MacBook Pro one-month review

At the end of 2016 i upgraded from a Late 2012 MacBook Pro (Retina) to a Late 2016 MacBook Pro with Touchbar. Again the 13” model with the fastest i5, 512GB SSD and 16GB of RAM. After having used it every day for one month, i think it makes sense to step back and review the changes which came with the redesign.

TouchBar & TouchID

To start with the bad news, TouchBar turned out to be as useless to me as anticipated, i rarely work with my laptop while not connecting external screens and peripherals to it. For mobile usage the absence of the Esc-key confirmed to be horrific. Even after weeks i’m having lots of mistypes simply due to the extreme sensitivity of the TouchBar whereas a regular key would not activate by just resting my hand on or even close to it. I reconfigured the TouchBar in a way that at least no critical functions are anywhere next to the upper left area, turning off the display by accident has been a major pain. The other thing which did drive me crazy was the ever-changing context when doing heavy multitasking. Changing from Terminal to Photoshop to Safari constantly changes icons, adds previews and overloads my peripheral area of view with junk. On top of all this the TouchBar sometimes does not get back from sleep or just gets blank out of the blue. This one one of the most non-Apple-like features i ever experienced.

That being said, it’s a cool showcase (scrobbling on YouTube, Emojis…) but i did not found myself really using it at any application during regular work. Perhaps it’s unusual for a “Pro” notebook to assume that its users are familiar with shortcuts, even with native apps like Mail i did not experience any real benefit. From a functionality point of view i agree that F1-F12 are not really used on a laptop but re-mapping would’ve been possible without a full-width touch screen. A small TouchBar at the right side with just 3 configurable actions like “lock”, “sleep” and play/pause would have been more than sufficient. All this context-aware non-sense falls apart and highlights its uselessness when getting down to “real” typing work. Obviously it can’t even come close to replace shortcuts and the speed of typing. The experience feels like being made for a device that gets controlled with a thumb rather than 10 fingers and software at the complexity of “Stocks” rather than an IDE. Tapping “and” for autocomplete after typing “an”? Come on!

TouchID was the real reason why i opted for a model with TouchBar, and it delivered. Unlocking the machine and using specific apps for banking and credentials storage is so much easier than typing the same password all the time. It also helps a lot to overcome the reluctance of locking the machine at work. The sensor operates perfectly and much better than any other laptop with fingerprint recognition i know of. Since Germany is still a developing country in terms of online payments, i could not use Apple Pay yet but can imagine how nice it would work. Some software integration should be improved though, for example confirming installations, system changes to bring down the need to enter passwords even more or just fixing odd behaviour like asking for a fingerprint if the laptop is closed.

Summing up, i think Apple seriously misstepped with the concept of a touch-sensitive display next to the keyboard. It’s cool to show and some niche software may have its benefits but overall its a pain during normal use and just feels not ready. I’d pay the same premium to have a ordinary Esc and Function-Keys bar with just a short TouchBar and TouchID next to it.

Keyboard & Trackpad

Coming from the old scissor-type MacBook Pro keyboard, the new keyboard feels a bit odd in the beginning, but i rapidly started to like it a lot. The sound is still a bit too “clicky” for my feeling but the actuation can be felt much better and my mobile typing speed got up significantly. For stationary use i connect a external mechanical keyboard (e.g. Topre Realforce, Filco), which of course is another league, but the current iteration is the best built-in laptop keyboard i experienced so far.

The Trackpad continues to be great and got even bigger and better. As with the keyboard i disliked the short/none travel at first but got used to it quickly. Getting back to the old Trackpad made it feel quite clunky, small and laggy - even though it was already stellar to any other laptops trackpad. The added size and palm-detection works great, no complains here.

Storage, CPU, RAM

Not much to complain here as well. Adding a NVMe SSD did add a significant speed boost compared to the old SATA/AHCI models. The dual-core 2.9GHz CPU with SMT (hyper-threading) is more than fast enough for software development, business tasks and even runs games like Diablo 3 or StarCraft 2 smoothly on 1080p+ screens with medium quality settings. Something which the 2012 model was struggling with. While my workstation/gaming machine and home server sport 32GB of DDR4 RAM, 16GB of DDR3 as maximum configuration seems low but honestly there are few workloads that require more memory on the given power budget.

Battery & Case

So far i can tell for sure that the battery does not last as long as the 2012 model. Usually i notice a bump in runtime when moving from a 1200+ cycle battery to a brand new one, not so with the 2016 model. The “upside” of this is that the lower rated battery is fully charged much quicker. While 4-6h of “real world” runtime for my workloads is not a issue, i would have happily traded 5mm more thickness for a bigger power budget.

The enclosure continues to raise the bar for laptops, it feels very durable, sturdy and high-end. The new darker color looks very good as well. Due to the reduced size the laptop feels even more “compact” and has a nice weight/size/thickness ratio. Again, i would sign up for bit less “thin and light” and more “powerful and pro” immediately. I hope this design is “light enough” for some years and battery development, component efficiency gains solve the rest.

Screen & Audio

The screen remains great and i can’t spot any weaknesses. Audio did significantly improve in terms of a more “neutral” sound, less trash-can influenced. Even though the “speaker grids” are cosmetic, it’s more than loud enough.

WiFi & Bluetooth

My old MacBook Pro got quite heavily used and saw some drops so it was not a surprise that the BT module was broken at some point. Getting to the new model solved that and connections are stable. WiFi was bumped to 802.11ac which works flawless again as well. Connections are established much faster than before.

Ports

Well, this certainly is the most critically discussed “flaw or feature” of the new MacBook Pro. I assumed that it would be a major issue for me but i was wrong. Of course you’d need a whole bunch of new adapters and the USB-C space is crowded with incompatible products. On top, the confusion of concepts for “port” and “protocol” makes it really hard to chose the right dongle. Compared with the older model, i lost USB-A, Mini-DisplayPort, Thunderbolt 2, SD and MagSafe but 4 USB-C Ports with Thunderbolt 3 easily replace them.

I max out four ports with 2 DisplayPort adapters, a USB/HDMI/SD/Ethernet hub with USB-C charging and still got one port for a fourth display, storage or another phalanx of ports using a second hub. For travel and legacy hardware i use a VGA/HDMI/USB/Ethernet hub. Lots of adapters but also a bunch of ports to use. In reality, those adapters stay at my desk, so they do not really become clutter when going mobile. Why Apple chose to drop the SD-Reader is beyond my understanding though.

Ports galore (Bqeel USB-C Hub)

Before, i used 2x Mini-DP for displays and got stuck with two USB-A ports which had to be extended by an external hub to connect mouse, keyboard, storage and ethernet devices. Looking at it this way, four Thunderbolt 3 ports are offering much more options and the adapters are much more potent than before. That being said, compatibility is an issue and choosing the right adapters is trial&error.

Would sticking to the old ports and protocols have been easier? Definitelly! But this transition again feels like the right point in time where legacy connectors got dropped. Both ports and protocols are extremely versatile and offer much more bandwidth. It’s funny enough that the headphone-jack survived, i guess there are more DJs than Photographers in Cupertino…

Connectivity to the Apple ecosystem is a mess if you need cable connections. Mobile devices? Lightning, Headphones? Micro-USB, Notebooks? USB-C. If only they would use USB-C for mobile devices as well… perhaps thats coming sooner than expected. While i liked MagSafe, it always felt a bit “too proprietary” for me. Certainly, when working in a mostly-Mac company, i always found someone with a spare power supply. The new USB-C chargers however make it easier to charge from either side and use shorter cables as well as just replacing the cable if it breaks. I never understood why Apple seriously dongled a really bad cable to a €80 brick. Obviously they made a billion per year from people replacing their perfectly fine chargers, but this really is a shameful waste of resources. Now you’re expected to pay €80 for the charger, €25 for the extension cord and €25 for the charging cable, but at least there are options to replace a worn-off cable.

Conclusion

Overall i’m delighted with the new MacBook Pro, the only real downside is that you can’t get a model with TouchID, four USB-C ports, high-end spec but without a TouchBar. Such a “plain workhorse” configuration would certainly sell like hot-cakes to the serious “pro” consumer. Looking at the “thin and light” mania which led to lower battery specs which led to the choice of chipset which translates to the 16GB memory cap, i’m a bit troubled though if Apple is still targeting that class of users without compromises. Lets see what refreshed models with Kaby Lake will bring except a CPU bump.

Stuff that works

A short list of third-party adapters that have proven to work well with this machine, just in case…

  • HooToo Shuttle USB-C Hub, 3x USB-A, SD, HDMI (4k), USB-C Power Delivery
  • Bqeel USB-C Hub, 3x USB-A, SD, Mini-SD, HDMI (4k), 1Gb Ethernet, USB-C Power Delivery
  • Dell DA200 USB-C Hub, HDMI (1080p), VGA, Ethernet, USB-A
  • KiwiBird Type-C to DisplayPort 1.2a (4k)
  • Ligawo 6518955 USB-C to DVI
  • LaCie Porsche Design Mobile Drive (2TB)

UniFi may Open up your network

Be aware when updating UniFi Controller from 5.3.x to version 5.4.x and running WPA Enterprise secured wireless networks. There is a good chance that your network ends up completely unprotected while to the administrator everything looks fine. Both versions are official “stable” releases, so there is a good chance lots of networks get affected.

Whoopsie daisies!

Reason for this appears to be the addition of “RADIUS Profiles”, more specifically the migration of existing settings to this profile. Prior to 5.4 each WLAN could have one RADIUS server assigned for authentication and VLAN assignment. The update to 5.4 appears to be faulty in a way that the old RADIUS information gets lost and no profile gets created. Once the APs fetch that new configuration, for example when restarting, they get a “null” value and fall back to “Open” security configuration. Yeah right, from “WPA Enterprise” to “Open” just by updating your controller! On top of that, UniFi Controller does pretend that the network is still “wpaeap” secured, so if you’re running a remote WLAN site you may not even be aware of the fact that anyone can access your network without authentication.

To identify the issue, check the actual WLAN settings by scanning the network and second look out for the following log-file entry at UniFi Controllers server.log file.

[2017-01-18 23:41:30,160] WARN uap - invalid radiusprofile_id: null

I contacted Ubiquity Networks about this and they seem to be aware of the issue. However instead of accepting it as a massive vulnerability they just claim it to be “just a bug at the update”. UBNT likes to play at the Software Defined Networking (SDN) league, sensitivity for security issues at the “software” part does not seem to be a priority though. Lets see how quickly this gets handled in a serious way once some company networks unexpectedly “Opened”…

Rackalicious, Ubiquitilicious!

Starting point

Some years ago i started building a home network around a Synology DS214 NAS/media server and upgraded my WLAN to an Asus RT-AC66U, added a managed LGS308 switch and a PLC connection to connect the media rack. Overall that served me well and the level of hardware/software integration felt quite ok.

While i would rate that setup as quite sophisticated for its league, it became evident that my home network was a mess with regards to fault tolerance and actually very consumer’ish in its topology. There are those typical drawbacks that you’re used to live with as a consumer at a rental home without structured wiring. For example the WLAN Access Point had to be located close to power outlets and the VDSL modem which had to be close to the landline socket. In my case that meant the APs placement was really lousy in terms of radio signal. Adding better antennas and tweaking the firmware (dd-wrt rocks!) was a workaround but certainly not a solution. Updating some router settings essentially brought down all network communication since the AP/Router/Switch services run on a single box. Meh.

Running all these services (DNS, Web, Mail, RADIUS, File…) on one small box that was originally meant to stream some media was a clear single point of failure. The ecosystem around Synology is really nice for a NAS manufacturer, however it’s based on highly customized, sometimes outdated and restricted versions of the original services. They clearly address the consumer space with their smaller boxes, which means neither virtualization, hardware-accelerated encryption or ability to upgrade without dumping the whole system.

The plan

So i took some time and planned a “what if…” scenario of rebuilding my home IT infrastructure with taking the known constrains into consideration. As for networking equipment I learned about Ubiquiti Unifi some years ago and was quite interested in its positioning with regards to software-defined networking at a very compelling price-point. Now i finally had a chance to start playing with it.

Since i was not just re-doing the network part but essentially my whole home IT, i started to think about options for growing needs in terms of services, bandwidth and media consumption (like 4k). It was clear that upgrading to a more powerful NAS would not cut it from a performance standpoint neither when looking into how painful “real” custom service configuration was. At the same time i like to keep critical data closeby. The logical conclusion was to look for some “real” server metal.

That immediately bought up the problem of where to put all that stuff. I do like tech but at the same time i don’t want my home to look like a radioshack dump. Long story short, i obviously needed a rack to put all these new gadgets. 19” gear takes quite some space but can be managed so much easier than all those different form-factor devices. On top i could simply move the rack in one piece when relocating and would essentially contain my IT playground.

After some iterations the plan was quite clear to me:

  • Replace the existing consumer hardware with 19” stuff
  • Look for entry-level enterprise gear
  • De-couple wireless network access and actual infrastructure
  • Put all this to a rack

Hardware

Server

After some looking around i decided to go DIY on the server since most “serious” servers are total overkill and simply not designed to run quietly in a residential home. Those home-servers on the other hand were simply not powerful nor redundant or really upgradable. Having a history of building machines for some times the shopping list assembled itself fairly quickly:

  • Intel Xeon E3-1260L CPU
  • Asus P10S-I mainboard
  • 32GB DDR4 memory
  • Noctua NH-L9i fan
  • Samsung SM951 M.2 SSD
  • 3x WD RED 4TB HDD
  • Seasonic SS-300M 1U PSU

After completing the build it turned out that the 1260L is a bit oversized for my needs, the 1240L would have done the job just as well. Anyway, some extra max core speed won’t hurt.

Rack & Case

I planned to put the rack beneath my desk, an area that always felt like unused space. At the same time that severely limited my options in terms of depth since i still had to sit there. Luckily i found a vendor that offered both short racks and small DIY server cases:

  • Cablematic RackMatic 9U WK13
  • Cablematic RackMatic 2U CK91

The downside is shipping it from Spain which makes it a bit pricey but still far below the typical premium for a assembled system. The build quality and utility is not on-par with professional racks like Rittal, but for the price you get some really good stuff.

Network

So here i was looking for a medium size home network with about 15 wireless and 10 wired clients and the “want” to centrally manage all this. Having looked into the Unifi universe, my Ubiquiti shopping list read like this:

  • Unifi Security Gateway Pro (“USG”)
  • UniFi Switch US-16-150W (“USW”)
  • UniFi AP AC PRO (“UAP”)

Compared to the switch, the USG does not seem to speed down its fans after starting, which makes it terribly loud. This is a minor and fixable downside but disappointing that Ubiquiti did not do it right for two components of the same product range. Therefor i had to replace the cheap 40mm fans at the USG with one Noctua NF-A4x10 FLX. Airflow may suffer but the box runs stable and thermal monitoring shows acceptable values.

By using a bit of creative wiring the Access Point could get positioned almost perfectly at the center of the apartment, being powered using PoE, while the rack with all the other hardware could be placed in a more discrete place. Whats left to add was a simple 19” VDSL router (that should only serve as a modem to the USG) and a VoIP DECT phone base station which gets powered by PoE as well.

  • ZyXEL SBG3500 (VDSL)
  • Panasonic KX-TGP600

Power

Power outages luckily are quite rare in my area and maintenance usually happens at night. However that would introduce some issue with having a always-on server with a unbuffered RAID. Therefor i’ve chosen a UPS that handles about 15 minutes of autonomy before the server shuts itself down automatically. Having PoE capable hardware also allows to continue WLAN and DECT connectivity during that time.

  • Eaton Ellipse Eco 650

The total power consumption of the rack at normal operation is 75W. Interestingly enough the network equipment accounts for more than half of that, i’d expected the server to use much more than 30W.

Putting all this together got me this nice 9 U rack setup:
Rack

UniFi AP AC PRO

Software

To put the server to optimal use i decided to run Proxmox VE as virtualization environment and a encrypted Linux MD software-RAID 5 configuration with LVM to store the VM images. Off-site backup was done using SpiderOak at first but switched to good ol’ rsync later due to reliability issues with their proprietary software.

For management and storage i looked into OpenStack and Ceph first but got turned off by the infrastructure needs, such a solution is quite nice but obviously oversized to run like 10 static VMs. Speaking of VMs, i separated the services in a way that each machine can got to maintenance without affecting other services too much:

  • Unifi Controller
  • Authentication (LDAP, RADIUS, oAuth2)
  • Web (Proxy, Webserver, Git)
  • Nameserver (PowerDNS)
  • Log/Monitoring (Splunk, Sensu)
  • Mail (Dovecot, Postfix, OX App Suite)
  • Files (Samba, Serviio, netatalk)
  • VPN (OpenVPN)
  • VoIP (3CX PBX)

Proxmox VE

Getting into the detail of the software part would certainly exceed the scope for now. Be assured that setting all this up took almost a week but finally i’ve my manageable, scalable and reliable home network environment :)