TidBITS#958/05-Jan-09 ===================== Issue link: Happy New Year! We're in San Francisco for Macworld Expo, and much of this week's issue revolves around Apple's December announcement that Steve Jobs will not be giving this year's keynote and that Apple wouldn't participate in future Macworld Expos. If that weren't sufficiently shocking, there's also Jobs's open letter about his health problems. Nevertheless, we expect a good show, and we're struck by the fact that not one but two documentaries about the world of the Macintosh will be screened at the show. Also this week, Jeff Carlson tells how he pressed his Apple TV into service on Christmas Eve to replace a recalcitrant MacBook, Adam reviews Circus Ponies NoteBook 3.0, and Glenn gets down and dirty with problems surrounding the digital certificates that secure Web-based transactions. In the Watchlist, we look at the releases of Audio Hijack Pro 2.9, Firefox 3.0.5, Camino 1.6.6, Norton Internet Security for Mac 4.0, Snapz Pro X 2.1.3, Hazel 2.2.4, PDFpen 4.0.3, Typinator 3.3, and Lightroom 2.2. Articles Jobs Clears the Air on Health Issue MacHEADS Movie to Premiere at Macworld Expo Welcome to Macintosh Movie to Screen at Macworld Expo LogMeIn's Ignition for iPhone Provides Sleek Remote Access iPhone Remote Turns Apple TV into Music Source No Jobs Keynote at Apple's Last Macworld Expo A Mother's Letter to Apple about Macworld Expo Quicken for Mac Lacks Extended Validation Certificate Support Secure Certificate Hack Doesn't Imperil Users NoteBook 3.0 Enhances the Page Concept TidBITS Watchlist: Notable Software Updates for 05-Jan-09 ExtraBITS for 05-Jan-09 Hot Topics in TidBITS Talk for 05-Jan-09 ------------ This issue of TidBITS sponsored in part by: -------------- * READERS LIKE YOU! Support TidBITS with a contribution today! Special thanks this week to Mike Vlasman, Tony Meyer, William A. Riski, and Erik Carlson for their generous support! * Fetch Softworks: Fetch 5.3 has a new look for Leopard, and new support for Leopard technologies. And you can upload with the oldest technology of all, Copy and Paste! Download your free trial version! * WebCrossing Neighbors Creates Private Social Networks Create a complete social network with your company or group's own look. Scalable, extensible and extremely customizable. Take a guided tour today * Bare Bones Software's BBEdit 9.1 -- A burly upgrade introducing new capabilities like Projects, non-modal Find and Multi-File Search, editing in browsers, text completion, Scratchpad, new Ruby module, better JavaScript, ObjC, Obj-C++, YAML * MARK/SPACE, INC: If you have a smartphone, we can sync it! Sync your address book, calendar, notes, music, pictures, and more from your BlackBerry, Windows Mobile or Palm OS mobile phone to your Mac. * VMware Fusion. The most seamless way to run Windows on your Mac. Backed by nearly a decade of proven virtualization technology. Try VMware Fusion today for free, or order online for only $79. Visit: * Microsoft's MacBU: Supporting Mac users with Office 2008. Straighten up your Office with the latest updates to Word, Excel, PowerPoint, and Entourage. Update today at Mactopia! * ConceptDraw Office adds real business power to Microsoft Office and Apple's iWork. Whether you need project management, business graphics, or mind mapping, it's all easily created on your Mac! Buy today for only $499! * Speak up with MacSpeech Dictate! Get the all-new MacSpeech Dictate with spelling and phrase training. Speech recognition so good, about the only thing it can't do is speak for you. Learn more: ---------- Help support TidBITS by supporting our sponsors ------------ Jobs Clears the Air on Health Issue ----------------------------------- by Doug McLean article link: In a rare instance of disclosing details about his private life, Steve Jobs posted a letter on Apple's Web site discussing his recent health problems. Jobs explains in the letter that a hormone disorder has caused his weight and body mass to decline, by apparently reducing his ability to metabolize protein. While a mystery to him and his doctors for months, he wrote, he now has a plan of attack to reverse the problem, which he'll be focusing on in the months to come. While the recovery process will apparently be a gradual one, Jobs sounds confident he will return to full health, and will be able to maintain his position as Apple's CEO. The latter point is supported by another letter posted today by Apple's Board of Directors. The board offered its unwavering support during Steve's recuperation, writing, "If there ever comes a day when Steve wants to retire or for other reasons cannot continue to fulfill his duties as Apple's CEO, you will know it." This indicates the board has never been in the dark about Jobs's health status. It's good to hear that Jobs's health issues are under control, and that he is on the road to recovery. But why make such an announcement now? Jobs says he's writing so that we may all relax and enjoy the show this week, though this seems like a nice way of saying, "Quit talking about my health." He writes, "Unfortunately, my decision to have Phil deliver the Macworld keynote set off another flurry of rumors about my health, with some even publishing stories of me on my deathbed." Surely, this kind of speculation must get on his nerves, especially given the effect it appears to have on Apple's stock prices. Perhaps it makes sense to discuss one's health issues only when it's clear as to what's going on. If the cause of Jobs's weight loss had him and his doctors puzzled, it stands to reason that he wasn't going to open up the noggin-scratching session to the public. The letter's attempt at appealing to the Mac community for support, may, for some, be undercut by a gesture many perceived as demonstrating a lack of interest in community and tradition: namely, Apple's decision to not return for the 2010 Macworld Expo. This duality of appreciating and dismissing the Mac community is apparent in the letter's final sentences. Jobs writes, "I hope the Apple community will support me in my recovery and know that I will always put what is best for Apple first. So now I've said more than I wanted to say, and all that I am going to say, about this." And Jobs is justified in his grumpiness. After all, who among us would appreciate constant public speculation on our health problems? MacHEADS Movie to Premiere at Macworld Expo ------------------------------------------- by Adam C. Engst article link: I've had trouble writing about the upcoming "MacHEADS: A Fanboy Documentary," ever since the initial trailers first appeared. It's not that I think it will be a bad movie by any means, but that it's inexpressibly weird to watch a professionally produced movie trailer that features numerous familiar faces and places, and even stranger, my own face and voice. My ego doesn't mind the stroking, but I'm uncertain about how to react to seeing my real world at Macworld Expo (where I was filmed) on the big screen. Even though this is a documentary, what I consider reality and what the filmmakers choose to include in the movie could make for an odd juxtaposition. The truth of the matter will come out soon enough at Macworld Expo, where MacHEADS will premiere on Wednesday, 07-Jan-09, at 6:15 PM in Room 131 of Moscone's North Hall. The time hasn't been published anywhere that I can find, so if you're going to Macworld and want to attend, check out the conference materials when you arrive. Welcome to Macintosh Movie to Screen at Macworld Expo ----------------------------------------------------- by Doug McLean article link: The upcoming Macworld Expo will feature not just one, but two documentaries about the world of the Macintosh. "Welcome to Macintosh" will be screened for one night only during the weeklong Macworld Expo, with a handful of special guests available for some Q&A after the film. Guy Kawasaki (who needs no introduction), Jim Reekes (creator of the Macintosh start-up sound, among much else), Ron Wayne (one of the original co-founders of Apple Computer), and others will be on hand to answer questions and discuss the film. The official synopsis says the film "explores the early years of Apple, the many challenges Apple has faced, and what the future may hold for the company and its products. Ex-Apple employees, engineers, and community members offer insight on the company's innovations, failures, cultural impact, and what the future may be like beyond the reign of its co-founder Steve Jobs." If you're already considering checking out the other documentary screening at Macworld Expo, "MacHEADS: A Fanboy Documentary," (see "MacHEADS Movie to Premiere at Macworld Expo", 2008-12-21), it may be worth checking out this one too. It looks like it might make a nice counterpart - focusing less on the fandom and culture of Mac, and more on a broader view of Apple, what the company has accomplished, and how it has achieved its current position in the industry. "Welcome to Macintosh" will screen on Thursday, 08-Jan-09, from 7:00 PM to 9:30 PM, at the Sundance Kabuki Cinemas (at 1881 Post Street, at Fillmore). Seating is limited, so you may want to consider purchasing tickets ahead via BrownPaperTickets to secure a spot. Attendees will also be able to purchase the "Welcome to Macintosh" DVD, which contains over three hours of additional footage and features. For those unable to attend the Macworld Expo screening, the DVD is also available for purchase from Filmbaby.com LogMeIn's Ignition for iPhone Provides Sleek Remote Access ---------------------------------------------------------- by Glenn Fleishman article link: LogMeIn is the first service I recommend for those without MobileMe accounts who want to establish remote screen connections to computers under their control. The LogMeIn Free service, available for Mac OS X and Windows, enables a Web browser-based remote control session that's better than VNC and Leopard's built-in screen sharing. The company, also called LogMeIn, has now built their proprietary remote access technology into Ignition, an app for the iPhone and iPod touch. Ignition first connects to a LogMeIn account where you've registered computers under your control, and after that you can connect to any available computer from a list of machines. Once you connect, the remote computer's screen is shrunk to fit the iPhone or iPod touch's screen, and pinching and expanding works just like with photographs. In the default mode, you drag the screen under a fixed mouse pointer in the middle of the screen, and tap to indicate a mouse click. That behavior can be switched to perform mouse-like dragging instead. Separate controls let you bring up a keyboard or use Mac OS X's application-switching Command-Tab shortcut. At $29.99, Ignition's price might seem steep, especially compared with free alternatives. But it's worth the price. I've tried several of the other VNC-based iPhone remote access apps, including Jaadu VNC ($24.99), which was previously my best-of-breed choice. Ignition beats Jaadu VNC and others by pairing with LogMeIn's centralized registration and connection system. When you install LogMeIn on a computer, the system registers itself with LogMeIn's servers, and uses a variety of network address translation (NAT) techniques to set up remote sessions. Ignition ties into that centralize infrastructure, where Jaadu relies on a standard VNC setup, which typically requires more work. I tested Ignition's remote control capabilities over a variety of networks and was happy with the results. When visiting my parents in Port Townsend recently, I was able to demo the program to my dad with a few taps and clicks, and then pull up a piece of information I'd left on my computer back in Seattle by typing into Yojimbo. I'll make my usual plaint here: If Apple would simply add the necessary Bluetooth HID profile to allow a keyboard and mouse to pair with an iPhone or iPod touch, a program like Ignition and a few other utilities would enable many travelers to leave their laptops behind while still having full access to remote machines. iPhone Remote Turns Apple TV into Music Source ---------------------------------------------- by Jeff Carlson article link: This is a short story of using one device to route around another, misbehaving, device, and trying very hard to not let technology get in the way of what matters. In my house, we listen to music streamed to an AirPort Express connected to the stereo system in our living room. My wife's first-generation MacBook currently contains our iTunes library, and it's from that machine that we play most music. Unfortunately, upgrading the MacBook to Mac OS X 10.5.6 threw a wrench into the works. For no good reason, iTunes reported that it couldn't stream to the AirPort Express, citing error number "-3256". I didn't have the same problem on my MacBook Pro, which shared the same settings and operating system version. A quick trip to Apple's support Web site revealed "Error -3256 or -15000 when streaming to AirPort Express base stations using iTunes," explaining that Leopard's firewall was likely blocking UDP traffic. I walked through the steps provided by Apple, confirmed that the settings were correct in the Security preference pane (they didn't require a change), and closed System Preferences. Same error. I changed the Firewall setting from "Set access for specific services and applications" to "Allow all incoming connections." The error continued to appear. (See the update at the bottom of the article for a possible solution suggested by a TidBITS reader.) Plenty of other troubleshooting steps stretched out in front of me: sign in as another user, reboot the AirPort Express and the AirPort Extreme to which it's connected, or hurl invective at an old Dell laptop as a form of technology sacrifice. But it was also early evening on Christmas Eve, and after working for most of the day I wanted to spend time with my family and listen to holiday music, not bury my head in a computer. Abandoning the AirPort Express for the time being, I turned to another device that could stream audio: my Apple TV. I still haven't purchased a high-definition television, so the Apple TV was connected to an LCD display upstairs in my office (see "DRM Foils iTunes Movie Rentals for Some Apple TV Owners," 2008-02-20). I brought it downstairs, connected audio cables between it and our stereo receiver, and powered it up. It was already set to connect to my wireless network, so within a few minutes it was ready to go. (I did haul my LCD display down in case I needed to use the Apple TV's remote to configure the network connection, but I ended up not needing it.) The Apple TV can act as a source for remote speakers, just like the AirPort Express, but the MacBook still registered the same error when trying to stream music from iTunes to the Apple TV. However, it had no trouble syncing the music library between the two machines, which meant that our holiday playlists were already present on the Apple TV's hard disk. (A couple of readers have pointed out that I didn't even need to relocate the Apple TV. The latest software update added the capability to stream music from the Apple TV to the AirPort Express. However, at the time I didn't know if the AirPort Express was part of the problem, and I was trying to come up with the most direct, least time-sucking solution.) To control the Apple TV without a display attached, I launched Apple's Remote application on my iPhone. It was already set up to control the Apple TV, so I was able to start playing music with just a few taps. Sure, I feel a little guilty that my Apple TV is currently relegated to music-only status, but I also see this move as part of its slow but eventual march to the living room anyway. When I do finally buy an HDTV, the Apple TV will already be in position and connected to the stereo. Our music is back, and I didn't spend Christmas troubleshooting. [Update: TidBITS reader Will Mayall suggested I turn off IPv6 networking to solve the problem on the MacBook, and it seems to have done the trick. In the Network preference pane, click the Advanced button, then click the TCP/IP tab. In the Configure IPv6 pop-up menu, choose Off.] No Jobs Keynote at Apple's Last Macworld Expo --------------------------------------------- by Glenn Fleishman , Adam C. Engst article link: Apple delivered a one-two punch via press release on 16-Dec-08, announcing that CEO Steve Jobs will not deliver the keynote address at the Macworld Conference & Expo - a presentation slot he's used for many years - and that Apple will no longer exhibit at the trade show after this year. Macworld Expo brings together tens of thousands of members of the Mac community, including consumers, IT staff, graphic designers, and, of course, journalists. We at TidBITS have a long history with the show. Adam has attended every Macworld Expo in San Francisco since 1992, and, with only one exception, all of the east coast Macworld Expos since 1989. The shows are an important aspect of our business, largely because we all work from home, spread out across the globe. The face time we get at Macworld with each other, along with other industry colleagues, company reps, and developers has been a key element in how we make and maintain relationships, generate content, and do business. We all wonder what's to come. **Schiller Replaces Jobs for Keynote** -- The most visible change this year is that instead of Steve Jobs delivering the Tuesday, January 6th keynote, we'll hear Senior Vice President of Worldwide Product Marketing Phil Schiller speak. We've met Schiller on several occasions, and he's an easy-going guy whose title and manner belies his importance to Apple and his reach throughout the company. Schiller occupies a position akin to Jonathan Ive, Apple's senior vice president of industrial design, in terms of his purview and significance. Schiller is known for acting as the comic foil to Jobs in on-stage presentations, appearing in the audience to take a phone call or engage in a multi-person iChat AV session. Apple and Macworld Expo typically announce Jobs's participation as the keynote speaker several weeks before the event, in what's been considered a pro forma decision made long ago. (We don't know if that's true, but it's how it's always appeared.) We wondered where that press release had gotten to a few weeks ago. Since Steve Jobs's gaunt appearance at the 2008 Worldwide Developers Conference, reporters, bloggers, and Mac users of every stripe have been speculating about whether Jobs was suffering from an undisclosed health problem, a recurrence of the pancreatic cancer that he suffered from in 2003 and 2004, or even a non-life-threatening consequence of that surgery. This move by Apple doesn't necessarily mean anything about Jobs's health, but it certainly doesn't contribute to future confidence about his role in the company. Without a public succession plan, and with investors and analysts focused on Jobs's inimitable nature in product development and marketing strategies, expect to see a lot of coverage explaining how Apple's future is dim. **No Future Exhibitions by Apple** -- The second part of the news is potentially more devastating to the Mac community, as Apple said the company won't participate as an exhibitor in Macworld Expos after this January 2009 event. The company has been a cornerstone of Macworld in San Francisco since its inception, and occupies an enormous space in the middle of the main hall. In 2002, Apple decided to stop exhibiting at the mid-year Macworld Expo, which had taken place for many years in Boston, then moved to New York in 1998 (see "Apple, IDG World Expo Play Hardball Over Macworld Expo," 2002-10-21). Apple did show up at the 2003 Macworld Expo in New York, albeit in a limited fashion, but did not follow when Macworld Expo moved back to Boston in 2004. Without Apple, attendance at Macworld Boston plummeted in 2004 and 2005 (see "Macworld Boston 2005: An Intimate Affair," 2005-07-18), and the show was cancelled shortly after (see "Macworld Boston Cancelled," 2005-09-19). The January expo has always been in San Francisco, and has been one of the must-attend events on every Mac journalist's schedule. Increasingly, mainstream journalists have been forced to attend as well, as Apple has come to dominate the digital music industry and play a large role in the mobile phone world. Over the last few weeks, two regular large exhibitors - Adobe Systems and Belkin - announced their plans to pull out of exhibiting, quite late in the game. Paul Kent, General Manager for Macworld Conference & Expo, emphasized that there were still hundreds of vendors, and more in pure numbers than in 2008. At last year's Macworld Expo, the show was spread between the large South Hall of Moscone Center and the new West Hall, and while there were unused spaces used for lounges and other purposes, it was clearly a vibrant event, made even better by the variety of companies present (see "Mac Industry Marching to a Different Beat," 2008-01-21). **Why, Apple, Why?** Why Apple would cut its appearance at Macworld Expo is clear: Like every other firm in the world, it's reacting to a likely current and certainly future drop in revenue as consumer and business spending drops through the floor. If Apple were trying to shed a few hundred million dollars in expenses, perhaps partly for the bottom line (despite the billions in cash they have hoarded), and partly to demonstrate their financial discipline, it's easy to see them starting with the millions they spend in hard costs and lost productivity on Macworld Expo. One might think that the marketing benefit of getting millions of column inches and thousands of hours of airtime worldwide would offset those costs, but Apple has shown that it can market well without trade shows providing the venue for announcements. Apple noted in the press release that the company has backed off from involvement in other shows in recent years, and the firm regularly hosts its own events at its headquarters in Cupertino, or at other Bay Area venues. Apple said a few years ago that they'd stop making regular announcements of products and would switch to talking about hardware and software when it was ready. Macworld Expo, Apple Expo Paris, and the Worldwide Developers Conference were the remaining pins on the calendar at which buyers and the press generally expected something, and were disappointed if no significant news was forthcoming. (After this story was first written, Apple Expo Paris was confirmed as canceled, Macworld reports. Apple didn't participate in the 2008 show and had no commitment for future shows.) **Focus on the Present** -- For the time being, the only real change for the upcoming show is Phil Schiller standing in for Steve Jobs at the keynote on 06-Jan-09. Whether that means Apple won't have significant announcements is another question - the last time Steve Jobs backed out of a keynote, Greg "Joz" Joswiak, then Apple's vice president of hardware product marketing, wasn't given much to announce (see "Macworld Expo New York 2003 Superlatives, 2003-07-21). And despite the defections of Adobe and Belkin, Paul Kent was upbeat, saying, "We're on track for a terrific show this year, with strong attendance numbers and nearly 500 exhibitors showcasing their products for another strong event. Macworld Conference & Expo has thrived for 25 years due to the strong support of tens of thousands of members of the Mac community worldwide who use Macworld as a way to find great products, partake in professional development training, and cultivate their personal and professional networks." **Whither or Wither Macworld Expo?** Without Apple as an anchor, can Macworld Expo survive? It's a hard question. The Boston show collapsed partly because with two Macworld Expos each year, professionals involved in design, IT, animation, film, television, and other industries had already focused on the west coast event. (Many working in these fields are centered in San Francisco and Los Angeles, although New York has a strong design and video presence.) Plus, IDG tried to put on a traditional Macworld Expo without Apple, which was a big mistake. But Macworld Expo has a lot of value to attendees beyond Apple's presence, although it certainly has a higher profile in the average Mac user's mind because of the worldwide press coverage of every utterance made by Steve Jobs. After all, it's Macworld _Conference_ & Expo, and there are dozens of sessions happening at the same time as the more high-profile trade show floor. Large numbers of Macintosh professionals rely on the training at Macworld to extend their knowledge or learn new skills. And while many users pay the admission fee for the exhibition floor to fondle whatever Apple just announced, the mere fact that it's easy for most people to do that at an Apple Store shows that in-person talks and demonstrations with other Mac companies are likely more important. Even we journalists, who can often get free review units and not-for-resale copies of software, appreciate being able to compare multiple camera models or laptop bags, for instance. Exhibitors and other companies also have off-floor rooms (either at Moscone Center or in nearby hotels) where they meet with journalists and bring favored corporate and academic clients for one-on-one briefings. Plus, though it's difficult to quantify, professional networking is a key aspect of Macworld Expo. We chose to send only Jeff Carlson to Macworld Boston in 1997, and Adam has long considered that a mistake because he missed out on the necessary face time that lubricates business in the real world. Apple didn't say that they wouldn't be part of future Macworld Expos - just that they wouldn't exhibit. Apple's campus is a short distance away, and as long as Macworld Expo persists, the company may have something to offer, even without the expense of a booth. So don't count Macworld Expo out just yet. Paul Kent told us, "We're committed to continuing to serve [the interests of the Mac community] at Moscone Center on January 4th through 8th, 2010. Future events will continue to provide quality education, dynamic product viewing, and will additionally focus on the amazing ways people are putting Apple products to work across all endeavors from desktops to iPhones, from games to music. We look forward to many successful years of Macworld to come." There it is - Macworld Expo will ride again in January 2010, and IDG is - at least at this point in time - planning to keep the show going beyond that. We applaud their tenacity and wish them the best of luck, since we would all miss Macworld Expo. The Mac community is about connecting with one another, and Macworld Expo remains the preeminent place to reapply the glue that binds us. A Mother's Letter to Apple about Macworld Expo ---------------------------------------------- by Tonya Engst article link: Dear Apple, Just because you're old enough to issue a press release doesn't mean you're too old to listen to some common sense from your mother. What's this I hear about how you don't plan to come to Macworld Expo in 2010? I've been reading about it in the tech tabloids, and I'm shocked, just shocked, to hear that you've let the suits take over - you were so Bohemian as a child, so free-spirited. Don't get me wrong, I think it's marvelous that every Apple employee can afford a pony, and I'm very proud of your Macs and iPods and that new iPhone thing, but you need to act your age. You are old enough to realize that the world does not revolve around you. Macworld Expo is our family's annual reunion. You don't go to reunions because they are convenient, or because they are cheap. You go to reunions because you are a member of the family, and that's what families do. Yes, Uncle Shawn will be loud and bring a few women wearing latex catsuits. And yes, Cousin Paul will make that guy who runs you - what's his name? Mobs? I think I saw him on "The Simpsons" - anyway, Cousin Paul will make him stand up in front of everyone and talk about what you've been up to this past year. I'm sorry if he doesn't have much to say this time or he's not feeling well, but that's just how it is with family. Oh, and could you tell him that it's okay to wear a brighter shirt? Some of us in the back can't see all that well, and frankly, with times being as they are, more cheerful attire wouldn't go amiss. But the most important thing that you need to realize is that Macworld Expo is not all about you. You don't have to impress us with amazing products and revolutionary technologies each year. Sure, we want you to grow and prosper, but we also love you just the way you are. A family reunion is about the entire family, and there's no shame in changing your talk to make it about everyone. You've been so busy telling us about your newest products and all the money you've made that I think you've forgotten to share all the wonderful things that other people are doing with your computers. Is NASA using them? Are Macs going into space anytime soon? How are they being used to make the world a better place? Your grandmother wants to know if any Nobel prize winners are using them, and if they are being used in cancer research. Now, about how some people think that Apple Stores are like mini family reunions. Your Apple Stores are certainly showplaces. I'd like to see you use more wood and less steel, and that glass staircase in the New York City Soho store is just an accident waiting to happen. But Apple Stores are hardly places where you can sit down and catch up with the Australian cousins. They're your stores, and you can do what you want with them. But once a year, would it kill you to come to the reunion, where everyone can get together at the same time? Frankly, you are acting every ounce a spoiled child and you're hurting people's feelings. Who do you think made your iPod a success? And your iPhone? Was it strangers? No. It was your Mac family. We were the ones who moved all the iPods into more prominent locations on the shelves in Target. We were the ones who got all our friends hooked on listening to podcasts. And, we were the ones who stuck with you through thick and thin, sometimes even jeopardizing our own careers, while you were mired in indecision and doubt in the late 1990s. Functional families have reunions and everyone comes if they possibly can. Your deciding not to come isn't okay, and you should reconsider. Aunt Lesa is in tears, Cousin Andy thinks that if you're not coming maybe he won't come either, and some of the more distant relatives are so fed up with your acting like a drama queen that they seem unlikely to support you the next time you hit hard times. I'm your mother, so I'll always love you, and I hope you know that if you change your mind on coming to our Macworld Expo family reunion, there will always be a place at the table for you. Love, Mom PS: When are you going to come out with an address book that I can share sensibly with your father? PPS: In case you didn't write it down, the dates for the 2010 Macworld Expo are January 4th through 8th. There's nothing wrong with making nice with Cousin Paul between then and now, and I'm sure you can still get a decent hotel room for not too much. PPPS: You know I only wrote this letter because I love you. Call me soon. Quicken for Mac Lacks Extended Validation Certificate Support ------------------------------------------------------------- by Glenn Fleishman article link: Last week, in the middle of the first wave of snow that hit Seattle, I tried to download banking transactions from my credit union, BECU (once dedicated to Boeing employees), using Quicken 2006 for Mac and received an odd error. I assumed something had broken, staff was away, and gave up. But the problem persisted, and I sent email to the bank to find out why. The answer was surprising, and it apparently took BECU some research, too. Quicken 2007 for Mac (the current release) and earlier versions lack support for a newer, ostensibly more rigorous method of ensuring that a secured Web site is really the site it claims to be. There's a thread at the Quicken Community site about this BECU issue (scroll to the bottom for current messages). **Digital Certificates** -- Here's the deal. BECU, like all financial institutions, uses SSL/TLS to protect connections between a Web browser or Quicken and its Web site. SSL/TLS connections use digital certificates designed to enable the exchange of a unique session encryption key that can't be snooped upon. A Web site obtains a certificate from a certificate authority (CA), such as VeriSign, and that authority uses a cryptographic process to sign the certificate. The CA's signature can be checked against signatures that are preloaded into operating systems and browsers to help users confirm they are really connected to the proper site. Thus, when your browser requests the first page from a secure Web site, it first receives the site's certificate and validates it by checking that the signature of the CA is valid. If so, the encrypted connection proceeds; if it fails, you're warned. (For more intimate details, read Chris Pepper's "Securing Communications with SSL/TLS: A High-Level Overview," 2007-06-25.) BECU started using an Extended Validation (EV) certificate from VeriSign right when I started having problems. EV certificates are intended to solve a problem of identity and trust. When a CA issues a normal certificate, they perform very little validation that the person asking for the certificate is the correct entity. That can allow criminals to obtain certificates that fraudulently associate a company name with another domain. If users check that certificate, they see the expected company name even if the domain is unfamiliar. (Click or double click the lock icon in most Web browsers to display the certificate data, which shows the registrant's name and a few other pieces of non-technical data.) EV certificates require that the issuing CA perform much more extensive confirmation of the requesting person and organization, checking the ownership of the domain name for which the certificate is requested, and other factors. (Even with EV validation, SSL/TLS isn't a perfect way to ensure security. Dan Kaminsky's discovery of a flaw in DNS that made it possible for an attacker to provide an alternate IP address for a given domain name lookup - like www.tidbits.com - also showed how vulnerable SSL/TLS certificates were when DNS was vulnerable. See "Apple Fails to Patch Critical Exploited DNS Flaw," 2008-07-24.) A regular SSL/TLS certificate can cost $30 to $500; an EV certificate adds a few hundred dollars on top of that. It makes perfect sense that banks would opt for EV certificates to avoid any potential of misdirection or fraud. In a Web browser, a site that uses an EV certificate typically shows extra information in the location bar, often the name of the company in white on a green background. Firefox 3, Safari 3.2, Opera 9.5, Internet Explorer 7, and Google Chrome are among the browsers that support EV. (For more information on EV certificates and Web browsers, see Rich Mogull's "Are Safari's New Anti-Phishing Features Useful?," 2008-11-18.) **Quicken's Problem** -- Quicken 2007 for Mac and earlier versions apparently lack the necessary smarts to handle an EV certificate correctly. This is confusing, because EV is an extension to SSL/TLS - it adds an extra field, but isn't fundamentally different from regular SSL/TLS. Older browsers work just fine with EV certificates, even when they can't interpret the extra information. This likely means that Intuit has a bug in Quicken's SSL/TLS processing system that's triggered by an EV certificate's extra data. BECU's statement (sent in email as part of their customer service response to me) reads, "We have contacted Intuit and are actively working on a solution to accommodate our Quicken for Mac users. I apologize, but at this time we do not have an ETA on when this function will be available for you again." A Quicken spokesperson that I contacted explained that they are aware of the problem, and have a fix in the works. They're already working with BECU - as the credit union said - to test the patched version. But, the spokesperson noted, few banks are using EV certificates yet for this purpose, and other banks' plans are far enough off that a patched version will be available before they switch. Intuit said that the fix is in testing, and will be released "as soon as possible, within the next couple of months." I can see how the company doesn't want to over-promise, but I hope it's sooner rather than later. A "couple of months" is a long time to be without online banking. While the problem affects all recent versions of Quicken for Mac, Intuit is committing only to a fix for Quicken 2007, although the spokesperson said the company would like to cover multiple previous releases, too. In a follow-up email from BECU customer support, I was told, however, that Intuit had told BECU that they would not be updating Quicken for Mac, and that a new package called Quicken Financial Life for Mac would be its replacement, and include EV support. This new package is due in mid-2009; it's in beta testing now. I expect that the response I got from Intuit is more accurate, but that BECU was also told that newer software would be on the way. BECU also said that they're moving from the OFX (Open Financial Exchange) format, which is over a decade old, to QFX (Quicken Financial Exchange) format that's derived from OFX but using Quicken-specific extensions. QFX can be imported directly by older versions of Quicken for Mac. Secure Certificate Hack Doesn't Imperil Users --------------------------------------------- by Glenn Fleishman article link: A team of researchers has managed to do what was hoped to be impossible: forge a digital certificate used by Web browsers to validate the identity and integrity of a secure SSL/TLS connection with a Web site that looks entirely legitimate. Time to panic? Not quite. (Read TidBITS Security Editor Rich Mogull's more technical explanation on his Securosis blog for the full details.) A forged certificate is a dangerous thing because it tells a party that's looking for trust - anyone from the average Internet user (if such a thing exists) all the way up to security guru Bruce Schneier - that the site in question should be believed to be what it says it is. If a certificate is invalid or has odd parameters, a browser warns you; a forged certificate created using this new discovery doesn't set off any browser alarms because it's identical to an actual legitimate certificate. Combined with another attack, such as a virus that falsified DNS entries, or a DNS poisoning attack on a network with many users, such as an ISP or academic network, a forged certificate could be used for great mischief in harvesting user accounts and password data. SSL/TLS is used by other Internet services, such as secured email and FTPS (FTP over SSL/TLS). For instance, plain POP for email retrieval doesn't encrypt the password, which is why most ISPs started offering a secure flavor in which the entire POP transaction - including the password sent in the clear - is wrapped inside an SSL/TLS tunnel. An attacker who managed to use a forged certificate to spoof a secure email host and redirect traffic to that fake host could access numerous email passwords sent via POP. The same is true for FTPS and a number of other protocols in which SSL/TLS is the wrapper. Digital certificates are a fundamental part of SSL/TLS. For secure connections, those with a URL that begins https instead of http, a browser requests the public part of the certificate from a Web server, and validates that certificate by examining a cryptographic signature from a third party, known as a certificate authority (CA). As I noted recently in "Quicken for Mac Lacks Extended Validation Certificate Support" (2008-12-23), CAs provide the glue that binds trust between a browser and server. Browsers (and operating systems) are preloaded with certificates from major CAs. When a browser tries to validate a server's certificate, it uses the preloaded data it has to confirm the signature. (You can read much more about SSL/TLS in Chris Pepper's "Securing Communications with SSL/TLS: A High-Level Overview," 2007-06-25.) The research team, including independent and academic researchers from the United States, the Netherlands, and Switzerland, discovered that the use of a weak encryption algorithm by just a few CAs, coupled with flaws in how the CAs issued certificates, enabled them to create a valid forged entry. In this case, RapidSSL, a division of VeriSign, was targeted as researchers found in a representative sample that RapidSSL had signed 97 percent of the weakest form of SSL/TLS server certificates. RapidSSL uses an outdated signature algorithm, known as MD5, and appears to be the highest-volume CA using it. The researchers used two weaknesses in the RapidSSL issuing process: sequential serial numbers, in which they could predict a range of numbers by buying a certificate during a slow period over a weekend, and a guessable date stamp. They combined that with techniques known to be able to spoof MD5 signatures that look correct to produce a valid, forged certificate. (Amusingly, the researchers employed 200 Sony PlayStation 3 gaming systems in parallel to generate the forged certificate - the PS3 has a powerful multi-core processor!) The researchers revealed that a single CA with a weakness can endanger all browsers and operating systems that trust that CA. The current system of built-in signatures for CAs in browsers and operating systems doesn't require additional checks beyond the included data to validate a CA or test its mettle. Fortunately, nearly all other CAs use SHA-1, a newer and stronger signature algorithm (or _hashing_ method), that itself has been theoretically broken, but is still considered secure for practical purposes. SHA-2 is already available, and a competition to design SHA-3 is under way. (Unfortunately, despite years of warnings, MD5 is still widely used for integrity checking in many pieces of software and for some software distribution.) Because RapidSSL is one of the only CAs to use MD5, and because the company is now aware of the problem, it's unlikely this particular crack can be replicated. VeriSign, RapidSSL's owner, told the Washington Post that they had been gradually phasing out MD5 for all their certificate systems, and said that it planned that MD5 wouldn't be used by any CA it operates after January 2009. Later in the day, VeriSign's Tim Callan, who writes about security, posted a blog entry stating that RapidSSL no longer uses MD5 signatures and that they confirmed that the few remaining parts of their operation that use MD5 for SSL/TLS certificates don't have the flaws that RapidSSL did. The researchers didn't provide enough detail for the attack to be replicated, and CAs will likely be immediately checking their security procedures. The researchers estimated it might take a month of diligent work by people highly familiar with MD5 weaknesses to replicate what they did. VeriSign wasn't notified in advance of this paper, but the researchers did provide details to Web browser development teams under non-disclosure. The researchers claimed to be concerned that VeriSign could have slapped a gag order on the paper and prevented its release. VeriSign's Callan said that the company works closely with ethical hackers, and would have no trouble with coordinating a response. Mozilla and Microsoft separately issued security advisories: Mozilla is "working with affected certificate authorities to ensure that their issuing processes are updated to prevent this threat," while Microsoft is "actively monitoring the situation and has worked with affected Certificate Authorities to keep customers informed." I think it's easy to read between the lines there: the two organizations are saying "shape up or ship out." Mozilla, Microsoft (in Windows and in Internet Explorer), Apple (in Mac OS X and Safari), Opera, and Google (via its new Chrome browser) could simply ship updates that disable CA support for any authority that's not being sufficiently responsible. The Extended Validation certificates that I wrote about in the Quicken article referenced earlier must be signed with SHA-1, and thus a "green bar" showing EV status can't be forged using this technique. Switching from MD5 to SHA-1 is likely a trivial matter on the programming side for any CA. More important, there's a whole chain of security testing that a CA must perform to make sure they're using SHA-1 in the correct manner. I expect this particular problem will disappear as a potential threat quickly. In the long term, a reform of what "trust" means has to happen. The amount of implicit trust among many moving parts was revealed in this exploit. We know the answer to "Quis custodiet ipsos custodes?" (Who watches the watchers?): the certificate authorities. However, this research makes it clear that we may need yet another level of custodianship in the web of trust: a way to validate that the watchers' watchers are themselves being watched. NoteBook 3.0 Enhances the Page Concept -------------------------------------- by Adam C. Engst article link: I've always been impressed by people who can sit in a talk or a class and, while taking notes, extract the _meaning_ of what's being said, rather than just the words. Their notes may not record many of the words that pass by, but often use shapes, quick diagrams, and lines to illustrate concepts. I expect that when Jayson Adams of Circus Ponies started to design NoteBook 3.0, he had these talented notetakers in mind. I've long been fond of NoteBook, and I use it regularly, but mostly to maintain process lists, which are long outlines of how I perform certain complex tasks related to TidBITS or Take Control. When I'm releasing an ebook or running royalties, I always check my process lists to make sure I haven't forgotten anything. But these lists, critical though they are, are really just normal outlines, because that's largely what NoteBook 2.1 could do. **New Pages and Objects** -- With NoteBook 3.0, however, Circus Ponies has completely rethought the concept of NoteBook's virtual page, such that outline-based Note pages have now been joined by Writing pages, on which you can enter free-form text like any normal word processor. NoteBook 3.0 also offers a special To Do page that's actually a Note page set up for a task list, and a special Cornell Note Taking page that's really a Writing page split into three sections (notes on the right, review questions on the left, and a summary at the bottom). Ironically, despite having graduated from Cornell more than 30 years after it was invented, this is the first I've heard of the Cornell Note Taking System. Whether you're on an outline-based Note page or a free-form Writing page, NoteBook 3.0 continues to extend the concept of what can appear on a page beyond what was possible in 2.1. You can now add a wide variety of shapes and a collection of lines via controls in the toolbar. The controls take a little getting used to, since they're both menus that appear if you click-and-hold (you cannot just click and let up, as works with normal menus) and, once you've chosen the desired shape or line, a "well" from which you can drag an object to the actual page. If you don't want the toolbar showing, a Shapes menu offers another way of inserting shapes on the page. Once a shape or line appears, you can modify it by dragging its handles or working the inspector to change its color, fill, rotation, shadow, arrows, and so on. You can also add text note objects merely by double-clicking the page and typing; these too can be modified and positioned anywhere on the page. More interesting for some will be NoteBook 3.0's new Ink toolbar item, which you must add from View > Customize Toolbar. You can click and hold the Ink icon to display a menu, or you can just click it to switch among Mouse, Sketch, and Write modes. Mouse mode is normal behavior, and lets you move all the objects around. In Sketch mode, however, you can click and drag to do freehand drawing on the page; each time you let up on the mouse button, you create another object. In Write mode, which is available only if you have a tablet with a stylus, NoteBook uses Apple's Inkwell technology to do handwriting recognition on what you've drawn. I wasn't able to test this, not having a tablet, but I could see the combination of NoteBook 3.0's new features and a tablet being a significant boon when taking notes in classes where diagrams are commonplace. **Layers and Stickies** -- These objects float on a layer above the actual page, so you can move them around without affecting the text or outline underneath, but they stick with the underlying text if the page is a long one and you scroll down. I note that because you can also add sticky notes that look like the classic Post-it Notes and flags that mimic those sticky tabs that accountants put on tax returns to show you where to sign. Sticky notes and flags live on yet another layer which is not attached to the underlying text, so if you slap one of those on a page, it shows no matter how you scroll. That said, if you start dragging a sticky flag and then press the Option key, you can attach it to a particular cell in an outline, after which clicking the flag highlights the cell and the flag scrolls with the page. In fact, if a sticky note or flag bleeds off the page, the off-page bit shows even if you navigate to another page in your notebook, and clicking the visible bit returns you to the sticky's page. This is, of course, exactly how sticky notes and flags work in real notebooks, and it's useful to have that functionality in virtual notebooks as well. If they prove too cluttering while you work, you can use the View > Stickies and Flags command to hide or show all the stickies. Sticky notes and flags can contain text and even ink drawings, although I found that NoteBook sometimes got confused when I added ink to a sticky and wouldn't let me edit sticky notes or flags until I quit and relaunched. It's worth noting that sticky notes and flags also act somewhat differently than shapes, lines, and text notes. Those three act like objects in a drawing program, so to delete them, you select them and press the Delete key. Sticky notes and flags, on the other hand, can be dragged around but not selected for deletion. Instead, to get rid of one, you drag it off the page entirely, at which point it disappears in a satisfying poof. If you can't drag a sticky note or flag, you're probably editing it, and you must click elsewhere on the page to stop editing before you can drag. **Improved Outlining** -- I don't want to imply that NoteBook 3.0 has deprecated outlining, since nothing could be further from the truth. It was already a good outliner, and now it's better. For instance, you can set cell numbering on a per-cell basis, with numbers applying to that cell's descendants as well, and you can also set the cell spacing of different levels in an outline. There's also a new option in the preferences to use the left and right arrow keys to initiate cell editing rather than to turn pages. You can now drag cells to move or copy them between pages, sections, and even different NoteBook files. And, in something I've been wanting for ages, you can now press Shift-Return to create a new cell above the current one, rather than below. **Other Enhancements** -- It's worth reading through the What's New in 3.0 section of NoteBook's extensive online help, since it lists numerous additional changes and improvements, many of which are rather subtle. Some of the more interesting changes include: * Pages can now be opened in separate windows, making it possible to see multiple pages simultaneously, just as if you'd ripped a page out of a normal notebook. Luckily, closing the page inserts it, with all changes preserved. * A new Page > Prevent Editing menu item lets you lock a page to prevent inadvertent changes. Note that this doesn't prevent stickies on that page from being edited or deleted. * Encrypted pages now ask for their passwords only when you navigate to them. * You can force NoteBook to rebuild its index by holding Command-Option at launch. The first time you open a NoteBook 2.1 file in NoteBook 3.0, an index rebuild happens automatically, since the new index format is also much more compact. * Clipping information from other applications to NoteBook now works to Divider pages (which are collections of other pages). Clips made to Divider pages create a new page for each clip. * Files can now be moved (copied and then deleted) into your notebook with a Command-drag, but do this only from the Finder, since other programs could become confused about the location of the deleted original. You can also use Quick Look in Leopard to glance at the contents of an attached file. * NoteBook can now be set to hide cells that have checked checkboxes, making it better for to-do lists. * Command-clicking links now opens them in a Web browser in the background. * You can take pictures using a built-in iSight camera and insert them directly into the current page. At this point in time, there are many programs that are roughly similar to NoteBook in providing features for note taking, snippet management, outlining, task lists, and file holding. It would be impossible to compare NoteBook with all of them, but from what I've seen on cursory looks through the feature lists of other programs, NoteBook 3.0 does a good job at providing a wide range of features, though with a focus on note taking and information collection. If you're in need of a place to take notes, store information, and more, give NoteBook 3.0 a look. **Details** -- Circus Ponies makes a 30-day free trial version available as a 14.8 MB download. New copies of NoteBook 3.0 cost $49.95, $29.95 for academic users, or $99.95 for a 3-user family pack. Upgrades are free for anyone who purchased NoteBook 2.1 from Circus Ponies in 2008; use the license key retrieval page to get a new license key. For those who purchased a copy before 2008, or received it as part of a promotional bundle like MacHeist, upgrades cost $29.95. TidBITS Watchlist: Notable Software Updates for 05-Jan-09 --------------------------------------------------------- by Doug McLean article link: Audio Hijack Pro 2.9 from Rogue Amoeba offers a redesigned interface with mostly familiar elements reorganized and given a nice shine. The Recording Bin allows post-recording edits to the ID3 metadata tags; previously, you had to import into iTunes or use other software to fix errors or make changes. The new release puts Hijack, Mute, Record, and Split buttons alongside a global LCD-like status display. Updates to Soundflower and other support programs are included, as well as support for embedding artwork. Version 2.9 also removes the potential for crashes with the previous release under Mac OS X 10.5.6. ($32 to register, free update, 7.2 MB) Firefox 3.0.5 from Mozilla is a relatively minor update to the popular Web browser with changes focusing on various security and stability issues. Notable among these are fixes to the accessibility implementation and a bug that causes crashes when installing multiple signed XPIs simultaneously. Other enhancements include support for the Bengali, Esperanto, Galician, Hindi, and Latvian languages. Users can now also send in OS-specific notes via the crash reporter. (Free update, 17.2 MB) Camino 1.6.6 from The Camino Project is a maintenance update to the Mac-focused, Gecko-based Web browser. The latest version includes an upgrade to version 1.8.1.19 of the Mozilla Gecko rendering engine, an upgraded version of the code that blocks Flash animations, and enhanced ad blocking. Other changes include a slew of additional languages. (Free, 15.3 MB for English-only or 18.7 MB for multilingual) Norton Internet Security for Mac 4.0 from Symantec is a major update (the first since 2003) to the suite of Internet security software. This new version includes protection from viruses, phishing schemes, identity theft, and Internet worms, as well as two-way firewall capabilities, file protection, and browser protection. The software automatically detects and removes spyware, viruses, Trojan horses, malware, and Internet worms. It's compatible with Mac OS X 10.4 and 10.5, and runs natively on Intel- and PowerPC-based Macs. ($79.99) Snapz Pro X 2.1.3 from Ambrosia Software is the latest version of the popular still image and video screen capture utility. The update fixes a variety of bugs that could generate absurdly long movies or deliver a -2014 error, cause files saved to the Desktop to disappear, create problems when saving with the Animation codec, cause crashes when saving a movie without a video track, and prevent images without borders from appearing in Preview. Additionally, Ambrosia Audio Support 2.3.9 significantly reduces CPU usage. ($69, free update, 14.1 MB) Hazel 2.2.4 from Noodlesoft is the latest version of the file-cleanup utility. The new version fixes a bug that caused the attribute picker to display partial results when dismissed and relaunched, a shell script duplication bug, and a crashing bug related to editing AppleScripts in the rule interface. Other changes fix memory leaks, prevent sporadic crashes when logging a failed unarchive operation, stop temporary files from filling the Trash after unarchiving operations fail, improve performance when the metadata field does not exist, and provide interface tweaks. ($21.95, free update, 1.9 MB) PDFpen 4.0.3 from SmileOnMyMac is a minor stability update to the PDF editing utility. The new version adds unspecified stability enhancements and unnamed bug fixes. All changes have also been made to PDFpenPro. ($49.95/$99.95 PDFpen/PDFpenPro, free update, 11.3 MB) Typinator 3.3.1 from Ergonis Software is the latest version of the popular auto-typing and auto-correcting utility. The update adds predefined sets with subscripts, subscript characters, and separate auto-correct dictionaries for U.S. and British English. The update also enables users to define set-specific options including defining separate expansion sounds, specifying common characters for abbreviations, and adding notes per set. Finally, Typinator 3.3.1 offers improved Adobe Acrobat support. (19.99 euros, free update, 2.7 MB) Lightroom 2.2 from Adobe is the latest update to the company's photo management software, fixing several undisclosed bugs and adding support for the following cameras: Canon EOS 5D Mark II, Canon PowerShot G10, Panasonic DMC-G1, Panasonic DMC-FX150, Panasonic DMC-FZ28, Panasonic DMC-LX3, and the Leica D-LUX 4. You can download the update from Adobe's Web site. ($299 new, free update, 66.2 MB). ExtraBITS for 05-Jan-09 ----------------------- by TidBITS Staff article link: **iMacworld Puts Macworld Expo on Your iPhone or iPod touch** -- Going to Macworld Expo with your iPhone or iPod touch? Just in time for this week's show in San Francisco, IDG and Zami.com have released iMacworld, an app that provides a directory of exhibitors (including floor plans for the North and South Halls), products, and sessions. (Link goes directly to iTunes.) (Posted 2009-01-04) **Adam Talks about Apple and Macworld Expo on Inside Mac Radio** -- Adam's tour of the Macintosh podcasts and radio shows continues with a session on Inside Mac Radio with Scott Sheppard to discuss the fate of Macworld Expo in the light of Apple pulling out of future shows. (Posted 2009-01-04) **Pulsar Streams XM and SIRIUS Radio on the Mac** -- Subscribers to XM or SIRIUS radio services in the United States can now listen to their favorite stations on the Mac. The public preview release of Rogue Amoeba's Pulsar frees you from using dedicated hardware or listening via a Web browser. (Posted 2009-01-02) **30 GB Zunes Abruptly Die** -- Dead Zune, dead Zune, watcha gonna do, watcha gonna do when they come for you? Macworld picks up the story of 30 GB Microsoft Zune players spontaneously failing early on 31-Dec-08. Microsoft determined it was a leap-year bug, and affected Zunes should function normally on 01-Jan-09. (Posted 2008-12-31) **Roku Adds HD Support to Netflix Player** -- Roku has updated its $100 Netflix Player to handle high-definition video content from the movie rental and delivery service. Netflix Player streams video from Netflix via the Internet to a TV or monitor. Roku also confirmed that companies other than Netflix will be providing HD content in the next three months. (Posted 2008-12-23) **Get Down with the Macintosh Boogie** -- Duane Straub, bassist in the Macworld All Star Band, has posted the lengthy (we're talking years!) story about how he came to write the "Macintosh Boogie," along with a link to a video of the song itself. It's the first Mac-specific piece of boogie-woogie music we've heard! (Posted 2008-12-23) **Adam Talks about Apple and Macworld Expo on Tech Night Owl Live** -- If you haven't yet had enough of the whole Apple pulling out of Macworld Expo topic, tune into the Tech Night Owl Live radio show for Adam's take on what's behind Apple's decision, and why he thinks (or at least hopes!) Macworld Expo will stick around. (Posted 2008-12-22) **Google Native Code to run x86 Code Inside Browsers** -- Neil McAllister at InfoWorld examines what could be Google's most audacious plan yet - to download and run native x86 code within a Web browser on a Mac or PC. The goal is increased performance and security, but note that code will need to be written specially or recompiled for Native Client, so it's not as though your favorite apps will suddenly be accessible within Firefox. (Posted 2008-12-19) **Recording Industry Shifts Focus from Individuals to ISPs** -- The Recording Industry Association of America (RIAA) is shifting from suing alleged illegal downloaders of music - as well as dead people, pensioners without computers, and others - to getting ISPs to disconnect subscribers who the RIAA says are illegal uploaders. The RIAA won't gain any personal information about putative offenders, but ISPs that participate will put the RIAA's interests ahead of their customers's interests, and are relying on the RIAA's accuracy in identifying violations. (Posted 2008-12-19) **Workaround for Software Update Hang While Installing** -- Apple has posted a support article explaining how to recover (by deleting partially downloaded files) if Software Update stops responding during its "Configuring installation" phase. The bug is fixed in Mac OS X 10.5.6, but can still affect the 10.5.6 update process. (Posted 2008-12-18) **AOL Instant Messenger 1.0 for Mac OS X Released** -- AOL finally releases an updated version of AIM. It was in a public beta test for a few weeks. It's nothing special; move along. (Posted 2008-12-16) **New York Times Reporter Moves to Cybersecurity Beat** -- Veteran New York Times technology reporter John Markoff, long one of the paper's main Apple watchers, is changing beats to cover the intersection of computation and science, as well as the social implications of technology and so-called cybersecurity and cyberwarfare. It's terrifying that the risks of computer security exploits to individuals, companies, and even countries are great enough to warrant such mainstream coverage. (Posted 2008-12-15) Hot Topics in TidBITS Talk for 05-Jan-09 ---------------------------------------- by Jeff Carlson article link: **Labels & Addresses Restores Holiday Card Sanity** -- Readers share alternatives to using Address Book for printing cards and envelopes. (8 messages) **Writer's submission tracking software for the Mac?** A reader is looking for Mac software to track a writer's submissions. (3 messages) **Converting from Now Up-to-Date to iCal and BusySync** -- Adam's article prompts discussion of calendar software, limitations of iCal, and syncing event data. (13 messages) **Lesson Learned: Back Up, Keep Instructions** -- A reader learns the hard way what happens when RAM in a laptop gets knocked out of its seating. (2 messages) **Backblaze Launches Mac Beta of Online Backup Service** -- Is one's Internet connection the only factor that would cause slow online backup uploads, or does performance depend on the vendor? (4 messages) **Mac OS X 10.5.6 Update Problems** -- Upgrading to Mac OS X 10.5.6 is causing problems for some people working with Adobe Creative Suite 3. (3 messages) **Apple Adds Nearly Instant MobileMe Sync in 10.5.6** -- A reader details some of the overlooked improvements to Mac OS X 10.5.6. (2 messages) **Hand held GPS and the Mac** -- Looking to buy a handheld GPS device? TidBITS readers weigh in with their experiences. (6 messages) **Steve Jobs and Macworld** -- What does the exit of Apple - and a Steve Jobs keynote - from Macworld Expo mean for the company and its CEO? (23 messages) **Macworld Expo: The Long Decline** -- A reader thinks Macworld Expo has outlived its usefulness, but others see various benefits. (4 messages) **Fiwi Improves Finder Window Management** -- A free AppleScript script written by a TidBITS reader offers similar functionality to a utility for managing Finder windows. (6 messages) **Wireless keyboard problem** -- Universal Access preferences are the culprit when an Apple wireless keyboard begins to misbehave. (6 messages) **ADB power on/off key** -- Some new products can intelligently provide power to supplemental devices based on whether the computer is running or not. (5 messages) **Disappearing Email** -- When a Mac stops receiving email despite proof that the account is still working, where do you begin to troubleshoot? Readers offer their suggestions. (10 messages) **iTunes no longer auto-launches when iPhone is connected** -- A dearth of available memory is blamed for iTunes not launching to sync an iPhone. (3 messages) **AirPort Base Station problem** -- Trying to reset an original AirPort base station to its factory conditions proves difficult. (2 messages) **Out of Date iCal Alarm** -- A number of troubleshooting suggestions help a reader get closer to figuring out why alarms are appearing days late. (5 messages) **Hard drive rejects long file names** -- A question about backing up data to hard drives ends up as a discussion of how much data fits on optical media. (7 messages) **Remote Turns Apple TV into Music Source** -- Readers chime in with troubles they're having with AirPort Express devices. (5 messages) **Is there any difference in MobileMe products?** Extending a MobileMe subscription by ordering it through Amazon.com is often cheaper than via Apple directly, but are there differences in the boxed versions? (3 messages) **Secure Certificate Hack Doesn't Imperil Users** -- Fixing a vulnerability could take longer than Glenn Fleishman hopes in his article, but who needs to talk about that when we can discuss World War II Enigma encryption? (9 messages) $$ This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe! Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017. Copyright 2009 TidBITS: Reuse governed by Creative Commons license. Contact us at: TidBITS Web site: License terms: Full text search: Subscriptions: Account help: