Skip to content

Blog

Better

On the face of it, this is just another corporate “aren’t we so great” feel-good video, the kind that we have every right to look at cynically.

However, and at the significant risk of being judged a Tim Cook fanboi, I actually think something has changed under his leadership. Even if it is just that we are allowed to see more of this side of Apple now, Tim’s tenure so far seems to be bringing about a much stronger focus on values than ever before.

We have their ‘Intention’ video, Tim’s public musings at the Fuqua School of Business, and perhaps more importantly, actions like their Supplier Responsibility work and bringing the manufacturing of the new Mac Pro to the USA.

‘There are some ideas we want every company to copy’

Perhaps what is most exciting about this new, very public, focus on these issues is the idea that ethics can become a point of competition.

Not every customer is going to care about this stuff, but most people will want to feel like they’re doing the right thing. The pressure that companies like Apple can put on their competitors might be one of the most effective tools for actually making a difference to a whole industry’s behaviour.

I hope we see that.

iOS 7 and Obsolescence

iPhone 4 with iOS 7

This is my iPhone 4. I purchased it more than three years ago.

You don’t get into the technology world without, begrudgingly or otherwise, accepting that things move very fast. What is relevant today may be completely superseded in a matter of months.

A big reason why I have ended up a user of Apple’s iOS ecosystem is that, unlike some of its competitors, there seems to be a genuine focus on the relationship with the customer after you have purchased the device. I can run this old iPhone 4, using the latest operating system that was released this month.

From a security point of view, upon which I can’t resist to comment, the pace of mobile OS development is such that security fixes are not routinely backported to older OSes. You end up with the situation we have today with Android — scores of vulnerable devices out there in the wild.

Aside from some frustrations I do have — the original iPad that was released in the same year as my iPhone 4 is now stuck back on iOS 5 — Apple actually seem to think about device lifespan the least cynically of all the manufacturers. When they were developing the iPhone 4, they clearly thought about how it would run the next three operating systems yet to come.

It can’t be denied that the iPhone 4 isn’t quite as quick and responsive with iOS 7 as it was when it shipped with iOS 4. It doesn’t enable all the fancy features of the new OS. What it is, though, is in line with the performance you would expect from a device that is a little older now. It is definitely acceptable, and probably even good.

This is why I make the purchasing decisions I do. As long as you avoid first generation products(!), you can make an investment in a piece of Apple kit. It is so much more than just a product to shift off the shelf.

Valuing Corporate Values

Much is said about Google’s “don’t be evil” corporate motto. That is not what this post is about.

This is about corporate values — and a (rather smaller) company I have found myself appreciating because of their words and actions on the subject. This stuff can be easily overlooked when the market demands a rush to the lowest price, but to consumers like myself, it is possibly the most important thing.

This isn’t some murky sponsored post (although I do have an affiliate link at the bottom) — this is all genuine and from the heart.

Cloak

Cloak logo

I found out about Cloak through their co-branding with 1Password, my password manager of choice. They are a VPN service designed to give you a way to encrypt your traffic when you are connected to untrusted networks. Their service is technically brilliant, but what is more important than that is the honesty, openness and realism they have shown so far in their communications.

At first I felt a little apprehensive about their corporate values and how well they were upheld in practice. Their privacy policy was scant in detail — using claims along the lines of “we don’t store any of your data”, but with an exception of data that they’d need “to make sure you’re not sending out spam”.

Well, what does that mean?

» Read the rest of this post…

Protecting your browsing with Certificate Patrol for Firefox

I read this BBC News story about mistakenly issued security certificates recently, which allowed the people with those certificates to impersonate any Google websites and intercept traffic to them. It struck me as quite significant that this particular story made it to &#8216mainstream’ tech reporting.

There is a more detailed, and perhaps more accurate, commentary on this attack on Freedom to Tinker. It perhaps may not have been ‘cyber criminals’ as the BBC reported it when I first viewed the story!

Anyway, given the attention to this issue, I thought it a good opportunity to review this kind of attack against SSL/TLS — the security system upon which we all now depend. More importantly, I wanted to show Certificate Patrol, an add-on for Firefox that would allow you to notice a suspicious change to an certificate and thwart this kind of attack.

The weaknesses inherent in having too many organisations that are able to issue security certificates for any domain are becoming more clear. While this kind of attack is extremely rare, at the moment, ‘at the moment’ is a very poor security response! Hopefully, more awareness of these limitations of the internet’s authentication infrastructure can help put pressure on browser vendors, website owners and CAs to make everyone more secure.

iPad mini

iPad mini

Ever since its initial release, the absence of an iPad, or indeed any kind of tablet device, from my computing devices was notable. After all, this was the ‘future’ — and I was just getting left behind, right?

Truthfully, the full-size iPad always felt to me to be difficult to justify. While significantly more portable than any laptop, the size difference between it and its clamshelled cousins did not feel big enough. I’d just want to reach for the laptop, right?

It seemed that all that changed with the iPad mini. I hadn’t anticipated it at all, but ‘merely’ making the device smaller suddenly made me see where it fits for me.

So, what does it do better than any other device? Why is it now justified?

  • It is hands down, the best (type of) device for ‘casual’ browsing. Whether for checking something quickly, or browsing around at the end of the day, it makes web browsing informal and comfortable in a way that sitting in front of a desktop or laptop just does not. Being physically smaller than a laptop makes it easier to do this.
  • It is that much easier to take with you. Yet unlike a phone, which will always have limited screen size (or else not fit into a pocket), it is big enough for ‘full’ websites, richer app experiences or even in my case, full-screen SSH connections!
  • Battery life and instant-on. It makes an immeasurable difference that it can just be left on, and is always ready to use. No need for chargers, mice and various other accessories.

Something about this smaller form factor suddenly made it click for me — perhaps even just made it feel less threatening to the role of my traditional computers! I am very happy indeed with my iPad mini. I had concerns about lack of a retina/HiDPI display, but I have found that in real-world usage, it is not a deal breaker. (My personal opinion is that the physically larger the device gets, the less that HiDPI actually matters.)

Consumer computing is changing. Whether ‘traditional’ PC people like me are ready or not.

International Mac Podcast #222

International Mac Podcast logo

It turns out that I have had an unintentional hiatus from podcasting for a number of months.

I’m glad, then, to have broken that with the release of Episode #222 of the International Mac Podcast“Bezos’ Bezels”.

We talked about the state of all things Apple and iOS, speculated wildly about the future of the processors we will find in our Macs and made mention of the titular Amazon CEO’s strategy as compared to Apple.

It is always great to be invited on by Stu and the team and I thank everyone for the great show!

You can listen to the show on this page, download the MP3 file directly and also subscribe in iTunes or via RSS.

I am available for other podcast engagements; I would particularly be interested to talk about Apple, Linux, web development or computer security. Please do get in touch!

Where are the Free Developer ID Certificates, Apple?

Barbed Wire Twilight, by Orin Zebest

Before the release of Apple’s OS X Mountain Lion, when the Gatekeeper feature was first announced, Apple proudly proclaimed on the relevant page that developers distributing their apps outside of the Mac App Store would be able to get a “free Developer ID certificate”.

Unfortunately, I did not have the foresight to screenshot the page that said this, because now, even a month after the release of Mountain Lion, their generosity appears to have evaporated.

Only Mac Developer Program members are eligible to request Developer ID certificates and sign applications or installer packages using them.

The aforementioned Developer Program(me) is the standard, $99/£69 per year subscription that entitles you to full Mac App Store distribution rights. Unless I am missing something obvious, and I really wish that I am, there are no free Developer ID certificates.

This disappoints me — I cannot justify enrolment in the paid program for DfontSplitter for Mac, which doesn’t generate me significant donation revenue at all. This means I cannot sign DfontSplitter for use with Gatekeeper, which degrades the experience for Mountain Lion users of the software, and maybe even puts them off entirely.

I am definitely in favour of security measures that put the control in the hands of the user. I cannot, however, get behind a system which appears to discriminate against all developers who are not in a position to join Apple’s certification programme. I am left disappointed, and my app is left unsigned.

Photo is Barbed Wire Twilight, by Orin Zebest. Licensed under CC-BY 2.0 GB.

Disable ‘New Tab’ Page in Firefox 13

Today’s release of Firefox 13 brings with it more imposed functionality changes to the only version of the browser that we can use, because it is is the only one kept current with security updates*.

This time, it is a brand new, Google Chrome-style ’New Tab’ page. I’m sure it is great for lots of people, but personally, I prefer a blank home page and a blank page when I open a new tab.

To restore the old behaviour, and have a blank new tab, browse to about:config. Accept the warning, then search for newtab. Do not change newtabpage.enabled.

Instead, double-click browser.newtab.url and set it to about:blank.

Disable 'New Tab' Page in Firefox 13

There, that’s how I prefer it again!

* UPDATE: A slight correction — there is a version of Firefox 10.x called Firefox ESR (Extended Support Release) that is kept up-to-date, so that is also an option!

Moving to Mountain Lion and Beyond

Mountain Lion pre-release logo

In my most recent article for For Mac Eyes Only, I ponder the implications of the remarkably speedy scheduled release of Apple’s OS X Mountain Lion on the longer term viability of older Mac hardware. Mountain Lion is due to arrive just a year after the release of Lion.

We now await OS X 10.8, Mountain Lion. Scheduled to be released a mere year after Lion, we are promised even more features ‘inspired by iPad’.

Wait a second. What was that? It is due to arrive this summer. Just one year after Lion was released.

A new release of OS X hasn’t come so quickly since the operating system was very young and was still being established and stabilised.

This strikes me as quite a shift, and it brings me to an important issue — how does this affect the lifespans of the Apple products we buy?

You can read the full article over on the For Mac Eyes Only site.

How to Completely Disable Java on Mac OS X Lion

The security landscape for Mac OS X is changing. It has been for some time, but every now and then, an event comes along that highlights it.

I am thoroughly disappointed with how tardy Apple can be with releasing security updates. Java has been one of the components most visibly neglected in terms of timely patches. The recent ‘Flashback’ trojan for OS X exploited old, well-known vulnerabilities in Java that Apple had failed to promptly patch.

Java on Lion is deprecated, and is no longer installed by default. However, some upgrades from Snow Leopard bring Java along with them, and some users have manually installed Java for compatibility with certain applications.

If you do not know that you need Java installed on your system, do not install it. That is the best way to mitigate any security threat that would try to leverage a Java vulnerability to get into your system.

On Lion, however, once Java is installed, it does not seem to be possible to completely remove it.

What you can do is change the permissions on the relevant files so that it is ‘neutered’ and cannot run at all.

How to Completely Disable Java for Lion

I don᾿t recommend you disable Java on Snow Leopard. It is part of the operating system there, not an optional add-on component. I have not tried this process on Snow Leopard. Proceed to disable Java like this at your own risk (even on Lion)!

While logged in as an administrator user, open Terminal from Applications > Utilities.

Type the following commands in, pressing Enter after each one. You might be asked for your password.

sudo chmod 000 /System/Library/Java/JavaVirtualMachines/
sudo chmod 000 /Library/Java/JavaVirtualMachines

What these commands do is change the permissions mode to 000 on these Java files, meaning that no users have any permissions to even enter these folders, let alone read any files in them. This stops Java from running.

You can test that it is working, or, rather, not working, by now attempting to load Java Preferences in Applications > Utilities. You should be told that Java is not installed, and invited to install it. Click Not Now.

OS X offering to install a Java runtime

Re-enabling Java

If you suddenly find that actually you do need Java again, simply run the same commands in Terminal, but with the permissions mode 755 (the folder’s owner can read, write, and enter the directory, and everyone else can just read and enter the directory).

sudo chmod 755 System/Library/Java/JavaVirtualMachines/
sudo chmod 755 /Library/Java/JavaVirtualMachines

It should spring back into life!

Infected?

If you were unfortunate enough to be infected by Flashback (even if you did not type the Administrator password when it prompted), F-Secure has some instructions on its detection and removal. (Hat tip to @bldngnerd.)