TidBITS#1070/01-Apr-2011 ======================== Issue link: Writing tools, system utilities, upcoming versions of Mac OS X, subtle security vulnerabilities, and a behind-the-scenes look at The Daily’s publishing technology — have we got an issue for you! Security editor Rich Mogull leads off with a warning about a new iOS and Mac OS X security vulnerability that affects nearly all of Apple’s products. Also, Tonya Engst gets back to her roots in writing about the upcoming release of Microsoft Word for the iPad, and Adam examines what Apple is going to do to put the iTunes subscription service rumor to rest once and for all. Then Jeff Carlson looks at Lioness, a utility from Many Tricks designed to integrate with and extend Mac OS X Lion’s new Auto Save technology — available now in demo form. Finally, Michael Cohen reviews another utility from Literature & Latte that enhances the popular word processor Scrivener for writers who really need to take a break. Articles Lioness Auto-Saves Lion Users’ Sanity Microsoft Word 5.1 Returns... to the iPad Behind the Scenes at The Daily Text Vulnerability Discovered in iPhone and iPad Apple to Offer Subscription Service and Subscription-Based Mac Bartleby, For When You Prefer Not To ------------ This issue of TidBITS sponsored in part by: -------------- * READERS LIKE YOU! Support TidBITS with a contribution today! Special thanks this week to Bob Dahl, Charles Brown, Harvey Cain Nico Macdonald, and Flixton Software for their kind contributions! * WebCrossing Neighbors Creates Private Social Networks Create a complete social network with your company or group’s own look. Scalable, extensible and extremely customizable. Take a guided tour today * Bare Bones Software’s BBEdit 9.6 -- A burly upgrade with new Live Search bar, enhanced script attachability, ZIP archive viewing plus core features like Find and Multi-File Search, editing in browsers, and text completion. * SYNC YOUR PHONE with The Missing Sync: Sync your calendar, address book, music, photos and much more between your phone and Mac. Supports ANDROID, BLACKBERRY, PALM PRE and many other phones. * Dragon speech recognition software for Macintosh, iPhone, and iPad! Get the all-new Dragon Dictate for Mac from Nuance Communications and experience Simply Smarter Speech Recognition. Learn more about Dragon Dictate: * CrashPlan is easy, secure backup that works everywhere. Back up to your own drives, computers, and online with unlimited storage. With unlimited online backup, this is one resolution you can keep. Back Up Your Life Today! * Get more productive with software from Smile: PDFpen for editing PDFs; TextExpander for saving time and keystrokes while you type; DiscLabel for designing CD/DVD labels and inserts. Free demos, fast and friendly customer support. ---------- Help support TidBITS by supporting our sponsors ------------ Lioness Auto-Saves Lion Users’ Sanity ------------------------------------- by Jeff Carlson article link: Among the many changes in the upcoming Mac OS X Lion, one of the most welcome is the capability for applications to auto-save documents you’re working on. This isn’t a new feature — programs such as iMovie have done it for years — but it’s a first to offer system-level support for automatic saving of files. We expect that thousands of hours of lost productivity will be saved as a result of not losing edits due to an application crash. However, the feature does present a problem: What will happen to those of us who compulsively press Command-S to save documents every few minutes? I’ll get awfully tired of hearing a system beep dozens or even hundreds of times per day. Fortunately, I’m not the only one afflicted by this inconvenience. Rob Griffiths, formerly of Macworld and now working at Many Tricks, has announced the release of Lioness, a utility that redirects that reflexive gesture into more productive and entertaining activities. (You have to love their tagline: “These days, saving manually is a roarity.”) Lioness intercepts any Command-S key combination and acts upon it. A free demo version gives you the option of hearing four different sounds: a roaring lioness, a baby’s giggle, a man’s “Do’h!” exclamation, or a gentle forest breeze. You can also choose to have Lioness pick a sound at random. Also, a Growl notification appears with a counter indicating how many times you’ve hit Command-S. Currently, Lioness is available in a free demo mode. Following the release of Mac OS X Lion in a few months, Many Tricks plans to add Paranoid mode (informally known, according to Griffiths, as the “Kissell Run”) as an in-app purchase (pricing is yet to be determined). With Paranoid mode active, hitting Command-S automatically does a number of things: It puts a copy of the active document in your Dropbox folder in the Finder; pops up a Growl notification showing that the file was successfully copied and how much potential data loss you’ve avoided; and returns control to the frontmost application, so you can get back to work. Paranoid mode will also be able to trigger similar backups using CrashPlan, Backblaze, Carbonite, iBackup, JungleDisk, MobileMe, Mozy, MyOtherDrive, and SugarSync. A demo version of Lioness is available now from Many Tricks as a free download. The paid version is expected to become available shortly after Mac OS X Lion has shipped, and will also be in the Mac App Store. After using the software for several hours, I can say that Lioness is the app that will sink its teeth into my data and not let go. ---- read/post comments: tweet this article: Microsoft Word 5.1 Returns... to the iPad ----------------------------------------- by Tonya Engst article link: Long ago, a group of veteran Microsoft developers collaborated on a project to “carbonize” Microsoft Word 5.1 for the Macintosh, enabling it to run natively under Mac OS X (see “Microsoft Word 5.1 for Mac OS X,” 1 April 2003). Many long-time Word users felt that Word never regained its glory after the release of Word 6, which suffered from being made more Windows-like and from its early implementation of Microsoft’s IntelliSense technology (see “The Word on Word 6,” 15 August 1999). The project to bring Word 5.1 to Mac OS X was meant to make it possible to work with Word 5.1 on more modern Macs. Unfortunately, that carbonization project ran into a snarl of spaghetti code, and the product was never released. Fortunately, many lessons were learned, and the project is now back on track, this time readying Word 5 for release as an iPad app. Apparently, as Microsoft investigated the possibility of creating a word processor for the iPad, they realized that porting Word 5 was their best chance at shipping a functional product for iOS 4, given its relatively compact code base (and feature set) as compared with later versions. And, when they described the product to focus groups, Word 5.1 for the iPad received actual applause. (At the moment, Microsoft is not considering a version for the small-screened iOS devices, though they made it clear that they will take customer requests into account.) I’ve run a beta version of the app on my iPad, and found it to be stable and useful, even with documents that exceed 100 pages. It works much as Word 5.1 aficionados would expect, with a tappable ruler and the capability to customize keyboard shortcuts to work with the top row of keys on the Apple Keyboard Dock or Apple Wireless Keyboard. There is one notable feature missing and one exciting change. In the missing features department, Publish and Subscribe is no more, thanks to the lack of inter-app communication in iOS. However, Microsoft’s hoary OLE (object linking and embedding) has been brought into the modern era. OLE now works between different Word 5 documents stored on the iPad _and_ over the local Wi-Fi network, enabling you to insert content from other Office documents into your Word document wirelessly. If you want to take your iPad away from your local network, a chunk of code extracted from the open source Gears (formerly Google Gears) project makes that possible. The 1.0 release of Word 5.1 for the iPad was recently submitted to Apple for approval in the App Store, and it will retail for $41.99. ---- read/post comments: tweet this article: Behind the Scenes at The Daily ------------------------------ by Adam C. Engst article link: Few publications have made as splashy a debut as Rupert Murdoch’s iPad-only The Daily, generating digital reams of commentary and criticism across the Internet, including in TidBITS (see “Why The Daily Is So Yesterday,” 3 February 2011). Nonetheless, now that we’re almost two months in from The Daily’s launch, it’s fascinating to see just how the $30 million in development funds and reported weekly budget of $500,000 are being spent. Thanks to The Daily’s commitment to transparency in publishing, we now have a behind-the-scenes look. These pages not only show the technology that’s in use every day in The Daily’s state of the art newsroom, but also document the procedures used by The Daily’s staff in producing new content every day. (Don’t be put off by the simple layout of these Web pages; they’re just reproducing a far more advanced iPad presentation, complete with a photo slideshow and video interviews.) Put simply, I remain astonished by what The Daily accomplishes, and I strongly recommend that anyone interested in what goes on at a modern publication check out The Daily’s story. ---- read/post comments: tweet this article: Text Vulnerability Discovered in iPhone and iPad ------------------------------------------------ by Rich Mogull article link: A security researcher today released details of a new vulnerability with serious implications for users of nearly all Apple products, but especially the iPhone and iPad. The flaw affects users of all versions of iOS and Mac OS X; and thus all Macs and iOS devices, including the latest MacBook Air and MacBook Pro models. The flaw also appears to affect the Amazon Kindle and many other ebook readers. The Apple TV is not affected. According to the researcher, Carl Noevil of Applied Conceptual Defense, any device capable of displaying the written word is vulnerable to social engineering attacks that could seriously affect its users. Once the device has been exploited, the attack self-propagates through all copies of the affected materials. Applied Conceptual Defense sells various filtering technologies that protect against the newly discovered vulnerability. Their security advisory states: “This is one of the most serious vulnerabilities we’ve discovered. The flaw affects nearly all Apple products and we’ve notified Apple, yet Apple has yet to provide any patches or notifications to their customers. We decided to release our findings so users can protect themselves until a fix is available. Current users of our products are fully protected.” When we queried Noevil for additional information via email, he wrote: “We couldn’t believe all the potential vectors we found. We were able to completely exploit almost every device and system we attempted to attack. While we mostly focused on Apple, we also proved that the vulnerability affects any device capable of displaying text, and it was trivial to create cross-platform attacks. Considering the severity of this vulnerability, we can’t believe Apple isn’t better protecting their customers. It’s completely irresponsible.” With maliciously structured combinations of characters, the attacker could spread divisive ideas or disinformation, cause a neurological buffer overflow, or generate an actual emotional response in the user. In extreme cases, an attack could create a disabling cognitive dissonance. That form of the attack has been correlated to actual physical injury if the user has their text display device activated while operating a motor vehicle. Unlike most security vulnerabilities, these attacks have been correlated to massive damage in the physical world, and they can propagate through both traditional and modern digital communication media. In a blog post the researchers state: “We’re still analyzing the historical research, but from what we can tell this vulnerability has been around for a very long time. We’ve found cases where it resulted in everything from poor decision making and emotional distress to political upheavals. The entire American Revolutionary War was the result of a variant of this vulnerability, for instance, and our investigations indicate that it may have played a role in the lead-up to the Bolshevik Revolution as well. There are also indications that WikiLeaks is actually a bot designed to exploit this vulnerability, but we haven’t yet finished decompiling all the code.” The researchers said they focused on Apple due to the popularity and proliferation of Apple products, and plan on releasing further research about the Amazon Kindle, Barnes & Noble Nook, and other trendy products that easily garner press attention. Aside from electronic devices, the vulnerability reportedly also affects printed books, magazines, newspapers, and even billboards. According to Applied Conceptual Defense, users of their ViewBlock textual filtering technology are not affected, and we’ve seen online comments that wearers of the Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses are also protected. Apple did not respond to requests for comments. ---- read/post comments: tweet this article: Apple to Offer Subscription Service and Subscription-Based Mac -------------------------------------------------------------- by Adam C. Engst article link: In the last year, two of the enduring rumors that swirled around Apple have come true: the Beatles appearing in the iTunes Store and the iPhone coming to Verizon Wireless. The fact that those rumors survived so long is a testament to how much sense they made — of course there should be a Verizon iPhone and of course The Beatles should be in iTunes. But they didn’t happen until Apple could iron out all the licensing issues and technical quirks. By this time next year, another enduring rumor will be realized: iTunes subscriptions. Since the launch of the iTunes Store, there has been speculation that Apple would offer a subscription option alongside the à la carte sales. Some small movement in that direction happened with movie and TV show rentals from the iTunes Store, but that was just a warmup for the real goal, an all-encompassing subscription service tentatively called the Apple Plan. Put simply, the Apple Plan bundles together everything you do on your Mac or iOS device for a monthly fee. And when I say “everything,” I mean everything. The Apple Plan includes a metered 4G mobile broadband data plan, over which you can stream music, movies, TV shows, audiobooks, and even ebooks — basically anything that’s available in the iTunes Store or the iBookstore. But that’s not all — you can also download and use any apps from the App Store or the Mac App Store that you want (assuming the developer has agreed that their app can be rented instead of purchased outright). The Apple Plan won’t be cheap, because it has the potential to replace your Internet service (say, $50 per month), one or more cell data plans (another $15 to $60 per month), Netflix ($10 per month), Pandora or Rdio ($3 to $10 per month), Audible ($15 to $23 per month), and Booksfree ($14 to $50 per month). Our sources say that pricing hasn’t yet been decided, but will probably run $200 to $250 per month. It’s also likely that Apple will allow Apple Plan users to pick and choose what they want to subscribe to; that too remains undecided, but would enable customers to swap Apple’s metered 4G data plan for existing broadband cable or DSL access. The Apple Plan is audacious enough on its own, but Apple is taking it even further, having learned from the success of the iPhone and iPad. From a user perspective, having to pay for upgrades constantly is a pain, and dealing with the issues related to backup and moving to new computers is even more so. And from a business perspective, Apple is willing to trade a bit of hardware margin in exchange for ongoing subscription revenues. So look for a new MacBook Air-like machine to debut in the next year, perhaps in time for the holiday buying season. It won’t be particularly unusual in terms of its hardware specs, other than the addition of a 4G wireless chipset, but what will set it apart is a $99 price designed to woo people still relying on old PCs running Windows XP. Like inexpensive mobile phones, the hardware may be cheap, but it will require a two-year Apple Plan, which is where Apple will make up the difference on selling price. In a move sure to generate exabytes of online controversy, it won’t be possible to install software on this Mac other than via the Mac App Store; for Apple to justify the low selling cost, the company has to be certain that it gets a cut of all software revenue. Also certain to cause controversy is Apple’s revenue sharing approach with the Apple Plan. Since Apple controls the entire platform and the iTunes account through which the Apple Plan is mediated, monthly revenues after bandwidth fees and some base amount to cover hardware costs will be based entirely on usage time, with Apple’s traditional 70/30 split. A background process will keep track of which subscribed items are in active use. For instance, let’s assume that the Apple Plan costs $250 per month after bandwidth fees, and Apple keeps $100 of that to pay for the hardware. (Obviously, if you’re buying the Apple Plan for use with existing machines, you wouldn’t be paying for the hardware.) Of the remaining $150, Apple would keep 30 percent and divvy 70 percent up between all the apps and media consumed during that month, based on the amount of time you spent using each app, reading each book, listening to each song, and watching each movie. Also worked into the equation is the “list” price of each item, so if you spend an hour reading a $9.99 book, that book would earn a larger chunk of your monthly payment than would an hour-long TV show priced at $1.99. In essence, you’re paying for where your attention is, with media playing in the background as the only exception. You can see why deciding on final pricing is so tough, since Apple is trying to make the Apple Plan as affordable as possible while still ensuring that the movie studios, recording artists, book publishers, and app developers all earn enough money to agree to the scheme. Nonetheless, the company’s hope is to be able to offer the entire contents of the iTunes Store and iBookstore at launch, along with a large percentage of the App Store and Mac App Store. From the customer perspective, though, if the Apple Plan can replace enough other services, the simplicity of a single service and bill and the ability to explore music, video, books, and apps without per-item charges is a compelling combination. Finally, expect to see a firestorm of controversy surrounding the question of whether it’s acceptable to allow a single company so much dominance over our culture. The now-rejected Google Books settlement has nothing on the hackles that the Apple Plan will raise among cultural critics and commentators (see “Judge Rejects Google Books Settlement,” 24 March 2011). But if Apple’s track record over the last decade is any indication, the Apple Plan is also going to be a massive hit and will ensure the company’s lasting dominance. ---- read/post comments: tweet this article: Bartleby, For When You Prefer Not To ------------------------------------ by Michael E. Cohen article link: Almost everyone has heard of writer’s block: that debilitating condition nearly every writer suffers at one time or another when the words just won’t come. Gene Fowler may have expressed the condition best when he said that “Writing is easy: All you do is stare at a blank sheet of paper until drops of blood form on your forehead.” Few people, however, are aware of the opposite, but very real, problem, which can be just as debilitating: writer’s overdrive. Take Control Editor in Chief Tonya Engst, however, knows the problem all too well: At least one of her authors has had episodes of over-productivity that have put her in the unenviable position of being in the middle of producing one of his books only to find out that he has submitted the manuscript for the next edition, along with a detailed outline of the one to follow. “I have a business to run, a child to raise, and a husband to keep in running shoes; I don’t have time to be this person’s personal publishing lackey, regardless of how good his books are!” That’s why she was more than happy to buy her hyperactive wordsmith a copy of Literature & Latte’s newest writing aid: Bartleby. Built upon the well-regarded and versatile foundation of Scrivener, the company’s flagship content-generation tool, Bartleby can best be described as a content-generation governor. As a Scrivener add-on, Bartleby monitors a writer’s productivity moment by moment, and provides helpful prompts and distractions when it looks like productivity has begun to edge into logorrhea. Bartleby relies upon a complex collection of carefully tuned algorithms, dubbed the “Interocitor Engine.” The Interocitor evaluates both writing rate and quality, the latter evaluation derived by comparing the current session’s work to a database of both the writer’s own previous works and well-regarded similar works of other writers. When the matrix of evaluative results edges into what the program calls “the danger zone,” Bartleby swings into preemptive action, which, depending upon the writer’s previously learned behavioral patterns, can either be explicit alerts that remind the writer to slow down or more subtle and creative distractions. While using Bartleby in the process of writing this article, I discovered that the software, as advertised, remained unnoticed while I was struggling to compose the opening of the piece, but that it quickly activated when I experienced a creative burst that had my words tumbling out faster than I could type. When I ignored Bartleby’s initial reminders to slow down, Bartleby began to take more obtrusiv… oh, wait, look at this great Web page that has singing cats riding dolphins!!! BRB! ---- read/post comments: tweet this article: $$ This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe! Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017. Copyright 2011 TidBITS: Reuse governed by Creative Commons license. Contact us at: License terms: Full text search: Subscriptions: Account help: