Web Excursions 2021-07-21

How to install the beta firmware on AirPods Pro; How to learn technical things quickly; and how to detect whether your device is spied with Pegasus.


AirPods Pro Beta Firmware Now Available

  • AirPods Pro‌ firmware beta one features FaceTime Spatial Audio and Ambient Noise Reduction.

  • Apple made the announcement that beta firmware for ‌AirPods Pro‌ would be available to developers earlier this year

    • but it did not originally give a timeframe for its release.

  • Installing the beta firmware is more laborious than most other Apple Developer betas.

    • It requires an ‌AirPods Pro‌ configuration profile to be installed on an ‌iPhone‌, ‌

    • AirPods Pro‌ to be connected to the ‌iPhone‌,

    • the ‌iPhone‌ to be connected to a Mac running the Xcode 13 beta,

    • ‌iPhone‌ Prerelease Beta Firmware settings to be turned on, ‌

    • AirPods Pro‌ automatic beta software updates to be turned on, and then

    • an on-screen process to be followed.

  • once installed, there is no way to roll back to a non-beta version of the ‌AirPods Pro‌ firmware. The only option is to turn off further updates and wait for a non-beta release.


How To Learn Stuff Quickly

  • Two categories of learning:

    • Guided: Reading a tutorial, taking a course, watching a YouTube video. Anything where you're following a guide.

    • Unguided: Creating your own projects from scratch, extending a tutorial, looking things up in the docs. Anything where you aren't following a guide.

  • We want to walk the tightrope between these two extremes, using guided and unguided learning together.

    • If you only follow guided resources, you'll wind up in tutorial hell.

      • You won't develop the problem-solving skills needed to succeed as a developer.

      • When you try to build your own project, you won't know where to start.

      • It will feel like you've spent so much time practicing without developing any tangible, practical skills.

    • If you focus entirely on unguided learning, it'll take forever.

  • Making intentional mistakes

    • With software development, though, mistakes are free

    • Instead of copy/pasting the provided code verbatim, try experimenting with it:

      • what happens if you omit one of the lines?

      • Or if you change some of the values?

    • I try and act like a scientist.

      • If I have a hypothesis about how this code is supposed to work, I test that hypothesis by changing the code, and seeing if it breaks in the way I expect.

      • When I discover that my hypothesis is flawed, I might detour from the tutorial and do some research on Google.

        • Or I might add it to a list of "things to explore later", if the rabbit hole seems to go too deep.

  • The tutorial fade

    • Follow a tutorial verbatim, going through it step by step.

    • When you've finished, reset the code to the initial state, and minimize the tutorial.

      • See how far you can get without looking at the tutorial.

      • When you get stuck, pull the tutorial back up, but minimize it again once you've unblocked yourself.

    • Repeat this process until you can complete the tutorial start-to-finish without looking at the instructions.

  • Extending tutorials

    • This strategy is nice because you avoid the stress of a blank canvas. You already have a fully-functional, well-understood project. You're adding bricks to a solid foundation.

  • Building related projects: Before hopping onto another tutorial, it might be a good idea to try building a similar project from scratch.

  • Finding the right balance

    • When I'm at the very beginning of a learning journey, I tend to focus primarily on guided learning.

    • As I become more comfortable, though, the balance shifts.

  • Mindset cultivation: If you want to learn new skills quickly, it's critically important that you cultivate the right mindset.

  • Goals and motivation: it's important that you have a goal in mind, something you're truly excited about. Otherwise, it'll be hard to sustain the motivation required after the initial novelty wears off.

  • Remembering things: spaced repetition.

  • Building a daily habit

  • Learning in public: by publishing what we learn, we help our future selves. When we discover something new, we should create an artifact that documents it

  • A network of skills

    • E.g.: 3D illustration isn't a single skill; it's a collection of dozens of individual skills.

      • Some of them are part of a constellation the author have experience with.

      • Years ago the author learned about composition, how to arrange elements within the viewport for compelling shots.


This tool tells you if NSO’s Pegasus spyware targeted your phone – TechCrunch

  • Amnesty’s researchers showed their work by publishing meticulously detailed technical notes

    • and a toolkit that they said may help others identify if their phones have been targeted by Pegasus.

  • The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently.

    • Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones.

  • MVT will let you

    • take an entire iPhone backup (or a full system dump if you jailbreak your phone) and

    • feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus,

      • such as domain names used in NSO’s infrastructure that might be sent by text message or email.

    • If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.
      [Note: The statement is somewhat misleading becuase it seems to suggest that MVT can scan an encrypted backup without a password. That’s not true. You still need to provide the password to decrypt. See MVT’s documentation]

  • the toolkit scans your iPhone backup file for any evidence of compromise.

    • The process took about a minute or two to run and spit out several files in a folder with the results of the scan.

    • If the toolkit finds a possible compromise, it will say so in the outputted files.