TidBITS#1126/14-May-2012 ======================== Issue link: Security news continues this week, with Apple releasing Mac OS X 10.7.4, Safari 5.1.7, and Security Update 2012-002, all largely to address security-related issues. Plus, Adobe fixes a security vulnerability in Photoshop, initially requiring a paid upgrade to Photoshop CS6 but later announcing that the fix would also be made available to users of Photoshop CS5.x. Moving to the practical, Joe Kissell explains how you can keep your MobileMe email address without upgrading to iCloud, and Adam Engst looks into what can happen if zooming is turned on accidentally in iOS and Mac OS X. Finally, Andy Affleck joins us with coverage of the genealogical program Reunion 10, and Joe shines a harsh light on Apple’s abundance of alerts. Notable software releases this week include Security Update 2012-002 (Snow Leopard), EasyFind 4.9, BBEdit 10.1.2, CloudPull 2.0.3 and 1.5.7, Microsoft Office 2011 14.2.2 and 2008 12.3.3, PDFpen and PDFpenPro 5.8.1, and Evernote 3.1. Articles Apple Hardens Security with Mac OS X 10.7.4 and Safari 5.1.7 Adobe Relents on $199 Photoshop Security Fix Keep Your MobileMe Email Address without iCloud Beware Accidental Zooming in iOS (and Mac OS X) Reunion 10 Offers Better Genealogical Overviews, Web Search An Alarming Abundance of Alerts TidBITS Watchlist: Notable Software Updates for 14 May 2012 ------------ This issue of TidBITS sponsored in part by: -------------- * READERS LIKE YOU! Support TidBITS by becoming a member today! Check out the perks at Special thanks this week to Julian Kateley, Howard Schoeberlein, Floyd Doughty, and Joseph Bazan for their generous support! * BBEdit 10 from Bare Bones Software — All the editing power you need, with more than one hundred new features! The leading professional HTML and text editor for the Mac keeps getting better! Download the demo and see for yourself! * Dragon speech recognition software for Macintosh, iPhone, and iPad! Get the all-new Dragon Dictate for Mac from Nuance Communications and experience Simply Smarter Speech Recognition. Learn more about Dragon Dictate: * CrashPlan is easy, secure backup that works everywhere. Back up to your own drives, computers, and online with unlimited storage. With unlimited online backup, this is one resolution you can keep. Back Up Your Life Today! * New from Smile: PDFpen for iPad. Sign contracts, make changes, fill out applications and more. With iCloud storage, you get seamless PDF editing on your Mac and iPad. Take control of your PDFs wherever you are. Get it on the App Store: * Intego: Stay up to date with the latest Mac security news on the Mac Security Blog. Get info about essential security updates, the latest Mac threats, and security tips to help keep your Mac safe from the dangers of the Internet. * Noteboom Video Tutorials for Apple Software: “When I started these tutorials, everything made sense! I totally agree with all the other 5 star reviews. Well worth the money! -GV” iMovie, Lion, iPhoto, and more! * Is your Mac volume too low? Global Delight’s Boom volume booster and system-wide equalizer gives your Mac that extra audio boost when you’re having trouble hearing a streamed movie from Netflix. Try the free trial of Boom today! * Scan anywhere with Doxie, the scanner for your Mac. Doxie scans paper, photos, and receipts anywhere — no computer required. And Doxie’s great Mac software organizes, creates searchable PDFs, sends to the cloud, and more. * Fujitsu ScanSnap Scanners — Save your business time and money with our easy-to-use small ScanSnap Scanner line. Eliminate paper piles by scanning documents, business cards, and receipts. Visit us at: ---------- Help support TidBITS by supporting our sponsors ------------ Apple Hardens Security with Mac OS X 10.7.4 and Safari 5.1.7 ------------------------------------------------------------ by Jeff Carlson , Rich Mogull article link: 4 comments Apple last week released two updates that are important largely for their security-related changes: Mac OS X 10.7.4 and Safari 5.1.7 for Mac OS X. **Mac OS X 10.7.4** -- First up is Mac OS X 10.7.4, which fixes a security error introduced in 10.7.3 that exposed a user’s password if they upgraded to Lion while leaving the legacy version of FileVault enabled. The flaw was due to a developer leaving debugging code enabled, which logged the user’s password in plain text. This problem affected only the older version of FileVault that encrypted a user’s home directory, as opposed to the FileVault 2 feature introduced in Lion that encrypts the entire disk. To be exposed, you would have had to upgrade a legacy FileVault system to Lion and keep the older FileVault in place. Although this extremely serious bug essentially negated any password security on affected systems, it’s unlikely that many users were exposed. In addition to a number of other security-related changes, Mac OS X 10.7.4 corrects or improves a few additional behaviors. It fixes an issue where the “Reopen windows when logging back in” setting was always enabled, improves the reliability of copying files to an SMB server, and fixes a problem that prevented files from copying to a server. Also, compatibility has been improved with some British third-party USB keyboards. Permission issues that cropped up when using the Get Info window’s option to “Apply to enclosed items” have also been addressed. Other changes include better printing to an SMB print queue, improved performance when connecting to a WebDAV server, a fix for using a proxy auto-configuration (PAC) file, and reliability of binding and logging into Active Directory accounts. Raw image compatibility for recent cameras has also been updated, including the Nikon D800 and Canon EOS 5D Mark III. Mac OS X 10.7 Lion Server also receives updates related to file sharing, Profile Manager, mobile accounts, server administration, the email and Web servers, and Xsan. The Mac OS X 10.7.4 Update is available via Software Update as a 729.6 MB download; standalone updates are available in four forms. If you’re going to bother to download an update instead of relying on Software Update, it’s worth getting the combo update that will update any version of 10.7, since there have been a few issues in the past with the smaller delta updaters. * Mac OS X Lion Update 10.7.4 (692.68 MB) * Mac OS X Lion Update 10.7.4 Combo (1.4 GB) * Mac OS X Lion Update 10.7.4 Server (738.71 MB) * Mac OS X Lion Update 10.7.4 Server Combo (1.49 GB) **Safari 5.1.7** -- An even more interesting security-related improvement comes from Safari 5.1.7 for both 10.7 Lion and 10.6 Snow Leopard. It’s a roughly 45 MB download via Software Update or from Apple’s Support Downloads page. One of the biggest security vulnerabilities on Macs (or any system) comes from running out-of-date software. This is especially problematic with browser plug-ins like Adobe Flash that are easy to exploit remotely, but that few users think to upgrade. Safari will now check the version of Flash you are running and disable it if it is not capable of updating itself to a current version. Flash versions 10.1.102.64 (yes, that’s a version number, not an IP address) and older don’t include the capability to update themselves to new releases, requiring users to update manually. Newer versions check for updates automatically, which minimizes the chances a user will be exposed to Flash-related security issues. If you are running Flash 10.1.102.64 or older, Safari will disable it and redirect you to download and install a current version from Adobe. Flash is otherwise unaffected. This is similar to a feature Mozilla added to the Firefox Web browser in 2009 and is a strong move to protect Mac users. Flash is frequently a source of security issues and this limits the window during which Safari users are likely to be exposed to known Flash vulnerabilities. Safari 5.1.7 also improves browser responsiveness in low memory situations, fixes a problem that could prevent Web pages from responding after using a pinch-to-zoom gesture, and addresses several security vulnerabilities related to WebKit. Not seeing Safari 5.1.7 in Software Update? Mac OS X 10.7.4 includes Safari 5.1.6, which provides some unspecified stability improvements. After updating Mac OS X, you will then be prompted to install Safari 5.1.7. ---- read/post comments: tweet this article: Adobe Relents on $199 Photoshop Security Fix -------------------------------------------- by Adam C. Engst article link: 5 comments Both Apple and Microsoft are good about releasing security-related updates to the previous generations of their software. Apple continues to keep Mac OS X 10.6 Snow Leopard updated even while 10.7 Lion is current, and Microsoft ensures that both Office 2011 and Office 2008 don’t become vectors for attacks as well. But Adobe seemed to be tone-deaf to this approach with its initial plan to fix the latest security vulnerability in Photoshop CS5 and earlier for both Mac OS X and Windows. In short, a maliciously crafted TIFF file could corrupt memory in such a way as to allow an attacker to take control of the affected system. Adobe has known about the vulnerability since late September 2011, and rates it as critical, but of the lowest of three priority levels. Presumably because of the low priority, Adobe initially chose to close the hole only in Photoshop CS6, which is a $199 upgrade. What if you didn’t want to upgrade to Photoshop CS6, which may involve learning curve and plug-in compatibility costs beyond the $199 upgrade fee? Adobe said, “For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.” Ouch. It’s bad to use security vulnerabilities as a reason to encourage paid upgrades. Three days after posting the initial security bulletin about this issue — and catching a considerable amount of heat from professional users and the press — Adobe changed its stance. The company is now promising a security update to Photoshop CS5.x (along with Illustrator and Flash Professional, which were apparently also vulnerable). No mention was made of previous versions, nor was a release date given. Beyond that, the real problem is that now that the vulnerability has been made public, it’s just asking to be exploited by malware authors who know that there is a very large population of Photoshop users who won’t have updated to CS6, especially given that CS6 has been available for only a few weeks. Worse, there are plenty of people — think schools with unsophisticated users and older machines — who won’t be able to upgrade to CS6 for some time, if ever. We’ve already seen SabPub and Flashback targeting already-closed vulnerabilities — how long will it be before new variants utilize this one? Until the update for Photoshop CS5.x appears, and in general if you’re using an earlier version, be careful of Trojans bearing TIFFs. ---- read/post comments: tweet this article: Keep Your MobileMe Email Address without iCloud ----------------------------------------------- by Joe Kissell article link: 6 comments If you’ve already migrated your MobileMe account to iCloud, move right along — nothing to see here. But if you haven’t yet done so because one or more of your devices doesn’t meet Apple’s system requirements for iCloud, you should be aware that Apple is now offering MobileMe users a way to keep their existing email addresses and calendars, even after MobileMe shuts down for good on 30 June 2012. Until a couple of weeks ago, it looked as though the end of MobileMe would mean the permanent disappearance of access to email for me.com or mac.com addresses that hadn’t been upgraded to iCloud. Apple supported the MobileMe-to-iCloud transition only on Macs running 10.7 Lion and on PCs running Windows 7 or Vista, so people with older desktop operating systems couldn’t migrate their old MobileMe accounts, even if they had iOS devices that support iCloud. At the beginning of May, however, Apple sent email messages to people with valid but unconverted me.com and mac.com addresses, informing them that they could keep those addresses — as well as access to their MobileMe calendars — even if they can’t sign up for iCloud. In case you didn’t get one of these email messages, here’s a quote from Apple’s MobileMe Transition and iCloud page: **What if I just want to keep using my email on all my devices?** As of May 1, you can choose to keep using your mail after MobileMe ends, even on devices that don’t meet the iCloud system requirements. Just go to me.com/move and select the option to keep using your email after MobileMe ends. Once you have completed this short process, your mail will continue to work on devices that don’t meet the iCloud requirements after MobileMe ends on June 30th, 2012. If you visit that page, sign in with your old address, and click the Next button beside “Not all my devices meet requirements,” you’re prompted to agree to the iCloud Terms of Service, after which your email and calendars — but _not_ other MobileMe data — are transitioned to iCloud. From then on, you can access those two services in a Web browser at www.icloud.com. If you later upgrade your devices so they are fully iCloud-compatible, you can then use them to sign in to iCloud and access the remaining features as well. Apart from the fact that this reprieve affects only email and calendars, what may not be clear from Apple’s description is that it offers users of older operating systems only Web-based access to that data once it’s migrated. After all, Mail and iCal in Snow Leopard still don’t know how to set up and access an iCloud account, so even though they’ll still connect to the MobileMe servers today, that access will end when MobileMe does. Those, at least, are solvable problems. In Mail, after moving your address to iCloud, delete your existing MobileMe account: Choose Mail > Preferences, click Accounts, select your MobileMe account in the list on the left, and click the – (minus) button. Then click the + (plus) button to add a new account and fill in your mac.com or me.com address and password. But now _hold down Option_ while clicking Continue. This bypasses Mail’s automated setup process (which would configure the account for the MobileMe servers — not what you want). On the next screen, choose IMAP from the Account Type pop-up menu. Enter imap.mail.me.com for the incoming mail server address, click Continue, and enter smtp.mail.me.com for the outgoing mail server address. Once you’ve completed the process, Mail in Snow Leopard should be able to check your iCloud mail both now and after MobileMe is turned off. As for calendars, see “iCal in Snow Leopard Can Participate in iCloud” (11 December 2011). Finally, once you’ve done all this, don’t forget to deal with any other data that’s still on the MobileMe servers — I’m thinking especially of any files on your iDisk. The only safe assumption is that they will all be irrevocably deleted at the end of June, so don’t wait to find them new homes! I offer suggestions for doing so, as well as a great deal of other helpful information about moving to iCloud, in “Take Control of iCloud.” ---- read/post comments: tweet this article: Beware Accidental Zooming in iOS (and Mac OS X) ----------------------------------------------- by Adam C. Engst article link: 3 comments A highly technical friend recently posted to a private mailing list of Mac and iOS programmers with an odd-sounding problem: after he updated his iPad 2 to iOS 5.1, he lost about a quarter-inch of the screen on the top and bottom of his iPad. Everyone was stumped by his description of the problem, and it wasn’t until later, when he was messing around with the iPad in person with another friend, that they hit on the solution. For unknown reasons, iOS on my friend’s iPad had decided to enable its Zoom feature. Hidden deep within iOS’s accessibility settings, Zoom enables people with low vision to magnify the entire visible screen, in essence turning the iPad’s physical display into a window on a much larger virtual display. The confusing bit for my friend is that he didn’t turn Zoom on intentionally, and he is neither the sort to do such things unintentionally, nor to share his iPad with someone else who might have. From what I can tell from reading a variety of Apple Support Communities discussions, it’s not entirely uncommon for Zoom to be toggled without the user’s knowledge, either by another user or by iOS gremlins. Regardless of how or why Zoom can be enabled inadvertently, if you’re experiencing this problem, here’s how to solve it. Go to Settings > General > Accessibility > Zoom, and turn Zoom off. If, on the other hand, you’re thinking, “Hey, it might be nice to be able to zoom the screen on occasion,” you can turn Zoom on, and remember that the magic incantation to invoke it is a double-tap with three fingers. Those three fingers remain important, since double-tapping again returns you to the default magnification level. And, if you want to change the magnification level, double-tap with three fingers and then drag up (to make objects on screen larger) or down (to make them smaller). When I raised this article topic on our TidBITS staff call, “Take Control of Using Lion” author Matt Neuburg immediately chimed in to say that he had heard numerous reports over the years of people running into roughly the same problem in Mac OS X. It’s easier to zoom the screen accidentally in Mac OS X, where holding down the Control key and swiping up with two fingers on a trackpad or rolling up on a scroll wheel or scroll ball will zoom in. Swiping or scrolling down with the Control key held down zooms back out. The problem is that if you zoom only a tiny bit, the main evidence can be slightly fuzzy text and graphics, since everything is being scaled just a little, along with an occasional slight movement of the entire screen because the zoomed image follows the position of the mouse pointer. (Users who have experienced this accidental zooming often describe feeling slightly nauseated by their screens.) This setting is off by default in Mac OS X 10.7 Lion, but it was on by default in some earlier systems, so that users often stumbled on this feature by chance, without knowing what it was. On your machine, you may have turned it on, or you may have inherited an “on” setting from an earlier system. In pre-Lion systems, this setting was available through the Mouse or Trackpad pane of System Preferences. In Lion, however, it can be harder to find, and the interface is somewhat deceptive. It appears, at first, that you control zooming in the Seeing view of the Universal Access pane of System Preferences. In reality, though, the overall Zoom setting can be set to off, but the trackpad/scroll wheel/scroll ball approach still works if it’s enabled separately. (All that turning Zoom off really does is disable the Command-Option-plus/minus keyboard shortcuts for zooming to preset magnifications.) The setting you want — “Use scroll wheel with modifier keys to zoom” — is in the dialog that appears when you click the Options button. (In Lion, you can also use “Zoom using scroll wheel while holding” in the Mouse preference pane; it applies universally, even though there’s no comparable setting in the Trackpad preference pane.) _Be careful in this dialog!_ It is very easy to change the modifier key setting accidentally when this dialog is open. I generally recommend leaving this feature turned on, though you might prefer to set the modifier-key trigger to something you’re less likely to use by mistake, such as Control-Option, or even Control-Shift-Option. It’s just too useful to be able to zoom in on something small on occasion. For a full explanation of the many zoom options, see “Take Control of Using Lion,” where Matt has documented them exhaustively. ---- read/post comments: tweet this article: Reunion 10 Offers Better Genealogical Overviews, Web Search ----------------------------------------------------------- by Andy Affleck article link: Genealogy buffs, take note! Leister Productions has released Reunion 10, a significant upgrade of their venerable genealogy tool, with a focus on improving navigation of complex family trees. Most obviously, the Family Card, the initial view showing the source individual, their parents, spouse, spouse’s parents, and all children, has been replaced with the far more customizable Family View. Along with numerous display options, every person’s card can now contain a picture as well as any event or fact you care to display. Also notable is the new Tree View, which replaces the former Overview and offers a scrollable tree (either in hourglass or pedigree format) enabling you to explore the family tree in a more fluid manner. A new right sidebar — populated by clicking items in the left sidebar — provides different lists including people, sources, multimedia, relatives (people sorted by their relationship to a specified individual), ages, places, treetops (the oldest known ancestors on every branch of the tree), and more. You can hide this sidebar to provide more screen real estate to the information-heavy Family and Tree views. The sidebar also serves as a source for dropping places into place fields in appropriate views, and you can drop people into Relatives, Treetops, and Ages sidebars to show the associated data. Reunion 10 also sports several new reports and charts, including a report that lets you see the makeup of an individual’s family on a particular date, an obituary report, and a chart showing the relationship between two specific individuals. Plus, non-blood relatives can now be shown in a relationship report or chart (for example, someone who is the daughter of the spouse of your second cousin). Other new and improved reports include an events report that shows a list of events for people in the family and a multimedia usage report that helps you identify where files are linked. Although these new display and reporting features are welcome, they’re aimed at providing a better overview of data that’s already in Reunion. Instead, my favorite new feature is the built-in Web search that enables me to perform a quick search for a given person on a number of key genealogical Web sites, either one at a time or a set of favorites at all once. In just a few minutes of playing around, I found the death certificates and the names of the parents of my great-great-grandfather. There are many other smaller improvements along with videos explaining Reunion’s top ten new features, which join a long list of genealogical goodies for those who aren’t yet familiar with Reunion’s existing capabilities. New copies of Reunion 10 are available directly from Leister Productions for $99; upgrades from earlier versions cost $49.95. Companion iPhone and iPad apps that work with both Reunion 9.0c and 10.0 are available for $14.99 each. ---- read/post comments: tweet this article: An Alarming Abundance of Alerts ------------------------------- by Joe Kissell article link: 10 comments Thanks to iCloud, my calendars sync wirelessly and instantly across all my devices — and can be edited anywhere. This is a fantastic capability, one that I have come to depend on. But one aspect of calendar syncing is, shall we say, alarming. And it’s not even specific to iCloud, but rather a function of the way Apple’s operating systems handle calendar alerts on each platform when calendars are synced from _any_ source. At 3:00 PM yesterday, I had a meeting scheduled across town, and in order to ensure that I remembered in plenty of time to get there, I had set an alert to go off an hour ahead of time. Precisely as requested, at 2:00 PM, my iMac beeped and flashed a reminder on its screen. So did my MacBook Pro. And my iPhone 4S, and my old iPhone 4 that I now use for testing. And my new iPad, and my iPad 2 that’s still in use. And my wife’s Mac, and her iPhone, and her iPad, since I shared my calendar with her. That’s right: Nine devices in our household beeped and displayed reminders for the very same event! (And because the devices’ clocks aren’t perfectly in sync — another inexplicable irritation — these beeps were spread out over a period of about 30 seconds.) Yesterday was a slow day, too — just one meeting. Often this sort of thing happens numerous times a day. And it’s not just the events on my personal calendar, my wife’s calendar, and our shared family calendar that prompt these alerts. Whenever Adam Engst has a TidBITS-related meeting or appointment for which he has (quite reasonably for him) set an alarm, all my devices remind me about that, too, because Adam has shared the TidBITS calendar with the whole staff via iCloud. Given the six-hour time difference between Adam and me, those alerts have sometimes occurred at very inconvenient times! I grant that my situation is somewhat atypical. Owing to my profession, I accumulate Macs and iOS devices at a rather embarrassing rate. But I know lots of people with three or four Apple devices, all of which sync the same calendars via iCloud, Google Calendar, or Exchange servers. And a quick Web search revealed that many thousands of us multi-device users are getting pretty annoyed at all these redundant alerts, especially those that come from calendars shared by other people. **The Problem with Disabling Alerts** -- Now, hold it right there, because I know what you’re going to say. You’re going to say that I can just disable alerts for any given calendar, on any given Mac. Yep, I realize that. In iCal, I can select a calendar, choose Edit > Get Info, and select the Ignore Alerts checkbox. Or, in BusyCal, I can select a calendar, choose File > Get Info, and deselect the Alarms checkbox. Either way, that means I’ll never see alerts for that particular calendar on that particular Mac. But that’s not what I want. First of all, disabling alerts per calendar is a trick you can currently do _only_ on a Mac, not on an iOS device. So at best, it would solve only part of the problem. And second, having per-calendar granularity is nice, but what I want even more is per-device granularity — a way to enable or disable alerts for all the calendars I care about on any particular device. The thing is, I usually do want to see and hear those alerts — at least those that come from my own calendars. I just don’t want to get them on _all_ my devices. I want to get my alerts only on the device that’s nearest to me at any moment. Having to go around to many devices in many locations and dismiss alerts is not a productive use of my time. On the other hand, sometimes the crucial decision of when to dismiss an alert is taken out of my hands! On my Mac, if I don’t dismiss an alert right away, it simply stays on the screen until I do, without interfering with anything else I’m doing. If I’m busy working on something, I might just leave the alert on the screen until I can deal with it, or I might click the Snooze button. That’s all fine. But I don’t get that option on my iOS devices. If I’m actively using a device, I can dismiss an alert or open it in Calendar, but I can’t snooze it. If the device is asleep, then I see the alert on the lock screen, but unlocking the device makes the alert disappear, so if I’m not able to deal with it immediately — for example, if I get interrupted with a message or phone call — I have to remember to perform an additional step to see what it was. **Potential Paths to Less-Alarming Calendars** -- Some preliminary signs give me a ray of hope that Apple may at least be on the trail to a solution. According to a report from 9to5 Mac, the latest developer preview of OS X 10.8 Mountain Lion has a system-wide “Do Not Disturb” switch that would presumably prevent all alerts — whether from your calendars or otherwise — from interrupting you on that Mac until you turn alerts back on. If that feature does turn out to be in the final version of Mountain Lion, I’d have to say it sounds like a small but meaningful step in the right direction. It would be an improvement over what we have today in that it affects all your calendars and can be toggled with just a couple of clicks. However, the problem that feature appears to solve is, for me, the least important aspect of my gripe. For one thing, it may reduce unwanted alerts on my Macs, but I’ve heard no rumors of an analogous option forthcoming for iOS devices. Perhaps Apple is planning exactly that for iOS 6, and if so, that would certainly be a bigger step in the right direction. But even having a “Do Not Disturb” switch on all my devices that’s as easy to access as, say, the Airplane Mode switch would still amount to little more than a tease. It would mean I have to flip that switch off, on all my devices except one — and then, when a different device becomes the one I want to pay attention to, remember to turn off “Do Not Disturb” on the first device manually and activate it on the other one. So, instead of having alerts everywhere that I can’t get rid of, I’d have to take on the burden of constantly reminding all my devices which one(s) I want to hear from! Yeah, that’s totally going to happen. If Apple wanted to take a big step toward solving this problem, a wiser solution would be a switch that means “Show me alerts _only_ on this device.” In other words, if I activate that setting on my iPhone, it automatically switches all my _other_ devices into “Do Not Disturb” mode. The information that a certain device has become primary could be pushed to all my other devices the same way calendar updates are currently. But even that, better though it may be, would require more manual effort than I want to put into maintaining my alarms, which is zero. What I really want is for that switch to figure out, on its own, when it should be on — with an option to override it manually, of course. That may sound like magic, but I think it’s entirely plausible. All my Apple devices can already tell when they’re being used actively, because when they are, they don’t go to sleep. If one of my devices knows it’s in use, presto, that one becomes my primary device for alerts, and stays that way until another device senses that it is being used. If I’m not actively using a device, I might still have an iPhone in my pocket or an iPad in my backpack. Those devices have sensitive motion detectors, and could infer from the fact that they’re being bumped around a bit that I’m carrying them. That fact could trigger such a device to become primary. Perhaps Apple could get even fancier and look at things like where and when I typically use various devices, and use that to make better guesses about which device should be primary at any given time. I’m not saying it would be trivial to figure this out, but it strikes me as being merely a software engineering challenge, not something that requires entirely new technology. **One Alert at a Time** -- Ultimately, I would like to see a system of cascading alerts. My devices make their best guess about which one is primary at the moment, and display any alerts on just that one device. If I dismiss an alert there, that’s the end of the story. If a few minutes go by without any action from me, the next-most-likely device displays the alert, and so on. But regardless of where I ultimately see that alert, explicitly dismissing it makes it disappear from _all_ my screens. In addition, I want to be able to snooze any alert on my iOS devices, regardless of whether the device happens to be asleep when the alert pops up. And finally, for bonus points, I’d like snoozes to follow me, too. In other words, if I snooze an alert for an hour, and during that hour switch from one device to another, I want the alert to reappear only on the newly primary device! There are undoubtedly other possible solutions to the problem, and maybe Apple will come up with something far more elegant than what I’m imagining. But I hope something changes soon. Ironically, this constant beeping makes me less likely to set alarms at all, simply so I can avoid the excessive distraction. If alerts are to be useful — neither background noise nor an irritation to be avoided altogether — Apple needs to find a way to make them smarter. ---- read/post comments: tweet this article: TidBITS Watchlist: Notable Software Updates for 14 May 2012 ----------------------------------------------------------- by TidBITS Staff article link: **Security Update 2012-002 (Snow Leopard)** -- Alongside Mac OS X 10.7.4 and to address roughly the same set of vulnerabilities, Apple has released Security Update 2012-002 for Snow Leopard and Snow Leopard Server. The fixes revolve around the open source components of Mac OS X (including curl, Ruby, and Samba), directory services, and dealing with maliciously crafted files in ImageIO, QuickTime, and various other internal libraries. Unlike some other recent Apple updates, we haven’t seen any widespread reports of problems. (Free, 238.73/258.11 MB) Read/post comments about Security Update 2012-002 (Snow Leopard). **EasyFind 4.9** -- DEVONtechnologies has released EasyFind 4.9, an update to the company’s freeware utility that can be used as an alternative to or supplement of Spotlight to find files (see “EasyFind 4.0: It’s Easy, It Finds, It’s Free,” 11 October 2007). This update adds an Active Finder window option to the Location pop-up menu plus the capability to drop files or folders on either EasyFind’s Dock or Finder icon to search them. It also promises more reliable and faster content searching, as well as improved handling of Quick Look on Mac OS X 10.6 Snow Leopard and later. (Free from DEVONtechnologies or the Mac App Store, though the latter hasn’t yet caught up with 4.9, 2.0 MB) Read/post comments about EasyFind 4.9. **BBEdit 10.1.2** -- Getting into the spirit of spring cleaning, Bare Bones Software has released BBEdit 10.1.2, which contains nothing but fixes for reported issues. The extensive list includes over 40 items that focus on improving stability and compatibility, and dedicated BBEdit users might want to read the release notes for a comprehensive look at all the changes. Aside from the abundance of bug squashes, the release also updates the About BBEdit window with a corrected link for the Caffeine Production credit and an addition of a Black Blood of the Earth credit (which is a good reminder to always check out the About window in your software). ($49.99 new from Bare Bones or the Mac App Store, free update, 7.3 MB) Read/post comments about BBEdit 10.1.2. **CloudPull 2.0.3 and 1.5.7** -- Golden Hill Software has updated both of its versions of CloudPull (2.0.3 for Mac OS X 10.7 Lion and 1.5.7 for 10.6 Snow Leopard). Both releases of the backup program for Google data (see “Back Up Your Google Data with CloudPull,” 6 March 2012) put the brakes on the speed at which they request photos for contacts when backing up Google Contacts, as the apps were exceeding Google’s limits, causing some backups to fail. You can download or purchase both versions of CloudPull directly from the Golden Hill Software Web site (where you can take advantage of a 20-percent discount for TidBITS members), or purchase version 2.0.3 from the Mac App Store. Additionally, Golden Hill notes on its blog that the recent changeover from Google Docs to Google Drive (see “Google Drive and SkyDrive Take Aim at Dropbox,” 24 April 2012) is transparent in both the current Lion and Snow Leopard versions of CloudPull, but that the next releases will update the user interface text to reflect the change in nomenclature. ($24.99 new, free update, 7.4/6.2 MB) Read/post comments about CloudPull 2.0.3 and CloudPull 1.5.7. **Microsoft Office 2011 14.2.2 and 2008 12.3.3** -- Microsoft has released Microsoft Office 2011 14.2.2 and Office 2008 12.3.3, both of which fix “extremely important issues” and improve overall security. In particular, the updates patch vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code. (Free updates as a download from the Office for Mac Web site or through Microsoft AutoUpdate, 110 MB/218 MB) Read/post comments about Microsoft Office 2011 14.2.2 and 2008 12.3.3. **PDFpen and PDFpenPro 5.8.1** -- Giving the people what they want, Smile has updated both PDFpen and PDFpenPro to version 5.8.1 to add an oft-requested viewing option. With the new Zoom to Width feature, you can zoom to fill the available width of your screen, as well as set Screen Width as your default view in the app’s preferences. The release also improves accuracy of OCR and text selection and blends in some additional (though unspecified) enhancements and minor fixes. ($59.95/$99.95 new with a 20-percent discount for TidBITS members, 43.3/44 MB) Read/post comments about PDFpen and PDFpenPro 5.8.1. **Evernote 3.1** -- Evernote has updated its eponymous note-taking and snippet-keeping software to version 3.1 with a number of user interface changes, new features, and fixes. At the top of the list, Evernote replaces its thumbnail view with a notecard view, which was previously seen only in Evernote’s full-screen mode on the Mac. (The notecard view will also be familiar to users of the Evernote iPad app.) You’ll still see small thumbnails of images on the cards, but if you’ve added notes to any image, you’ll see the opening lines of text accompanying the thumbnail. Evernote 3.1 also adds a Save Attachment feature that enables you to export all files placed within a note (or multiple notes) to a folder on your Desktop, header printing capabilities (title, dates, tags, and notebook), and date and time stamps that can be placed within the body of a note. Fixes include improved highlighting accuracy in search results within PDFs and preventing notes placed in Evernote’s Trash from appearing in Spotlight search results. (Free from the Mac App Store, 21.5 MB) In addition to the Mac app, Evernote has updated its iOS app to version 4.2.0 with a redesigned note editor for iPhone users. The release now places attachment options at the top of the note editor, moves text styling options to a new tab, and adds tagging capabilities to the updated note info screen. See the Evernote blog for more details on new features and improvements. Read/post comments about Evernote 3.1. $$ This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Apple Internet community. Feel free to forward to friends; better still, please ask them to subscribe! Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017. Copyright 2012 TidBITS: Reuse governed by Creative Commons license. Contact us at: License terms: Full text search: Subscriptions: Account help: