{"id":9624,"date":"2016-09-05T00:00:32","date_gmt":"2016-09-05T07:00:32","guid":{"rendered":"http:\/\/www.technightowl.com\/newsletter\/?p=9624"},"modified":"2020-08-16T11:54:41","modified_gmt":"2020-08-16T18:54:41","slug":"newsletter-issue-875","status":"publish","type":"post","link":"https:\/\/www.technightowl.live\/newsletter\/2016\/09\/newsletter-issue-875\/","title":{"rendered":"Newsletter Issue #875"},"content":{"rendered":"

<\/a>THIS WEEK’S TECH NIGHT OWL RADIO UPDATE<\/strong><\/p>\n

The big question is not what Apple plans to unleash this coming week, but how may people out there will spring for a decent iPhone upgrade, or an Apple Watch 2 f it’s introduced. I’m making no new predictions about expected\u00a0new features, though there are many as we move towards the Apple event with the assumption that some neat stuff\u00a0will be added.<\/p>\n

Decisions about whether to upgrade to the latest and greatest\u00a0aren’t so easy anymore, because wireless carriers have unbundled the phone from the service. So if you opt for one of those lease\/purchase programs, such as AT&T Next, you’ll see an additional sum added to\u00a0your monthly bill that reflects that product; that is, if you check the details. It can be $20-$30 per month, usually, and sometimes more, depending on the model you select. When you pay it off, usually after two years, your price decreases by that amount, unless you commit to ongoing upgrades every year or so, in which case you keep paying forever. This is a more honest payment scheme than the one where you make an upfront\u00a0payment (unless it’s the entry-level “free” phone), commit to a two-year deal, but continue to pay the same amount\u00a0after that deal expires.<\/p>\n

Knowing how that purchase impacts your bill may give you pause. If your current smartphone continues to function well, it may take an awful lot to persuade you to upgrade. There are hundreds of millions of people in a similar boat, and Apple needs to reach a hefty portion of them\u00a0to make a success of the next iPhone. Can they do it?<\/p>\n

Right now, industry expectations are that sales of the presumed iPhone 7 will be lower than the iPhone 6s regardless of what Apple does. Let’s see how it flies.<\/p>\n

So on this weekend’s episode of\u00a0\u00a0The Tech Night Owl LIVE<\/a>, we presented tech journalist Sean Aune,\u00a0director of operations for\u00a0TechnoBuffalo<\/a>, an online\u00a0blog and gadget review site. He focused mainly on what’s expected from Apple during the September 7th media event in San Francisco. The predictions mainly covered an iPhone 7, but Sean also discussed the possibilities for introducing an Apple Watch 2, and Apple’s skirmish with the European Commission over a $14.5 billion tax bill.<\/p>\n

You also heard from security expert and ethical hacker Dr. Timothy Summers,\u00a0President of Summers & Company, a cyber strategy and organizational design consulting firm, who talked about\u00a0the latest hacks impacting the Democratic National Committee and other Democratic facilities. Are the hackers strictly focusing on one\u00a0political party? And what about those\u00a0recent security fixes from Apple? I’ll have more to say about the security issue in the next article.<\/p>\n

The final half of the show featured John Martellaro, Senior Editor,\u00a0Analysis & Reviews\u00a0for\u00a0The Mac Observer<\/a>. His bill of fare included such topics as “Blood in the Macintosh Water,” why “There Ain’t No Such Thing as Free TV,” “Is There Anything Apple Can’t Do? That’s Now a Problem,” and how “Autonomous Vehicles Might Develop Superior Judgement.” Gene wondered whether the day might come in the next few years where he will have\u00a0to give up the keys to his car and surrender to a self-driving vehicle.<\/p>\n

On this week’s episode of our other radio show, The Paracast:<\/a>\u00a0 Gene and guest co-host Goggs Mackay present\u00a0Dr. Robert Davis<\/a>, author of “The UFO Phenomenon: Should I Believe?”\u00a0Robert Davis is an internationally recognized scientist in his field, and served as a professor at the State University of New York for over 30 years. He is a member of the\u00a0Dr. Edgar Mitchell Foundation for Research into Extraterrestrial Encounters (FREE),\u201d composed of many leading researchers from various disciplines.\u00a0 The FREE website includes their initiatives, scholarly articles written by members of FREE, and the results of their ongoing research results obtained from over 2,500 individuals who report conscious recall of contact with UFOs and non-human intelligent beings. During this episode, Dr. Davis will address the outcomes of their preliminary research results and associated theories and implications for future research.<\/p>\n

<\/a>APPLE AND FIXING CRITICAL SECURITY PROBLEMS<\/strong><\/p>\n

At one time, it was thought that Apple paid little more than lip service to security problems on Macs and iOS gear. True, each maintenance update usually included\u00a0a set of\u00a0security fixes, but what if something occurred between those releases? Would Apple act quickly to keep customers safe?<\/p>\n

You may have wondered about that in 2011, when hundreds of thousands of Macs were allegedly infected by the Flashback Trojan. Now those numbers\u00a0all depended on believing one security company’s estimate. Some suggested that estimate was provided to help sell more product as much as to protect you from something nasty. But Flashback wasn’t due to any\u00a0flaw in OS X. Instead, it was due to a flaw in Java, the cross-platform development scheme owned by Oracle that was bundled with OS X. Specifically it was the Java browser plugin, often used for online chat rooms and other services.<\/p>\n

Apple seemed to take its sweet time devising a solution. Oracle did its part with a revised Java, and\u00a0Apple finally made the browser plugin optional, and stopped providing Java to Mac users. The version you use now comes from Oracle, and it’s that company’s responsibility to maintain it.<\/p>\n

Now the promise of Java was to make it easier for developers to write one version of an app, a Java version, and have it run on multiple platforms. In practice, Java-based Mac apps sort of look Mac like, but as if they were alien shapeshifters\u00a0unsuccessfully struggling to appear human. Performance might also be inferior to the native app.<\/p>\n

Meantime, Oracle has been embroiled in ongoing litigation with Google over the use of some Java resources in Android. So far, Google has been the victor in courtroom skirmishes, but Oracle hasn’t completely given up.<\/p>\n

In any case, it was clear that Apple could not continue to allow Mac security flaws \u2014 whether their fault or someone else’s \u2014 to persist for long periods of time. While most aren’t exploited, it only takes one to create havoc. Fortunately, the Macs affected by Flashback didn’t actually do much of anything strange. Security software apps were updated to remove it, and Apple provided their own tools to accomplish the task. So you didn’t have to suddenly spring for antivirus software to be safe. Regardless, there are free Mac security apps if you want the extra ounce of protection.<\/p>\n

Now it’s not that Apple has provided no protection. Since 2009, OS X has included XProtect, a feature that can\u00a0quarantine a possibly infected file. Apple silently updates the malware definitions from time to time. If an app is caught, it doesn’t launch. Otherwise, if\u00a0you download an app from the Mac App Store, it runs normally. If you download an app from the Internet that contains a valid Apple security certificate, you’ll be notified on first launch, and still have the option to open it or not. But if you download an app that doesn’t contain the Apple certificate, it won’t run without using the Option key to bypass the built-in protection.<\/p>\n

That’s the normal setting. You can configure the handling of apps in the Security & Privacy preference pane. You can limit it strictly to software that you download from the App Store, or you can opt to open everything with the Anywhere option. I wouldn’t recommend the last choice\u00a0unless you are fully aware of the consequences and are extremely careful about what you download and install.<\/p>\n

Remember, this protection is limited to the first launch of an app. Once it passes the initial test, the app will continue to run normally even if it is later infected through some security mishap.<\/p>\n

Clearly Apple no longer waits for a regular maintenance updates to fix a security problem. In the past week, Apple released an emergency security patch to eliminate three vulnerabilities that could allow someone to attack your Mac and do nasty stuff. The fixes were the same as those provided in the iOS 9.3.5 update the previous week. This was clearly an emergency move\u00a0that fixed two OS kernel bugs, and one that impacted Safari.<\/p>\n

Published reports from security researchers at\u00a0Lookout and the Citizen Lab at the University of Toronto indicate that these bugs could be\u00a0exploited to allow someone to use an Apple device\u00a0for illegal surveillance.<\/p>\n

Clearly Apple understood\u00a0the seriousness and released these\u00a0patches fairly quickly. Some might wonder why OS X and iOS weren’t patched the very same day, but any fix of this sort requires time to develop and test. It’s also important to make sure that the patch doesn’t cause other problems as a result. Without knowing what Apple had to do, and the resources they had to accomplish the task, I won’t attempt to guess at whether it could have been done faster and more efficiently.<\/p>\n

But it’s important to look at the competition. Google might be notified about or uncover a similar\u00a0problem with Android, but actually deploying the needed patches to customers may be difficult or impossible. Unless you’re using a pure Nexus device, such an\u00a0update has to be sent to the manufacturer of the mobile gear. If it’s a smartphone, the manufacturer’s fix has to be sent to the wireless carrier to deploy. It\u00a0can take weeks to accomplish, and it may never happen. There are ongoing reports of unfixed security flaws impacting hundreds of millions of Android users.<\/p>\n

Remember, too, that the majority of Android devices out there run operating systems that are two or more years old. Even if you buy new gear, you’re not always assured that it’s running the latest version of Android.<\/p>\n

While there may be reasons why some of you favor Android over iOS, the inability to get timely OS updates, especially critical security patches, is the deal breaker for me. The discussion ends there.<\/p>\n

THE FINAL WORD<\/strong><\/p>\n

The Tech Night Owl Newsletter is a weekly information service of Making The Impossible, Inc.<\/p>\n

Publisher\/Editor: Gene Steinberg
\nManaging Editor: Grayson Steinberg
\nMarketing and Public Relations: Barbara Kaplan
\nSales and Marketing: Andy Schopick
\nWorldwide Licensing: Sharon Jarvis<\/p>\n","protected":false},"excerpt":{"rendered":"

THIS WEEK’S TECH NIGHT OWL RADIO UPDATE The big question is not what Apple plans to unleash this coming week, but how may people out there will spring for a decent iPhone upgrade, or an Apple Watch 2 f it’s introduced. I’m making no new predictions about expected\u00a0new features, though there are many as we […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3156,2992,6240,6870,1883,7003,7007,6974,6975,6889,7004,87,7006,15,6637,6846,4016,3625,7008,3984,6927,3359,4481,6933,7005,5015,3398,6273],"class_list":["post-9624","post","type-post","status-publish","format-standard","hentry","category-newsletter","tag-android","tag-app-store","tag-apple-watch","tag-apple-watch-2","tag-att","tag-att-next","tag-citizen-lab","tag-democratic-national-committee","tag-dnc","tag-dr-timothy-summers","tag-flashback-trojan","tag-google","tag-ios-9-3-5","tag-iphone","tag-iphone-6s","tag-iphone-7","tag-java","tag-john-martellaro","tag-lookout","tag-mac-app-store","tag-macos","tag-oracle","tag-os-x","tag-sean-aune","tag-security-privacy","tag-technobuffalo","tag-the-mac-observer","tag-xprotect"],"_links":{"self":[{"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/posts\/9624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/comments?post=9624"}],"version-history":[{"count":0,"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/posts\/9624\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/media?parent=9624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/categories?post=9624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technightowl.live\/newsletter\/wp-json\/wp\/v2\/tags?post=9624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}