Week 4.mr. Mac's Virtual Existence

It slowly became clear that one day Apple’s processors would come for Intel.

As Apple’s skill in building chips for the iPhone and iPad became increasingly apparent, Intel struggled. Doubts about Apple’s mobile chips being powerful enough for a traditional computer like the Mac eroded with each new generation. New Intel chips were often delayed and offered only small improvements over previous generations.

Later that day I wrote about problems with Synergy and they were already addressing it in their latest upgrade. (this one.) Virtual Desktop support is excellent, responsive, fast, thorough! I have 32 virtual desktops set up (OK seldom use more than 8-10 at any time). “Rosetta 2 is mostly there to minimize the impact on end-users and their experience when they buy a new Mac with Apple Silicon,” says Angela Yu, founder of the software-development school App. For people with the black screen problem or Guro Meditation error, change operating system version from macOS 10.13 High Sierra (64-bit) or macOS 10.12 Sierra (64-bit) to just the Mac OS X (64-bit) and If didn’t work then settle the Video Memory Size to 128 MB from Virtual machine settings. It should work this time without any issue because.

In October 2018, it became clear that it was only a matter of time before Apple made the move. The company announced a new iPad Pro, powered by Apple’s eight-core A12X processor, and made the claim that it was “faster than 92 percent of all portable PCs sold between June 2017 and June 2018.” Apple was now directly comparing its chips to Intel’s, and declaring itself the victor.

Two years later, it’s finally happened. Apple has released the first three Mac models that are powered by an Apple-designed system on a chip. The decision to abandon Intel, seemingly risky when we all first contemplated it a few years ago, has become blindingly obvious in hindsight.

These new relatively low-end Mac models, all powered by the M1 chip, are faster than all but the very highest-end Intel Macs. The laptops offer a huge leap in battery life over their predecessors. By almost every measure, the move to Apple silicon is the biggest leap forward in Mac hardware in at least a decade.

The low end goes high

Week 4.mr. Mac's Virtual Existence Reality

The first three Macs powered by the M1 chip1 are filling slots at the low end of the Mac product line: The company’s cheapest and lowest-priced laptop, the MacBook Air; the lowest-end of three MacBook Pro models, the two-port 13-inch MacBook Pro; and the cheapest Mac, the Mac mini. (Note that Apple still sells a high-end Intel Mac mini, and the four-port Intel-based 13-inch MacBook Pro—an even stronger signal that the new models aren’t intended to fill every ecological niche.)

It’s all too easy to overlook the fact that these are low-end models, given how fast they are. But this is just Apple’s first step in what the company says is a two-year-long transition. The M1 chip, which appears to be a next-generation riff on the A12X processor in that 2018 iPad Pro, has a bunch of limitations that will undoubtedly not exist on future Apple-designed Mac processors: It only supports two Thunderbolt ports and up to 16GB of RAM. It has no support for external GPUs or discrete graphics of any kind. It can drive a maximum of two displays. It is, by every definition, a low-end chip, the slowest and least capable Mac chip Apple will ever make.

And yet…

Based on my testing, it’s also safe to say that all three M1-based Macs, these low-end systems at the bottom of Apple’s price lists, are among the fastest Macs ever made.

Like most of Apple’s recent processors, the M1 is powered by two banks of processor cores—four that are designed for maximum performance, and four that are designed to operate efficiently at low power. (Yes, this means that even the lowly $999 MacBook Air is now powered by an eight-core processor.) Apple claims that one M1 performance core is the fastest single processor core ever, and its performance in a Geekbench 5 single-processor test seems to bear that out.

But of course, for maximum performance, you need to spread the work over multiple cores, and the M1 does that. When it doesn’t need to burn battery, it’ll do work on the “efficiency” cores, which Apple claims provide performance at the same level as the $999 early 2020 MacBook Air all on their own. When more power is required, those four “performance” cores are called into action, and the M1 blasts its way past all but the highest-end Intel Macs.

To be clear, all three of these M1-based Macs are faster than every currently shipping Mac except for the Mac Pro, the iMac Pro, and the very highest-end configurations of the 5K iMac—the 8- and 10-core i9 configurations released earlier this year and the 8-core i9 model released last year.

And yes, they’re fast at everything I could throw at it. Having heard from developers who were wondering if these Macs would speed up compiling their apps using Xcode, I tested an Xcode Archive and all three models beat my eight-core iMac Pro and were almost twice as fast at the task as a 2020 four-port 13-inch MacBook Pro with an i7 processor.

I was also able to edit this week’s “20 Macs for 2020” video in 4K using the new Universal version (meaning it runs natively on either Intel or Apple processors) of Final Cut Pro—and I did it with the display settings set to the highest quality, using the 4K files directly. There was no pausing, nor any sluggishness. Compare this to my iMac Pro, where I have to cut quality and edit from low-resolution proxy media in order to have a smooth 4K editing workflow.

Basically, the $5000 iMac Pro I bought three years ago has been humbled by a $999 MacBook Air and a $699 Mac mini. This is real life. This is where we are now.

The battery story

If there’s anything we knew about Apple’s chip architecture, it’s that it was created in the crucible of the competitive smartphone industry—and so power efficiency would be at the heart of every decision Apple made. Apple refers to this as optimizing for performance per watt, indicating its desire to create chips that do work, but do it at a very low amount of energy usage. And I’d wager that even Apple’s “performance” cores each consume watts in the single digits. These are powerful chips, but they come from an engineering team bent on saving energy at every turn.

Which is a long way of saying that while how powerful a Mac running on an Apple-designed processor was a bit of a question, it was always clear that battery life should be spectacular. And it is. Apple claims the MacBook Pro can survive for 17 hours of web browsing or 20 hours of playing movies back via the Apple TV app. The MacBook Air, which has a somewhat smaller battery capacity, is rated at 15 and 18 hours for the same functions.

I ran both laptops from full to empty while streaming video constantly in Safari, and while the numbers don’t reflect the optimal conditions of Apple’s tests, they’re still pretty impressive. The MacBook Air lasted for nine and a half hours, and the MacBook Pro for slightly more than 13 hours. (The Mac mini doesn’t have a battery, obviously, but I’d wager that it uses a lot less energy than its predecessors.)

However, it’s important to note that battery life is entirely dependent on the kind of work you’re doing. If you’re stressing out all four of the M1’s performance cores doing Xcode builds or video encodes, you’re going to kill the battery a lot faster than if you’re writing a novel in Scrivener. But in spending a few days with these laptops, it’s clear that while your mileage may vary, these laptops will get far better mileage than any previous Apple laptop.

Feels like a Mac

All the improvements to speed and battery life in the world won’t matter if these three devices don’t feel like Macs. And they absolutely do. I’d wager that most casual buyers of Mac laptops will never notice the fact that the computer they just bought is running on an Apple-designed ARM chip instead of a traditional Intel processor.

That’s largely thanks to two factors: Apple’s complete control of the Mac’s software-development system, which means that pretty much every developer is a few steps away from recompiling their software to run natively on Apple’s processors; and Rosetta 2, a system of translating Intel-based apps so that they still run well. (Geekbench 5 run via Rosetta showed scores that were about 80 percent of native code—which was still faster than 2020 Intel-based laptops.)

In my experience, Rosetta 2 works quite well. The first time you attempt to run an Intel-based app, macOS Big Sur will ask you to install Rosetta 2. That’s it. Though apps running via Rosetta will certainly not run as fast as apps running natively, they’re aided by the very large speed boost of the M1 itself, and also by the fact that the frameworks used by many apps have been updated by Apple to run natively. That means some non-native apps, most notably games using Apple’s Metal graphics framework, may end up executing a lot more native code than you might expect.

For certain very specific use cases, however, there will be weird side effects of the move to Apple silicon. While Apple says that virtualization is supported on the M1, there’s no story about Windows virtualization as yet—so if your Mac needs to also run Windows, that’s a showstopper. Also, if you rely on building or installing command-line software using tools like Homebrew, you should know that it’s early days and you shouldn’t expect them to work properly for a little while. (That said, I copied over a couple of command-line utilities I use all the time, and Rosetta 2 did what it needed to do to allow them to run just fine, even though they were compiled for Intel processors.)

Week 4.mr. Mac's Virtual Existence Key

Same old, same new

Week 4.mr. mac

Beyond the major upgrade in terms of performance and battery, these three new Mac models are remarkably familiar—and similar to one another.

The M1 is the great equalizer. With the exception of one minor variation, the chip inside all three models is exactly the same—and performs like it. There don’t seem to be any variations in clock speed across models, and as a potential buyer you can’t opt for a faster chip if you want to spend more. There’s one M1, and all these systems perform nearly identically. The only major variable is memory—you can choose 8 GB or 16 GB, and since the memory is integrated into the chip, there’s no opportunity to change your mind later.

The two laptop models are dead ringers for their predecessors. An exterior inspection wouldn’t reveal a single difference between the MacBook Air and its Retina predecessors or the MacBook Pro and the previous low-end two-port model with Touch Bar. (The laptops also share the same sad 720p webcam, which Apple claims has been improved by clever image signal processing on the M1 chip. But that’s making the best of a bad situation. It’s clear that Apple won’t improve the webcam on Mac laptops until it’s time for a full-fledged redesign.)

The MacBook Air is an outlier from the other two new Macs in that Apple is offering a slightly different chip configuration. If you buy the $999 base model, you’ll be getting an M1 with seven GPU cores, rather than eight. And as you might expect, that means that graphics performance on the low-end Air was about 13 percent (yep, one-eighth) slower than on the MacBook Pro and Mac mini. It’s a way for Apple to use M1 chips whose GPU cores couldn’t all pass muster. (You can still spec up the $999 Air with more storage and memory, if you like—taking the M1 with the slower GPU will save you $50.)

Perhaps most importantly, the MacBook Air doesn’t have a fan. I will admit, I had a hard time detecting fan noise from any of these M1 Macs, but I was able to run a few video encodes that made the MacBook Air heat up. In my experience, it’s generally easy to make MacBook Airs start loudly blowing a fan in a desperate attempt to cool themselves down. But this Air stayed quiet—and began heating up. In any task that requires sustained performance, the Air will eventually be forced to slow down the M1 processor in order to avoid overheating. That means that, fundamentally, the MacBook Pro will perform better at sustained tasks—and that’s what makes it a MacBook Pro.

But we may need to redefine what it means to be a pro-level task. I could already edit multi-stream podcast audio on an 11-inch MacBook Air from the early 2010s. The M1-based MacBook Air can handle some spectacularly difficult tasks without blinking—but it might get warm after a while, and if you want the absolute highest performance in a Mac laptop today, the MacBook Pro’s a better choice.

The Mac mini also has a few quirks, owing at least in part to the fact that it’s a desktop computer, not a laptop. First, it’s worth noting how the Mac mini isn’t quite a dead ringer for its predecessor model. It’s silver, and not space gray—perhaps indicating that it’s no longer in the realm of the pro-level Mac? In fact, Apple’s still selling the Intel-based space gray Mac mini, probably because it supports up to 64 GB of RAM and offers four Thunderbolt ports. In contrast, as with all these systems, this Mac mini only has two of those ports.

However, the Mac mini does have ports the laptops don’t offer—namely two USB-A ports, an HDMI port, and a Gigabit Ethernet port. And while the M1 can only support two monitors, the Mac mini doesn’t come with one built in—so you can attach an external monitor via Thunderbolt and then, if you wish, a second one via the HDMI port.

iOS apps on Mac—sometimes

Though macOS Big Sur on M1-based Macs is essentially identical to macOS Big Sur on Intel Macs, there’s one major feature that’s only available on Apple silicon: the ability to run iOS apps, straight out of the app store.

Here’s how that works. In the App Store app, if you search for apps you’ll see that by default your search is being done with the Mac Apps option toggled. Click on iPhone & iPad Apps and you’ll suddenly see apps from the other side of the App Store. You can buy them, download them, and run them just as you would other apps. If you click on your account in the lower right corner of the App Store window, you’ll see that you can also display purchased apps from either Mac or iPhone & iPad.

But there are a bunch of limitations. App developers can opt their iOS apps out of being visible on the Mac, and many have done just that. Want to watch videos in the Netflix app rather than a browser tab? Too bad—Netflix isn’t available, nor are most other video streaming services. Many productivity apps are missing, too. In fact, over the days that I was working on this review, I found more iOS apps disappearing from the store.

Week 4.mr. Mac's Virtual Existence Items

I’m not entirely sure for the reason for developers opting out of letting their iOS apps run on the Mac, but I’d wager they’re some combination of quality control, wanting their users to use an existing Mac app or web interface, and (for video providers) fears over security or piracy.

Week 4.mr. Mac

Having used a bunch of these apps, I can understand some of these concerns. The real question is, will they be addressed in due time or will the Mac version of the iOS App Store remain a bit scattershot?

The experience of using iOS apps on a Mac doesn’t feel as foreign as you might think. Every app shows up in the Applications folder (it’s actually a package file containing an iOS app package and a couple of metadata files), and when you open them they show up in the dock. They run in a single window, and there’s a set of commands in the menu bar—but they’re all basically useless. I was happy to see that apps that support keyboard shortcuts on the iPad still support those shortcuts on the Mac, even though they’re not reflected anywhere in the menu bar.

There are quirks, however. When I launched Flip Flop Solitaire, it displayed in vertical orientation, and was so tall that a key part of the window was parked under the Dock. It turns out that clicking the green “full screen” stoplight icon in the app window forced Flip Flop into horizontal orientation, solving the problem—but I have no idea why that behavior is tied to that button.

The HBO Max app, one of the few video apps on the store and one highlighted by Apple, would only play video in a single, non-resizable window. The full screen button did nothing. I couldn’t send it to Picture in Picture. Maybe this explains why other video providers prevented their apps from being accessible on the Mac. (The MLB app, always an iOS exemplar, did allow me to play video in full screen and send it to Picture in Picture. More like this, please!)

There are some encouraging signs, though. I was able to launch Marco Arment’s podcast app, Overcast, and use it without any trouble. I could even resize the window to be pretty much any size I wished. I also downloaded my favorite Twitter client, Twitterrific, and found that it was pretty usable, and was an improvement on the existing Mac version in some ways. (The Iconfactory removed it from the store after I downloaded it, alas.)

In the end, it’s a net plus that some iOS apps will run on these new Macs. But I suspect it will take a while—a few months, or maybe even longer—for this whole story to play out. My guess is that many developers will want to do a little work to make their apps run a little bit better on the Mac. And Apple offers a pathway for that approach, via Catalyst. Maybe it’s a little counterintuitive, but I wonder if the ability to run iOS apps unmodified on macOS might be what motivates developers to do the extra work with Catalyst to make them more Mac-like.

But if nothing else, there are a bunch of fun iOS games that now run on the Mac. (There’s even an alternate mode you can use on games, Touch Alternatives, that emulates touch input via tap, swipe, and drag gestures, plus the ability to hold down the Option key to initiate “virtual multitouch” on the trackpad.)

It’s the start of… something? Maybe something good. But make no mistake, these are Macs, not iPads. You won’t be bringing over your entire iPad workflow tomorrow and installing it on your Mac.

The beginning

Apple doesn’t embark upon processor transitions lightly. This is the Mac’s third in 36 years of existence. But it’s clear to see from this first step that the Mac had to leave Intel behind.

These first Macs to run on the M1 chip are low-end models, to be sure, but somehow the M1 chip still manages to run faster and more efficiently than any Intel chip to ever appear in a Mac laptop. They are recognizably Macs, both in terms of their hardware design and in terms of how familiarly they run macOS—including Intel-based apps running via Rosetta.

Still, they’re not for everyone. Apple will undoubtedly eclipse the M1 with new Macs that are even faster and still more capable as the transition away from Intel continues through 2022. These may be among the fastest Macs ever made right now, but they won’t be for long. Apple’s got more in store for the Mac in the near future.

But almost anyone who buys one of these Macs will be getting a computer that’s faster than the Mac they currently own, and with better battery life than any Mac laptop they might have used. Even my iMac Pro is looking old and slow compared to these M1-based computers.

Virtual

This is one of the biggest transformations in the history of the Mac, and Apple has made it happen so smoothly as to be almost… boring? But one person’s boring is one person’s comforting. Transitions are best when they are seamless, and this one feels pretty close to that.

Apple has taken the benefits of its success in the iPhone and iPad and invested them back in the Mac. And the result isn’t a weird half-Mac, half-iOS beast — it’s a bunch of familiar Macs that are just better than they’ve ever been before. It’s a neat trick, and Apple has pulled it off.

  1. Go to About This Mac under the Apple menu and you’ll see it referred to as a “chip,” not a “processor” like on Intel Macs. Presumably because the M1 is a system on a chip, with more duties than a plain old processor. ↩

If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.

There’s a VMWare problem that’s being exploited in the wild, according to the NSA (PDF). The vulnerability is a command injection on an administrative console. The web host backing this console is apparently running as root, as the vulnerability allows executing “commands with unrestricted privileges on the underlying operating system.”

The wrinkle that makes this interesting is that VMWare learned about this vuln from the NSA, which seems to indicate that it was a zero-day being used by a foreign state. The compromise chain they list is also oddly specific, making me suspect that it is a sanitized account of observed attacks.

Week 4.mr. Mac's Virtual Existence Date

Microsoft Teams, And the Non-CVE

[Oskars Vegeris] found a pair of interesting problems in the Microsoft Teams client, which together allows an interactionless, wormable RCE. The first vuln is an XSS problem, where a message containing a “mention” can be modified in transit to include arbitrary Javascript. To get that JS past the XSS protection filter, a unicode NULL byte is included in the payload. The second vuln is using the built-in file download code in the Teams app to download and auto-run a binary. Put together, anyone who simply loads the message in their Teams app runs the code.

Vegeris points out that since so many users have a presence in multiple rooms, it would be trivial to use this exploit to build a worm that could infect the majority of Teams users worldwide. The bug was reported privately to Microsoft and fixed back in October. A wormable RCE in a widely used tool seems like a big deal, and should net a high CVE score, right? Microsoft gave two ratings for this attack chain, for the two versions of Teams that it can affect. For the Office365 client, it’s “Important, Spoofing”, which is about as unimportant as a bug can be. The desktop app, at least, was rated “critical” for an RCE. The reason for that seems to be that the sandbox escape only works on the standalone desktop app.

But no CVE was issued for the exploit chain. In the security community, collecting CVEs is an important proof of work for your resume. Microsoft replied that they don’t issue CVEs for products that get updated automatically without user interaction. Kerfuffle ensued.

Fuzzing with Atheris

Google released Atheris, a new open-source fuzzing tool, specifically written for Python programs. Fuzzing is the process of running a program or library with generated input, usually input that would be considered malformed, and tracking what happens. Many vulnerabilities have been found and fixed this way in recent years. Atheris is a coverage-guided fuzzer, meaning it keeps track of which lines of code are executed in each iteration, and tries to maximize the lines covered.

The announcement post points out a fascinating use case for Atheris — testing two implementations of a library for bug-for-bug compatibility. An example might be a JSON parser written in Python, compared to a browser’s version. You would set up a test run that started with valid JSON, and then transforms that input slightly for each iteration. Run the same input through both implementations, and then compare the outputs.

Not to be outdone, Intel also just announced a bug-finding tool, ControlFlag. This tool operates on a very different principle, using machine learning to find anomalies in written source code. I wish I could tell you the source is available to go play with, but it appears that this tool has been announced only, and not released for public use.

SSL Root Cert Abuse

Kazakhstan seems to be engaging in some strange security practices, likely intended to enable snooping on internet traffic. ISPs in the capital city are blocking access to Google, Twitter, and the like, until a government issued root certificate is installed and trusted in the connecting browser. The government is calling this a “training exercise”, but as the certificate is valid for 20 years, it seems like a blatant attempt to enable HTTPS MitM attacks against the public. Stories like this are a reminder of how important things like OCSP stapling and DNS Certification Authority Authorization are. Both of those protocol extensions are intended to protect users from fraudulent certificates that are issued by a trusted root certificate.

Trickbot Evolves and Gains a New Skill

Existence

The Trickbot malware platform is an all-in-one tool for stealing credentials, controlling bots, and installing ransomware. It seems a new trick is being added to the already-overflowing bag — firmware modification. The core library from RWEverything has been found in recent samples of Trickbot, and the malware has been observed doing recon against machine firmware. So far, no one has observed a malicious firmware write by Trickbot, but the capability is now there, and that’s worrying enough.