Apple Watch Unlock, 802.11ac, and Time

applewatchface

One of the benefits of upgrading to MacOS 10.12 Sierra is the ability to unlock my Mac laptop with my Apple Watch. Yet I’m not able to do that. Why? Turns out, the answer involves some pretty cool tech.

Somebody’s Watching You

The tech specs list the 2013 MacBook and higher as the minimum model needed to enable Watch Unlock on your Mac. You also need a few other things, like Bluetooth enabled and a Watch running WatchOS 3. I checked my personal MacBook against the original specs and found everything in order. I installed Sierra and updated all my other devices and even enabled iCloud Two-Factor Authentication to be sure. Yet, when I checked the Security and Privacy section, I didn’t see the checkbox for the Watch Unlock to be enabled. What gives?

It turns out that Apple quietly modified the minimum specs during the Sierra beta period. Instead of early 2013 MacBooks being support, the shift moved support to mid-2013 MacBooks instead. I checked the spec sheets and mine is almost identical. The RAM, drive, and other features are the same. Why does Watch Unlock work on those Macs and not mine? The answer, it appears, is wireless.

Now AC The Light

The mid-2013 MacBook introduced Apple’s first 802.11ac wireless chipset. That was the major reason to upgrade over the earlier models. The Airport Extreme also supported 11ac starting in mid-2013 to increase speeds to more than 500Mbps transfer rates, or Wave 1 speeds.

While the majority of the communication that the Apple Watch uses with your phone and your MacBook is via Bluetooth, it’s not the only way it communicates. The Apple Watch has a built-in wireless radio as well. It’s a 2.4GHz b/g/n radio. Normally, the 11ac card on the MacBook can’t talk to the Watch directly because of the frequency mismatch. But the 11ac card in the 2013 MacBook enables a different protocol that is the basis for the unlocking feature.

802.11v has been used for a while as a fast roaming feature for mobile devices. Support for it has been spotty before wider adoption of 802.11ac Wave 1 access points. 802.11v allows client devices to exchange information about network topology. 11v also allows for clients to measure network latency information by timing the arrival of packets. That means that a client can ping an access point or another client and get a precise timestamp of the arrival of that packet. This can be used for a variety of things, most commonly location services.

Time Is On Your Side

The 802.11v timestamp has been proposed to be used as a “time of flight” calculation all the back since 2008. Apple has decided to use Time of Flight as a security mechanism for the Watch Unlock feature. Rather than just assume that the Watch is in range because it’s communicating over Bluetooth, Apple wanted to increase the security of the Watch/Mac connection. When the Mac detects that the Watch is within 3 meters of the Mac it is connected to via Handoff it is in the right range to trigger an unlock. This is where the 11ac card works magic.

When the Watch sends a Bluetooth signal to trigger the unlock, the Mac sends an additional 802.11v request to the watch via wireless. This request is then timed for arrival. Since the Mac knows the watch has to be within 3 meters, the timestamp on the packet has a very tight tolerance for delay. If the delay is within the acceptable parameters, the Watch unlock request is approved and your Mac is unlocked. If there is more than the acceptable deviation, such as when used via a Bluetooth repeater or some other kind of nefarious mechanism, the unlock request will fail because the system realizes the Watch is outside the “safe” zone for unlocking the Mac.

Why does the Mac require an 802.11ac card for 802.11v support? The simple answer is because the Broadcom BCM43xx card in the early 2013 MacBooks and before doesn’t support the 802.11v time stamp field (page 5). Without support for the timestamp field, the 802.11v Time of Flight packet won’t work. The newer Broadcom 802.11ac compliant BCM43xx card in the mid-2013 MacBooks does support the time stamp field, thus allowing the security measure to work.


Tom’s Take

All cool tech needs a minimum supported level. No one could have guess 3-4 years ago that Apple would need support for 802.11v time stamp fields in their laptop Airport cards. So when they finally implemented it in mid-2013 with the 802.11ac refresh, they created a boundary for support for a feature on a device that was in the early development stages. Am I disappointed that my Mac doesn’t support watch unlock? Yes. But I also understand why now that I’ve done the research. Unforeseen consequences of adoption decisions really can reach far into the future. But the technology that Apple is building into their security platform is cool no matter whether it’s support on my devices or not.

Advertisements

Why Won’t AirPlay Work On My Macbook?

One of the major reasons why I decided to upgrade to OS X 10.8 Mountain Lion was for AirPlay mirroring.  AirPlay has been a nice function to have for people with an AirPlay receiver (basically an AppleTV) and an AirPlay source, like an iDevice.  I know of many people that like to watch a movie from iTunes on their iPad to start, then switch over to the big TV in the living room via AirPlay to the AppleTV.  That’s all well and good for those that want to stream movies or music.  However, my streaming needs are a little more advanced.  I’d rather be able to mirror my desktop to the AirPlay receiver instead, for things like presentations or demonstrations.  That functionality has only be available with software applications like AirParrot up until the release of Mountain Lion, which now has support for AirPlay mirroring on Macs.  Once the GM release of Mountain Lion came out, people started noticing that AirPlay was only supported on relatively new Apple hardware.  Even in cases where the CPU was almost identical to a later hardware release.  It seems a bit mind-boggling that Apple has a very limited specification list for AirPlay Mirroring.  The official site doesn’t even list it, as a matter of fact.  Essentially, any Mac made in 2011 or newer should be capable of supporting AirPlay.  So why did the 2010 Macs get left out?  They’re almost as good as their one-year-newer cousins.

The real answer comes down to the chipset.  Apple started shipping Macs with Intel’s Sandy Bridge chipset in 2011.  This enabled all kinds of interesting things, like Thunderbolt for instance.  There was one little feature down at the bottom of the list of Sandy Bridge spec sheets that didn’t mean much at the time – Intel QuickSync.  QuickSync is an application-specific integrated circuit (ASIC) that has been placed in the Sandy Bridge line of processors to allow high-speed video encoding and decoding.  This allows the Sandy Bridge i-series processors to offload video encoding to the ASIC to reduce the amount of CPU power consumed by performing video tasks.  Rather than tying up the CPU or the GPU of a machine, Sandy Bridge can use this ASIC to do very high speed encoding.  Why would this be a boon?  Well, for most people the idea was that QuickSync could reduce the amount of time that it took to do video production work on mid-range machines.  The problem was that QuickSync turned out lower quality video in favor of optimization for speed?  Where would you find an application that prioritized speed over quality?  If you guessed video streaming, you’d be spot on.  QuickSync supports high-speed encoding of H.264 video streams, which is the preferred format for Apple.  Mountain Lion can now access the QuickSync ASIC to mirror your desktop over to an AppleTV with almost no video lag.  The quality may not be the same as a Pixar rendering farm, but for 1080p video on a TV it’s close enough.

Any Mac made before the introduction of Sandy Bridge isn’t capable of running AirPlay mirroring, at least according to Apple.  Since they are missing the QuickSync ASIC, they aren’t capable of video encoding at the rate that Apple wants to in order to preserve the AirPlay experience.  While on the surface it looks like the same i-series processors are present in 2010 and 2011 machines, the older Macs are using the Clarksdale chipset, which does have a high-speed video decoder, but not an encoder.  Since the Mac is doing all the heavy lifting for the AppleTV in an AirPlay mirroring setup, having the onboard encoding ASIC is critical.  This isn’t the first time that Apple has locked out use of AirPlay.  If you want to AirPlay mirror from your favorite iDevice, you have to ensure that you’re running an iPhone 4S or an iPad 2 or iPad 3.  What’s different about them?  They’re all running the A5 dual-core chip.  Supposedly, the A5 helps with video-intensive tasks.  That says to me that Apple is big on using hardware to help accelerate video mirroring.  That’s not to say that you can’t do AirPlay mirroring with a pre-2011 Mac.  You’re just going to have to rely on a third party program to do it, like the aforementioned AirParrot.  Take note, though, that AirParrot is going to use your CPU to do all the encoding work for AirPlay.  While that isn’t going to be a big issue for simple presentations or showing your desktop, you should take care if you’re going to do any kind of processor-intensive activity, like firing up a bunch of virtual machines or compiling code.

Tom’s Take

Yes, it’s very irritating that Apple drew the line for AirPlay mirroring support at Sandy Bridge.  As it is with all technology refreshes, being on the opposite side of that line sucks big time.  You’ve got a machine that’s more than capable, yet some design guy said that you can’t hack it any more.  Sadly, these are the kinds of decisions that aren’t made lightly by vendors.  Rather than risk offering incomplete support of producing the kind of dodgy results that make for bad Youtube comparison videos, Apple took a hard line and leaned heavily on QuickSync for AirPlay mirroring support.  In another year it won’t matter much as people will have either upgraded their machines to support it if it’s a crucial need for them, or they’ll let it lie fallow and unused like FaceTime.  If you find yourself asking whether or not your machine can support AirPlay mirroring, just look for a Thunderbolt port.  If you’ve got one, you’re good to go.  Otherwise, you should look into a software solution.  There are lots of good ones out there that will help you out.  Based on Apple’s track record with the iDevices, I wouldn’t hold out hope that they’re going to enable AirPlay mirroring on pre-2011 Macs any time soon.  So, if AirPlay mirroring is something important to you, you’re either going to need to spring for a new Mac or get to work installing some software.

OS X 10.8 Mountain Lion – Review

Today appears to be the day that the world at large gets their hands on OS X 10.8, otherwise known as Mountain Lion. The latest major update in the OS X cat family, Mountain Lion isn’t so much a revolutionary upgrade (like moving from Snow Leopard to Lion) as opposed to an evolutionary one (like moving from Leopard to Snow Leopard). I’ve had a chance to use Mountain Lion since early July when the golden master (GM) build was released to the developer community. What follows are my impressions about the OS from a relatively new Mac user.

When you start your Mountain Lion machine for the first time, you won’t notice a lot that’s different from Lion. That’s one of the nicer things about OS X. I don’t have to worry that Apple is going to come out with some strange AOL-esque GUI update just around the corner. Instead, the same principles that I learned in Lion continue here as well. In lieu of a total window manager overhaul, a heavy coat of polish has been applied everywhere. Most of the features that are listed on the Mountain Lion website are included and likely not to be used by me that much. Instead, there are a few little quality of life (QoL) things that I’ve noticed. Firstly, Lion originally came with the dock indicator for open programs disabled. Instead of a little light telling you that Safari and Mail were open, you saw nothing. This spoke more to the capability introduced that reopened the windows that were open when you closed the program. Apple would rather you think less about a program being open or closed and instead on what programs you wanted to use to accomplish things. In Mountain Lion, the little light that indicates an open program has shrunk to a small lighted notch on the very bottom of the dock below an open program. It’s now rather difficult to determine which programs are open with a quick glance. Being one of those people that is meticulous about which programs I have open at any one time, this is a bit of step in the wrong direction. I don’t mind that Apple has changed the default indicator. Just give me an option to put the old one back.

My Mountain Lion Dock with the new open program indicators

Safari

Safari also got an overhaul. One of the things I like the most about Chrome is the Omnibox. The ability to type my searches directly into the address bar saves me a step, and since my job sometimes feels like the Chief Google Search Engineer, saving an extra step can be a big help. Another feature is the iCloud button. iCloud can now sync open tabs on your iPhone/iPad/iPod/Mountain Lion system. This could be handy for someone that opens a website on their mobile device but would like to look at it on a full-sized screen when they get to the office. Not a groundbreaking feature, but a very nice one to have. The Reading List feature is still there as well from the last update, but being a huge fan of Instapaper, I haven’t really tested it yet.

Dictation

Another new feature is dictation. Mountain lion has included a Siri like dictation feature in the operating system that allows you to say what you want rather than typing it out. Make no mistake though. This isn’t Siri. This is more like the dictation feature from the new iPad. Right now, it won’t do much more than regurgitate what you say. I’m not sure how much I’ll use this feature going forward, as I prefer to write with the keyboard as opposed to thinking out loud. Using the dictation feature does make it much more accurate, as the system learns your accent and idiosyncrasies to become much more adapt over time. If you’d like to get a feel for how well the dictation feature works, (the paragraph)

You’ve been reading was done completely by the dictation feature. I’ve left any spelling and grammar mistakes intact to give you a realistic picture. Seriously though, the word paragraph seems to make the dictation feature make a new paragraph.

Gatekeeper

I did have my first run-in with Gatekeeper about a week after I upgraded, but not for the reasons that I thought I would.  Apple’s new program security mechanism is designed to prevent drive-by downloads and program installations like the ones that embarrassed Apple as of late.  Gatekeeper can be set to allow only signed applications from the App Store to be installed or run on the system.  This gives Apple the ability to not only protect the non-IT savvy populace at large from malicious programs, but also gives Apple the ability to program a remote kill switch in the event that something nasty slips past the reviewers and starts wreaking havoc.  Yes, there have been more nefarious and sinister prognostications that Apple will begin to limit apps to only being able to be installed through the App Store or that Apple might flip the kill switch on software they deem “unworthy”, but I’m not going to talk about that here.  Instead, I wanted to point out the issue that I had with Gatekeeper.  I use a networking monitoring system called N-Able at work that gives me the ability to remote into systems on my customer’s networks.  N-Able uses a Java client to establish this remote connection, whether it be telnet, SSH, or RDP.  However, after my upgrade to Mountain Lion, my first attempt to log into a remote machine was met with a Java failure.  I couldn’t bypass the security warning and launch the app from a web browser to bring up my RDP client.  I checked all the Java security settings that got mucked with after the Flashback fiasco, but they all looked clean.  After a Google Glance, I found the culprit was Gatekeeper.  The default permission model allows Mac App Store apps to run as well as those from registered developers.  However, the server that I have running N-Able uses a self-signed certificate.  That evidently violates the Gatekeeper rules for program execution.  I changed Gatekeeper’s permission model to allow all apps to run, regardless of where the app was downloaded from.  This was probably something that would have needed to be done anyway at some point, but the lack of specific error messages pointing me toward Gatekeeper worried me.  I can foresee a lot of support calls in the future from unsuspecting users not understanding that their real problem isn’t with the program they are trying to open, but with the underlying security subsystem of their Mac instead.

Twitter Integration

Mountain Lion has also followed the same path as it’s mobile counterpart and allowed Twitter integration into the OS itself. This, to me, is a mixed bag. I’m a huge fan of Twitter clients on the desktop. Since Tapbots released the Tweetbot Alpha the same day that I upgraded to Mountain Lion, I’ve been using it as my primary communication method with Twitter. The OS still pops up an update when I have a new Twitter notification or DM, so I see that window before I check my client. The sharing ability in the OS to tweet links and pictures is a nice time saver, but it merely saves me a step of copying and pasting. I doubt I’m any more likely to share things with the new shortcuts as I was before. The forthcoming Facebook integration may be more to my liking. Not because I use Facebook more than I use Twitter. Instead, by having access to Facebook without having to open their website in a browser, I might be more motivated to update every once in a while.

AirPlay

I had a limited opportunity to play with AirPlay in Mountain Lion.  AirPlay, for those not familiar, is the ability to wirelessly stream video or audio from some device to receiver.  As of right now, the only out-of-the box receiver is the Apple TV.  The iPad 2 and 3 as well as the iPhone 4S have the capability to stream audio and video to this device.  Older Macs and mobile devices can only stream audio files, ala iTunes.  In Mountain Lion, however, any newer Mac running an i-Series processor can mirror their screen to an Apple TV (or other AirPlay receiver, provided you have the right software installed).  I tested it, and everything worked flawlessly.  Mountain Lion uses Bonjour to detect that a suitable AirPlay receiver is on the network, and the AirPlay icon appears in the notification area to let you know you can mirror your desktop over there.  The software takes care of sizing your desktop to an HD-friendly resolution and away you go.  There was a bit of video lag on the receiver, but not on the Mountain Lion system itself, so you could probably play games if you wanted, provided your weren’t relying on the AirPlay receiver as your primary screen.  For regular things, like presentations, everything went smooth.  The only part of this system that I didn’t care much for is the mirroring setup.  While I understand the idea behind AirPlay is to allow things like movies to be streamed over to an Apple TV, I would have liked the ability to attach an Apple TV as a second monitor input.  That would let me do all kinds of interesting things.  First and foremost, I could use the multi-screen features in Powerpoint and Keynote as they were intended to be used.  Or I could use AirPlay with a second HDMI-capable monitor to finally have a dual monitor setup for my MacBook Air.  But, as a first generation desktop product, AirPlay on Mountain Lion does some good things.  While I had to borrow the Apple TV that I used to test this feature, I’m likely to go pick one up just to throw in my bag for things like presentations.


Tom’s Take

Is Mountain Lion worth the $20 upgrade price? I would say “yes” with some reservations. Having a newer kernel and device drivers is never a bad thing. Software will soon require Mountain Lion to function, as in the case of the OS X version of Tweetbot when it’s finally released. The feature set is tempting for those that spend time sharing on Twitter or want to use iCloud to sync things back and forth. Notification Center is a plus for those that don’t want popup windows cluttering everything. If you are a heavy user of presentation software and own an AppleTV, the Airplay mirroring may be the tipping point for you. Overall, compared to those that paid much more for more minor upgrades, or paid for upgrades that broke their system beyond belief (I’m looking at you, Windows ME), upgrading to Mountain Lion is painless and offers some distinct advantages. For the price of a nice steak, you can keep the same performance you’ve had with your system running Lion and get some new features to boot. Maybe this old cougar can keep running a little while longer.