TidBITS#990/10-Aug-09 ===================== Issue link: Security takes the lead in this issue with Rich Mogull's explanation of why the iPhone 3GS hardware encryption is easy to circumvent, along with our coverage of Mac OS X 10.5.8 and GarageBand '09 5.1, both of which contain security-related changes and other bug fixes. But after that, we have a wide variety of articles. Adam passes along news of two more Mac software bundles, and Glenn Fleishman notes the drop in ebook and hardware prices for the Sony Reader. Glenn also shares his thoughts about the latest App Store brouhaha and NewsGator's poorly handled shutdown of RSS syncing capabilities for NetNewsWire. Apart from Microsoft updating Office 2008 to resolve a document opening bug, things were fairly quiet in the world of software updates, with the main notable updates being QuarkXPress 8.1 and Firefox 3.5.2. Articles Microsoft Office 2008 12.2.1 Opens XML Office Docs Again GarageBand '09 5.1 Offers Security Fix TheMacSale and MacWeed: Two More Mac Bundles Sony Drops Ebook and Reader Prices Tr.im Trims Its Shortening Service Apple Explains Why Dictionary Required Mature Rating Mac OS X 10.5.8 Fixes Bugs, Plugs Security Holes iPhone 3GS Hardware Encryption Easy to Circumvent NewsGator Switches Users to Google Reader for Sync, Online RSS ExtraBITS for 10-Aug-09 TidBITS Watchlist: Notable Software Updates for 10-Aug-09 Hot Topics in TidBITS Talk for 10-Aug-09 ------------ This issue of TidBITS sponsored in part by: -------------- * READERS LIKE YOU! Support TidBITS with a contribution today! Special thanks this week to Tom Verhoeff, Juerg Fehr, Jim Monk, and Louise Asselstine for their generous support! * Fetch Softworks: Fetch 5.5 has WebView, the easy way to view files in a browser and copy web addresses from Fetch. Also Quick Look support, droplet shortcuts, and more. Download your free trial version! * WebCrossing Neighbors Creates Private Social Networks Create a complete social network with your company or group's own look. Scalable, extensible and extremely customizable. Take a guided tour today * Bare Bones Software's BBEdit 9.2 -- A burly upgrade with new Sleep command, LassoScript support, plus enhancements to Projects and core features like Find and Multi-File Search windows, editing in browsers, and text completion. * THE MISSING SYNC FOR iPHONE: Sync notes, tasks, files and documents between your iPhone or iPod touch and a Mac. The Missing Sync for iPhone provides two-way syncing over Wi-Fi. Learn more - * VMware Fusion. The most seamless way to run Windows on your Mac. Backed by nearly a decade of proven virtualization technology. Try VMware Fusion today for only $79.99. Visit: * Microsoft's MacBU: Supporting Mac users with Office 2008. Straighten up your Office with the latest updates to Word, Excel, PowerPoint, and Entourage. Update today at Mactopia! * The MacSpeech Dictate family is growing. Now for everyday use and the new MacSpeech Dictate Medical with almost 60 specialist vocabularies, and MacSpeech Dictate Legal for legal professionals. Learn more: ---------- Help support TidBITS by supporting our sponsors ------------ Microsoft Office 2008 12.2.1 Opens XML Office Docs Again -------------------------------------------------------- by Adam C. Engst article link: 1 comment Not much to say about this one. With Microsoft Office 2008 Service Pack 2, a bug was introduced that prevented all the Office applications from opening some of Microsoft's Open XML documents, templates, and macro-enabled documents and templates (see "Microsoft Releases Office 2008 Service Pack 2," 2009-07-20). Several commenters on our article about Service Pack 2 had the problem, though all the .docx and .xlsx documents on my Mac seemed to open fine. Microsoft has now released the Microsoft Office 2008 for Mac 12.2.1 Update to fix this problem. In my initial testing, it was still able to open the Open XML documents - if you weren't seeing any problems before, it's probably not essential that you upgrade immediately. The update is a 23.8 MB download, and is available from Microsoft's Web site or by choosing Check for Updates from the Help menu of any Office 2008 application. ---- read/post comments: tweet this article: GarageBand '09 5.1 Offers Security Fix -------------------------------------- by Doug McLean article link: Apple has released GarageBand '09 5.1 to fix a security-related bug in the popular audio editing software, enhance a few features, and address other issues. Most notably, GarageBand '09 5.1 fixes an issue that could lead to your Internet activity being tracked by third parties without your knowledge. Previously, when opened, GarageBand '09 would change Safari's preferences to accept cookies always. The default cookie setting, which offers additional privacy, is that cookies are accepted only from sites you visit - see Wikipedia's discussion of third-party cookies for more information. While GarageBand '09 5.1 no longer makes this mistake, if you've run a previous version of GarageBand '09, you should confirm that your cookie settings are set as you wish in the Security view of Safari's Preferences window. In addition to fixing this bug, the GarageBand '09 5.1 update "addresses general compatibility issues, improves overall stability, and fixes a number of other minor issues." Those minor changes include the added capability to add GarageBand track effects and Audio Units to a guitar track, enhanced Apogee audio interface support, better access to audio monitoring settings, and speedier switching to full screen in Magic GarageBand. Apple recommends the 139.3 MB update for all GarageBand '09 users, and it is available via Software Update or from the Apple Support Downloads site. ---- read/post comments: tweet this article: TheMacSale and MacWeed: Two More Mac Bundles -------------------------------------------- by Adam C. Engst article link: 3 comments We generally report on Mac software bundles only from entirely new groups, since by definition, these bundles are pure marketing efforts. Sure, the bundle may benefit deserving independent developers, donate a portion of the proceeds to charity, or be part of some sort of online game, along with offering a great deal for Mac users, but the news value of even most new bundles is fairly low. (Occasionally, we'll have a separate advertising relationship with the bundle vendor.) That said, there are two new bundle groups that have popped up in the last week or so: TheMacSale and MacWeed. TheMacSale has put together a $49.99 collection of 10 applications worth $450. From what I can tell, the bundle is entirely straightforward, with no gimmicks other than a funky Web site design that attempts to mimic the iPhone home screen, though not entirely successfully. The applications include Flux, Scribbles, Interarchy, Iris, WriteRoom, REALbasic Personal, HoudahSpot, Stuf, TaskPaper, and MarinerCalc. The offer runs through 18-Aug-09. MacWeed's twist on the bundle approach is to donate 20 percent of the proceeds from their bundle sales to the Italian Red Cross, specifically to help the victims of the April 2009 earthquake in the Abruzzo region of Italy, which rendered 66,000 people homeless and damaged many medieval buildings in the town of L'Aquila. To that end, MacWeed is offering 14 programs worth over $700 for $49.99, although 8 of the 14 will be unlocked only after a certain number of bundles have been sold. The programs all purchasers are guaranteed to get include Amnesia, DEVONthink, Finance 6, Interarchy, ImageFramer, and Media Catalog. The programs to be unlocked include iCalamus (after 500 sales), Voila (after 2,000 sales), SkypeCap, Optimism, ProfCast, Photo Styler, MacSnapper (all after 5,000 sales), and Sandvox (after 40,000 sales). To their credit, the MacWeed organizers are showing how many bundles have been sold so far, but the number stands at only 101 as of this writing, a far cry even from the 500 copies necessary to unlock the first locked application, iCalamus. The MacWeed bundle runs through 12-Aug-09. **Bundle Burnout?** With the addition of these bundles, there are at least four or five bundle offers that appear from time to time, all including somewhere in the vicinity of 10 applications and generally selling for about $50. While the initial bundle offers sold very large numbers, these subsequent bundles are having a harder time, despite the excellent value for the money that they all provide. I suspect that the Mac software-buying community is simply becoming fatigued - how many applications can any one person actually use? As a member of the press, I can get a review copy of anything I want, but the vast majority of the software I have really is for review purposes - I do almost all of my work in a relatively small set of programs. Everyone has different needs, of course, but many of the bundles probably sell on the virtues of one or two programs that appeal to the needs of a particular buyer. The one field that hasn't seen significant representation in the bundles is games - I could easily see gamers being interested in buying a bundle of 10 games every so often given that games are much closer to being consumable. Apart from games, though, it may be time for the bundle vendors to think of some new approaches. ---- read/post comments: tweet this article: Sony Drops Ebook and Reader Prices ---------------------------------- by Glenn Fleishman article link: 2 comments For a product category that has long had no legs, competition is finally heating up for electronic book readers. The latest salvo is from Sony, which had an early well-liked device called the Sony Reader. The company said it would match Amazon's $9.99 price for bestselling books sold in electronic form in the Kindle store. Sony also said that, in late August 2009, it would release the Reader Pocket Edition ($199) and Reader Touch Edition ($299). The two new models replace previous readers - the 505 and 700 - priced at $269 and $399. The Amazon Kindle 2 costs $299, and the Kindle DX - which can show a letter-sized PDF without cropping - is $489. Sony's news didn't carry with it any device that would feature built-in networking - at least, not yet. The inclusion of Wi-Fi seems like a no-brainer, and the New York Times quotes an analyst who suggests Sony clearly stated that more devices would follow later in the year. Publishers worry about the new $9.99 price for bestsellers, even though both Sony and Amazon pay about 50 percent of the hardcover retail price for the electronic book edition. New hardcover titles with mass-market interest tend to retail for $25 to $30. The electronic book price doesn't drop until the book moves into a paperback edition. That means that Amazon and Sony subsidize the price of each new bestseller by $2.50 to $5. In some countries, that kind of subsidy is illegal - selling below cost to gain market share - but not (at least so far) in the United States. Publishers don't want to see an erosion in the price for which they are paid for hardcover books in any form, because this is where they make a large chunk of the money from popular new titles. As a result, the latest title from "The Da Vinci Code" author Dan Brown will not appear immediately in ebook form when the corresponding hardcover is released in September 2009. Amazon and Sony hope to benefit from the disproportionate long tail of book interest, where older books for which the firms make relatively large positive profits generate a greater number of sales than in the bricks-and-mortar world. At least that's the theory. The announcement slipped out when a retailer accidentally posted photos of the new devices too early. For a thoughtful look from a paper-book worshipper, read Nicholson Baker's New Yorker article, "A New Page." Baker is a meticulous fiction writer and the author of a surprisingly prescient book on how digital preservationists destroy books in order to save them, "Double Fold." ---- read/post comments: tweet this article: Tr.im Trims Its Shortening Service ---------------------------------- by Glenn Fleishman article link: Tr.im has seen the price of success and wants no part of it. The well-known URL shortening service, which takes long URLs and turns them into brief ones, has seen usage skyrocket, but says it was unable to find a means of turning that into revenue or finding a buyer for the site at even a nominal price. Tr.im's developer, The Nambu Network, notes on the tr.im home page that old redirects will continue to work until at least 31-Dec-09. Like other such services, tr.im leverages browser redirection, taking a short URL and redirecting to a long one. Many content management systems and blogging systems (like Movable Type and WordPress) produce extremely long, human-sensible URLs based on the title of a post or article. (TidBITS opted long ago for pithiness, moving to our current /article/ plus number URL when we transitioned to our homebuilt TidBITS Publishing System several years ago.) Twitter's 140-character limitation accelerated the need for URL shortening services since some URLs are themselves more than 140 characters, and even reasonable URLs significantly limit what you can write in the remaining characters. Twitter shortens URLs automatically for tweets published via the twitter.com Web site; in May 2009, Twitter switched to using the bit.ly service in place of an early shortening service with a longer domain, TinyURL. The folks at tr.im seem rather bitter with Twitter on the company blog, where they note that Twitter's anointing of bit.ly prevents tr.im from succeeding in the long run no matter what else might happen. Bit.ly raised $2 million earlier this year, according to TechCrunch. It's ironic that TinyURL.com is now a _long_ domain name compared to tr.im, is.gd, or bit.ly. Also interesting is that our article "The Incredible Shrinking URL" (2006-02-06) lists several other services, none of which have broken out into enormous usage in the intervening three years. No first mover advantage, apparently. Shortening services associate a long URL with the shortest possible code corresponding to that link, which is maintained in the shortener's database. A request for that URL from the shortener automatically redirects to the destination. A 4-character code comprising uppercase and lowercase letters and the digits 0 to 9 can represent nearly 15 million different possibilities (62 to the 4th power). Some services provide add-ons, such as accounts through which you manage URLs, updating destinations when they change, and viewing statistics. Third-party Twitter clients all offer URL shortening as well, though they often give users a choice of which service to use. Tweetie, for instance, lets you choose from among five options, including tr.im. Other utilities tie into URL shorteners, as well. For instance, SmileOnMyMac's TextExpander includes AppleScript scripts that use four services' interfaces - including tr.im - to read a URL and return a shortened locator. (TextExpander includes this capability in one of its predefined group sets, Internet Productivity Snippets, which the company has already updated to remove tr.im. Open the TextExpander preference pane, select the Internet Productivity folder, and click Update Now.) Such programs will need updates, or users will have to stop using tr.im within them. It's hard to make money from URL shortening because the service performed is non-unique and trivial to replicate. Creating a redirection converter and database would take only minutes; tacking on a simple Web front end wouldn't require much more work. The hard part is providing a reliable service that works quickly and doesn't expose users to undue security risk. Because there are so many services to choose among, users have never tolerated ads that appear as part of the redirection process. Thus, the redirection service has no way to realize advertising or other revenue from those clicking through. Add-on options have some revenue-generating potential, especially for those wanting analytic data - precise clickthrough tracking - but only a tiny fraction of all users care about such features. It's likely that future upgrades to Web sites and associated posting software will simply incorporate the idea of every page having both long and short URLs. A publication like TidBITS could register a tiny URL of its own - tb.cz or some such - and with a few lines of code avoid the need for any third-party redirector at all. ---- read/post comments: tweet this article: Apple Explains Why Dictionary Required Mature Rating ---------------------------------------------------- by Adam C. Engst , Glenn Fleishman article link: 6 comments At Daring Fireball, John Gruber doesn't attempt to hide his entirely justified outrage at the news that Apple repeatedly rejected the Ninjawords dictionary app for the iPhone until the developers excised "objectionable" words, many of which have entirely common senses (consider the synonyms for "donkey," "grab," "cat," "rooster," and "rotate"). Even after removing these words, Ninjawords had to be given a 17+ rating to be listed. The worst part? You can find all these "objectionable" words, with definitions, in the built-in dictionary in Mac OS X. After publishing this article, Gruber received a response from an unlikely source: Apple's worldwide marketing head, Phil Schiller, a generally straight-shooting and blunt fellow, especially within the Apple corporate environment. (That said, MDJ's Matt Deatherage believes that Schiller doesn't deserve the benefit of the doubt with regard to the veracity of his statements.) Schiller told Gruber, who shared parts of an email with Schiller's permission, that the timetable and directions from the App Store program reviewers were a bit garbled in the Ninjawords account. Ninjawords submitted its dictionary before the iPhone OS 3.0 software with age-restriction categories had a release date, and made some changes in order to try to get the dictionary out without knowing when that release would come. (It turned out to be within a few weeks of the dictionary's first rejection.) Gruber agrees with some of Schiller's points and not with others, and gets a response from Ninjawords as well. Read Gruber's full article for the details, but it's notable that a senior Apple exec finally made some statements publicly about the process, including, "While we may not always be perfect in our execution of that goal, our efforts are always made with the best intentions, and if we err we intend to learn and quickly improve." Let's hope Schiller isn't merely saying what we want to hear as a form of damage control, and that we'll see a drop-off in the number of nonsensical app rejections and ratings. ---- read/post comments: tweet this article: Mac OS X 10.5.8 Fixes Bugs, Plugs Security Holes ------------------------------------------------ by Adam C. Engst article link: 3 comments Apple has released Mac OS X 10.5.8, a bug-fix update to Leopard that addresses a number of relatively uncommon bugs in various parts of the operating system. Although Apple provides standalone downloads (most useful for the combo updates that increment any version of Mac OS X 10.5 to 10.5.8), Software Update is the easiest way to get the new version. As always, although there's no reason to suspect any trouble with installing 10.5.8 right away, the cautious user will wait a few days to see if significant problem reports crop up online. **Changes in 10.5.8** -- Although the release notes mention the inclusion of Safari 4.0.2 as new and claim improvements in the accuracy of full history searches, Safari 4.0.2 was the current version before the release of 10.5.8. Practically speaking, if you hadn't upgraded to Safari 4.0.2 individually before this, you'll get it now. Other networking-related fixes include improved compatibility and reliability when working with MobileMe and iDisk, with AFP (AppleTalk Filing Protocol), and with Managed Client. Lastly, though the release notes also claim improvements in joining AirPort networks, there have been anecdotal reports of AirPort connection failures after updating. On the imaging front, the update fixes a bug that could prevent importing of large photo and movie files from digital cameras, and another that invoked an iPhoto action when dragging an Aperture image into Automator. Also, raw image support has been extended to additional new cameras; see the full list. In other fixes, the Displays pane of System Preferences now shows certain resolutions that might not have appeared previously. iCal reportedly has improved reliability when working with MobileMe Sync and CalDAV, and Sync Service bugs have been addressed. Compatibility with certain USB external drives has been improved. Finally, overall Bluetooth reliability has been enhanced when working with external devices, USB webcams (straight from the release notes - we're not sure what the relationship between Bluetooth and a USB webcam is either), and printers. VMware is reporting that Mac OS X 10.5.8 includes new 3D drivers from ATI that fix a compatibility problem suffered by VMware Fusion 2.0.5 under Mac OS X 10.5.7. Mac OS X 10.5.8 also addresses security vulnerabilities. A number of the fixes revolve around closing holes related to maliciously crafted images in various formats, but a few of the other issues addressed are more interesting. In particular: * A maliciously crafted Web site reached via a redirect could have displayed a certificate warning that used the name of the redirecting site. * Additional content types will generate prompts when accessed in certain ways, such as when they're downloaded from a Web page. * The Dock previously allowed a user with physical access to a locked system to use four-finger multi-touch gestures to manage applications or use Expose. * The launch service was vulnerable to a denial-of-service attack. * Signing out of MobileMe via the preference pane wasn't properly removing all login credentials. The Mac OS X 10.5.8 Update weighed in at only 165 MB via Software Update on my Mac Pro and MacBook, but the standalone delta update from 10.5.7 is 274 MB from Apple's Support Downloads site. The combo update that works with any version of 10.5 is 759 MB. **Leopard Server 10.5.8** -- Along with all the changes in the desktop version of Mac OS X 10.5.8, the server version receives additional tweaks. Notably: * The AFP Server receives a fix that prevents unwarranted CPU use when no users are connected. Another fix prevents the AFP Client from infinitely repeating unsuccessful connection attempts after waking from sleep. * Several different bugs were addressed in the Managed Client, resolving login issues from PowerPC-based Macs, improving reliability of synchronized files from SMB servers, fixing launch problems for login items on a network home directory, and proper disabling of simultaneous logins. * Server Admin no longer freezes when propagating permissions, and it (along with the updated System Image Utility) now includes NetBoot/NetInstall filters for Macs released in June 2009. Alas, it doesn't appear to include the fix necessary to make Server Admin stop corrupting Apache httpd.conf files. The Mac OS X Server 10.5.8 Update is 274 MB in delta form; the combo update is 978 MB. **Security Update 2009-003** -- The security fixes included in Mac OS X 10.5.8 are also available (as appropriate) for users still running Mac OS X 10.4 Tiger. All previous security updates have been incorporated in Security Update 2009-003, so you shouldn't need to do the multiple download dance if you're not up to date. Four variants are available, as always, a desktop version for PowerPC-based Macs (76 MB) and another for Intel-based Macs (166 MB), and a server version for PowerPC-based Macs (130 MB) and another for PowerPC- or Intel-based Macs that Apple labels as Universal (204 MB). ---- read/post comments: tweet this article: iPhone 3GS Hardware Encryption Easy to Circumvent ------------------------------------------------- by Rich Mogull article link: A mere three days after I published an article touting the enhanced security of the iPhone 3GS - see "iPhone 3GS Offers Enterprise-Class Security for Everyone", 2009-07-20 - security researcher Jonathan Zdziarski revealed a simple, only moderately technical technique for completely circumventing the iPhone's passcode lock and encryption. As a result, the iPhone 3GS encryption can no longer be considered a security control for consumers or enterprises until Apple releases a fix. Although encryption is one of the most fundamental tools available in the security arsenal, it can be difficult to implement properly. In this case, it isn't that the encryption itself is flawed (although that happens), but that the _implementation_ of the encryption leaves cracks for attackers. Implementation issues that can hamper encryption security include generating keys improperly, protecting them poorly, exchanging them insecurely - and even leaving doors wide open such that the encryption can be sidestepped entirely. This has allowed exploits in WEP (Wired Equivalent Privacy) in Wi-Fi (which also had cryptographic flaws), early SSL implementations in Web browsers, and stored passwords in most major operating systems. It appears that Apple made a fundamental mistake in encrypting the iPhone 3GS. It's a mistake we've seen before in other tools, but one Apple has managed to avoid elsewhere, such as Mac OS X's FileVault. **A Flawed Implementation** -- Encryption works by taking data and running it through a mathematical algorithm that scrambles the contents. But unlike sticking it in a blender, you can reconstruct the original data by reversing the process - assuming you have the right key. (In symmetrical cryptography, the same key is used to encrypt and decrypt; in asymmetrical flavors, like public key encryption, one key encrypts and another related key decrypts.) The longer and more complex the key, the better protected the data. While different algorithms use different key lengths, the standard encryption tools today usually use 128- or 256-bit keys for symmetric encryption. Since 256 bits of random data is a bit harder to remember than the average lock combination or telephone number, we usually protect the key itself with a password. If you use a weak password, the attacker can potentially guess his or her way in and access your data, but that's not the mistake Apple made. On the iPhone 3GS, your password is simply the passcode to unlock your phone, and the device can be configured to erase the encryption key - making your data inaccessible - if someone tries to brute force their way in. If you have the iPhone configured properly, as I detailed in my previous article, the attacker gets only 10 tries to guess your passcode before your data is lost forever. It's this very feature I considered "enterprise-class" when I wrote the initial article. What Jonathan Zdziarski discovered is that if you can bypass the passcode, you gain complete access to the data. And this is fairly easy to do using the same jailbreaking tools people use to hack and personalize their phones. Although I don't know the full technical details, it seems that by jailbreaking the iPhone you can access the part of the iPhone that stores the passcode directly, and turn off its required use; or install a program to allow network access to the iPhone's storage. Using either technique, you then gain full access to the data on the iPhone. **A Known Problem** -- This isn't the first time we've seen this kind of encryption mistake. Since we have to use passwords instead of encryption keys to interact with users, _how_ we set up those passwords can open up doors for attackers. For example, with early versions of Microsoft's Encrypted File System you could use special tools to erase a user's password if you had physical access to their system. That let an attacker simply log in without a password and access the data. Microsoft fixed this by using two different passwords that were synchronized by the operating system. One is the normal password for logging in, while the other allows access to the encrypted data. If you changed your password using the normal method, they would stay in sync. But if you used some sort of a hacking tool to change the login password, it would break the synchronization, preventing access the encrypted data. Apple's FileVault works in a similar way. While this is speculation, it seems the iPhone 3GS makes a similar mistake. Jailbreaking the iPhone appears to allow access to the memory location that stores either the passcode, or the setting to use the passcode. With this removed, you gain full access to the iPhone. It also appears that you can jailbreak the iPhone and install a tool like SSH, which you can then access over the network to pull the data off the device. The iPhone doesn't realize normal access is being circumvented, and automatically decrypts the data without requiring the passcode. **Testing the Hack, and Discovering a New Problem** -- Just to make sure, I tested the jailbreaking process using a computer that had never been authorized to have access to the iPhone. To sync a passcode-protected iPhone with iTunes, you need to enter the passcode in iTunes. The process worked smoothly, and with a little more effort I could have modified my jailbreak package to install and run SSH automatically. Actually, the process went a little _too_ smoothly, and in the process I discovered a second vulnerability in the iPhone. While minor, I reported this to Apple and will not be releasing more information until it's patched. Until Apple resolves these issues, the encryption on the iPhone is little more than a speed bump to anyone with moderate technical skills and access to the device. If you lose your iPhone, it's now even more important to remote wipe it with MobileMe as soon as possible, since this completely destroys the key and protects your data. Since this isn't an unknown implementation mistake, Apple should have a clear roadmap to fix the issue and make the iPhone 3GS a secure device for non-business users and enterprises alike. ---- read/post comments: tweet this article: NewsGator Switches Users to Google Reader for Sync, Online RSS -------------------------------------------------------------- by Doug McLean , Glenn Fleishman article link: 8 comments NewsGator has announced that it has adopted Google Reader as its sole synchronization platform, will drop MobileMe sync, and will discontinue its longstanding online RSS reader, NewsGator Online Reader. The popular Macintosh RSS reader NetNewsWire, starting with the 3.2 release, will include ads except for paid users. The transition is underway, and NewsGator's reader and sync services will stop working on 31-Aug-09. This news has prompted a variety of strong responses - especially because the company tried to bill this as positive news - though given the company's recent trajectory, shock shouldn't be one of them. **What's Gone and Why** -- NewsGator Online Reader, NewsGator Go for Blackberry and Windows Mobile, and NewsGator Inbox (for Outlook) will all cease to exist on 31-Aug-09. Newsgator's Browser Toolbar, the Desktop Notifier, Blogroll, Ratings, and Headlines features have all been eliminated. Users of NetNewsWire for Mac and the Windows-only FeedDemon can now download new versions that have Google Reader synchronization; an iPhone update is coming. NewsGator will provide users instructions and in-product reminders to help them make the transition. The Mac version, in beta, and the upcoming iPhone versions have new icons and add support for Instapaper. Finally, while the 3.2 beta version of NetNewsWire is ad-supported, NewsGator has not yet said what an ad-free version will cost, nor is it clear whether the free version will have fewer features than a paid or enterprise version. (The 3.2b6 release showed ads, which were disabled shortly thereafter with the promise that ads wouldn't return until you could buy your way out of displaying them.) NewsGator has really been a corporate software supplier for the last few years, with the consumer portion acting as a calling card. The company made its well-regarded Mac, Windows, and online newsreaders free last year because it was more important to get the software in front of enterprise users than to generate revenue from that part of the business (see "NewsGator Turns NetNewsWire Loose for Free", 2008-01-09). This latest move is part and parcel of the firm's transition away from the consumer market, but has caused extra irritation because of the abruptness and scale of the shift. One can't criticize a firm for deciding that the expense of operating a zero-revenue set of synchronization servers was too much given its current business. But several decisions are just plain irritating. **The Missing Sync, and Clippings, and Folders** -- Many people may not care about the decision to switch users to Google Reader for sync and Web access, but others are mourning the loss of features that this move dictates. This may include organizing feeds into nested folders, clippings, and support for storing sync files on MobileMe. Google Reader offers only a single level of folder organization, and the service doesn't support Clippings. The Clippings feature allows a user to save an article and have that synced across multiple copies and the online site, and was initially not available in the 3.2 beta (release 6), but appeared on 03-Aug-09 in release 13, although still without sync. It's unclear how NewsGator will restore the sync part of the feature. NetNewsWire developer Brent Simmons recommends Instapaper as an alternative. Simmons also wrote that he's working on a scheme to use dashes to indicate folder nesting in a way that's compatible with Google Reader. Simmons said via email that MobileMe sync was dropped, at least temporarily, because it would work only under Mac OS X, and not for the same user who wanted to read feeds from an iPhone or via a Web browser at various times. Simmons also said that MobileMe support could be brought back at least temporarily if there were enough interest, which apparently hasn't yet been expressed. As you can see, the situation with regard to particular features is fluid, and the company and Simmons haven't settled on what's going to happen. That's because NetNewsWire 3.2 is still in beta, which seems like a terrible point at which to make this synchronization change. NewsGator is unwisely recommending that its Mac users switch to what it called the latest release of NetNewsWire, but which is in fact a beta - a beta that calls out on the download page, "It's still a beta, though: it's unfinished software, with bugs - known and unknown - and incomplete features. We say this not to scare you off but to inform." While other companies routinely release public betas for testing, along with warnings such as the one provided above by Simmons, it's unheard of in our experience at TidBITS for a firm to tell active users to switch to a beta as their primary tool unless something is simply so broken that users otherwise wouldn't have access to a critical feature. That is not the case here. Further, while this beta is advertised as essentially transitioning NewsGator sync to Google Reader, some users who already use Google Reader found their feeds and organization at Google destroyed and unrecoverable after a sync. Khoi Vinh, the New York Times designer and author of the Subtraction blog, vents about the lack of explanation that Google Reader feeds could be blown away. Again, this is a problem with advertising beta software as a generally available release. There's also concern about the switch to Google Reader as the sole option for sync. While NewsGator says that Google Reader support has been a popular request, an increasing number of people are becoming uncomfortable in having all their online eggs in one basket, with Google search, email, documents, and other features working at no cost but at the discretion of the firm. Finally, it's very odd to explain that NetNewsWire will have free and paid versions without explaining what happens to previously paid users of 3.x releases, what it will cost, and what the difference between fee and free versions will be. **Let a Thousand RSS Readers Re-Bloom** -- Here at TidBITS, we have thousands of readers using NewsGator Online and NetNewsWire (about 15 percent of our RSS subscribers) and it's concerning to see NetNewsWire and its companion products become yet another thing from Google that many people rely on without tech support. Hopefully though, this will breathe new life into the market for RSS readers, a field that suffered significantly in the wake of NetNewsWire being released for free. Other RSS readers are still under development, but there's been a general stagnation. In an era of scarce attention, one might expect the RSS reader to expand its horizons in a couple of directions. Using attention data, like tracking what we read in what fashion (in the reader or by clicking to open a Web page), items of greater importance could be presented in that fashion - Cynical Peak Software's Cyndicate offers this feature now. The tag clouds that show popular keywords and phrases on blogs and elsewhere could be tied in, along with other tools to make it simpler to see what's important without reading every headline. Further down the attention spectrum, integration of Twitter and Facebook seem like a potentially perfect complement for some users and some kinds of results. NewsGator made a kind of promise when it took a popular software category and made it impossible for a commercial application to survive: that the firm was committed to this for the long haul. Business exigencies may have changed that commitment, but the firm has done a poor job communicating about the situation and offering users a smooth transition. ---- read/post comments: tweet this article: ExtraBITS for 10-Aug-09 ----------------------- by TidBITS Staff article link: **Speculative Mockups of Rumored Apple Tablet** -- Developer Rainer Brockerhoff recently threw his two cents into the Apple Tablet wishing well, after which the Brazilian site Mac+ reprinted his musings along with gorgeous mockups from illustrator Mario Amaya. It's nothing more than a fantasy of course, but as Rainer told us in iChat, "One can dream." (Posted 2009-08-10) **Time-Lapse Video of Macworld Cover Being Created** -- Publishing on the Internet is easy - paper is hard. If you don't believe us, check out the amount of work that went into making a recent Macworld magazine cover showing the iPhone 3GS - it's a time-lapse video made by Peter Belanger. (Posted 2009-08-07) **Original Apple Logo Designer Explains the Bite** -- Wonder what the real story is behind the famed Apple logo? Creativebits interviews Rob Janoff, the man who designed the now-iconic apple-with-a-bite logo back in 1977, and he sets the record straight about just what the apple is supposed to mean and why there's a bite taken out of it. (Posted 2009-08-07) **Apple Bans Developer, Clears Swarm of Apps** -- Ars Technica reports on Apple's recent decision to revoke developer Khalid Shaikh's iPhone developer license and remove his 900+ apps from the App Store. According to Apple, Shaikh's apps, which aggregated and repackaged news content, frequently drew objections from third parties for violating intellectual property rights. When considering Apple's claim of over 65,000 apps in the App Store, hearing news of such junk (another developer reportedly has 2,000 apps similar to Shaikh's) highlights the difficulty of finding good applications. (Posted 2009-08-06) **Adam Chats with Shawn King about the Rumored Apple Tablet** -- No, we don't know anything real about it - no one does. But it's our job as pundits to speculate when asked, so Adam and Your Mac Life host Shawn King bat thoughts about the much-rumored Apple Tablet back and forth in this podcast. (Posted 2009-08-06) **David Pogue Compares Amazon, Barnes & Noble's Ebook Offerings** -- In his New York Times column, David Pogue offers a detailed comparison of Amazon's Kindle marketplace and Barnes & Noble's new multi-device ebook offerings. B&N suffers from too few titles, and a clutter of old public domain works from Google in search results. The initial Mac and iPhone versions require complicated navigation, as well. (Posted 2009-08-05) **App Store Gains Keywords For Apps** -- The Loop covers Apple's small but appreciated gesture to iPhone developers: the capability to search for apps by keywords. With over 65,000 iPhone apps currently available, anything that makes it easier for apps to be found is welcome. (Posted 2009-08-05) TidBITS Watchlist: Notable Software Updates for 10-Aug-09 --------------------------------------------------------- by Doug McLean article link: 2 comments QuarkXPress 8.1 from Quark is a maintenance update to the professional desktop publishing software. The latest version adds a Native Transparency mode that increases PDF output support and enables greater control over PDF workflow. Changes also include a refreshed spell checker, the capability to paste text without formatting, added Scale functionality, compatibility with the forthcoming Mac OS X 10.6 Snow Leopard, and enhancement of the Usability and Item Styles features. The update is available via Quark's Web site. ($799 new, free update, 662 MB) Firefox 3.5.2 from Mozilla is a security and stability update to the popular Web browser. The latest version addresses several security issues that could lead to attackers executing arbitrary JavaScript with elevated privileges, executing arbitrary code, and intercepting and spoofing what could appear to be encrypted communications. The update's security notes also identify a crashing bug that could lead to memory corruption, but Mozilla has no fix at the moment and recommends that concerned users disable JavaScript until a version that does address this issue is released. (Our take is that you're probably fine unless you frequent dubious sites.) Finally, the update ensures images with ICC profiles render correctly on all displays. (Free update, 17.6 MB) ---- read/post comments: tweet this article: Hot Topics in TidBITS Talk for 10-Aug-09 ---------------------------------------- by Jeff Carlson article link: **A crazy prediction that missed - Somewhat** -- Ford apparently now embeds a version of Windows into its dashboard software; is this a bad idea? Another reader has tried it, and shares his experience. (2 messages) **AppleScript Frustrations** -- A reader gets help on TidBITS Talk but his problem remains unsolved. (3 messages) **Time Capsule Bumped to 2 TB** -- An Apple tech support person says that the latest Time Capsule use a new filesystem and isn't compatible with data stored on earlier Time Capsule. Bunk? (8 messages) **Google Voice and the iPhone overseas** -- Readers discuss the removal of the Google Voice app from the App Store, and what consequences Apple's actions could have on other carriers that sell the iPhone internationally. (6 messages) **NewsGator Switches Users to Google Reader for Sync, Online RSS** -- Did NewsGator jump too quickly in turning off its sync servers? Readers discuss the fallout and what it means for the future of RSS. (4 messages) **Recommendations for a printer?** At what point is it no longer worth repairing an old printer? Readers recommend new models - generally inexpensive laser printers. (17 messages) **Web Hosting Company - How do you separate the wheat from the chaff?** How can you tell which Web hosting companies are worth paying for and which are headaches in the making? (12 messages) **Mac OS X 10.5.8 Fixes Bugs, Plugs Security Holes** -- Some readers are confused that the latest Leopard update installs Safari 4.0.2 even though that's already the current version, while others report problems with AirPort networks. (6 messages) $$ This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe! Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017. Copyright 2009 TidBITS: Reuse governed by Creative Commons license. Contact us at: TidBITS Web site: License terms: Full text search: Subscriptions: Account help: