85 comments

[ 45.3 ms ] story [ 2910 ms ] thread
That only shows a kernel panic. An exploit would prevent the kernel from crashing.
How can malware prevent a panic? Its process is priority over pid1? I'm very ignorant to this stuff. Wouldn't the kernel know it's being manipulated, like a startup/JIT checksum or something?
A kernel panic is caused by some serious issue in either the kernel or the hardware. In itself, it's relatively "harmless": it just means the OS stops doing anything and you need to hard reboot the machine (such as by cutting power).

However, if the kernel panic is caused by a software bug (rather than something like a broken RAM stick), then the bug which causes the kernel panic might also be exploitable by malicious code to do things like arbitrary kernel level code execution. For example, if the problem is that the kernel somehow allows the user to change a piece of memory which the kernel interprets as a function pointer, then the result of carelessly changing that piece of memory will cause the kernel to jump into some part of memory that's not valid code, causing a kernel panic; however, a very clever attacker may pick a jump address which causes the kernel to keep executing without crashing but doing something which the developer of the kernel didn't intend. Maybe the attacker can cause the kernel to jump to a location in memory which the attacker has control over, which would mean that the attacker can run arbitrary code in kernel mode.

This stuff is all very complicated and very interesting, I recommend reading up on it if it interests you.

And no, the kernel can't really check if it's being manipulated. A checksum at startup wouldn't do it since these sorts of exploits don't tend to involve changing the kernel bytes on disk, but rather tricking the kernel into doing something it's not supposed to. There are various mechanisms to try to make bugs unexploitable (such as address space layout randomisation), but fundamentally, you can't perfectly protect against potential bugs.

Thanks! Yeah I really need to work on my low level security knowledge this stuff is fascinating when it isn't presented in the form of a crypto algorithim that is heirogylphics to me.
The general idea is that an exploitable remote code execution bug is some specific circumstances where the processor starts to execute whatever is in some wrong address which can be manipulated by an attacker.

If the bug is successfully exploited, the attacker arranges so that everything is just so that device runs "as if normal" but executes whatever code attacker decided to be executed; but if the bug is triggered accidentally or without a working exploit, then it attempts to execute something random and that results in a kernel panic.

So the way how "malware prevents a kernel panic" is that it's a successful exploit if and only if it manages to ensure that valid (but attacker-controlled) code runs and actually works, and if it instead results in a kernel panic, well, that's not a working malware, unless all the attacker wanted was a denial of service exploit.

I'm kind of impressed that a kernel panic doesn't just result in a black screen and that passthrough still works.
I’m not super informed here, but I believe the AR stuff, including eye tracking, takes place on a coprocessor. The OS on the M2 chip could die and you’d still have passthrough.
Valve Index is similiar. I've had my whole desktop freeze but the spatial orientation is still drawing within the VR as the headset is moving albiet in a frozen state.
The Valve Index does not do reprojection on the device. It does not even do tracking on the device.
It does it on the PC?
Yes, the runtime handles interpreting the sensor data collected by the device to compute the position and orientation they are in space. The compositor will reproject the next frame it sends to the headset if the application producing the frames does not submit frames before the deadline.
SteamVR’s tracking page[1] explains it a little. The HMD is really just displays, radios to talk the controllers (standalone trackers will just have a dongle, runs the same firmware iirc), and its own chip to talk to its own tracking sensors. All the tracking stuff amounts to timing information which is screamed over USB to the PC which does all the math to figure out where you are.

A bulk of this (really interesting!) information can be found on their HDK documentation, but that requires you to sign up with Steamworks.

[1]: https://partner.steamgames.com/vrlicensing

Sure it helps but does it _have_ to be on a separate chip? In ye olden days when everything else had crashed and was frozen, skype calls still kept working
I think it's more the fact that the M2 chip is used across multiple product lines that don't need the unique capabilities of the R1 chip.
I think it makes sense. The parts of the system that need to respond within certain time windows because of physics run in the R1 (presumably, “realtime 1”). Everything else is just an iPad, which currently runs on the M2.
(comment deleted)
It's a pretty great redundancy design though. Imagine someone driving or doing a life-critical task (augmented surgery?) on the Vision Pro and losing passthrough at a critical moment. And yes, there are already videos of people driving their car while wearing their headset (https://twitter.com/lentinidante/status/1753549370568368224_).
I like to imagine a possible future where Vision Pro can help you see your blind spots while driving a vehicle.

No shiny AR or "spatial computing" distractions. Just visibility.

That would be incredibly useful, and cool.

You people are fucking insane... You really want people wearing this crap driving cars and doing mission critical things??

Christ the people on the website are just another level.

I'm assuming that any future where Apple actually supports driving with the headset on would have to be a future where all the ethical and safety concerns have been worked out.

The people driving today with the headset (even for the memes) are the insane ones. It does not have the FOV for you to be fully aware of the road (I've used one in-store). I've also heard that even 12ms is apparently still too much latency for a driver to react promptly to emergencies.

> any future where Apple actually supports driving with the headset on

As another user of the road do I get a say in this as well besides Apple and the moron with their headset on?

This is one of the dumbest things that you could possibly do, a heads up display I can get behind assuming it is very much limited in how much information can be displayed but a device that utterly obscures your vision, removes your peripheral vision and replaces it with a screen that isn't necessarily pointing in the direction that your head is pointing in whilst driving a vehicle sounds like an excellent way to have a serious accident. I do hope it is a one sided one, this is Darwin award level stuff.

By "safety concerns" I do mean the existing hardware issues with the headset as well, such as the 12ms latency, bad camera quality especially at night, extremely low FOV (should be 180+ degrees at least), instant shutdown when power is removed, screens that go dark when power is removed, etc.

Your glass windshield doesn't need a source of power to stay transparent, but Vision Pro does.

I absolutely do not believe that the current iteration of the product should ever be used while operating a moving vehicle. You are right to call it dumb.

Peripheral vision extends widely outside of the angle that a typical display affords and moving your head enough to see the mirrors in the car will bring a much larger area to the left of you in view. You can't simulate that with a display in front of your head to the degree necessary that it makes up for the losses. I think this idea is a complete non-starter. Note that 'heads up' displays improve safety because you no longer have to change your focus for nearby and far while driving (dashboard dials, navigation, vs what's happening in front of you). This does the exact opposite, it removes your ability to see what is going on and then replaces that with a bunch of bits. You're a software glitch away from an accident and with all respect to my fellow software developers I don't consider any of us competent enough to get that right to the point that you can potentially unleash that onto a billion drivers and not expect utter carnage.
> You're a software glitch away from an accident

Software or hardware glitch. Or power glitch.

R1 runs an RTOS, though, passthrough continues to run even if the main processor (the M2) completely crashes. So it already seems to try to fail safe. I can't imagine that's by accident. Maybe it's not that they're going to use the Vision Pro in these situations, but that maybe they might use the R1 or a future generation of it for their self-driving cars.

I mean, it either works well enough for that to be a good idea, or it doesn’t. There are already technologies that are crucial for people to do mission critical things, and if they work well, then of course I want people using them, even if technology might feel really scary sometimes!
“want” doesn’t need to be involved.

running from the inevitable only makes you tired.

I think this is just a side effect of the fact the Darwin kernel isn't sufficiently low latency to ensure pass through feels 'real' enough.

Therefore the data path from camera to screen has to entirely happen without the kernels involvement.

I feel like the small passthrough delay was slightly noticeable upon first use, but with motion blur it was easy to get used to, and now I don't notice it whatsoever. If I had to guess, it feels like it's under 10ms.
interesting pattern arising where the technical theory is getting push-back from real world experience.

> If I had to guess, it feels like it’s under 10ms.

too many miss the value in such a statement.

“feel.”

subjective, but also sublime.

it doesn’t need to meet a metric, it needs to match a vibe. the metric is an approximation, as backwards as it might seem.

The current theory in the community is that since visionOS is based on iPadOS that it's more of a reference to a possible known exploitation on iPad that requires similar attestation on visionOS.
Imagine walking or driving when your AR gets hijacked, you could be at risk of walking into traffic or crashing the vehicle.
If only there was a way to prevent this
Avoiding any walking or driving? Sure, I guess, but most people can't stay at home forever any more than they could avoid using a phone.
You can still walk or drive - just take the headset off to do it…
How are you supposed to know when the headset is going to fail though??? I guess in some failure modes you might anticipate it failing, but surely not all… (/s)
But walking with your headset on can be a part of the value proposition, by adding some metadata to what you see. Imagine being shown directions in an unfamiliar place. Or seeing a distant bus and being told that this is the bus you're trying to catch. Once the technology becomes popular people will find a lot of reasons to walk with their headsets on.
maybe with less intrusive and lighter optical AR glasses that do not cover all your field of view, walking around the city would be more possible. But expecting to go around the streets or even drive with a huge AR headset is unreasonable for our times.
The people who wish for this future are a complete mistery to me.
The problem is I get all this already on my phone without wearing a $3500 mask.

It doesn't even make sense. What do you want blinking arrows on the ground to show the way instead of the much superior way of just looking at google maps now?

Who would want such a world? This is technology looking for a problem to solve instead of the other way around.
I guess a future version will see that you're sitting in a driver's seat and will go crazy telling you to take it off. Although I wonder what it can do, going dark will be dangerous if someone is actually driving, I suppose it can threaten to revoke your device license..
Imagine not wearing a distracting device while you are in traffic.
I could see a driving mode being useful since you could do things with nothing but your eyes leaving your hands free.
Because you don't need your eyes when driving? The thought of people driving around and multi tasking with their AR goggles gives me the heebie-jeebies.
As opposed to looking at a map?

It's always something with you folks.

You're not supposed to be looking at a map while driving. Eyes on the road.
You look at a map before leaving... not while you're driving. So you try to navigate and drive at the same time!?
That should be illegal. It removes a huge part of your field of vision.
We already have countless studies that talking on your phone while driving is really bad for reaction times and accident rates, even in hands-free setups. I can only imagine who much worse these numbers will look if you add distractions for your eyes to the mix.
This person should lose their licence.
That will definitely prevent them from driving.
In this case, I think the stupidity is also sufficient to confiscate the vehicle in some jurisdictions.
That open mouth... We're heading full speed into K.Laumer's "Cocoon".
I wonder how that image is generated? The Cybertruck doesn’t have FSD yet. I also read that Apple was blocking the AVP from working when it detected you were moving fast. That they had to make special provisions to allow the AVP to work on planes.
So you can't use it as a backseat passenger to watch movies?
Possibly, thanks to assholes as depicted in that video (which may be fictional). Apple does not want the liability or reputational damage from enabling someone driving a car and getting into a wreck, even if that prevents some other uses.

FYI - I don’t know what the rules are that they put into place and what I read was based on comments from some early demos that Apple was giving so it remains to be seen what you actually can and cannot do while wearing one. I’m sure that this will start to come out now that people are using these in the field.

Not all AR devices are something you wear. Lots of cars have a heads up display which is basically projecting information onto the windshield.
There's a huge difference between camera pass-through and some transparent reflections on the glass that you can dodge away from.
For sure.

I’d just hate for AR to become synonymous with head mounted displays instead of a more general definition.

(comment deleted)
(comment deleted)
(comment deleted)
I'm surprised they shipped with the product name RealityDevice14,1.
The code name is always displayed in panic and crash logs. For example, a kernel panic on my MacBook would display MacBookAir10,1.

Or do you mean you find the code name itself funny?

Yes. MacBookAir is a product. RealityDevice is a code name that leaked into a userfacing place.
HomePods are:

AudioAccessory1,1 – First gen HomePod

AudioAccessory5,1 - HomePod mini

AudioAccessory6,1 - Second gen HomePod

N64 was called Project Reality ...
Makes me think of Neal Stephenson's Snowcrash and when Da5id views the scroll with the meta virus and ends up "crashing" (that's the snow crash!).

The analog here would be a if you looked at the "wrong" thing (image, or a "malicious" QR code!) with Vision Pro and it contained the 0-day and then you were hacked!

Cover your sensors! They've got corruption armor /s
I'm more worried about neuralink zero-days.
Why? It would only affect one person and a few monkeys

Or do you mean that you are nuts enough to get one in your skull?

Oh no, both active users should be very worried. /s
(comment deleted)