Six Colors
Six Colors

Apple, technology, and other stuff

This Week's Sponsor

Clic for Sonos: The fastest native Sonos client for iPhone, iPad, Mac, Apple Watch, Apple TV, and visionOS.

By Jason Snell

September 8, 2017 4:13 PM PT

Built to last

Note: This story has not been updated for several years.

The other day Michael Tsai pointed out that numerous Mac apps and developers are celebrating their 25th anniversary this year, most notably BBEdit, PCalc, and the Omni Group. (Default Folder‘s also been around 29 years, and the Omni Group for 25.)

(Five years ago I wrote this anniversary piece about BBEdit.)

I started writing about Apple 24 years ago, so these apps all have a leg up on me. Still, I clearly remember discovering and using Default Folder in 1991, and I was not very far into my career in tech before someone (probably Stephan Somogyi) sat me down and explained that I needed to use BBEdit whenever possible. I reviewed DragThing, James Thomson’s app that is not a calculator, circa 1995.

Older people like to accuse the modern world of being disposable, as opposed to back in the past, when things were built to last. But most of the software from the 90s is long gone. Surviving this long is extremely rare. It takes a bunch of factors to last as a product. The product has got to be good, it’s got to be financially successful, and then… well, then it’s all about the secret sauce. Some combination of persistence, perseverance, stability, doggedness, stubbornness, and adaptability allows a few hardy souls to survive.

Most of these long-lived pieces of software are inextricably linked with their creators. I don’t think that’s a coincidence. Creating, growing, and maintaining software requires a personal commitment—like the ones Rich Siegel, James Thomson, and Jon Gotow have made to BBEdit, PCalc, and Default Folder respectively.

Selfishly, I hope their careers and commitment to their products continue for a long, long time—specifically, as long as I’m using their software! I want Rich to have a happy and long retirement someday—but only when I’m finished using BBEdit, and not a moment sooner.

75: September 8, 2017

Appreciation for iOS 11 and anticipation for the Apple media event.

Podcast: Play in new window | Download

Subscribe: RSS

By Jason Snell for TechRepublic

September 8, 2017 9:23 AM PT

Why Apple’s new iPhones may delight and worry IT pros

Apple is set to introduce new iPhone models on Tuesday at a special event on its new campus in Cupertino, CA. Leaks suggest that the new iPhones will include a high-end model that’s dramatically different from any previous model. But what does that mean for the professionals who rely on the iPhone as a key part of their business life?

Continue reading on TechRepublic ↦

By Jason Snell for Macworld

September 8, 2017 8:12 AM PT

What’s in the new iPhone? Just look at iOS 10 and iOS 11 to find out

Apple’s a company with a long-term product vision. Next week we’ll see the 2017 iPhones unveiled at the Steve Jobs Theater, but people inside Apple are already working hard on the 2018 model… and probably on the new features that will populate the 2019 and 2020 versions, too.

While the most interesting things to come out of any Apple event are the new product announcements, one of my favorite things about any Apple announcement is how it makes some of Apple’s previous decisions more understandable in hindsight. As outside observers who can’t peer into Apple’s inner workings, we don’t always have the necessary context to understand where the company is going.

But sometimes, if we’re fortunate, we can intuit some things about Apple’s direction in advance. And if a few of the rumors of the next-generation iPhone are true, some of Apple’s previous decisions start to be part of a much bigger story.

Continue reading on Macworld ↦

By Dan Moren for Macworld

September 8, 2017 8:07 AM PT

In Apple’s next ecosystem, Siri is the glue

It’s always been about the ecosystem for Apple. The company started out making its own hardware and software, and–with brief exceptions like the late, not-terribly-lamented clone program in the ‘90s–it’s only aimed to bring more and more of what it does under its direct control.

As the company moves into its fifth decade, its eyes are firmly planted on the future of that ecosystem. If the ‘70s and ‘80s were about the PC, the ‘90s about the rise of the Internet, and the 2000s and 2010s about consumer technology and the mobile revolution, then the 2020s are poised to be less about the devices we use and more about the seamless ecosystem that pervades every part of our lives.

Apple will, of course, still be bringing its particular mix of hardware, software, and services to bear on this next phase of technology, but there’s one element in particular that stands to be the glue bringing all of it together. Something that can potentially turn a disjointed gaggle of devices into something that’s more than just the sum of its parts.

And that is Siri.

Continue reading on Macworld ↦

by Dan Moren

September 8, 2017 6:07 AM PT

Equifax breach is probably the worst leak ever

Ars Technica’s security editor Dan Goodin on the news that consumer credit reporting agency Equifax was hit by a massive security breach:

The breach Equifax reported Thursday, however, very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely.

I’ve been a little bemused that some mainstream media is reporting this like it’s just another hack when in fact it’s way, way worse. As the Ars headline says, it’s probably the worst leak of all time. Why? Because with so many of those other hacks the worst leaked info were passwords and maybe credit card numbers (though keeping unencrypted credit cards on hand these days would be tantamount to criminal negligence). Worst case scenario, you can change your password or get a new credit card number, though it might prove to have a longer term impact. While getting a new social security number is possible, it’s tougher and much more disruptive–and I don’t believe it’s ever needed to happen on this scale: 143 million people may have been affected, or about 44 percent of the U.S. population. That is staggering.

The second part of Goodin’s story, dealing with Equifax’s amateur response to the hack, just adds another log of frustration to the fire:

What’s more, the website www.equifaxsecurity2017.com/, which Equifax created to notify people of the breach, is highly problematic for a variety of reasons. It runs on a stock installation WordPress, a content management system that doesn’t provide the enterprise-grade security required for a site that asks people to provide their last name and all but three digits of their Social Security number. The TLS certificate doesn’t perform proper revocation checks. Worse still, the domain name isn’t registered to Equifax, and its format looks like precisely the kind of thing a criminal operation might use to steal people’s details. It’s no surprise that Cisco-owned Open DNS was blocking access to the site and warning it was a suspected phishing threat.

Amateur hour, indeed. This is a company that is one of the three biggest credit agencies in the U.S., and any number of businesses and people trust its information for major decision-making on loans and the like. Trust should be the cornerstone of their business, but why would you trust someone who seems like they don’t know the first thing about keeping your personal information safe?

I’ve seen some other anecdotal complaints about Equifax’s response, most notably from Panic co-founder Cabel Sasser, who detailed his experience in a series of tweets:

Upon seeing the link to the aforementioned response site in a news story, I immediately went and put in my information to be notified if I was affected by the breach–I didn’t have Cabel’s experience, but Goodin’s story definitely has me wondering if I should have perhaps been more cautious about it. Well, I guess I’ll find out next week whether or not I’m one of the 44 percent.

Update: Just to clarify, since I was not reading closely when I went to check my info, Equifax’s tool said I “may have been impacted” and gave me a date of next week for when its TrustedID program kicks in.

The Rebound 152: A Real Roller Coaster of Emotion

The Red Sox use Apple Watches to steal signs against the Yankees: https://www.nytimes.com/2017/09/05/sports/baseball/boston-red-sox-stealing-signs-yankees.html?_r=0
Microsoft tells the government they have to go through them for DREAMers (we incorrectly attribute a statement to Satya Nadella that was actually from Microsoft President Brad Smith): https://twitter.com/aarti411/status/905149737573113856
YouTube for iOS gets a live stream capability: https://www.macrumors.com/2017/09/05/youtube-iphone-display-live-streaming/
Our thanks to Indochino (https://www.Indochino.com) where you’ll find the best made to measure shirts and suits at a great price. Use the promo code “REBOUND” and get any premium suit for just $379.

Podcast: Play in new window | Download

Subscribe: RSS

by Jason Snell

September 7, 2017 10:05 AM PT

UPS your router and wi-fi

A great tip from Lee Hutchinson at Ars Technica:

If you can keep your cable modem, router, and Wi-Fi online when the power goes out, you’ll almost always find that your ISP is also online—and you’ll keep your Internet access.

A few weeks back my power flickered. It was off for shorter than five seconds, maybe even shorter than two seconds. I have an uninterruptible power supply attached to my iMac, so I saw no ill effects on my computer screen—but the cable modem and router in the other room went down, so my network disappeared.

I bought a second UPS and attached it to those boxes, so the next time my power goes down, my internet will remain intact. I can still do work on my iMac with my network down, but it’s better if the network’s still around, too!

By Dan Moren

September 7, 2017 6:08 AM PT

Reports of ultrasonic attack on voice assistants more sound than fury

Note: This story has not been updated for several years.

Over at Fast Company, Mark Wilson has an interesting but somewhat overblown piece on a potential attack vector on voice assistants. Here’s the upshot:

Using a technique called the DolphinAttack, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants. This relatively simple translation process lets them take control of gadgets with just a few words uttered in frequencies none of us can hear.

So, a few things here. First, yes, this is a viable attack vector in that voice assistants are clearly designed to hear in the ultrasonic range. (The piece later notes that some devices, like the Google Home and Amazon Echo, use this as a method for connecting to other devices, such as Chromecasts and Amazon Dash buttons.) And it seems as though ultrasonic commands are treated identically to voice commands, which is to say that pretty much anything the device hears, it will execute. And since the sounds are inaudible to the human ear, you might not even know.

However, there are some reasons that you shouldn’t freak out. For one thing, as Wilson does mention, in the cases of an Echo or Google Home, the attacker would already have to have access to your house. So the idea of using it to, say, open the smart lock on your door is kind of redundant1.

In general, the attack opportunities would seem to be pretty small. Here’s the example that Wilson uses for using this vulnerability on a smartphone:

But hacking an iPhone seems like no problem at all. A hacker would nearly need to walk by you in a crowd. They’d have their phone out, playing a command in frequencies you wouldn’t hear, and you’d have your own phone dangling in your hand. So maybe you wouldn’t see as Safari or Chrome loaded a site, the site ran code to install malware, and the contents and communications of your phone were open season for them to explore.

Okay, sure, I suppose this is possible. But, in the case of more recent versions of the iPhone, they would also potentially need to be able to spoof your voice, since iOS now won’t respond to just any version of “Hey Siri.”2 (I don’t believe there’s an exception for audio in the ultrasonic range, but I’ll admit I’m not completely sure.) Moreover, while you can use Siri to open a web address, its ability to correctly parse that is, well, let’s say inconsistent. I tried opening a few domains with my voice, and I couldn’t even get it to recognize my own website every time. And that was in a relatively quiet coffee shop, not a busy street. It’s also probably not going to work if your phone is in your pocket or in a bag.

Some of the anecdotes related in this piece make me even more skeptical:

The researchers didn’t just activate basic commands like “Hey Siri” or “Okay Google,” though. They could also tell an iPhone to “call 1234567890” or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to “open the backdoor.” [emphasis added]

So, here’s the thing: there’s no way to trigger Siri on a MacBook without having direct access to the machine. macOS’s Siri implementation doesn’t support “Hey Siri”–it can only be triggered via the keyboard or clicking on the Siri icon. So, yes, if you have access to the machine, you can totally use Siri to make the machine visit a malicious website–but you also have access to the machine, so, again, the horse is already out of the barn.

In some cases, these attacks could only be made from inches away, though gadgets like the Apple Watch were vulnerable from within several feet.

Okay, sure. But again, the Apple Watch taps the user when Siri is triggered, which makes it pretty hard to do without the user’s notice. And it can’t open websites, which substantially decreases the risk of significantly compromising attacks. Plus, it suffers from the same frequent misinterpretations as Siri on the iPhone, so getting it to correctly execute the command you want is already risky.

Look, I don’t want to entirely dismiss this story out of hand. There are some risks here, and they’re ones that Apple, Amazon, Google, and anybody else getting into the voice assistant business should be aware of. But as long as there have been new technologies, there have been out of the box approaches to attacking them.

As always, the biggest risk in any of these situations isn’t necessarily the technology, but people. If you let people you don’t trust have access to your devices, especially without your supervision, it’s already game over. Yes, voice assistants broaden the attack field somewhat, but at the moment, this risk is still pretty low in the grand scheme of things. So don’t panic and turn the mic off for your Echo or your Google Home–you won’t get a lot of use out of them at that point anyway.

  1. I suppose if you leave the window open and somebody wants to get in, that’s a risk…but then they could just say “open the locks” anyway. Soooooo. 
  2. My girlfriend occasionally amuses herself by trying to imitate my voice and trigger Hey Siri on my phone. She has made it work, but maybe only about one out of every twenty tries at best. 

[Dan Moren is the East Coast Bureau Chief of Six Colors, as well as an author, podcaster, and two-time Jeopardy! champion. You can find him on Mastodon at @dmoren@zeppelin.flights or reach him by email at dan@sixcolors.com. His next novel, the sci-fi adventure Eternity's Tomb, will be released in November 2026.]

By Jason Snell

September 6, 2017 2:58 PM PT

Quick Tip: Zip files as templates

Note: This story has not been updated for several years.

If you’re like me, sometimes you work on a certain kind of project over and over again. And for each product that’s of a certain type, you want all your files and folders in the right places. You might even have written time-saving scripts that rely on certain files being in certain folders.

You could recreate your files and folders every time you start a new project. Or you could do what I do, which is create an example of the file and folder structure that I prefer and then make a zip archive of it in the Finder, ready to be re-deployed every time I need a new one.

I have a “template” archive for several of my podcasts, including The Incomparable. When I want to create a new episode, I double-click on the zip file in the Finder, and out comes a new folder with all the files and folders I need in just the right places.

(Yes, Logic allows you to save template files and create packaged-up project files containing loads of hidden files, but neither approach works for me, my chosen workflow, and my assortment of automations.)

These zip archives can be simple or complex—with dozens of folders and files or just a few. But why re-build them every time you start a new project when you can just double-click?

by Dan Moren

September 6, 2017 7:55 AM PT

Apple (and Amazon) bidding on distribution rights for Bond franchise

Tatiana Siegel and Borys Kit writing for The Hollywood Reporter:

The James Bond sweepstakes has taken an unexpected turn. While Warner Bros. remains in the lead to land film distribution rights to the megafranchise – whose deal with Sony expired after 2015’s Spectre – a couple of unlikely suitors have emerged that also are in hot pursuit: Apple and Amazon.

Franchise. Big Franchise.

by Dan Moren

September 6, 2017 5:56 AM PT

Dan on Mac Power Users

This is my second appearance on David Sparks and Katie Floyd’s long-running show, but this time I’m on to talk about the workflows (and super publishing secrets) behind my first novel1. We talk a bit about my favorite tools for writing, outlining, and even, yes, the dreaded marketing.

  1. Which, if you didn’t know, is currently on sale for just $2 on Amazon and iBooks

by Jason Snell

September 5, 2017 2:40 PM PT

Jason on The Dalrymple Report

In case you missed it, I was on Jim Dalrymple’s podcast to talk about the forthcoming Apple event. It was a really enjoyable conversation, in which Jim quizzed me on what I thought the chances were for various items to be announced next week. Which is totally unfair because I bet Jim already knows. Check it out.

by Dan Moren

September 5, 2017 6:59 AM PT

Remembering Batman: The Animated Series composer Shirley Walker

Great little remembrance by Polygon’s Susana Polo on Batman: The Animated Series composer Shirley Walker:

It was Walker and the rest of her composing team who furnished a Saturday morning kids’ cartoon with a full suite of character-specific musical themes, just as composers like John Williams and Howard Shore have done franchises as big as Star Wars and the Lord of the Rings. Walker based her music on a combination of design, mannerism and even character voice, once an actor for the part had been chosen and their final personality had been made clear.

Longtime readers know I’m a film score aficionado, and Walker’s music for B:TAS and, later, the Superman and Batman Beyond animated series, imbued them with a class and production value that was a big part of what elevated them from standard Saturday morning animated fare. While some of the cues were borrowed from the music composed by Danny Elfman for the 1989 Batman movie, the vast majority of the work by Walker and her team was completely original. Unsurprisingly, as I listened through Walker’s Gotham City Overture, I found I vividly remembered so many of the themes and leitmotifs used throughout, even 25 years later.

For way more on Batman: The Animated Series, you can of course check out the Batman University podcast, hosted by my pal Tony Sindelar, over on The Incomparable (especially, of course, the episode I guested on–even though we talked about Superman: The Animated Series).

by Dan Moren

September 5, 2017 6:18 AM PT

Apple Music/iTunes Festival ends after 10 years

Tim Ingham at Music Business Worldwide has confirmed with Apple that the annual Apple Music (formerly iTunes) Festival, which ran in London for ten years, is no longer:

However, the cancellation of the festival doesn’t signal a move away from live events by Apple Music completely.

The brand was recently a partner of shows by Haim and Skepta in London and Arcade Fire in Brooklyn and it had a heavy presence at SXSW in Texas earlier this year — where it backed shows from Lana Del Rey, Vince Staples and DJ Khaled.

In addition, Apple Music also sponsored Drake’s 32-date Summer Sixteen Tour in 2016 and it supports regular live sessions from its ‘Up Next’ artists.

The closure of the Apple Music Festival is likely because Apple is concentrating its resources on one-off events like these, in addition to its original content efforts in video — which have recently included a Carpool Karaoke spin-off series and a behind-the-scenes documentary on Harry Styles.

That makes sense to me. In the same way that Apple stopped doing trade shows like Macworld Expo, it can now reach so many more people through its online services or a variety of smaller events around the world. I’d also wager that we haven’t seen the last of an Apple-branded musical event.

by Jason Snell

September 3, 2017 8:43 AM PT

Janitors, then and now

This is an interesting story from the Upshot at the New York Times about the rise of corporate outsourcing to contractors. It’s notable here because the story, by Neil Irwin, uses Apple as its present-day example, but I’d expect you would find the same at most corporations:

In the 35 years between their jobs as janitors, corporations across America have flocked to a new management theory: Focus on core competence and outsource the rest. The approach has made companies more nimble and more productive, and delivered huge profits for shareholders. It has also fueled inequality and helps explain why many working-class Americans are struggling even in an ostensibly healthy economy.

While it’s indisputable that Apple uses contractors for a lot of work — not just its janitors but many other jobs that are important to Apple but apparently not important enough to impart the full benefits of being an Apple employee — I think it’s worth pointing out that there are still a lot of ancillary jobs that do carry the benefits of being an Apple employee, most notably in retail.

by Jason Snell

September 1, 2017 2:09 PM PT

Giants in the playground

I had very much the same reaction to Josh Marshall’s piece about Google as John Gruber did. Sometimes companies like Google and Amazon will actively do something questionable—like try to squash unflattering press coverage. Sometimes their huge size causes a chilling effect, where people reliant on their largesse will act pre-emptively to stave off anticipated punishment for speaking out against them.

But a lot of times, it’s just how John describes it: A switch gets triggered somewhere, you get an automated email, and your ad revenue or affiliate revenue gets turned off. It could completely devastate your business, but it’s hard to know who sent the message, let alone how to reach a human being in order to try to get the issue corrected. When you’re dealing with one of the giants, even the smallest of bugs or misunderstandings can be devastating.

I’m reminded of an exchange in the 1997 film “Contact“, which I just re-watched for a membership bonus episode of the Liftoff podcast. In the scene, Jodie Foster’s astronomer Ellie Arroway argues to NASA administrator David Drumlin (Tom Skerritt) that aliens advanced enough to send messages to us wouldn’t bother attacking us.

Ellie: We pose no threat to them. It would be like us going out of our way to destroy a few microbes on an anthill in Africa.

Drumlin: Interesting analogy. And how guilty would we feel if we went and destroyed a few microbes on an anthill in Africa?

We live in a world where huge portions of the tech sector are controlled by a few enormous companies. Their technology enables many people to make a living and build businesses, but when a company is that big, even the smallest of moves can have unforeseen and potentially catastrophic impacts.

By Jason Snell

September 1, 2017 1:09 PM PT

The case for the 10.5-inch iPad Pro

Note: This story has not been updated for several years.

The 10.5-inch iPad Pro (right) next to its 9.7-inch predecessor.

I’ve made no secret of my love of the 12.9-inch iPad Pro. Most of the time I’ve spent with the new iPad Pro models has been that larger edition, which is still pretty swell, thank you very much. But I wouldn’t recommend the larger model to most people. The 10.5-inch iPad Pro, which manages to cram more screen space into a device that’s not appreciably larger than the old 9.7-inch model, is clearly the more mainstream choice.

When a device is as (relatively) light as an iPad Pro, a little bit of overall weight difference can seem humongous as a percentage. This is my way of saying that losing half a pound from a pound-and-a-half product is a big deal. That’s the reality with the iPad Pro: The larger model weighs in at 1.51 pounds (685 grams); the smaller model is 1.04 pounds (473 grams). The bigger model weighs half again as much. It makes a difference.

Personally, I’m not bothered by the weight of the 12.9-inch model, though. It’s the dimensions that make it unwieldy. Even now I still find them somewhat cumbersome to carry—at 8.68-by-12 inches (221-by-306 millimeters), that’s a pretty broad surface, and when you grab it at one end, the leverage of the weight across the device makes it feel heavy and unstable in a way the smaller model never, ever does.

The 10.5-inch iPad Pro’s surface area does make it a much better device to type on than the previous 9.7-inch model. The new Smart Keyboard is excellent, and I liked the one on the 9.7-inch model a lot. Bigger letter keys make a huge difference when it comes to typing, and the 10.5-inch model delivers. I was able to type at essentially full speed on the 10.5-inch Smart Keyboard, with the iOS app TapTyping registering me at a full 115 words per minute.

I read digital comics a lot on my iPad, and while the 10.5-inch model has about 560,000 more pixels than the old 9.7-inch iPad, it’s not the ultimate comic-book-reading iPad—that’s still the 12.9-inch model. But all the comics I tried to read on the iPad Pro 10.5 were readable without needing to zoom and pan, and a definite upgrade from the older model.

…The case against?

It’s not just the extra screen size, it’s the extra pixels. In landscape orientation, the 12.9-inch model can show two iPad apps, side by side, in their iPad (portrait mode) layouts. The 10.5-inch iPad Pro can’t quite manage it.

Every app behaves differently when put in different size configurations; for some apps, the difference between the 10.5-inch and 12.9-inch models is almost nonexistent. For others, it can make a big difference. After a year and a half using the 12.9-inch iPad Pro, the screen of the 10.5-inch model just feels… cramped. It’s better than the old 9.7-inch model, to be sure, but everything’s squashed a little bit more tightly in order to get it to fit.

Although the software keyboard on the 10.5-inch model is slightly wider than that on its 9.7-inch predecessor, I didn’t find that I could type appreciably faster. The 12.9-inch model, which is so big that it can offer a full-sized software keyboard including number row, has a huge advantage when it comes to typing with fingers on glass.

I’m also disappointed in the lack of good third-party keyboard/case support for the 10.5-inch iPad Pro model. The Logitech Create case for the 9.7-inch model was really great—but the Logitech case for the 10.5-inch model has a different design philosophy and is, by most accounts, not very good. It’s a shame.

The brilliance of the latest generation of iPad Pro is that both models are equally capable at pretty much everything. The weird feature disparity between the first-generation models is gone. These models are the same iPad, with just one difference: you can pick the bigger or smaller screen, depending on whether you’d rather have a larger screen or a lighter device in your hand.

As someone who always preferred the 11-inch MacBook Air to the 13-inch model, I find it peculiar that I’ve gravitated to the 12.9-inch iPad Pro. I suspect the reason is that, on a touch-based device like the iPad, having more space to see and touch the interface appeals to me. I think I still prefer the 12.9-inch model for that reason, but the 10.5-inch screen on the smaller iPad Pro verges on being large enough to eliminate any doubts.

I think I’ve decided to stick with the 12.9-inch model, but it’s a close thing. And I think for most people, the 10.5-inch model is the right iPad to buy. It’s easier to carry, its accompanying Smart Keyboard is much lighter, and its screen is big enough to satisfy most people. It’s the one to get.

74: September 1, 2017

The Apple Event’s just a week-plus away. Plus summer heat and summer travel, and the return of Tea Talk.

Podcast: Play in new window | Download

Subscribe: RSS

Older Posts

Search Six Colors

Six Colors® is copyright © 2026 by The Incomparable Inc.
Powered by WordPress | Hosted by Pressable