It's a complex mess.
My anecdote is that I have a 2014 T430 and it has both a white list of PCIe WiFi modules as well as a white list of M.2 drives. However, the SATA slot is not restricted, and I use an adapter caddy in the DVD slot and have no problem using a range of HDDs in there.
What this model does do is white list the battery. Only authorized Lenovo batteries will run in the thing. I was so disgusted with this behavior that it's almost enough to put me off Lenovo for good. However, in this instance I was able to follow some amazing online instructions to patch the firmware so that 3rd party batteries are allowed.
Don't bring irrelevant "greenie" concerns into this, the servers of the internet are 95% the hit on the environment, not laptops.
Just out of interest, are all of your opinions on the environment based on shit you just made up in your head because you're a bit of a lazy cunt?
BTW, and I know this is off topic, can anyone recommend a good Ryzen laptop?
"No professional in his or her right might should seriously consider a laptop in which a logic board failure results in the loss of access to storage."
Really? Grow up.
Right on, my young friend
This could be done relatively easily with a microcontroller. Get one with secure storage, many ARMs have it. The standard motherboard TPM interface is LPC, but if you wrote a suitable driver you could use USB.
TPM actually provides a number of hash and encryption functions, as well as secure storage, scratch storage and a random number generator.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It seems that people do not understand trade-offs.
Thin systems are popular at the expense of ports, expandability and repairability. However they are small, portable and easy to bring with you. So you have a computer at hand most of the time.
At work. The managers and the ones to go to meetings have the smaller thinner ThinkPads while I have bulky larger T series. When at a meeting my status as Not-A-Manager is shown when I walk in and pop open a 17" Display.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
So why not just provide a second header that allows you to talk to the T2 chip and authenticate with it when the rest of the laptop is dead?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I mean, that's meant to be a feature. Even if the drive was removable, it would still be encrypted and wouldn't do you a damn bit of good.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Well irrespective of what machine you buy, if the drive fails your data could be irrecoverable... There's no excuse not to have backups if you are even remotely concerned about the data.
Apple actually make it much easier than most to do regularly backups.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Oh, just a motherboard? Is there a good reason for Apple to call it by a different name than everyone else?
Which is great, but doesnt help you if the drive itself is what failed.
Always have backups!
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Allowing unattended boot of the OS (ie without entering a passphrase) opens up attack avenues...
The key is there, you just need to know how to recover it. At a worst case you could simply leave the laptop somewhere until a new remote root is found, then boot it up connected to a network and compromise it.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Having a removable drive is a benefit for many reasons, being able to upgrade, take out for wiping/destruction etc...
But the idea of the motherboard failing while the drive remains intact is a relatively minor concern. Of all the hardware i've had over the past few years, drives have failed the most often which means a failed drive kills the whole machine.
If the drive fails you won't get your data back no matter what state the motherboard is in...
There really is no excuse for not having backups, and Apple actually make it very easy to perform regular backups and encourage users to do so. I don't believe either windows or linux provide such a simple integrated backup option as apple do.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
> Right, the important thing is to buy a reputable product like a Thinkpad.
Even then-- if you buy the Thinkpad X1 ultrabook, you end up with a socketed NVME drive.... but if you buy the Thinkpad X1 convertible laptop, you end up with soldered-down storage.
You make a backup before you go on vacation, how much *new* data do you generate during vacation? Maybe a few gigabytes of holiday photos? You store these on the memory cards used by your camera and maybe make a backup to your laptop... Most hotels also provide internet access so you can upload your photos somewhere.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days
. No. Stop right there. This is not the norm in any laptop from any manufacturer. I challenge you to name me a single laptop vendor who is soldering the NVMe drive to the motherboard rather than using the industry-standard m.2 slot. You can't because there's aren't any
I have experienced multiple NVMe disk failures on laptops I manage, I have also experience board failures of systems using NVMe disks. In the first case, it is a negligible repair taking minutes, in the second case, equally easy to pop out the drive, mount it in a PCIe bridge card, and grab the data off.
Stop trying to normalize this latest instance of apple's short-sided thinking, which appears to be driven by only one "long term" goal, that is to say replacement of hardware with new garbage the second it dies even a minute out of warranty.
The fact that you try to reduce this down to a "huhr duhr poer users need backups" argument is preposterous.
This. Whilst important data needs backing up, we shall not deny this... the majority of what I have on my personal laptop is far from vital. A lot of it is nice to have, but not vital. However I like the fact that should my laptop fail I can recover saved games or moderately useful things simply pop open the bottom via the removal of 8 screws and the SSD requires one further screw to be removed and the SSD can be plugged into a caddy or my desktop (as I don't have n m.2 caddy).
This kind of thing is important if you've got a fleet of laptops and lets face it, the best of end users are lazy with saving/copying to shared drives, so swapping out the HDD is a godsend for the tech. For personal use, I like being able to upgrade my hard drive. Sure my Asus K501U came with a 512 GB SSD, but who's to say when a 1TB SSD will get under £100 and then it will be cost effective to upgrade.
Calling someone a "hater" only means you can not rationally rebut their argument.
I know someone who won the lottery, and someone else who has run a business for 30 years still running Novell Netware 3.1. Anecdotal evidence is worthless. It doesn't matter if one person has used a product for a decade... it is about the people where the product breaks and is not trustworthy. Time Machine has its use, but if one values their data, they use a secondary backup mechanism.
The old internal HDD is safely at home (obviously), and the laptop is empty because it recently experienced a drive failure and needed to be re-formatted :D Lie, lie, lie, lie, lie, lie, like Paul Simon in the Boxer.
But knowing apple the tech is stolen from some other company.
Wait, the old harddrive is at home? What kind of a solution is that? At the very least have it mailed to your destination. Otherwise why go to all the effort?
Nothing but lies and bullshit from good old Timmy
I don't know if one can call Surface a major player -- their market seems to be style-conscious people too poor to afford Apple, not serious-minded users.
I've weathered a lot of criticism for my Surface but this was the first insult that hit close to home and really stung. Ouch.
Those claiming Apple isn't as evil as, say, Google, make said claim because they're not in the business of looking at your data.
Apparently they're also trying their damnedest to ensure you can't either.
I was referring to the cost of data recovery if the logic board fails.
I agree that the T2 probably isn't all that expensive.
Oh, sorry. I (obviously) misunderstood...
I think that their will be 2 "paths" to data recovery (3, if you count a Time Machine backup)
1. Logic board is failed in some way; but is "up" enough to put the sick computer in "Target Disk Mode"
2. Logic board non-responsive.
In the case of #1, then a savvy User or Apple Genius (yeah, I hate the term, too!), can hook up a temporary (or permanent) Thunderbolt-Equipped Mac to be the Target of the sick computer's data, and then use the macOS "Migration Assistant" to initiate the Transfer. Then that computer can be attached to an external Drive and Time Machine used to store the data while the sick computer is repaired (and then the "Temporary Storage" computer's original Data can be Restored from ITs Time Machine Backup. When that is complete, the Time Machine backup Drive can be hooked up to the repaired computer, and Migration Assistant can be used to Restore the SDD contents. Not spectacularly efficient; but it should work.
In the case of #2, without a Time Machine backup, you're hosed. Just like anyone would be with a catastrophic disk failure and no backup. Let's face it: If your house gets hit by lightning and your computer is hooked up to ANYTHING, it's probably ALL toast. That's why doing a periodic (weekly/monthly?) backup of the Time Machine Drive to a removable drive (that is stored elsewhere when not actively engaged in the "backup of the backup") is essential for critical applications. Or, forego the use of Time Machine in favor of a conventional GFS type backup, with rotating media (raw HDDs and a USB/TB Sled). Or, you can simply disconnect your Time Machine Drive most of the time, and only hook it up nightly/weekly, and it will "catch up".
Here are some other suggestions for Mac Backup strategies. I kind of like the one using periodic Time Machine backups, along with continuous Cloud-based BackBlaze backup. for $5/mo for Unlimited, encrypted storage, BackBlaze sounds like a pretty good deal. And I like the idea that you can have your data mailed to you on a USB key or a 4 TB drive if you're in a hurry to Recover. Normally I don't like Cloud solutions; but this seems like a pretty solid system:
https://business.tutsplus.com/...
Considering that this "Apple Craze" has been going on for more than 40 years, I kind of doubt it.
Ummm, just no. The iPhone came out in '07 and that's probably the start of the craze. If you want I'll be kind and give you '01 for the pod but before that apple were very much a niche computer company that arty types raved on about but no one else really gave a shit. So, less than half that at best.
It all depends on what the definition of "Craze" is, now doesn't it?
For me, the start of the Apple Craze began in May, 1976, when I first laid-hands on my Apple 1. It was the first computer I ever touched, and like a Duck imprinting on a bicycle-pump as its Mother (don't judge!), I was hooked. Of course I have used many other computers (using a W7 laptop at work to type this); but, unless there was absolutely no other choice, I don't think I would actually OWN anything but an Apple computer. I would call that a "craze". (Yes, I know, or just "crazy").
Apple laptops have had optional full-disk encryption for seven years, and optional home directory encryption for fifteen years. Moreover, full-disk encryption has been automatic for four years. In no way should you interpret my comments to in any way imply that full-disk encryption itself is inherently risky. It is only the new implementation of FDE that is poorly designed.
In previous hardware iterations, you could copy the underlying encrypted data to an external hard drive using a specially designed cable attached to another computer. When the user attaches that external hard drive to a new machine, the computer's built-in firmware would ask the user for the password to unencrypt the disk. If he or she knows that password and types it in, the new computer would then be able to retrieve data from that copy just as easily as the original computer could retrieve it from the original flash drive.
Similarly, historically, if you didn't know the password, but printed out a copy of the recovery key, you could use that to decrypt your data.
What changed (reportedly) is that instead of using a pure software-based encryption scheme, they moved to a hardware-accelerated scheme, and instead of having the user be in complete control over the crypto key used, they began using a key that is burned into ROM on a chip on the motherboard for part (hopefully not all?) of the encryption. The result is that even if you copy the contents of the flash silicon to a new machine, that unchangeable hardware key cannot be retrieved (without uncapping the chip and using an electron microscope). Thus, even if you have the password or a recovery key, it is still not possible to decrypt the data without the chip from the original machine.
That is the flaw. Ostensibly, this reduces the risk of someone copying the encrypted data to another machine and then trying to brute-force your password, but in practice, this is a level of sophistication beyond all but the most targeted attacks. The overwhelming majority of people outside the corporate world would rather have the ability to recover their data in the event of a non-storage failure of their computer, rather than have that small bit of additional protection against attacks by CIA-level operatives. That's why that extra level of protection should be an extra checkbox that the user has to check when turning on the machine. Otherwise, it should use normal (but hardware-accelerated) FDE using a key that is entirely under the user's control, with the option of a recovery key, the ability to decrypt a copy of the disk, etc.
Enabling FDE does, of course, present a slightly greater risk of data loss, but that risk is largely mitigated by the fact that unless it gets struck by lightning and the hardware melts down, you can always copy the encrypted data to a new disk and then decrypt the data if you have the password or the (optional) recovery key. Enabling FDE with a fixed hardware key presents an unmitigated risk of data loss, which is what makes it almost always a bad idea unless you have reasonable cause to be afraid of men in black stealing your laptop, cloning it, and returning it without you noticing, then using billions of dollars worth of hardware to try to crack its encryption. And if you're really worried about that, you're either very, very important or very, very nuts.
Check out my sci-fi/humor trilogy at PatriotsBooks.
So don't say "Time Machine works" unless you can guarantee that it always works 100% of the time. I do use Time Machine, but I also know people who have lost data because Time Machine didn't work for them.
And so on. There are countless tales of woe from people who lost countless hours of work because they relied exclusively on Time Machine for their backups. That's why most people familiar with Time Machine recommend regularly performing a second set of backups with some entirely different mechanism, such as online backups with CrashPlan or regular cloning with Carbon Copy Cloner. Given how unlikely it is that people will religiously do the latter, that basically leaves the former. As far as I'm concerned, regular online backups are absolutely mandatory with these new systems if your data has any value to you at all. So in effect, owning these new Mac laptops just got more expensive by $120 per year for as long as you own the hardware.
Check out my sci-fi/humor trilogy at PatriotsBooks.
What part of "and this assumes that Time Machine is actually backing things up correctly and that no files on your backup drive have exhibited bit rot" did you not understand?
Check out my sci-fi/humor trilogy at PatriotsBooks.
Some of them are definitely the former, but you get my point. :-)
Check out my sci-fi/humor trilogy at PatriotsBooks.
What other tech company demonstrates such courage! /sarcasm
Jobs must be rolling over in his grave at the thought of the crap that Apple is pumping out now.
Nah! Everything's in the cloud. Giving the info to hackers and FBI is so much easier from the cloud! Why anyone would keep data locally is beyond reason.
There are stores in almost every town in America where you can take just about any other computer other than a Mac to be repaired with commonly available parts.
If the computer has a removable HDD and only the motherboard failed, one can take the computer to a third-party repair shop which will stick the drive in a "sled" and recover the data. (Even if encrypted, as long as the user knows the appropriate passphrases.)
The ideal is NOT to need a specially blessed authorized dealer to work on the damn things.
Reason why I shall NEVER buy an Apple product.
Why do you say "other than a Mac"?
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
So don't say "Time Machine works" unless you can guarantee that it always works 100% of the time. I do use Time Machine, but I also know people who have lost data because Time Machine didn't work for them.
And so on. There are countless tales of woe from people who lost countless hours of work because they relied exclusively on Time Machine for their backups. That's why most people familiar with Time Machine recommend regularly performing a second set of backups with some entirely different mechanism, such as online backups with CrashPlan or regular cloning with Carbon Copy Cloner. Given how unlikely it is that people will religiously do the latter, that basically leaves the former. As far as I'm concerned, regular online backups are absolutely mandatory with these new systems if your data has any value to you at all. So in effect, owning these new Mac laptops just got more expensive by $120 per year for as long as you own the hardware.
And if your house gets hit by lightning while your TM drive is powered-up, it really doesn't matter WHAT it has backed-up or not, does it? Does that make it "Not Work". Of course not.
As for the /Library or Open Files exclusions, I can't find any reference to that being the case. Is that perhaps old news?
Since you should be doing backups anyway, regardless of your computer platform or model, that $120 (which of course is just a snapshot of the cost of one particular backup service) is not at ALL specific to these models or even to Macs in general.
BTW, BackBlaze is only $5/mo (or $50/yr or $95/2 yr). for unlimited cloud-based backup. IMHO, that is a perfect adjunct to a TM backup, and being cloud-based (which normally I don't like), it is available virtually everywhere and everywhen. So, with something like that, we are talking about as little as $3.95/mo for always on, always available, CONTINUOUS backup (you can even retrieve versions of files for up to 30 days). If your data ain't worth the cost of a cup of Starbucks coffee per month, you simply don't care about it.
You never know until someone does the research and exposes them, such is the nature of proprietary products... The manufacturer is going to lie if it increases sales.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
I absolutely agree that backups are important, and that people should back up religiously. I also know that sometimes, bad things happen to good people, and that when people get really unlucky and they discover to their horror that their computer died, and that it mysteriously hadn't been backing up for the last two weeks, those folks are very grateful for that five cent connector inside the Mac that enables the Apple Genius to copy their data to an external hard drive, and won't be too happy with Apple for cheaping out on a five-cent connector.
Check out my sci-fi/humor trilogy at PatriotsBooks.
I absolutely agree that backups are important, and that people should back up religiously. I also know that sometimes, bad things happen to good people, and that when people get really unlucky and they discover to their horror that their computer died, and that it mysteriously hadn't been backing up for the last two weeks, those folks are very grateful for that five cent connector inside the Mac that enables the Apple Genius to copy their data to an external hard drive, and won't be too happy with Apple for cheaping out on a five-cent connector.
It wasn't a matter of Apple "Cheaping out". It was because the T2 chip's encryption made the connector useless.
And as I said elsewhere, if that is true, then they're doing crypto objectively wrong. If the user isn't in control over the key — if part of the key comes from hardware and cannot be changed — then there is no way for users to know whether other parties are in possession of the key that they cannot change. Unchangeable keys have no place in legitimate crypto, period.
And, of course, if the key is changeable, then it is incorrect to claim that the T2 chip's encryption makes the connector useless; rather, the way that they are choosing to use it makes it useless, which is not the same thing, and basically brings us back to a five cent connector and a few lines of code.
Check out my sci-fi/humor trilogy at PatriotsBooks.
So does buying another brand of computer.
Apple's "Pro" computers are no different than a $50 Android tablet - little more than a disposable toy.
You won’t be hearing a reply other than crickets from me. It’s a good criticism. It’s possible they have one and the teardown simply didn’t mention it, but I agree that it’d be quite an oversight if one was missing.
And as I said elsewhere, if that is true, then they're doing crypto objectively wrong. If the user isn't in control over the key — if part of the key comes from hardware and cannot be changed — then there is no way for users to know whether other parties are in possession of the key that they cannot change. Unchangeable keys have no place in legitimate crypto, period.
And, of course, if the key is changeable, then it is incorrect to claim that the T2 chip's encryption makes the connector useless; rather, the way that they are choosing to use it makes it useless, which is not the same thing, and basically brings us back to a five cent connector and a few lines of code.
Your argument conveniently ignores the fact that, if the logic board is working enough that the Mac can be placed inTarget Disk Mode, the data CAN be retrieved by someone with the user key. So Apple IS handling it exactly right.
Apple has been doing crypto for several years now, and has the whole on-device key thing down pretty well (ask anyone trying to get into an iPhone). The downside being that, if something happens to the device, no one can access the data, period.
Which brings us back to backups... ;-)
If it's important enough, board level repair might allow for target disk mode, IF parts and documentation were are available.
I'm not so sure what the use case is for the encryption being locked in the T2 though. If the user doesn't have to enter a password to get it to access the data, it might as well not encrypt. If the user does, why store a key in the T2?
I NEVER trust TPMs, especially soft ones. People forget that the only solution they were really pitched to solve were key escrow for the government, and software that could be locked to the device. Both as part of Microsoft's Palladium initiation (as a follow on to the Clipper Chip debacle of the 90s.) Most of this functionality got implemented in ARM chips first, for the Java BREW applications and then later in a more reprogrammable fashion as the ARM Trustzone and TPM/Intel ME initiatives.
None of these solutions make data safe or trustworthy for the end user, only the government and corporations who have access to the primary attestation keys and records of device serial numbers which can link back to it.
For another example of how wrong this is, go read up on Gemalto, the largest maker of cell phone SIM cards and how the NSA had access to keys that allowed them to break all sim card encryption for 10-15 years across the globe. Or the infineon encryption library used on smart/sim cards that had a NIST randomization flaw in it that reproducibly reseeded the key, lowering the entropy enough for the keys to be crackable with no more than a day or two of cpu time.
As a poster below was commenting, this will only be trustworthy with open source TPM modules and only if those modules are replaceable by the end user, signed by the end user, and controlled by the end user. Anything less and they are another method of control for the government or big business.
What would have been really helpful here is if the OP would have posted the *entire* article. Sheeple, please click through and read the whole thing and stop bitching and moaning. It's ridiculous.
If it's important enough, board level repair might allow for target disk mode, IF parts and documentation were are available.
I'm not so sure what the use case is for the encryption being locked in the T2 though. If the user doesn't have to enter a password to get it to access the data, it might as well not encrypt. If the user does, why store a key in the T2?
I agree with you on your first scenario.
And I don't know enough (like I pretty much no nothing about) the way Encryption/Decryption works with the T2 chip to know what the user has to do to gain access to the encrypted data, and how that keeps someone with physical access to the computer from just accessing the transparently-decrypted files. It's an interesting point. Perhaps some research... BRB.
Ok. Back.
From my 2 minutes of Research, it looks like the T2 chip protects the savvy/careful Mac user's data if the standard login/screensaver password system is used. It does not protect someone who leaves their desk with their Mac running without invoking their screensaver or sleep. However, storing the key in the T2 chip makes it far less likely to be discovered if the computer is stolen.
So, as far as encryption goes, it seems that the main advantages to a T2-equipped Mac over previous Macs are:
1. Transparent AES-256 Encryption with zero CPU intervention.
2. Effectively Always-On "FileVault".
3. Stolen Mac cannot even have its SSD desoldered and transferred to another Mac and data directly exfiltrated.
4. T2 Chip cannot be desoldered an transferred to another Mac, because, like with iOS's Secure Enclave, the T2 chip and Motherboard are paired at mfg. time.
5. Secure/Trusted Boot (see below)
The T2 chip also provides a verified (but 3-level switchable) "Trusted Boot" procedure (with the Default even requiring an Internet connection), so that nobody can stick the stolen Mac into Target Disk mode and either suck the data off nor modify the OS to break security, and it provides a pretty good solution.
But yeah, if you leave your T2-equipped MacBook Pro in "Automatic Login" mode, then someone who steals your laptop somewhat has the keys to the kingdom, so to speak...
They would be better off (and make data recovery more likely) if the user provides the T2 with a boot pasphrase. The AES key is the sha2 hash of the passphrase.
That plus a socketed SSD provides the same security but now you can recover from a failed logic board.
You are necessarily no worse off with that since you should have a backup encrypted with a key known to you anyway.
Even better is a randomly generated working key encrypted with the sha2 hash of a passphrase. Then you can have multiple passphrases that can be individually revoked or changed without re-encrypting the drive.
The only 'advantage' to the way it's being done now is that Apple and the *AA can make sure you can't choose to run your own modified OS that does what you want. The cost is that you may lose your ability to recover your own data.
I thought the market for Surface was style-conscious Linux users who have a lot of money but are don't want to be associated with Apple's brand?
They would be better off (and make data recovery more likely) if the user provides the T2 with a boot pasphrase. The AES key is the sha2 hash of the passphrase.
That plus a socketed SSD provides the same security but now you can recover from a failed logic board.
...and someone else can trivially pull the drive and work on decryption to their heart's content. They can even copy the encrypted data off the SSD, return it to the computer, and work on decryption after telling the owner that they "Found their computer"...
You are necessarily no worse off with that since you should have a backup encrypted with a key known to you anyway.
Yes you are. Significantly worse. See above.
Even better is a randomly generated working key encrypted with the sha2 hash of a passphrase. Then you can have multiple passphrases that can be individually revoked or changed without re-encrypting the drive.
The only 'advantage' to the way it's being done now is that Apple and the *AA can make sure you can't choose to run your own modified OS that does what you want. The cost is that you may lose your ability to recover your own data.
Remember that I said that the Secure Boot has 3 settings? One of them is "Off". So you can run the Super Happy Joy Ultra Best Linux Distro all you want!
Try again.
.
...and someone else can trivially pull the drive and work on decryption to their heart's content. They can even copy the encrypted data off the SSD, return it to the computer, and work on decryption after telling the owner that they "Found their computer"...
They can do that now.
Remember that I said that the Secure Boot has 3 settings? One of them is "Off". So you can run the Super Happy Joy Ultra Best Linux Distro all you want!
Until critical update 6573563 turns that option off.
Even if that update never comes, you're still better off with the scheme I laid out that offers the ability to recover data if the logic board fails and has no downside for you.
Remember that I said that the Secure Boot has 3 settings? One of them is "Off". So you can run the Super Happy Joy Ultra Best Linux Distro all you want!
Until critical update 6573563 turns that option off.
HOW long have people been handwringing about that EXACT same thing with GateKeeper?
Apple doesn't work that way.
As I said, even if that never happens, you're still better off with the schema I laid out and there is no down side.
As I said, even if that never happens, you're still better off with the schema I laid out and there is no down side.
Really?
I effectively listed 5 downsides (as the 5 upsides of using the T2 chip) in my earlier Post. You just chose to dismiss them.
https://slashdot.org/comments....
You apparently mis-understood. Keep the T2, but tell it the key rather than having it hold the one and only copy. All 5 of the things you mention remain in force but if the logic board fails you can still have your data back by remembering your passphrase. Also you can have the full security and share access with someone else while retaining the ability to revoke that access later.
Hardware accelerated encryption is a good thing - hardware dependant encryption where decryption can only be done on the system that encrypted the data is not a good thing for vast majority of users. Almost every encryption system allows you to backup your encryption keys and use them to recover data - as a consumer this is a reasonable expectation. Unfortunately Companies somehow have come to believe that the owner no longer has rights to their data - and apple is the worst of the lot here.
Linkedin http://in.linkedin.com/in/robinsaikatchatterjee
Uh, then why do you think you're a "cool kid?"
Right, the important thing is to buy a reputable product like a Thinkpad. It isn't enough to just avoid one brand known for repair-unfriendly products.
Errm. Yeah. Right. If a machines needs repairs from the start. it better be repairable easy. Especially, when one repair will not be enough.
Of course news about a fake are Fake News.
> Right, the important thing is to buy a reputable product like a Thinkpad.
Even then-- if you buy the Thinkpad X1 ultrabook, you end up with a socketed NVME drive.... but if you buy the Thinkpad X1 convertible laptop, you end up with soldered-down storage.
And that's just the tip of the iceberg..