FIRST IMPRESSIONS: THE IPAD PRO IS 'WICKED FAST

The iPad Pro is the biggest thing to happen to Apple's iPad line-up. Yes, that’s a pun, and I apologize for using it, but it’s also true.

Although Apple has gone smaller and thinner with iPads before -- the 7.9-in. mini, for instance -- until this past week, it had never gone bigger. The result of that move is the 12.9-in. iPad Pro, which starts at $799 for a 32GB model and goes all the way to $1,079 for a 128GB version with both Wi-Fi and LTE cellular connectivity -- accessories not included.

Susie Ochs

The iPad Pro dwarfs an iPad mini (right)

In fact, getting your hands on those accessories, the new Smart Keyboard and Apple Pencil for the iPad Pro, is harder than getting the tablet itself. And getting the exact iPad Pro you need isn't easy either.

[ More about the iPad Pro: Hands on: The iPad Pro -- It's a laptop! It's a tablet!. ]

The hunt for the right one

From what I've seen online and in actual stores since the iPad Pro arrived Wednesday, the top-end models are selling out nearly as fast as stores get them in. I should know. Over the course of three days I briefly "owned" three iPad Pros: The 32GB model I got on Wednesday (when the 128GB versions in Space Gray sold out at the local Apple Store); a 128GB version I picked up on Friday when the local Best Buy got a few in stock; and finally, the unicorn model I had wanted all along: the $1,079 iPad Pro with LTE and GPS I snagged at the Cambridgeside Apple Store Friday night.

It's easy to see why they're selling so quickly: The new iPad Pro features a wicked fast third-generation, 64-bit Apple A9X chip, 4GB of memory, 10-hour estimated battery life, and that absolutely gorgeous 12.9-in. 2732-x-2048-pixel Retina display that is packed with more pixels than the 15-in. MacBook Pro. With its large screen and with the optional keyboard case and Apple Pencil, I can easily see the iPad Pro attracting a lot of attention from everyday computer users and businesses alike.

The reason, in a word: Flexibility. The iPad Pro serves a broader range of needs than any previous iPad, especially when you factor in the Pencil, which allows the iPad Pro to be used more effectively when precision is a requirement. (Shipping dates are currently four to five weeks out for both the Pencil and Keyboard case accessories, so if you're eyeing these devices for yourself or as holiday gifts, order soon.)

The Apple Pencil makes the new iPad Pro more versatile than any of its predecessors.

In the box

In the box, the iPad Pro comes with the bare essentials: the tablet itself, a longer than normal Lightning-to-USB cable, and a USB power adapter.

When taking the iPad Pro out of the box, my first impressions were like virtually everyone else who's gotten one: Wow -- that's a big iPad.

Thankfully, it doesn't weigh as much as you'd think; at just over a pound-and-a-half, it weighs as much as the first-generation iPad from 2010. But that first iPad only had a 9.7-in., 1024-x-768-pixel display, much slower internal hardware, no camera, and it was a half-inch thick.

By comparison, the latest device measures 12 inches x 8.68 inches and it's 0.27 inches thick. For its size, the iPad Pro feels light, but at 1.57 pounds (1.59 pounds for the Wi-Fi/LTE model), you're definitely looking at wrist fatigue with extended use if you're carrying it around in one hand.

So far, that's not how I've found myself using it; without realizing it, I've been using the iPad Pro on my lap, like a little touchscreen table. This tablet -- with a processor that's as fast as some late-model laptops -- is turning out to be the perfect laptop computer in a very literal sense.

Speed you can see

Michael deAgonia

Despite its larger size, the iPad Pro home screen shows the same app layout grid as its smaller siblings.

The iPad Pro feels really fast. It zips through the interface, loading apps and data quickly. Powered by that custom-designed Apple A9X chipset, the iPad Pro out-performs the 12-in. MacBook in CPU benchmark scores, and is faster than the current MacBook Pro with Intel's Iris 5200 integrated graphics in GPU benchmarks.

I'm impressed by the speed, which makes iOS 9 more fluid than I've ever seen it before on a tablet. (I also have an iPad Air 2, and iOS 9 is no slouch on it.)

Big sound to match the big screen

Also impressive: The sound the iPad Pro puts out. Apple etched the speaker housings as part of the unibody enclosure, and placed speakers on all four corners. The iPad is programmed to be aware of its orientation, and at any angle the topmost speakers are dedicated to producing higher frequencies, with the speakers on the lower side pushing more bass. The result is an iPad that truly sounds amazing.

At one point during my quick round of early testing, I reached for the Apple TV remote to lower the volume of my living room entertainment system. Except the entertainment system wasn't on; the iPad Pro was producing the loud audio. I'm not saying it's a substitute for a surround sound system, but the sound quality is so good that for a split second, I was fooled into thinking the music couldn't be coming from the iPad.

Audiophiles will be pleased, both at the level of volume those four small speakers emit and the clarity and tone they produce. Your eyes will naturally be drawn to the big screen, but your ears will love the sound.

No 3D Touch?

One of the big advances offered on the new iPhone 6S and 6S Plus is 3D Touch. On those devices, the screen can detect the amount of pressure applied with a finger press. That press triggers different actions, based on the pressure. That's how "Peak and Pop" views are activated, or how you can get to quick shortcuts for apps. 3D Touch delivers an added layer of usability that I've quickly grown accustomed to on myiPhone 6S Plus. (The same is true about Reachability, which allows easier one-hand access to icons at the top of the larger phone screen.)

The iPad Pro is a natural for these new features, but it doesn't have either one. I miss them. Apple hasn't said why 3D Touch isn't part if the iPad Pro package, or whether it's a hardware issue related to the technology or an intentional omission. (I'd assume it's the latter. While the first-generation iPad Pro doesn't have 3D Touch, I bet future generations will.) The lack of Reachability on the iPad Pro is also puzzling, though it makes more sense, given that one-handed use of the big tablet isn't as easy as it is with the phone.

Something else I've noticed -- and this isn't Apple's fault -- is that some popular iOS 9 apps haven't been updated to take advantage of the larger screen. Case in point: The current Facebook app shows a lot of wasted space. It looks great on the iPad Air 2, but on the iPad Pro, it's simply been scaled up in size. For now, I'm accessing Facebook through the Safari browser because Safari utilizes space better.

Michael deAgonia

On the iPad Pro, the Facebook app (left) shows much less content than you can see by viewing Facebook through Safari (right).

No doubt, that will change as third-party developers update their apps. And Apple is already highlighting iPad Pro-worthy apps in the App Store.

Final thoughts (for now)

As nice as the hardware is, as great as the display is, in the end the iPad Pro experience depends on the quality of the software available for it. That's true whether you see it as more of a content-consuming tablet or a business-centric productivity device. In my time with the iPad Pro, I've found it fantastic for consuming media, especially comic books and high-definition videos. Games look great, too. But as noted, apps that haven't been rewritten for the iPad Pro's display size and resolution end up wasting a ton of screen real estate. The recently-introduced multitasking capabilities of iOS 9 -- the split-screen option allowing you to use two apps at one time -- really make use of the additional space, but I'm already wondering if that's enough.

On the hardware side of the equation, a lot is riding on the new Smart Keyboard and Apple Pencil, and how well these two add-ons work in extending the tablet's use potential. I'll be testing those as soon as I can get my hands on them, and will have a better sense of whether Apple has delivered something beyond just a bigger, better, faster tablet.

This much seems clear already: With all of the technology built in, and the accessories to come, all of the pieces are in place to make the iPad Pro a hit for consumers and businesses alike. Check back on Computerworld.com in a couple of weeks for my more formal, detailed review.

Michael deAgonia

The iPad Pro stacks up nicely against the 21.5-in. iMac.

MICROSOFT'S OFFICE INSIDER PROGRAM LETS YOU TEST TOMORROW'S OFFICE TODAY

Microsoft released Office 2016 to the general public back in September, and it’s a good update overall. But if you’d like to help improve future releases of Office, you’ll want to check out the new Office Insider program.

Office Insider clearly draws inspiration from Microsoft’s Windows Insider user-testing program, as Neowin points out. And just like how Windows Insider lets you see what’s to come for Windows, the Office Insider program will let you test out and provide feedback for upcoming releases of Office 2016.

For now, the program encompasses the Windows and Android versions of Office, and is open to Office 365 Home, Business, and University users: All you need to do to join Office Insider is to download and install the Office Insider build of the productivity suite. Mac users will have to wait a bit: Microsoft says that it will provide Office Insider builds for OS X “in the coming months.”

The story behind the story: The Windows Insider program was a key component of Windows 10’s testing and development process, according to the company. (Microsoft uses a similar program to test upcoming versions of the Xbox One Experience and the Xbox app on Windows, though participation in the Xbox One Preview program is by invitation only.)  

According to Samer Sawaya of the Windows Feedback team, user feedback actually led the Windows 10 team to incorporate some new features into the operating system. If that’s any indication of how the Office Insider program will work, it’ll be a golden opportunity for you to help shape the future of Microsoft Office.

NEED A RIDE HOME FROM WORK? NOW YOU CAN CALL LYFT FROM SLACK

More than a few enterprise users today spend a growing proportion of their work time in Slack's team-communicationsoftware, but so far it hasn't been a simple matter to tie in outside apps and services.

Back in August Slack rolled out a new "Add to Slack" feature to simplify the process with launch partners including Box, and on Tuesday, it introduced another update designed to make the process even easier.

Tapping that Add to Slack button, Slash Commands make it possible for users to simply click a button to add a particular API-enabled app or service to their own Slack team.

With Lyft’s Slash Command installed, for example, users can see from within Slack how long it would take to get a car and what the estimated cost would be, and then request a car to their saved home or work address.

To call a car through Lyft, users just type "/lyft gohome" and wait for it to show up. To get updates on how close the car is to arriving, they type "/lyft eta."

Similar integration with Foursquare, Dribbble, Poncho and Blockspring offers new capabilities as well.

Users need only type "/foursquare lunch" and an address to get Foursquare's three best nearby suggestions posted to their channel. The service can also make suggestions for electronics stores, parks or places to swim, to name just a few examples.

Slash Commands can post both privately and publicly into channels.

For developers, new functionality includes the ability to control the icon, name and formatting of responses so they look and feel like an extension of a particular product or service. Photo and text attachments can also be added.

Slack's application programming interface (API) documentation has been updated accordingly.

HACKED OPINIONS: THE LEGALITIES OF HACKING – SAMUEL BUCHOLTZ

Samuel Bucholtz, from Casaba Security, talks about hacking regulation and legislation with CSO in a series of topical discussions with industry leaders and experts.

Hacked Opinions is an ongoing series of Q&As with industry leaders and experts on a number of topics that impact the security community. The first set of discussionsfocused on disclosure and how pending regulation could impact it. This week CSO is posting the final submissions for the second set of discussions examining security research, security legislation, and the difficult decision of taking researchers to court.

Thinkstock

CSO encourages everyone to take part in the Hacked Opinions series. If you have thoughts or suggestions for the third series of Hacked Opinions topics, or want to be included as a participant, feel free to email Steve Ragan directly.

What do you think is the biggest misconception lawmakers have when it comes to cybersecurity?

Samuel Bucholtz, co-founder, Casaba Security (SB): Our lawmakers need to realize that cyber security is very distinct from intelligence gathering and law enforcement activities.

We can see this challenge at the core of the NSA itself. The agency has always been responsible for defending our country’s cyber assets while at the same time gathering intelligence and perhaps playing a more offensive role. This dichotomy has led to the very real, and insoluble internal struggle within it: when a vulnerability is found, do you preserve its secrecy and exploit it for gain or do you warn those you protect and get it fixed to prevent their exposure? New laws should try to address this state of affairs, not extend or even compound it.

We continue to see this misconception played out in threat intelligence sharing bills, the most recent version of which is the Cybersecurity Information Sharing Act (CISA) which recently passed in the Senate. The confusion is at two levels - first, that cybersecurity should be used in tandem with law enforcement and intelligence gathering to enable, support or reinforce those activities; and, second, that by doing so they won’t jeopardize Americans’ personal privacy and freedoms by giving too much power to the government.

It’s imperative for Congress to begin seeing cybersecurity in more focused terms - specifically, as a way to protect businesses and critical infrastructure. At the same time, it must also understand the inherent risks in cybersecurity as a potential surveillance tool - and it must do all it can to protect Americans’ personal freedoms and privacy.

Intelligence gathering and law enforcement activities are by their very nature a violation of privacy. We as citizens tolerate this violation because it is supposed to be controlled by a level of due process - namely, judicial review and the issuance of warrants. Cybersecurity activities are executed by private parties with no such judicial review. Thus at a minimum any law enacted should guarantee basic protection of citizens’ privacy. As part of this protection, businesses should never be asked to provide non-anonymized data without a warrant.

What advice would you give to lawmakers considering legislation that would impact security research or development?

SB: Too often lawmakers, government regulators and other public officials equate cybersecurity research and development with ‘weapon-making’ or ‘cyber arsenals.’ This taints the entire industry and undermines public and government support for this research and the programs (few that they are) that support it. Future legislation needs to properly equate security R&D with the protection of consumer privacy, personal freedoms, business interests and national security.

Treating software as a concrete asset (munitions, trade secrets, etc.) is a losing battle. A good example of this is the current Wassenaar Arrangement, which seeks to restrict intrusion software sales overseas much like traditional military technology. Software is fundamentally an idea that cannot be stopped without some type of thought control. Extending this metaphor, the creation or possession of an idea cannot be outlawed. The only thing that can or should be criminalized is the use of such ideas. A security tester using a “weaponized” piece of software on their own property should be treated the same as a person smoking a cigarette in their own home.

Instead of writing laws that prevent research or threaten those performing the research, lawmakers should focus on enabling the free exchange of ideas without arbitrary restrictions; after all this is what makes science work in all its other forms.

If you could add one line to existing or pending legislation, with a focus on research, hacking, or other related security topic, what would it be?

SB: I would draw a big red line through the entire CISA bill as it is currently written (as of October).

The bill fails, as many attempts at government regulation do, in being too broadly worded and poorly defined to fairly protect the citizens of this country. Cybersecurity professionals spend much of our time finding the loopholes in poorly written software, but it often takes time and effort. It takes no time to find the loopholes in the currently written bill.

Now, given what you've said, why is this one line so important to you?

SB: In my view, CISA, in its current form, represents a serious threat to personal privacy and freedom. It’s a totally misguided piece of legislation - it does very little to balance the needs of national and business security with those of user privacy. It’s heavily tilted in favor of the law enforcement and intelligence communities and leaves consumers out in the cold.

As the Electronic Frontier Foundation noted in its analysis of the bill back in March: "The public won’t even know what information is being collected, shared, or used because the bill will exempt all of it from disclosure under the Freedom of Information Act."

This is the type of heavy-handed cybersecurity legislation that we need to avoid, and it’s propagated through Congress’ misunderstanding of what cybersecurity should be used for. CISA is essentially about protecting corporate and intelligence agency interests, not the people’s interests. It shields corporations from prosecution; it essentially makes classified the details of what types of data are being trafficked by corporations and government agencies and how they’re used.

This law is impenetrable by the courts, it’s exempt from the Freedom of Information Act, and therefore it’s far too powerful and risky to implement. We cannot give the business community, law enforcement and government that much power and control over everyone’s information.

CISA is a great example of why we need a digital Bill of Rights that declares our basic freedoms when it comes to technology, and converts our most basic liberties into language relevant to the digital age.

Do you think a company should resort to legal threats or intimidation to prevent a researcher from giving a talk or publishing their work? Why, or why not?

SB: No, I don’t. Threats don’t work, particularly for the research community. No one has the power any more to stop ideas, to stifle the free flow of information, to prevent people from asking questions or finding new ways to think about things or to solve problems. It is far better for companies and government agencies to work with the research community rather than to antagonize it.

Doing so will only make them a bigger target, and, besides, the research community is doing valuable work that mostly benefits the security of these companies and the US at large.

I think it is reasonable to ask a researcher to delay their announcement and most professionals will do so, but the mistake was made by the company who released the vulnerability in the first place, not the person who discovered it.

If companies do not want the “embarrassment” then they should spend more resources upfront trying to prevent it from happening. If their processes are so complicated that releasing a fix for their customers takes a long time, then they should reengineer their processes to allow for quicker turnaround.

What types of data (attack data, threat intelligence, etc.) should organizations be sharing with the government? What should the government be sharing with the rest of us?

SB: Statistics, trending data and anonymized data are all fine things to provide to the government. The government should in turn be collecting and sharing all the data they get with the rest of us. However, cybersecurity activities should be Chinese-firewalled from intelligence gathering activities.