ExtraBITS for 22 July 2013
In this week’s ExtraBITS, Apple is scrambling to plug a security leak, allegedly exposed by security researcher Ibrahim Balic, and the Apple Developer Center has been offline for days. If you’re waiting for Apple to come back online, why not listen to Jeff Carlson on MacVoices, where he discusses “Take Control of Your Digital Photos”? Fellow Take Control author Kirk McElhearn argues that Apple should eliminate DRM from the iBookstore, and Apple itself is wanting more openness in sharing national security requests. The NSA isn’t the only spy you have to worry about — one could be in your local coffee shop. Finally, App.net has released a tool to make broadcasting new blog posts easy.
Attack Closes Apple Developer Center — The Apple Developer Center has been offline since Thursday, 18 July 2013, and after days of silence and much speculation, Apple finally sent email to developers on Sunday, explaining that it had detected an intruder and shut down the developer Web site. Apple says that it is completely overhauling its developer systems, updating server software, and rebuilding the entire database, so it is uncertain when the system will be available again. In the meantime, developers can’t obtain identities, certificates, or provisioning profiles, making it impossible to distribute an app for
testing or submit it to the App Store. Apple developer forums are also offline.
Researcher May Have Caused Apple Developer Center Shutdown — Turkish security researcher Ibrahim Balic says he reported a Developer Center security vulnerability hours before Apple shut down its developer Web site. The vulnerability enabled Balic to access the email addresses and real names (but not passwords) of more than 100,000 users. Balic told 9To5Mac that he promptly reported the vulnerability to Apple and plans to delete the information he collected.
Jeff Carlson Takes Control of Digital Photos on MacVoices — Our own Jeff Carlson joined Chuck Joiner of MacVoices to discuss his new book, “Take Control of Your Digital Photos.” Jeff and Chuck talk about the experiment of publishing the book as in-progress chapters for TidBITS members, and then move on to chat about choosing a photo-management program, importing photos, assigning and exporting keywords, setting up smart albums, working with online services, backing up photos, and much more.
Why the iBookstore Should Go DRM-Free — Over at Macworld, author Kirk McElhearn argues that Apple should eliminate DRM in titles sold in the iBookstore, citing Steve Jobs’s 2007 open letter, “Thoughts on Music,” as an example of how Apple could pressure publishers. The core problem is that titles purchased in the iBookstore are readable only on iOS devices and not on a Kindle, other ebook reader, Android device, Windows PC, or even a Mac until iBooks arrives with OS X 10.9 Mavericks. However, titles purchased on a Kindle can be read in the Kindle app on nearly
all of those platforms. As a result, McElhearn says he usually buys from Amazon instead of Apple, a strategy we’ve heard many other ebook aficionados adopting as well. Like all other Take Control titles, McElhearn’s most recent book, “Take Control of LaunchBar,” is DRM-free.
Apple Backs Request for Increased National Security Transparency — Apple has signed on to an open letter asking for more transparency from the U.S. government’s national security requests. Joining Apple are AOL, Dropbox, Facebook, Google, Microsoft, Tumblr, Twitter, Yahoo, Wikimedia Foundation, Y Combinator, and many other groups. Notably absent from the list are any major telecom companies, which reportedly refused to sign the letter. The signing companies want permission to publicly report statistics on government requests related to the USA PATRIOT Act, FISA, and National Security
Letter statutes. The letter is addressed to President Obama, Director of National Intelligence James Clapper, Senate Majority Leader Harry Reid, Speaker of the House John Boehner, and a variety of other prominent members of the House and Senate.
Data That Can Be Sniffed at Wi-Fi Hotspots — You may have heard that the Tumblr app inadvertently transmitted passwords in the clear on Wi-Fi networks, but what else might be at risk? Over at PCWorld, Eric Geier performed an experiment to see what he could intercept over an unsecured Wi-Fi network at a coffee shop. Using a Windows laptop with a wireless network analyzer and a rooted Android phone, he was able to see the Web pages other connected users were viewing, as well as email and unsecure logins. Geier offers a number of tips to improve
Wi-Fi security while in public, including always using SSL connections to Web sites, when available.
App.net Introduces PourOver RSS Publishing Tool — Social network and infrastructure service App.net has released a new tool called PourOver that enables you to publish RSS feeds on App.net. PourOver will be especially appreciated by bloggers who wish to send new post links to App.net automatically. The open-source syndication tool supports Pubsubhubbub for real-time publishing and flow control to space out posts.