I'm J. I like creativity, I like sushi, and i like you!
45 stories
·
0 followers

How a Docker footgun led to a vandal deleting NewsBlur’s MongoDB database

6 Comments and 13 Shares

tl;dr: A vandal deleted NewsBlur’s MongoDB database during a migration. No data was stolen or lost.

I’m in the process of moving everything on NewsBlur over to Docker containers in prep for a big redesign launching next week. It’s been a great year of maintenance and I’ve enjoyed the fruits of Ansible + Docker for NewsBlur’s 5 database servers (PostgreSQL, MongoDB, Redis, Elasticsearch, and soon ML models). The day was wrapping up and I settled into a new book on how to tame the machines once they’re smarter than us when I received a strange NewsBlur error on my phone.

"query killed during yield: renamed collection 'newsblur.feed_icons' to 'newsblur.system.drop.1624498448i220t-1.feed_icons'"

There is honestly no set of words in that error message that I ever want to see again. What is drop doing in that error message? Better go find out.

Logging into the MongoDB machine to check out what state the DB is in and I come across the following…

nbset:PRIMARY> show dbs
READ__ME_TO_RECOVER_YOUR_DATA   0.000GB
newsblur                        0.718GB

nbset:PRIMARY> use READ__ME_TO_RECOVER_YOUR_DATA
switched to db READ__ME_TO_RECOVER_YOUR_DATA
    
nbset:PRIMARY> db.README.find()
{ 
    "_id" : ObjectId("60d3e112ac48d82047aab95d"), 
    "content" : "All your data is a backed up. You must pay 0.03 BTC to XXXXXXFTHISGUYXXXXXXX 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com or https://buy.moonpay.io/ After paying write to me in the mail with your DB IP: FTHISGUY@recoverme.one and you will receive a link to download your database dump." 
}

Two thoughts immediately occured:

  1. Thank goodness I have some recently checked backups on hand
  2. No way they have that data without me noticing

Three and a half hours before this happened, I switched the MongoDB cluster over to the new servers. When I did that, I shut down the original primary in order to delete it in a few days when all was well. And thank goodness I did that as it came in handy a few hours later. Knowing this, I realized that the hacker could not have taken all that data in so little time.

With that in mind, I’d like to answer a few questions about what happened here.

  1. Was any data leaked during the hack? How do you know?
  2. How did NewsBlur’s MongoDB server get hacked?
  3. What will happen to ensure this doesn’t happen again?

Let’s start by talking about the most important question of all which is what happened to your data.

1. Was any data leaked during the hack? How do you know?

I can definitively write that no data was leaked during the hack. I know this because of two different sets of logs showing that the automated attacker only issued deletion commands and did not transfer any data off of the MongoDB server.

Below is a snapshot of the bandwidth of the db-mongo1 machine over 24 hours:

You can imagine the stress I experienced in the forty minutes between 9:35p, when the hack began, and 10:15p, when the fresh backup snapshot was identified and put into gear. Let’s breakdown each moment:

  1. 6:10p: The new db-mongo1 server was put into rotation as the MongoDB primary server. This machine was the first of the new, soon-to-be private cloud.
  2. 9:35p: Three hours later an automated hacking attempt opened a connection to the db-mongo1 server and immediately dropped the database. Downtime ensued.
  3. 10:15p: Before the former primary server could be placed into rotation, a snapshot of the server was made to ensure the backup would not delete itself upon reconnection. This cost a few hours of downtime, but saved nearly 18 hours of a day’s data by not forcing me to go into the daily backup archive.
  4. 3:00a: Snapshot completes, replication from original primary server to new db-mongo1 begins. What you see in the next hour and a half is what the transfer of the DB looks like in terms of bandwidth.
  5. 4:30a: Replication, which is inbound from the old primary server, completes, and now replication begins outbound on the new secondaries. NewsBlur is now back up.

The most important bit of information the above chart shows us is what a full database transfer looks like in terms of bandwidth. From 6p to 9:30p, the amount of data was the expected amount from a working primary server with multiple secondaries syncing to it. At 3a, you’ll see an enormous amount of data transfered.

This tells us that the hacker was an automated digital vandal rather than a concerted hacking attempt. And if we were to pay the ransom, it wouldn’t do anything because the vandals don’t have the data and have nothing to release.

We can also reason that the vandal was not able to access any files that were on the server outside of MongoDB due to using a recent version of MongoDB in a Docker container. Unless the attacker had access to a 0-day to both MongoDB and Docker, it is highly unlikely they were able to break out of the MongoDB server connection.

While the server was being snapshot, I used that time to figure out how the hacker got in.

2. How did NewsBlur’s MongoDB server get hacked?

Turns out the ufw firewall I enabled and diligently kept on a strict allowlist with only my internal servers didn’t work on a new server because of Docker. When I containerized MongoDB, Docker helpfully inserted an allow rule into iptables, opening up MongoDB to the world. So while my firewall was “active”, doing a sudo iptables -L | grep 27017 showed that MongoDB was open the world. This has been a Docker footgun since 2014.

To be honest, I’m a bit surprised it took over 3 hours from when I flipped the switch to when a hacker/vandal dropped NewsBlur’s MongoDB collections and pretended to ransom about 250GB of data. This is the work of an automated hack and one that I was prepared for. NewsBlur was back online a few hours later once the backups were restored and the Docker-made hole was patched.

It would make for a much more dramatic read if I was hit through a vulnerability in Docker instead of a footgun. By having Docker silently override the firewall, Docker has made it easier for developers who want to open up ports on their containers at the expense of security. Better would be for Docker to issue a warning when it detects that the most popular firewall on Linux is active and filtering traffic to a port that Docker is about to open.

The second reason we know that no data was taken comes from looking through the MongoDB access logs. With these rich and verbose logging sources we can invoke a pretty neat command to find everybody who is not one of the 100 known NewsBlur machines that has accessed MongoDB.


$ cat /var/log/mongodb/mongod.log | egrep -v "159.65.XX.XX|161.89.XX.XX|<< SNIP: A hundred more servers >>"

2021-06-24T01:33:45.531+0000 I NETWORK  [listener] connection accepted from 171.25.193.78:26003 #63455699 (1189 connections now open)
2021-06-24T01:33:45.635+0000 I NETWORK  [conn63455699] received client metadata from 171.25.193.78:26003 conn63455699: { driver: { name: "PyMongo", version: "3.11.4" }, os: { type: "Linux", name: "Linux", architecture: "x86_64", version: "5.4.0-74-generic" }, platform: "CPython 3.8.5.final.0" }
2021-06-24T01:33:46.010+0000 I NETWORK  [listener] connection accepted from 171.25.193.78:26557 #63455724 (1189 connections now open)
2021-06-24T01:33:46.092+0000 I NETWORK  [conn63455724] received client metadata from 171.25.193.78:26557 conn63455724: { driver: { name: "PyMongo", version: "3.11.4" }, os: { type: "Linux", name: "Linux", architecture: "x86_64", version: "5.4.0-74-generic" }, platform: "CPython 3.8.5.final.0" }
2021-06-24T01:33:46.500+0000 I NETWORK  [conn63455724] end connection 171.25.193.78:26557 (1198 connections now open)
2021-06-24T01:33:46.533+0000 I NETWORK  [conn63455699] end connection 171.25.193.78:26003 (1200 connections now open)
2021-06-24T01:34:06.533+0000 I NETWORK  [listener] connection accepted from 185.220.101.6:10056 #63456621 (1266 connections now open)
2021-06-24T01:34:06.627+0000 I NETWORK  [conn63456621] received client metadata from 185.220.101.6:10056 conn63456621: { driver: { name: "PyMongo", version: "3.11.4" }, os: { type: "Linux", name: "Linux", architecture: "x86_64", version: "5.4.0-74-generic" }, platform: "CPython 3.8.5.final.0" }
2021-06-24T01:34:06.890+0000 I NETWORK  [listener] connection accepted from 185.220.101.6:21642 #63456637 (1264 connections now open)
2021-06-24T01:34:06.962+0000 I NETWORK  [conn63456637] received client metadata from 185.220.101.6:21642 conn63456637: { driver: { name: "PyMongo", version: "3.11.4" }, os: { type: "Linux", name: "Linux", architecture: "x86_64", version: "5.4.0-74-generic" }, platform: "CPython 3.8.5.final.0" }
2021-06-24T01:34:08.018+0000 I COMMAND  [conn63456637] dropDatabase config - starting
2021-06-24T01:34:08.018+0000 I COMMAND  [conn63456637] dropDatabase config - dropping 1 collections
2021-06-24T01:34:08.018+0000 I COMMAND  [conn63456637] dropDatabase config - dropping collection: config.transactions
2021-06-24T01:34:08.020+0000 I STORAGE  [conn63456637] dropCollection: config.transactions (no UUID) - renaming to drop-pending collection: config.system.drop.1624498448i1t-1.transactions with drop optime { ts: Timestamp(1624498448, 1), t: -1 }
2021-06-24T01:34:08.029+0000 I REPL     [replication-14545] Completing collection drop for config.system.drop.1624498448i1t-1.transactions with drop optime { ts: Timestamp(1624498448, 1), t: -1 } (notification optime: { ts: Timestamp(1624498448, 1), t: -1 })
2021-06-24T01:34:08.030+0000 I STORAGE  [replication-14545] Finishing collection drop for config.system.drop.1624498448i1t-1.transactions (no UUID).
2021-06-24T01:34:08.030+0000 I COMMAND  [conn63456637] dropDatabase config - successfully dropped 1 collections (most recent drop optime: { ts: Timestamp(1624498448, 1), t: -1 }) after 7ms. dropping database
2021-06-24T01:34:08.032+0000 I REPL     [replication-14546] Completing collection drop for config.system.drop.1624498448i1t-1.transactions with drop optime { ts: Timestamp(1624498448, 1), t: -1 } (notification optime: { ts: Timestamp(1624498448, 5), t: -1 })
2021-06-24T01:34:08.041+0000 I COMMAND  [conn63456637] dropDatabase config - finished
2021-06-24T01:34:08.398+0000 I COMMAND  [conn63456637] dropDatabase newsblur - starting
2021-06-24T01:34:08.398+0000 I COMMAND  [conn63456637] dropDatabase newsblur - dropping 37 collections

<< SNIP: It goes on for a while... >>

2021-06-24T01:35:18.840+0000 I COMMAND  [conn63456637] dropDatabase newsblur - finished

The above is a lot, but the important bit of information to take from it is that by using a subtractive filter, capturing everything that doesn’t match a known IP, I was able to find the two connections that were made a few seconds apart. Both connections from these unknown IPs occured only moments before the database-wide deletion. By following the connection ID, it became easy to see the hacker come into the server only to delete it seconds later.

Interestingly, when I visited the IP address of the two connections above, I found a Tor exit router:

This means that it is virtually impossible to track down who is responsible due to the anonymity-preserving quality of Tor exit routers. Tor exit nodes have poor reputations due to the havoc they wreak. Site owners are split on whether to block Tor entirely, but some see the value of allowing anonymous traffic to hit their servers. In NewsBlur’s case, because NewsBlur is a home of free speech, allowing users in countries with censored news outlets to bypass restrictions and get access to the world at large, the continuing risk of supporting anonymous Internet traffic is worth the cost.

3. What will happen to ensure this doesn’t happen again?

Of course, being in support of free speech and providing enhanced ways to access speech comes at a cost. So for NewsBlur to continue serving traffic to all of its worldwide readers, several changes have to be made.

The first change is the one that, ironically, we were in the process of moving to. A VPC, a virtual private cloud, keeps critical servers only accessible from others servers in a private network. But in moving to a private network, I need to migrate all of the data off of the publicly accessible machines. And this was the first step in that process.

The second change is to use database user authentication on all of the databases. We had been relying on the firewall to provide protection against threats, but when the firewall silently failed, we were left exposed. Now who’s to say that this would have been caught if the firewall failed but authentication was in place. I suspect the password needs to be long enough to not be brute-forced, because eventually, knowing that an open but password protected DB is there, it could very possibly end up on a list.

Lastly, a change needs to be made as to which database users have permission to drop the database. Most database users only need read and write privileges. The ideal would be a localhost-only user being allowed to perform potentially destructive actions. If a rogue database user starts deleting stories, it would get noticed a whole lot faster than a database being dropped all at once.

But each of these is only one piece of a defense strategy. As this well-attended Hacker News thread from the day of the hack made clear, a proper defense strategy can never rely on only one well-setup layer. And for NewsBlur that layer was a allowlist-only firewall that worked perfectly up until it didn’t.

As usual the real heros are backups. Regular, well-tested backups are a necessary component to any web service. And with that, I’ll prepare to launch the big NewsBlur redesign later this week.

Read the whole story
jqlive
35 days ago
reply
Thanks for the write up, it was interesting to read and very transparent of you. It would be an interesting read to know how you'll be applying ML Models to Newsblur.
CN/MX
samuel
35 days ago
reply
What a week. In other news, new blog design launched!
Cambridge, Massachusetts
deezil
34 days ago
Thanks for being above-board with all this! The HackerNews comment section was a little brutal towards you about some things, but I like that you've been transparent about everything.
samuel
34 days ago
HN only knows how to be brutal, which I always appreciate.
acdha
33 days ago
Thanks for writing this up. That foot-gun really needs fixing.
popular
35 days ago
reply
Share this story
Delete
4 public comments
seriousben
33 days ago
reply
Great root cause analysis of a security incident.
Canada
chrisrosa
34 days ago
reply
Great write up Samuel. And kudos for your swift and effective response.
San Francisco, CA
jshoq
35 days ago
reply
This is a great account on how to recover a service from a major outage. In this case, NewsBlur was attacked by a scripter that used a well known hole to attack the system. In this case, a well planned and validated backup setup helped NewsBlur to get their service back online quickly. This is a great read of a blameless post mortem executed well.
JS
Seattle, WA
BLueSS
35 days ago
reply
Thanks, Samuel, for your hard work and efforts keeping NewsBlur alive!

‘The Lab-Leak Hypothesis’

2 Comments

Nicholson Baker, writing for New York:

What happened was fairly simple, I’ve come to believe. It was an accident. A virus spent some time in a laboratory, and eventually it got out. SARS-CoV-2, the virus that causes COVID-19, began its existence inside a bat, then it learned how to infect people in a claustrophobic mine shaft, and then it was made more infectious in one or more laboratories, perhaps as part of a scientist’s well-intentioned but risky effort to create a broad-spectrum vaccine. SARS-2 was not designed as a biological weapon. But it was, I think, designed. […]

But I keep returning to the basic, puzzling fact: This patchwork pathogen, which allegedly has evolved without human meddling, first came to notice in the only city in the world with a laboratory that was paid for years by the U.S. government to perform experiments on certain obscure and heretofore unpublicized strains of bat viruses — which bat viruses then turned out to be, out of all the organisms on the planet, the ones that are most closely related to the disease. What are the odds?

A riveting, compelling, deeply researched read.

Read the whole story
jqlive
206 days ago
reply
What the f**k?
CN/MX
Share this story
Delete

Justice Department Charges Zoom With Suppressing U.S. Calls About Tiananmen Square, at Behest of China

2 Comments and 3 Shares

Drew Harwell and Ellen Nakashima, reporting for The Washington Post:

A security executive with the video-tech giant Zoom worked with the Chinese government to terminate Americans’ accounts and disrupt video calls about the 1989 massacre of pro-democracy activists in Tiananmen Square, Justice Department prosecutors said Friday. […]

Prosecutors said the China-based executive, Xinjiang Jin, worked as Zoom’s primary liaison with Chinese law enforcement and intelligence services, sharing user information and terminating video calls at the Chinese government’s request.

Jin monitored Zoom’s video system for discussions of political and religious topics deemed unacceptable by China’s ruling Communist Party, the complaint states, and he gave government officials the names, email addresses and other sensitive information of users, even those outside China.

Outrageous in so many ways. How in the world can Zoom ever claim that calls are private and encrypted when they’ve clearly demonstrated the ability to monitor them, and abused that in patently offensive ways? Best to assume that every call made with Zoom is monitored by the Chinese government. Remember too that Zoom employs 700 Chinese nationals on its engineering staff. I’d be surprised if Zoom’s source code and server infrastructure was not riddled with backdoors and eavesdropping features.

Read the whole story
jqlive
224 days ago
reply
Wow. the xenophobia in the last 2 sentences is strong. Just because you hire Chinese nationals, doesn't automatically mean they're up to no good.
CN/MX
kyounger
213 days ago
Do you think the likelihood goes up, the more you hire? This isn't a slight on the Chinese people, but their government.
jqlive
206 days ago
No, I do not. That's like saying if you hire enough Mexicans, you'll get some cartel members, or if you hire enough Russians you'll get FSB agents. One bad overzealous actor does not represent an entire group of people.
Share this story
Delete
1 public comment
bronzehedwick
226 days ago
reply
Yikes. Tempted to repeatedly say Tiananmen Square in a Zoom and see what happens.
Jersey City, NJ

How to Use the New Text Tools in iOS and iPadOS 13

1 Comment

Charlie Sorrel, writing for Cult of Mac:

For the last ten years, selecting and manipulating text has been a frustrating nightmare on the iPad. Try to select a couple of words in Safari, for instance — a package delivery tracking number, for instance — and the selection would bounce back and forth between a few characters, and the entire page.

It was enough to drive you back to the comfort of the Mac’s mouse pointer.

In iOS 13, though, this has all changed. Text selection is accurate and predictable. And the new copy/paste gesture shortcuts become second nature almost immediately.

One more tip: With 3D Touch on pre-11 iPhones, you could not just move the insertion point by doing a hard-press-and-hold on the keyboard to turn it into a virtual trackpad, you could also select a range of text in this mode by hard pressing again while dragging. On iPhones 11 (and iPads), you can still get into text selection mode by tapping the keyboard area with another finger while in trackpad mode. This is nowhere near as elegant as 3D Touch, but it’s still a good trick to know. (This isn’t really new to iOS 13 — iPads have been doing this for years — but it’s new on iPhone for anyone accustomed to 3D Touch.)

Read the whole story
jqlive
681 days ago
reply
Seems like the iPhone 11's usability went backwards
CN/MX
Share this story
Delete

★ iPhone XR Review Roundup

2 Comments

The bottom-line conclusion in my iPhone XR review:

It sounds too good to be true, but the XR is almost as good as the XS models at a far lower price. Dollar for dollar, the XR is almost certainly the best iPhone Apple has ever made.

I’ve read over a dozen other reviews of the XR this week, and that’s been the bottom line of every single one of them. It’s a remarkable consensus. There are some interesting differences though.

Matthew Panzarino thinks the biggest compromise is the lack of a telephoto second camera:

However, I found myself missing the zoom lens a lot. This is absolutely a your mileage may vary scenario, but I take the vast majority of my pictures with the telephoto lens. Looking back at my year with the iPhone X I’d say north of 80% of my pictures were shot with the telephoto, even if they were close ups. I simply prefer the “52mm” equivalent with its nice compression and tight crop. It’s just a better way to shoot than a wide angle — as any photographer or camera company will tell you because that’s the standard (equivalent) lens that all cameras have shipped with for decades.

Wide angle lenses were always a kludge in smartphones and it’s only in recent years that we’ve started getting decent telephotos. If I had my choice, I’d default to the tele and have a button to zoom out to the wide angle, that would be much nicer.

But with the iPhone XR you’re stuck with the wide — and it’s a single lens at that, without the two different perspectives Apple normally uses to gather its depth data to apply the portrait effect.

Nilay Patel, on the other hand, doesn’t miss the telephoto second camera much but instead thinks the LCD display is the biggest compromise compared to the XS iPhones:

Those differences are interesting and worth pulling apart, but really, the simplest way to think about the iPhone XR is that it offers virtually the same experience as the iPhone XS for $250 less, but you’ll be looking at a slightly worse display.

So, how much do you care about the display on your phone?

Look. The display on the iPhone XR is… fine. It’s fine! It has a lower-resolution and pixel density than the OLEDs in new flagship phones like the iPhone XS, Galaxy S9, and Pixel 3, but it’s the same 326 pixels per inch as Apple’s previous non-Plus LCD iPhones. Anyone coming to this phone from any iPhone, save the iPhone X, will not notice a huge discrepancy in resolution. I suspect most people will find it totally acceptable.

That’s not to say it matches the quality of previous iPhone LCDs. The iPhone XR LCD definitely shifts a little pink and drops brightness quickly when you look at it off-axis, which often leads to a bit of a shimmery effect when you move the phone around. I noticed that shimmer right away, but I had to point it out to other people for them to see it. (It’s one of those things you might not notice at first, but you can’t un-see it.) Apple told me the XR display should match previous iPhone LCDs in terms of performance, but side by side with an iPhone 8 Plus, the off-axis shifts are definitely more pronounced.

Neither Panzarino nor Patel are wrong. It’s obvious that the display and lack of a second camera are the two biggest compromises on the XR that allow it to be priced so much lower than the XS models. Which one matters more to you is purely subjective. Panzarino says “If I had my choice, I’d default to the tele and have a button to zoom out to the wide angle”; Patel says “I rarely take zoom photos, so I didn’t miss the telephoto lens from the iPhone XS at all”.

Count me on Panzarino’s side, though. If I could have a next-gen iPhone XR that either (a) keeps the same LCD display but adds the XS’s second camera, or (b) switches to the XS’s OLED display (including smaller bezel) but still lacks the second camera, I would choose (a) in a heartbeat. After a day with the iPhone XR I stopped seeing anything wrong with the display or wider bezel. I miss the telephoto camera every day.

Another tidbit from Patel, regarding the amazing work Apple put into making the XR display as nice as they could:

Apple’s also done some extremely detailed work to make the rounded corners of the LCD perfectly match the corners of the phone itself, which is work I desperately wish other companies would do. (Most other phones with rounded corners have mismatched radii, and the Pixel 3 XL has different corner radii at the top and bottom, which, to me, looks far worse than any chunky bezel.)

It’s somewhat easier to round the corners of an OLED panel: each pixel is its own light source, so you can turn them off individually around the curve to smooth it out. You can’t do that with an LCD panel because there’s just one single backlight for the entire display, which will shine through the black pixels along the edge. So Apple built little apertures for the pixels around the corners of the XR display to mask some of the light coming through, on top of antialiasing the curve in software. It’s a neat example of Apple’s attention to detail.

The sub-head from Panzarino’s review made me laugh:

The iPhone XR is Apple’s best knockoff yet of its groundbreaking iPhone X.

I think it could have worked to write an entire iPhone XR review using the conceit that it’s an amazing knockoff of the iPhone X.

Speaking of design details, Rene Ritchie, in an otherwise glowing review, points out some small industrial design niggles:

Less fine is the sudden loss of Z-axis asymmetry thanks to the shoved down Lightning port on iPhone XR. Again, yes, this is only something I.D. nerds like myself care about, but after iPhone XS broke X-axis symmetry to fit a 4 × 4 MiMo antenna on the bottom, iPhone XR has gone and broken the Z by top aligning instead of middle aligning Lightning to the screws and grills, probably to make room for the not-as-thin-as-self-illuminating-OLED edge-to-edge LCD.

I still haven’t gotten used to the steel screws and ports not always being vapor coated to match the aluminum anodization, now this?

I know it bugs the designers and engineers even more than it does me. And while it’s still not as rando as some other companies seem to be by tossing elements into the casing like drunken darts at a board, and as nit-picky (and I’m sure eye-rolling) as I’m sure it is for some of you, I’ve given Samsung shit about it for years, so I’m not going to stop just because, this time, my eyes are bleeding courtesy of Apple.

I hate to admit it, but I didn’t mention the Lightning port not being centered with the screws or speaker grills because I didn’t notice it until I read Rene’s review. (Nilay Patel mentions it too.) But now I can’t unsee it:

Bottom view of the iPhone XR, showing how the Lightning port is not center-aligned with the screws or speaker grills.

It’s not perfectly aligned but it is perfectly excusable. It’s simply really, really hard to make an LCD phone with no chin or forehead to mask the display controller. It’s hard to make an OLED phone with no chin or forehead — just ask Google. But LCD is a different ballgame. To my knowledge, iPhone XR is the only LCD phone ever made, by anyone, with no chin or forehead. With the display controller underneath the display, the Lightning port had to be pushed down. It is absolutely a compromise, but well worth it for the overall look of the device. Everyone would notice if the XR had a chin; almost no one is going to notice the Lightning port is top-aligned rather than centered with the screws and speakers.

Joanna Stern, as usual, has the best video. She got the Product Red variant, and her video really shows how great it looks. She also illustrates well the sort of scenarios where you’ll miss having a telephoto lens.

Lastly, a point on pricing and the notion that today’s phones are “just” phones. Here’s Lauren Goode at Wired:

Apple wants to make it clear that it’s not trying to gouge you. Sure, when the iPhone X launched last year, Apple priced it at nearly $1,000. And yes, this year’s iPhone XS sells for the same amount. And of course, Apple killed off its smallest and most affordable handset, the iPhone SE, right as it was introducing the most expensive iPhone yet.

But Apple wants you to know you have a choice. You get to pick from a very small pool of potential devices, but hey, at least you have options! Never mind that certain choices, like color, were predetermined for you by a room full of powerful tastemakers who decided to make coral or cerulean happen. Never mind that whatever you pay, it’s still a crazy amount of money for a phone. You are making the call. You, sir or madam, have your choice of new iPhones.

I think the rest of Goode’s review contradicts the notion that $750 (or better, $800 for the 128 GB version) is a “crazy amount of money for a phone”.

Phones are the most important computer in most people’s lives. They’re the only computer in many people’s lives. Nobody says it’s crazy to spend up to $1,500 on a laptop — but most people use and care about their phone more than they do their laptop. That’s why phone displays are getting bigger. We’ve been corrupted by thinking of them as “phones” in the pre-2007 sense of the word.

A cell phone used to be just a wireless telephone. No longer. They are our ever-present personal computers. They are also our most important cameras (and often our only cameras). A decade ago, point-and-shoot cameras ran $200-400, easily. It’s your watch, it’s your alarm clock, it’s your Walkman, it’s your map and GPS. It’s your wallet full of photos of your family and friends. It’s also, increasing, your actual wallet.

If you took an iPhone XR back to 2006 people would be amazed. If you told them they could buy one for $750 they’d think you were lying.

On a related note, I would argue that iPhone prices aren’t really going up. Last year’s X and this year’s XS models are a new premium tier. The iPhone XR is the phone at the previous “regular” top-of-the-line tier. New top-tier iPhones used to cost $600-650, yes, and the iPhone XR starts at $750. But when you account for inflation that starting price is about the same. The iPhone 4 was introduced in June 2010 starting at $600. $600 in June 2010 dollars is about $700 today. That $600 got you a 16 GB iPhone in 2010. The 32 GB model cost $700. That’s about $810 in today’s dollars — $10 more than the price of a 128 GB iPhone XR, which I think is the sweet spot in the lineup for most people. Inflation adjusted, the iPhone XR is right in line with the iPhone 4 prices from 2010.

Considering how much more capable an iPhone XR is compared to an iPhone 4, I’d say $750 is an amazing bargain.

Read the whole story
jqlive
1010 days ago
reply
You could swear that he's on Apple's payroll. Always so apologetic and making up excuses for the company. Apple's products are overpriced and over hyped. They are good products, but they're not cheap or world saving. Apple is a public company, they only care about their profits, and their shareholders. It is a business, therefore they will expand those profit margins as much as they can, their consumers be damned... people will keep buying their phone until a new product class replaces the smartphone. Apple is smart enough to keep improving their cash cow. The XR is outrageously overpriced for what it is, no doubt about that. The sole reason it exists is to hit a price point that otherwise would've been usually handled by the previous year's phone. But because they didn't want to lower the price of the X, and decrease their margins in the process, they created the XR... IMO the only things that make any iPhone worth buying is iOS's security and update track record.

iPhone XR is not a bargain, a $750 USD phone will never be a bargain. Unless you are privileged enough to think it is.
CN/MX
Share this story
Delete
1 public comment
jheiss
1011 days ago
reply
I think it’s crazy to spend up to $1,500 on a laptop. But thankfully modern laptops are overpowered so I can buy slightly used ones on eBay for what I consider reasonable dollars.
apadilla
1010 days ago
Same for used iPhones on ebay

Ben Thompson on the iPhone as a franchise ↦

1 Comment

Here’s some typically brilliant analysis from Ben Thompson of Stratechery. In his piece, Ben puts Apple’s interesting new iPhone product line in the context of its continuous ratcheting up of iPhone pricing—with a nod to the last time Apple tried to make a multi-colored iPhone with a funny letter stuck on the end.

Ben’s conclusion is fantastic:

That is the iPhone: it is a franchise, the closest thing to a hardware annuity stream tech has ever seen. Some people buy an iPhone every year; some are on a two-year cycle; others wait for screens to crack, batteries to die, or apps to slow. Nearly all, though, buy another iPhone, making the purpose of yesterday’s keynote less an exercise in selling a device and more a matter of informing self-selected segments which device they will ultimately buy, and for what price.

One of the most important things to remember when analyzing any new iPhone is to remember the extended buying cycles. The average iPhone XS and XR buyer won’t be updating from the iPhone X; they’re upgrading from an iPhone 6 or 6S or 7.

[Read on Six Colors.]

Read the whole story
jqlive
1050 days ago
reply
Yep, I'm coming from a 6, and from the amount of money I'm spending, I'll go another 4 years before I update again.
CN/MX
Share this story
Delete
Next Page of Stories