• Explore the magic and the mystery!


  • Listen to The Tech Night Owl LIVE

    Last Episode — August 24: Gene presents a regular, tech podcaster and commentator Kirk McElhearn , who comes aboard to talk about the impact of the outbreak of data hacks and ways to protect your stuff with strong passwords. He’ll also provide a common sense if unsuspected tip in setting one up. Also on the agenda, rumors about the next Mac mini from Apple. Will it, as rumored, be a visual clone of the Apple TV, and what are he limitations of such a form factor? As a sci-fi and fantasy fan, Kirk will also talk about some of his favorite stories and more. In is regular life, Kirk is a lapsed New Yorker living in Shakespeare’s home town, Stratford-upon-Avon, in the United Kingdom. He writes about things, records podcasts, makes photos, practices zen, and cohabits with cats. He’s an amateur photographer, and shoots with Leica cameras and iPhones. His writings include regular contributions to The Mac Security Blog , The Literature & Latte Blog, and TidBITS, and he has written for Popular Photography, MusicWeb International, as well as several other web sites and magazines. Kirk has also written more than two dozen books and documentation for dozens of popular Mac apps, as well as press releases, web content, reports, white papers, and more.

    For more episodes, click here to visit the show’s home page.

    The Notorious SSL Bug: At Least Apple Fixed It

    February 26th, 2014

    The headlines filled the airwaves and the daily newspapers. A serious SSL bug present in OS X Mavericks, iOS 6, and iOS 7 could result in Internet criminals eavesdropping or hijacking your account. To make matters worse, some suggested this bug provided an open door for the NSA to keep taps on you, although I wouldn’t presume that any of these things have actually happened.

    The signature verification bug, given the nickname “gotofail,” left literally hundreds of millions of users of Apple products vulnerable, because it allowed the attacker to use the hole in SSL and TLS connections to  break in. Not a very pleasant prospect.

    Now there has been quite a bit of fear-mongering about this problem, though it’s surely a genuine issue, although it’s not as if there is any evidence that it has actually been exploited, at least not yet. News of the flaw arrived last Friday with the release of iOS 7.0.6 and iOS 6.1.6, both of which repaired the problem.

    But the bug also impacted OS X Mavericks, and that critical fix was added to the 10.9.2 update that arrived on Tuesday. According to published reports, the flaw involve a single line of code that allowed Internet criminals to bypass SSL/TSL encryption, and if that happens all bets are off.

    If you want to know the raw details, you can examine a report posted at the Department of Homeland Security’s National Vulnerability Database.

    While some of you may not be inclined to install iOS and OS X updates until they’ve been tested and proven in the wild, this is one of those situations where you need to take a chance and get with the program. Now that the existence of the bug is known, the potential for exploitation is much greater.

    The updates for iOS 6 and iOS 7 were strictly targeted towards fixing the SSL bug. It’s not apparent that anything else was fixed. The next iOS 7 update, expected to be known as 7.1, is expected this coming March. The fix for OS X Mavericks was distributed as part of a regular maintenance update with 10 other updates and enhancements, along with a smattering of some other less severe, security fixes.

    Here’s a full ist of the changes, except for those additional issues that also impact security:

    • Adds the ability to make and receive FaceTime audio calls
    • Adds call waiting support for FaceTime audio and video calls
    • Adds the ability to block incoming iMessages from individual senders
    • Improves the accuracy of unread counts in Mail
    • Resolves an issue that prevented Mail from receiving new messages from certain providers
    • Improves AutoFill compatibility in Safari
    • Fixes an issue that may cause audio distortion on certain Macs
    • Improves reliability when connecting to a file server using SMB2
    • Fixes an issue that may cause VPN connections to disconnect
    • Improves VoiceOver navigation in Mail and Finder
    • Provides a fix for SSL connection verification

    Of course the important issue is the last, the SSL bug. The other issues aren’t quite as severe, although it’s nice to have support for FaceTime audio. Also, one would hope that Mail has finally been fixed, since it was very much broken in some respects with the release of Mavericks.

    But you have to wonder about the security situation with, say, Google’s Android platform. After all, the vast majority of Android phones continue to use an older version of the OS. If this sort of bug happened on that platform, how would Google handle the situation? How would they be able to push the critical fix, when they have to negotiate with the handset makers and carriers to get the maintenance update in the hands of users?

    What indeed!

    According to an editorial posted this past weekend by Daniel Eran Dilger in AppleInsider, “Android’s latest bug was a critical security flaw in Android’s WebView, first disclosed 14 months ago.”

    Daniel’s article further states that some 82% of iOS devices are using the latest version, with another 15% running iOS 6. There’s no indication that the SSL verification bug impacted older versions.

    In contrast, a mere 1.8% of Android handsets were reported using version 4.4 KitKat as of earlier this month. Some 20% are still saddled with version 2.3.x Gingerbread, first released in 2010.

    Just this week there was a story about yet another serious Android security bug. With the broken update structure, can anyone using an Android gadget be assured it will be fixed any time soon?

    Now to be fair, you can say that Apple should not have allowed this bug to make it through regular Q&A testing. Certainly the people responsible should get a strong verbal lashing for making iOS and OS X severely vulnerable as the result of this foolish bug.

    But it’s also true that nothing is perfect, and perhaps the testing process made assumptions that allowed this defect to go through. After all, verification of SSL and TSL connections are certainly new technologies.

    So let this be an object lesson. Apple fixed the bug. But you have to look at other platforms and see if such issues would be addressed as quickly. With Android, the answer would no doubt be no, and I wonder why the media, amid the gloom and doom headlines, has failed to acknowledge that fact.


    Newsletter Issue #743: Is Apple Getting into the Online Payment Business?

    February 24th, 2014

    Speculation about Apple’s next product initiative may, according to some recent reports, not be a product at all, but a service. Let me explain.

    Yes, it is quite possible an iWatch or some wearable gadget will be introduced later this year. The tea leaves — if not any provable facts — seem to point in that direction. That’s because Tim Cook admits Apple is interested in wearables. It’s also been reported that Apple has trademarked the iWatch name, and has some 200 people working on such a project.

    Of course working on a new gadget doesn’t guarantee its success, let alone its release. Apple no doubt has lots of products under development that will never actually be produced, or won’t appear until some years have passed.

    Continue Reading…


    So What About Usability?

    February 21st, 2014

    As you read more and more about the possible specs of the next iPhone — and the specs of competing products — you have to wonder whether the coverage is misplaced. Right now, it’s very much about how can Apple’s iPhone 5s, with a 4-inch display, possibly compete with the 5-inch screen on the Samsung Galaxy S4? Besides, the Galaxy S5 may have an even larger screen, and don’t get me started on phablets.

    So the perception here is that, since Samsung has mobile handsets with larger displays than Apple uses, Apple is falling behind the curve. What about pixels per inch? What’s the good of a Retina display with a “measly” 326 ppi, when the Samsung has over 100 more? Besides, that “advantage” might double with the next model.

    Oh, you can’t see the difference? Well, the Samsung still has better specs. But didn’t anyone notice that Samsung’s AMOLED displays wash out almost totally in bright sunlight? Sure, the display dims on an iPhone too, but you can still usually see it.

    The newer smartphones will also be offering cameras with more megapixels. Look at the Nokia Lumia 1020 with 41 megapixels. Must be more than five times better than the eight megapixels on the iPhone, right? How could it be otherwise? Isn’t bigger always better?

    Oh, and by the way, the Nokia smartphone, a Windows Phone device, has a display with only 334 ppi. But isn’t that also better than the iPhone? Has anyone compared them side by side?

    Now when it comes to using larger displays, Apple hasn’t actually said no. Tim Cook has pointed to what he regards as shortcomings of existing large displays, including color quality, longevity and the impact on battery life. A bigger screen, all things being equal, will mean a heftier battery, or sacrificing the time between recharges.

    So maybe that’s one reason why Apple executives have talked with the folks at Tesla, the electric motor car company. It’s not about a merger, which would seem to be a peculiar move with few synergies, but about battery technology. Consider if Apple could get 50% or 100% more life on the same size battery used on an iPhone now. Some of that could be used for components, such as larger displays, which consume more power, and the rest would actually benefit the customer.

    The customer?

    One reason Apple gave for not jumping to a larger-sized screen when the iPhone 5 first came out was the fact that you could still do many things on it with one hand. Well, not if you have really small fingers, but you get the idea. Try to use one hand to navigate around the big Samsungs, and you’ll see what I mean. Of course, nothing matters in sunlight, where you can’t do much more than answer a phone call on the Galaxy S4; well, assuming you recall the location of the Answer button on the touchscreen.

    None of this stops critics from pointing to features on a competing device and explaining why Apple is behind the curve for not having that feature. Some are still writing about NFC, the short-range networking scheme, which will supposedly usher in a new era of mobile transactions. Only it has quite worked out that way, and the fact that Apple has been down on NFC hasn’t helped.

    Yet another tact used by the critics is to refer to a feature that debuted on an Apple product but now is being matched, more or less, on a competing product. That, they say, diminishes Apple’s advantage, but doesn’t that depend on how well the feature works?

    So if the Samsung Galaxy S5, as claimed, has a fingerprint sensor, that will be a useful addition — if it works well enough for regular people to use. Apple’s Touch ID is certainly not perfect, but it appears to function correctly for most people. If Samsung’s version fails to operate consistently, will Apple’s critics care, or just ignore the feature as if it didn’t exist? Consider all that junk tacked onto the Galaxy S4, such as Tilt to Scroll and other useless and resource hogging stuff that looked good on paper, but nowhere else.

    The other day, I quoted a Samsung executive referring to a “back to basics” approach with the Galaxy S5, where the improvements were largely “about the display and the feel of the cover.”

    Not a better camera, more battery life, speedier performance?

    Feel of the cover indeed!

    If Samsung is going to concentrate less on home-brewed apps, they will be limited by whatever Google is offering in Android 4.4 KitKat.

    Alas, the folks who demand Apple add this feature or that feature continue to forget the company’s long history of taking poorly developed or underdeveloped product ideas and making them work. From perfecting graphical user interfaces with the first Mac, all through the iPod, iPhone and iPad, this has been part and parcel of Apple’s approach to design. Sure, there were some clunkers over the years, but the successes far outweigh the failures.

    But for other companies, usability is rarely on the radar, and that, unfortunately, seems to apply to many product reviewers as well.


    If Not an iWatch, What About the iHealth?

    February 20th, 2014

    In recent months, it has been reported that Apple has been hiring health and fitness experts to join with the experts from the fashion industry and Apple’s design team to work on something. That something has, so far at least, been regarded as a wearable gadget known as the iWatch.

    Why iWatch?

    Well, other than the fact that so-called smartwatches seem to be gaining somewhat in popularity, or at least product selection, but there hasn’t been a breakout device yet. Yet that doesn’t seem to be because of a lack of trying. It’s very possible the mere suggestion that Apple is working on something — anything — is sufficient cause for potential competitors to be spooked enough to build a presumed competitive product.

    Add to that reports that Apple now has 200 engineers working on the supposed iWatch, and the story seems to gain more credibility. It doesn’t hurt that Apple reportedly trademarked the name in different countries, but that doesn’t mean the name will be used in a real product this year, next year, or ever.

    But didn’t Tim Cook speak of Apple’s intense interest in wearables, so isn’t that proof enough of an iWatch?

    So if such a product is under development, what form will it take? Will an iWatch match existing gear, such as the smartwatches from Pebble and Samsung, which serve as tiny devices for notifications, playing music and physical fitness?

    As it stands, though, the public has not really embraced any of the current smartwatches. Selling a few hundred thousand units doesn’t make a trend, and it’s also true that many people, particularly of the younger generation, don’t even bother with watches anymore. If they want to check the time, they take out their smartphones.

    So if Apple is going to enter this market, they have to look at customer resistance, and  build a magnificent something that, once you use it, will become absolutely indispensable. Are we there yet?

    Before you consider looks that make it a fashion statement, and a smooth, simple, elegant interface, there are questions of raw functions.

    Existing smartwatches are basically accessories for your smartphone or tablet. If you don’t have a compatible device on hand, your smartwatch doesn’t do very much. Well, I suppose it tells the time, but why spend $150-$300 or more for a timepiece, unless it makes the appropriate fashion statement? You understand the appeal of a Rolex, and it’s not just for telling you the time of day.

    If it’s partly about fitness, wouldn’t an iWatch do more than just check your progress while jogging or exercising? You can already do that with existing gear. But being that fitness is of such prime importance to Apple, what about a wearable that takes different readings to monitor your condition while at work or play?

    Certainly blood pressure is an important measurement and, no, you don’t need a cuff to perform the test. There are ways to palpate the proper arteries on your body to deliver a similar (though less accurate) result. Would an iWatch be able to perform that test periodically, particularly for people with hypertension or health conditions? In the real world, you normally have to feel for the proper arteries located in your neck and a leg, so how would you be able to do that with something affixed to your wrist? Just asking.

    Or perhaps there’d be an accessory cuff that would connect via Bluetooth to your iWatch to take and record the readings as needed. Paste-on sensors would be too awkward to manage, but I suppose it’s possible. But your iWatch would still monitor pulse, temperature and other indications that will trigger an alert something was amiss.

    Add to that a database that stores your medical records, which would make it possible for a physician or other medical professional to be notified in the event of illness or injury. But just helping you exercise and eat a healthy diet might be sufficient to make an iWatch worthwhile. Maybe you’d prefer to call it the iHealth.

    If it’s to be an iWatch, however, I continue to believe that it would have to be able to perform certain core functions without being tethered wirelessly to another device. That may even include a version that can serve as a mobile phone — paging Dick Tracy. No, I wouldn’t think you’d have to bring the watch to your mouth to talk, a clearly awkward process. Better to have a Bluetooth headset.

    I don’t pretend to have any real answers as to what Apple is working on, but consider the features Apple would want to add to make the iWatch, iHealth, or whatever, utterly indispensable. It would have to sport looks that make it a fashion piece, not a geek’s toy, which already would make such a gadget quite different from what you can buy now.

    Today’s smartwatches clearly don’t show much imagination. But Apple has promised to enter new product categories this year. So what form will a wearable device take? Consider the possibilities. And, no, I do not expect a drivable product. The Tesla is not destined to become the iCar.