portrait picture

TIMO ZIMMERMANN

balancing software engineering & infosec

Beats Studio 3

posted on Thursday 4th of April 2019 in

When it comes to headphones there are exactly two things I really like – Sennheiser and AirPods. Sennheiser headphones served me well for as long as I can remember and the AirPods with the W1 chip provide some comfort switching between devices I do not want to miss anymore. I still decided to give the Beats Studio 3 a try since I am hearing more and more good things about them and it seemed like Apple stepped up and tried making headphones out of the low quality fashion brand.

I was planning to write about this for some time and now Linus published a review of four premium consumer headphones, so I thought it is a good time to join the discussion, especially because I disagree with his statement about the bad sound quality.

Testing the Studio 3 was actually not a totally random decision, I had to send in my Sennheiser PXC 550 in for service to fix an issue with the Bluetooth connectivity. The service itself was as good as you would imagine – it took roughly five days after sending Sennheiser my headphones to have a brand new version of the PXC 550 delivered to me. I did not know how long this would take though and I really like the comfort of the W1 chip when switching between the four devices I use on a regular basis, so the Beats Studio 3 seemed like a good fit.

When it comes to headphones the use case should be the driving factor for your choice, not some random recommendation from someone on the Internet who uses them for something totally different. Currently I have three headphones:

While I enjoy listening to music I cannot really tell the difference between $300 and $3000 headphones. I can tell you if I like what I hear, if bass or heights are missing and I can compare the same track across headphones, but I surely do not have the highest or most refined standards.

The Beats Studio 3 caught my attention for a very simple fact: over ear, active noise cancellation and a W1 chip? That sounds like a combination of everything I love about the Sennheiser and the AirPods.

The unboxing experience, documentation and accessories are as you would expect when you are used to Apple products. The first thing you will notice when used to other headphones is that the Beats 3 are taking up a lot more space when folded than travel ready headphones from other brands.

Overall the headphones are not that comfortable to wear. They cover my ears, but I feel some pressure on the edges, they are simply not big enough. The PXC 550 are only slightly bigger, which is just enough to be comfortable. Another thing I noticed is that my ears are getting very warm wearing the Beats to the point where it feels uncomfortable and a bit sweaty. I usually wear headphones for 3-4 hours when in meetings and they became uncomfortable after 30-40 minutes, where I can get through a whole day with the PXC 550.

The build quality is also not what I would have expected from an Apple product. You hear a lot of squeaking noises when handling the headphones, surely not something you would associate with a premium product.

One of the most common critiques I hear is the lack of bass. The Beats are actually decently neutral headphones you can use to listen to music and talk to people without questions if the product was designed to suppress any frequency above 1kHz. Just because you expect far too much bass does not mean the latest version has to deliver on the mistakes made in the past. Overall I liked them for listening to music, this was actually a pleasant surprise.

For some reason the W1 chip does not seem to work the way it does in AirPods. Simply selecting the Beats from the audio selection screen did not always work. Sometimes they did not connect, sometimes they lost the connection and sometimes they simply did not show up. I never ran into those problems with the AirPods. It feels like this might have been a problem specifically with the ones I had, I cannot imagine Apple messing up their own chip that badly.

The active noise cancellation was actually fine. I could not hear my dog barking downstairs or my wife vacuuming the room next to my office when it was active. I can imagine it falling a bit behind on a plane since a vacuum right outside my office was still hearable.

So would I recommend getting the Beats Studio 3? It depends. If you can test them and they fit around your ears and you think they are comfortable to wear they are surely a decent choice. If you do not care for the W1 functionality I would get the PXC 550 or the Sony. Better ANC, in my opinion a better sounds quality and easier to transport.


Thoughts on Apples ‘It’s Show Time’ event

posted on Wednesday 27th of March 2019 in ,

I actually liked the concept of the event: Focus on new announcements instead of telling me again that you managed to put a new CPU in one or two of your systems which therefore are now 0.5% faster making them the fastest $x you ever built. It seems though like the idea of getting the unspectacular updates out of the way goes against the expectations of some people – years of conditioning did a great job there. While I heard “I had no idea they updated their lineup” a few times, I actually know two people who were waiting for the keynote with buying a new laptop since they wanted the most recent model.

Two of the announcements – Apple Card and News+ – actually made me go “Oh nice, but will it ever come to Germany? Maybe 2030…”. So, without further ado, my two cents on the event:

Apple Card sounds like a pretty nice thing looking at the German credit card market. Cash back? Fancy new concept. Low interest rate? Well, I don’t really care, I pay off my card at the end of the month, but okay, might come in handy some day. No data on the card? Nice! Finally being able to use my card in a US restaurant without thinking about all the things less honest people than my always nice and professional waiters and waitresses would do with this opportunity? Yes please. (And do not get me started on bars…)

I am not that excited about the UI to be honest. Other companies already solved this pretty well and I do not believe it is a differentiating factor.

But coming back to the “low interest rate” promise. Let us take a look at the marketing page. 13.24% to 24.24%.

I know Apple is in the market for premium, but maybe let us talk about the definition of “low”, because this is simply ridiculous. I can easily name three banks which are in the 6-7% range. No late fees? Sure, additional interest only accumulates towards your balance. I am sorry, but this is what I expect from the finance industry I left a decade ago. And guess what – this is exactly what it is.

Apple is not a bank, and as such they are patterning up with Goldman Sachs. A typical bank showing their standard TOS. I honestly expected more from Apple.

Apple News+ looks like something I would immediately subscribe to if I could. I like some of the magazines shown, I am sure my wife also finds one or two she would like to read and the price point is okay. I actually tried reading GQ on the iPad once. A horrible experience, and I simply assume Apple News+ would fix this.

I get why they are targeting US, Canada and later UK first. What I do not understand is why I cannot buy an Apple News+ subscription for the US region today. I do not particularly care about content tailored to Germany or Europe. Even when the service is available in Germany I am not sure if I would not prefer content from another region.

(One of the things people regularly suggest is switching the AppStore region to US. With family sharing and all the little inconveniences people had in the past I will surely not try to ruin my day that way.)

Apple TV Channels and TV Plus. Well, there was an announcement, I can tell that much. I do not particularly care about channels. I honestly do not think it will ever come to Germany anyway, we have a bit of a different concept over here how TVs work and I do not see US publishers licensing their content for other markets. And if it would I already have Netflix and a free Amazon Prime subscription – which is nice for Grand Tour and… well, that is it. (My wife thinks there’s more to Prime than just Grand Tour, so I guess there’s that.)

Plus on the other hand might become really interesting. Netflix is doing a very good job with their own productions and it seems like Apple has some potential talent there. Past reports suggest that Tim Cook is pushing for family friendly content, a demographic I am not really falling into even if I enjoy the occasional Pixar movie.

Apple Arcade will be interesting. I think it is no secret that I condemn micro transactions and all the “buy 1/7th of a game now and the rest via in app purchase”. I do not game a lot on my iOS devices or the AppleTV, partly because the input is horrible for the games I like – looking at you Final Fantasy 7. And there are games with very good critiques where I am not sure if I will enjoy them – hey Stardew Valley.

While the input will likely not change, especially considering what a dead end MFI controllers are, I might start exploring games a bit more if there would be a nice bundle offering like “Apple Entertainment package” that includes all services making it a matter of a dollar or two to get Arcade.

I heard a few times that people have a hard time with the concept that channels will come to other streaming devices which are a lot cheaper than an Apple TV. I think it makes a lot of sense. You do not buy an Apple TV because you want an Apple TV. You buy one because you have an iPhone, maybe an iPad, a MacBook or iMac and you want all your devices to work nicely together. Maybe you want a HomeKit central without leaving one of your iOS devices at home.

If you really only are only in the market for streaming content you might go for the lowest cost hardware anyway. But this means you would not be able to throw money at Apple TV Plus if they did not bring the app to other devices. And the more devices we see, the higher the potential revenue is, the more likely we will see some great content being produced – I am always okay with great content.

I actually hope that this also forces them to invest more in the integration between devices. With todays iOS update I can finally ask Siri to play a movie on my Apple TV. Remind me how long Alexa could do this already with a Firestick. Integration is one of the big selling points why you can ask people to spend three to four times as much on your streaming box compared to alternatives, but it actually has to be a clear differentiating factor.

Overall I liked the announcements, but I have the slight suspicion that it will be a long time before I can get my hands on Apple Card and News+.


Equipped to spy

posted on Wednesday 20th of February 2019 in ,

Some very eventful days, especially when you are in for some good, old privacy drama. First we had news about Singapore Airlines having cameras in their on board entertainment systems and now microphones in Nest smoke detectors. Thanks to the last few years the conclusion that companies are equipping their hardware to gather more information about you is not far fetched. Especially if one of them is basically designed around gathering as much information as possible about everyone.

Singapore Airlines was pretty quick to comment on this and state that the cameras are not in use, that there are no plans for them to be used and that they were simply part of what they bought.

Singapore Airlines replied that it was indeed a camera, embedded into the seat back by the original equipment manufacturers of the plane, but said the cameras had been disabled on its aircraft and “there are no plans to develop any features” using them.

https://www.cnet.com/news/airplane-seat-cameras-could-be-your-new-spy-in-the-sky/

And obviously Google was also pretty quick to explain that they never intended to keep this a secret from their customers.

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” the person said. “That was an error on our part.”

https://www.businessinsider.de/nest-microphone-was-never-supposed-to-be-a-secret-2019-2?r=US&IR=T

Now the company doing evil telling you they are actually not, so all is good, right? Okay, enough cynicism. Let us ignore the obvious conclusion that there was malicious intent.

Looking at both incidents leaves some room for doubt about the intention to spy on everyone. Now assume a “regular user”, someone who is exposed to IoT devices, maybe even uses them, but has no motivation to learn anything. How should a regular user know if there is a risk for their privacy?

Singapore Airlines bought something and it happened to have a camera. So they deactivated it, why would they need one on board of a plane anyway, right? They surely did not go out of their way ordering a custom made system without a camera at a way higher cost, disabling the existing one is easier.

And Nest could use the microphone to record shattering glass to detect a break in. But they never got to the part where they developed the feature, maybe because the acquisition came along. And not documenting unused hardware is not a big deal anyone would have an eye on, right?

I do not think we have to discuss the long term feasibility of deactivating hardware via software. There have been more than enough examples that show what garbage security features in network connected devices are.

If we trust both statements, both companies paid for components they did never intend to use. How feasible it would be to skip adding them depends on many factors – it could have been more economic to keep them in the design and assemble them.

The really important thing is that both companies are big enough to just change it if they would see the existence of the components as problematic. And they decided having a camera and a microphone in a place where they are not needed is not something to be concerned about.

In an age where companies are notoriously bad at securing their little toy devices they want to put everywhere and where most of them lost all trust from privacy concerned people this is simply a bad stance to take. On top of that some of those companies business model boils down to “gather as much information as you can and sell it to whoever pays for it”.

Not having regular users being able to tell anymore if a company is trying to setup yet another device next to your TV to spy on you or if an honest mistake was made is a real problem. And there seems to be no sufficient backlash to instil the mindset of thinking about privacy in companies – enterprises and startups alike – product teams. And if an honest mistake happened the paranoia is already there hitting the wrong company and people.

I am not saying those two incidents were mistakes. I am also not saying Singapore Airlines and Google were working on yet another way to spy on people. But what I can say for sure is that every single little incident which can have some potential impact on privacy will become a bigger deal in the future. There could be two potential, worrisome outcomes – regular users will get more concerned with every device, leading us to some diesel punk inspired future. Or worse, people start ignoring all of this, leading to the dystopian future some people predict.

The third option is finally starting to design privacy as a first class feature in every single product. No matter if hardware or software. If companies finally step up and take responsibility not only for what they individually did, but also how the larger industry messed up over the past years we might have a chance to recover some of the lost trust. But to get there and to instil this mindset of privacy first we need people pointing out every single small incident – and make it a big deal.


We all win

posted on Sunday 17th of February 2019 in

I know I am a bit late with this, but not watching the Super Bowl means I also miss all the commercials and have to wait for them to show up through another channel. The one that really caught my eye was the one from Microsoft. Having played a lot with people with disabilities during my active World of Warcraft time I got a little insight into the challenges some games and some input methods provide.

Especially with games and gaming becoming more and more relevant, for a lot of different reasons varying from person to person, I really appreciate Microsoft stepping up and trying to address some of those challenges.

With IT having some place and relevance to my life since the 90s I have seen Microsoft do a lot of things and the larger community reacting to it. There was a lot of shady things going on deserving all the critique and sneer Microsoft received for it. But looking at all the change since Satya took over time I have hope for Microsoft.

Surely not everything is great. There are still very questionable things going on in some parts of MS. I think I only have to say Candy Crush to trigger some people. But looking across all departments of the company you can see change. Positive change I hope they will try to make in all of their departments. And “we all win” surely is this kind of change where they do something directly addressing (potential) users trying to improve their life.


Unit testing command line applications in Swift

posted on Wednesday 13th of February 2019 in

A joke I hear since the release of Swift 2 is “Swift is production ready, except when it is not” and it feels like I ran into one of the parts where this might be true. I decided to write a small command line application last weekend and since I wanted to see how it feels like working with Swift outside of iOS I took the opportunity and fired up Xcode. Oh, if I would have only know what a wild ride and confusing internet search session I had ahead of me.

The most important reason for me to keep up with Swift outside of the iOS platform is the hope to use it for server side development one day. While it feels like Swift is getting more complex with each release and might suffer from feature creep one day, I still like using it and it feels like an elegant and powerful tool in the toolbox, most of the time.

Starting the application is pretty straight forward. Open Xcode, select command line applications and press “Run”. Easy enough. The first thing that might catch your eye is the fact that no test target was created. But this requires only a few clicks, so that is quick to fix, even if it is a bit inconvenient. As usual when setting up tests I imported the project and asserted a random structs static value. Just a sanity check to make sure everything is wired up properly.

Undefined symbols for architecture x86_64:
  "Token.eof.unsafeMutableAddressor : Swift.String", referenced from:
      implicit closure #1 : @autoclosure () throws -> Swift.Bool in XRI.XRITests.random() -> () in TokenTests.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

So, um,… okay? I have to admit I have not seen this one before. Or I can at least not remember it. There are various solutions you get when searching for this error thrown by the linker, but most of them are not as helpful as you would hope.

I spare you the journey of discovering what the actual error is, to make it short: You cannot test a Swift target compiling to an executable. Technically getting rid of main.swift does the trick, but this might be a bit inconvenient for programs that are, well, build to be executed.

The workaround I am currently using is creating an ordinary library and adding two targets, one for testing and one for running the code. You can take the easy way out and simply add all source files to your target to run the code or you create a proper library like someone who actually cares about abstraction and design.

I clearly have some catching up to do with macOS development, I think the last time I worked on a serious project on this platform was around the transition to OSX. I really hope my solution is not the correct one, even if you find it in various places when searching the web, but simply me not being up to date on how to properly start a project like this. Otherwise I would really have to question the Swift advocates who praise Swift for server side or tooling development, because this is clearly not the way to go.