TidBITS#1073/18-Apr-2011

Adam wraps up his multi-part examination of Google’s Gmail this week with a look at Mailplane — which gives Gmail’s Web-based interface many of the features of a desktop application — and with coverage of the Boomerang service for scheduling Gmail message delivery and reminding users when correspondents haven’t replied. Also this week, Security Editor Rich Mogull explains why a security breach at a relatively unknown firm forced Apple to update Mac OS X, iOS, and Safari. Lastly, Lex Friedman relays details about the forthcoming Final Cut Pro X that Apple revealed at the FCPUG SuperMeet at NAB. Notable software releases this week include Adobe Flash Player 10.2.159.1, Microsoft Office for Mac 2011 SP1 (14.1), PDFpen and PDFpenPro 5.2.4, and PopChar X 5.2.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Apple Previews Final Cut Pro X: New, Faster, and Cheaper

  by Lex Friedman <lex@lexfriedman.com>
  2 comments

At the National Association of Broadcasters show in Las Vegas last week, during the Final Cut Pro User Group Network SuperMeet, Apple previewed the next iteration of its professional-grade video-editing software. Final Cut Pro X starts from a brand new, 64-bit code base, sports a new interface, and is priced far lower than the current Final Cut Studio.

Because it is based on Apple’s Grand Central Dispatch framework, Final Cut X promises to work faster than its predecessors by better leveraging multiple cores simultaneously, an improvement sure to be appreciated in an industry where time is money.

The new version will include plenty of improvements to the editing process. Thanks to the introduction of what Apple calls a “magnetic timeline,” editors will be able to move clips without fear of losing synchronization between audio and video. A clip’s primary audio track is locked to it by default; secondary tracks can be linked as well. More editing now occurs in the main timeline; the Viewer window of old is now but a Final Cut memory. Best of all, perhaps, is that Final Cut X will include a popular feature of its consumer-focused cousin iMovie: background rendering.

Also improved in Final Cut X is color management and correction, with a new floating-point linear color system. The software will feature resolution-independent playback and includes automatic, non-destructive color balancing.

Other new features Apple unveiled include Compound Clips for video nesting, Smart Collections for organizing and tagging clips, automatic audio cleanup, and more keyboard shortcuts.

Apple says that Final Cut X will cost just $299, becoming available on the Mac App Store in June 2011. Currently, Final Cut Pro 7 is available as part of Final Cut Studio for $999, but that also includes Motion, Soundtrack Pro, Color, Compressor, and DVD Studio; it’s unknown if Final Cut Pro X will include these additional tools or if they may be sold separately in the Mac App Store too. Apple also said nothing about which of the new features in Final Cut Pro X might make their way into Final Cut Express, or even if a new version of that software is in the works.

Read and post comments about this article | Tweet this article


Break in the SSL Chain of Trust Prompts Security Updates

  by Adam C. Engst <ace@tidbits.com>, Rich Mogull <rich@tidbits.com>
  2 comments

Most of you have probably never heard of Comodo, yet this medium-sized security company is directly responsible for last week’s Apple security updates for Mac OS X and iOS. In fact, Comodo is responsible for security updates issued for every major Web browser and consumer operating system over the past few weeks.

How does one relatively unknown security company trigger a rash of updates in so many different products? The answer reveals more about flaws in the chain of trust of the Internet than any particular product weaknesses.

Among other aspects of their business, Comodo is a provider of the digital certificates that power the encrypted SSL/TLS (generally shortened to just SSL) connections we use to protect our communications over the Internet. Whenever you see the little lock icon in the corner of your browser you are using SSL. It means your connection is encrypted, and that, supposedly, the Web site you are visiting really is what it says it is. This technology is used to secure your connections to everything from MobileMe to your bank. SSL is also used to protect other connections and protocols — including secure email and certain VPNs.

SSL relies on digital certificates — special files that use different aspects of cryptography, including cryptographic signatures — to build a chain of trust. Certificates are used to sign other certificates in a highly secure fashion that identifies every member of the entire chain, allowing your computer to decide who to trust. These chains always lead back to a root certificate authority (CA). All Web browsers, and most operating systems, include the public certificates for CAs trusted by the browser or OS manufacturer, which enables your computer to know who to trust without you having to make the decision yourself.

Normally this system works well. Our banks and other online providers purchase SSL certificates from the CAs, which validate the identity of the company and issue the certificate (a file) signed by the CA. The customer company then installs that file on their Web server to enable secure connections. People who don’t want to pay for a signed certificate (which can be expensive) can generate their own, but since such self-signed certificates aren’t signed by a root CA, anyone visiting the site will see a warning from their browser and have to make a manual exception to accept it. (Very large companies often set up their own CA and install their certificate on employee systems to skip this warning).

But there are three cases where the system can break down. In the first, someone creates a fake certificate with the name of a real site and tricks the user into accepting it. The second problem is if the certificate authority issues a certificate for the wrong company. We’ve seen this happen a few times for companies like Microsoft, and the Electronic Frontier Foundation’s SSL Observatory project, which tracks the over 650 CAs, found numerous certificates issued for names like “localhost” and “exchange” that could be used by an attacker in what’s called a “man in the middle attack.” It’s also suspected that less-than-friendly foreign governments issue certificates for known sites to intercept citizen and visitor traffic.

The third and final case is what Comodo experienced on 15 March 2011. An attacker, believed to be a student from Iran, compromised a Comodo reseller and issued valid certificates for seven major domains including Microsoft, Yahoo, Skype, and Mozilla.

Comodo responded immediately, adding those certificates to its revocation list, and Mozilla and Microsoft released updates for Firefox and Windows on 22 March and 23 March 2011. Technically, all browsers and operating systems will check for revoked certificates, but since this activity can be blocked (or is often disabled), the only certain way to remove the certificates is by blacklisting them using software updates. Apple followed with their updates on 15 April 2011 (see below), and rolled in some additional small changes.

As well as SSL works, incidents like this highlight the weaknesses in the system (covered in depth in this excellent Economist article by our own Glenn Fleishman). With so many certificate authorities, including some with poor business processes, it is nearly impossible to assure that our chain of trust is actually trustworthy. While this shouldn’t change your online practices today, it’s worth understanding the system and keeping a skeptical eye in case you notice something unusual.

Meanwhile, here’s additional information about Apple’s updates.

iOS 4.3.2 -- The most significant of the updates, iOS 4.3.2 goes beyond the security problems to fix an issue that occasionally caused blank or frozen video during a FaceTime call, and also addresses a problem that prevented some international users from connecting to 3G networks on the 3G iPad. On the security side, along with blacklisting the spurious updates, iOS 4.3.2 includes fixes for a problem with library randomization, a pair of WebKit vulnerabilities, and a Quick Look vulnerability.

Security Update 2011-002 -- This update, available for Mac OS X 10.6.7 Snow Leopard (4.43 MB), 10.5.8 Leopard (241.35 MB), and 10.5.8 Leopard Server (473.19 MB), includes only the fix necessary to blacklist the spurious certificates.

iOS 4.2.7 for iPhone (CDMA) -- This update, available only via iTunes, updates iOS 4.2.5 or 4.2.6 running on the CDMA-based Verizon iPhone 4 to address not just the spurious certificates, but also iOS 4.3.2’s WebKit and Quick Look vulnerabilities.

Safari 5.0.5 -- As you might expect, Safari 5.0.5 mimics the changes in iOS, blacklisting the spurious certificates and rolling in the WebKit fixes, which presumably also patch WebKit for all other applications that use it (ranging from iTunes to Google Chrome). Safari 5.0.5 requires either Mac OS X 10.5.8 or Mac OS X 10.6.5 or later and is a 46.83 MB download.

Read and post comments about this article | Tweet this article


Zen and the Art of Gmail, Part 4: Mailplane

  by Adam C. Engst <ace@tidbits.com>
  25 comments

So far in this series, I’ve said a great deal about Gmail’s innovations, which are available only through its Web interface. (If you haven’t seen the earlier articles, check out “Zen and the Art of Gmail, Part 1: Why I Switched,” “Zen and the Art of Gmail, Part 2: Labels & Filters,” and “Zen and the Art of Gmail, Part 3: Gmail Labs.”

But there’s a problem with a Web-based interface, which is that it requires a Web browser. Don’t get me wrong, I have nothing against Web browsers for browsing the Web, but for the most part, Web browsers do a mediocre job of hosting Web applications like Gmail. That’s because we often think of and use Web applications in much the same way we think of and use desktop applications, and mixing them in with static Web pages that we open and close with abandon can be a recipe for frustration.

Just think about accessing your email program. You might do so via an icon in the Dock, or via LaunchBar, or some other common mechanism. But if your email program is just a bookmark to a Web page, any of those methods will create a new Gmail tab in your browser, and you’ll get another new Gmail tab every time you click it (this isn’t universally true; Safari 5 sometimes reuses a tab, and Firefox 4 now features app tabs; see “Firefox 4 Improves, But Not Radically,” 2 April 2011). So unless you switch to Gmail by switching to your Web browser and then finding the open Gmail tab, you’ll be constantly opening and closing Gmail tabs, which is an annoying waste of time.

One solution is a site-specific browser like Fluid (which uses WebKit, the technology Safari is based on) or WebRunner (which replaces Prism and essentially encapsulates Firefox). These can effectively turn any Web site into a standalone application that appears in your Dock and doesn’t mingle with other Web pages. But my experience with both is that while they work for some sites, there are plenty of sites where they either don’t work or are clumsy to use for a variety of reasons, including authentication issues, tab-handling, lack of support for plug-ins or extensions, and so on.

Prepare for Takeoff -- Luckily, there’s a much better solution: Mailplane, a highly site-specific browser that’s just for Gmail. Mailplane is based on WebKit, like Safari, but developer Ruben Bakker of Uncomplex has done a truly amazing job of turning what is essentially a Web browser into a real Macintosh application.

Uncomplex has a page comparing Mailplane to using Gmail in a browser, and I won’t list out the many ways in which Mailplane outdoes the browser experience. But I do want to touch on those that I’ve found to be a big win in my everyday use.

Most important is of course the separation of Gmail from the rest of my browsers and tabs. That lets me map the F3 key on my keyboard to Mailplane, something I’ve done for my email program for more years than I can remember. And as a real desktop application, Mailplane can set itself as the default mail application on the Mac, accepting clicks on mailto links and other actions that would normally be sent to Mail or Eudora or whatever.

I also like being able to drag files onto the Mailplane window or its icon in the Dock to attach them to a message (Google has now made it possible to attach files via drag-and-drop into the Gmail window in Web browsers, but that wasn’t true when I started using Mailplane).

Mailplane simplifies certain things that are tough in browsers, such as maintaining multiple accounts. Until August 2010, in a browser, if you wanted to switch among multiple Gmail accounts, you had to log out of the current one and log into the second one, reversing the process to go back. Although Google now allows multiple account sign-in, the process is still clumsier than with Mailplane, which enables quick switching among accounts with a simple double-click in the Accounts drawer.

Because I test a lot of software and report on behavior to developers and designers, I adore Mailplane’s built-in screenshot capability. While writing a message, I can click the Screenshot button in Mailplane’s toolbar and take a screenshot of a selection, a window, or an entire screen. Once I’ve made the appropriate selection, Mailplane takes the screenshot and attaches it to the message with no more interaction (and I don’t have to throw out any temporary screenshot files later).


Although Mailplane provides Mac-like keyboard shortcuts for a slew of Gmail actions, I’ve intentionally avoided them in favor of Gmail’s own internal shortcuts (press ? to see a cheat sheet of all of them, and check out Lifehacker’s “Become a Gmail Master Redux” article for suggestions on using them). That’s because, as much as I like Mailplane, I’m a keyboard-focused user, and I don’t want to become dependent on Mailplane’s version of Gmail’s keyboard shortcuts for those times when I do use Gmail in a Web browser. But I could see some people really appreciating the familiar keyboard shortcuts.

Mailplane also integrates with Growl, notifying me of new messages as they come in. But it’s not just any message that comes in; Mailplane triggers Growl notifications only for messages that hit my Priority Inbox, so the tons of automated messages and mailing list discussions that flow into my mailbox don’t bother me.

Finally, and this is an improvement over only the generic site-specific browsers, Mailplane supports a few Gmail plug-ins: Rapportive, TrueNew, and 0Boxer. Rapportive is wonderful, since it replaces Gmail’s ads with information about your email correspondents (see “Rapportive Plug-in Replaces Gmail Ads with Sender Info,” 27 March 2010). TrueNew is relatively trivial, but shows the unread count for your Inbox and, separately, the number of new messages since your last interaction with your Inbox (I’m not sure this is working since Gmail’s last minor revision). And 0Boxer is essentially a game where you score points by reading and replying to email; you can compare yourself to friends or to the world at large. It was amusing briefly, but after a while, it wasn’t worth the interface space at the top of the window.

While it’s great that Mailplane supports these plug-ins, plug-in support is actually something that points toward using Gmail in a normal browser, and mostly in Firefox or Chrome. That’s because there are a bunch more Gmail-based Web apps and plug-ins that work only in browsers. Of course, many of them attempt to provide features that Mailplane already does better, but there are some I’d love to use.

For instance, there’s Boomerang, which lets you schedule when messages should be sent and can automatically remind you if you haven’t heard back from someone in a couple of days. (Note that Mailplane has now added support for Boomerang; see “Mailplane 2.3.1 Adds Support for Boomerang for Gmail,” 11 April 2011.) And ActiveInbox gives Gmail a Getting Things Done-style makeover. Then there’s socialGmail, a Chrome-only plug-in that displays avatar photos next to senders in Gmail message lists. And although CloudMagic currently requires that you allow IMAP access to your All Mail label (which causes normal IMAP clients to download a lot of unnecessary duplicates), it’s an interesting Gmail plug-in that provides instant searching no matter where you are in the Gmail interface. I could go on, but I think you get the point — there are ways of extending Gmail that just aren’t available until and unless Uncomplex can build them into Mailplane.

In the end, despite my occasional yearning for one of these Web apps or plug-ins, Mailplane provides so many features that I rely on every day that I never end up using Gmail in a normal Web browser for more than testing. It’s well worth the $24.95 purchase if you use Gmail on a Mac.

What about Sparrow? -- There’s been some excited chatter about a new Gmail-focused application called Sparrow. I’ve looked at Sparrow, and while I’m tremendously happy to see Mac developers building a pretty interface on top of Gmail, Sparrow simply doesn’t act enough like Gmail to make it worthwhile for me. That may change as the program evolves, but for now I have these problems with Sparrow.

In short, I think Sparrow is simply not sufficiently baked yet for anything but minimal email use. Nonetheless, I have high hopes for it, since it’s the only desktop application I’ve seen yet that acknowledges and attempts to replicate Gmail’s innovations.

Gmail on iOS -- One thing I haven’t mentioned much is using Gmail on the iOS devices, in part because although I do occasionally read email on my iPhone, I don’t do it much. The main thing to consider is that when you’re using an iOS device, you can access Gmail either using the Mail app using Gmail’s IMAP interface, or using Gmail’s mobile Web interface using Safari. There are also a number of apps, such as Mailroom, iGmail, and MultiG, that encapsulate Gmail’s mobile Web interface in a standalone app, much like Mailplane does on the Mac. There’s nothing wrong with them, but the few features they add — like multiple account support — aren’t generally those that I need on my iPhone or iPad.

Although I’ve set up Apple’s Mail app to access my Gmail, since it’s a standard IMAP client with none of Gmail’s innovations (like conversation view, great searching, and so on), for those times when I do want to access Gmail on my iPhone or iPad, I always go to the mobile Web interface.

Google has done a bang-up job for both the iPad and iPhone/iPod touch, creating custom interfaces that react well to the available screen size while providing most of the standard features you’re used to having in Gmail. In particular, I appreciate the conversation view, since it turns reading threads into a simple scroll action, and the capability to search across all my email, since I often look for directions or an address from my email when I realize I don’t quite know where I’m going while driving. The iPhone/iPod touch version of the interface uses multiple screens, one for listing messages and another for displaying them, so there’s a bit more back and forth than with the iPad interface, which can display the message list at the same time as a message.



Honestly, though, the main thing I do with Gmail’s mobile clients is read messages, marking them either as unread or starred for dealing with later once I’m back on the Mac with a real keyboard. I haven’t tried doing all my email on the iPad with an external keyboard; it should be pretty reasonable, but I haven’t yet had the need.

Getting into the Gmail Mindset -- I won’t pretend that switching to Gmail is a trivial step to take, but if you don’t get bogged down in the morass of moving all your existing email and contacts into Gmail and replicating every system you had in your previous email client, you can turn Gmail into a lean, mean, email machine with a little help from Mailplane. I’m not just saying that, I’m living it, and I get one heck of a lot of email. So while I won’t pretend that Gmail is the right email solution for everyone, I have no trouble recommending that anyone who is not happy with their current setup give it a try.

Read and post comments about this article | Tweet this article


Mailplane 2.3.1 Adds Support for Boomerang for Gmail

  by Adam C. Engst <ace@tidbits.com>

It may not sport a major release number, but the update to Gmail client Mailplane 2.3.1 is actually quite significant. It provides a few minor bug fixes and has only two new features, the first of which (compatibility with Mac OS X Lion) isn’t terribly interesting for most of us. But the second significantly enhances Gmail usage by building in support for the free Boomerang for Gmail plug-in and service, which has previously been available only for Firefox and Google Chrome users. (To enable the plug-in, in Accounts pane of Mailplane’s preferences, click the Plug-Ins button and select the “Load Boomerang plugin (by Baydin)” checkbox.)

Boomerang for Gmail brings back to Gmail a Eudora feature that, if not unique, was at least unusual: scheduling of message delivery. (Apple Mail lacks scheduling, but a free AppleScript-based solution makes it possible to queue messages for later delivery.) Sometimes you want to queue a message up now, but not have it sent for an hour or a day or a week. For instance, if I’m sending someone a huge file via Dropbox, it takes some time for Dropbox to upload the file and make it available, but I don’t want to have to check back on Dropbox in an hour to see if it’s done, and I don’t want to tell my recipient to wait an hour from the time I sent the message to see if the file is there. Instead, I tell Boomerang to send the message in an hour, when I’m certain the file will be available. I also sometimes queue up birthday wishes or other time-specific messages so I can write them in advance and have them delivered at an appropriate time. You can even edit queued messages, though the process requires canceling the action, editing the message, and rescheduling.


But Boomerang goes beyond just bringing back a feature missed in Eudora. Most notably, it solves the problem of remembering to follow up with people who haven’t responded to an important message. You can set Boomerang to remind you in a user-specified amount of time if you haven’t heard back from the person, or even if you have. This is huge, because now you don’t have to make a to-do item to follow up with someone — Boomerang does that for you.


Finally, sometimes you may receive an important message that you need to deal with, but not right away. You could star the message, or apply a label that identifies it, but those require you to notice the message in the future when the time comes to deal with it. Instead, you can just tell Boomerang to take the message out of your Inbox right away and bring it back at a specified time and date. It can optionally make the returned message unread, starred, appear at the top of your Inbox, and labeled as “Boomerang.”

Image

If the text of a message contains a date or time, Boomerang even automatically suggests an appropriate time to return it. Boomerang’s creators, Baydin, note that if a message suggests a meeting at 4 PM on Thursday, Boomerang will automatically offer to return the message 2 hours before so you have time to prepare. I haven’t found this useful, personally, but perhaps I don’t do enough scheduling in email.


As you schedule messages for later delivery and set Boomerang to remind you about messages, those actions accumulate in Boomerang’s dashboard, accessible from a Boomerang link at the top of the Gmail window. You can reschedule messages or send/return them right away, if you like.


The only awkward thing about Boomerang is that it works its magic by maintaining several Boomerang-specific labels and sending you additional messages, which have the effect of bringing the associated Gmail conversations back to the top your Inbox. It feels a little clumsy, but the approach is effective.

Taken together, these scheduling features make Gmail even more useful in ways that email clients simply haven’t done in the past. It’s a shame too, since capabilities like message scheduling, followup reminders, and delaying of messages aren’t magic, and could easily work their way into other programs. (In fact, if you use Windows at work, there’s an Outlook version of Boomerang too.) But since no Mac clients have done this sort of thing, Boomerang, and Mailplane’s new support for it, is just another reason why I like Gmail so much (see our series “All About Gmail” for details).

Boomerang is free to use, but the company makes it possible to buy a subscription if you find it useful; currently, there are no different features for subscribers. Mailplane 2.3.1 costs $24.95 new; the update from previous 2.x versions is free.

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 18 April 2011

  by TidBITS Staff <editors@tidbits.com>

Adobe Flash Player 10.2.159.1 -- After reports of a critical security vulnerability appearing in the wild and affecting Windows users via a Flash file embedded in Word or Excel documents, Adobe has released Flash Player 10.2.159.1. Although only Windows systems were targeted in the attacks, Adobe recommends that all Macintosh, Windows, Linux, and Solaris users of previous versions of Flash update to Flash Player 10.2.159.1 right away. Google Chrome builds Flash Player in; if you’re using Google Chrome, make sure to update to version 10.0.648.205 or later (choose Chrome > About Google Chrome to check the version number and update if necessary). Also affected is Adobe AIR; update to version 2.6.0.19140 or later if you’re using any Adobe AIR-based applications. (Free updates, download sizes vary.)

Read/post comments about Adobe Flash Player 10.2.159.1.

Microsoft Office for Mac 2011 SP1 (14.1) -- Microsoft has released Office 2011 SP 1 (14.1). The update fixes various vulnerabilities and security issues, boosts overall stability, eliminates a crash when using multiple Office 2011 applications, and enables Alt Text authoring.

Improvements to Excel include the addition of the Solver add-in, better reliability when read-only options are enabled, more stability when pasting large datasets, a fix for an issue saving documents with comments, better conditional formatting, and printing bug fixes.

New to PowerPoint is the capability to password-protect your presentations. Other PowerPoint fixes include improvements to Print Preview, better Save as Pictures functionality, and fixes for playback of recorded narration.

Outlook 2011 scores updates to its synchronization functionality, along with Resend and Redirect commands.

Word gets some love, too. The update eliminates a crash when opening files with non-alphanumeric characters in their names, fixes an issue with Spell Check error messaging, improves Draft View, makes Find and Replace easier, improves Full Screen view, and resolves an issue with printing pictures.

Detailed release notes are available directly from Microsoft. (Free update, 246 MB)

Read/post comments about Microsoft Office for Mac 2011 SP1 (14.1).

PDFpen and PDFpenPro 5.2.4 -- Smile has released PDFpen and PDFpenPro 5.2.4, which come very hot on the virtual heels of 5.2.3. New in 5.2.3 was AppleScript support for creating PDFs from HTML (available only in the PDFpenPro edition), as well as a fix for an issue with performing Correct Text after saving a document. The subsequent 5.2.4 release corrected scripting functionality unintentionally broken with 5.2.3. ($59.95/$99.95 new, free update, 41 MB)

Read/post comments about PDFpen and PDFpenPro 5.2.4.

PopChar X 5.2 -- Many of us know how to type a few special characters on our Macs, but who among us can claim to know how to type all of them? Thanks to Ergonis’s release of PopChar X 5.2, typing special characters is now a bit easier. New in this edition of PopChar is a font size slider, which makes it easier to adjust the window’s display — whether you’d prefer to see more characters at once, or finer detail for fewer characters. Even better, PopChar X 5.2 includes built-in hints for more than 70 fonts, so the slider is automatically adjusted for optimal display whenever possible. The new version also improves background memory usage, and resolves issues with Sigil, FocusWriter, TeXworks, and FileMaker Pro. (€29.99 new, free update, 2.3 MB)

Read/post comments about PopChar X 5.2.


ExtraBITS for 18 April 2011

  by TidBITS Staff <editors@tidbits.com>

With Adam away in Denver and Boulder this week, we have only two brief bits to extend your Internet browsing: Jeff Carlson talking with Chuck Joiner about the media-related aspects of iOS 4.3 on MacVoices and an Ars Technica article about how Apple is being sued for its slow response to inadvertent in-app purchases by children.

Jeff Carlson Takes Control of iPad Media on MacVoices -- The demand for the iPad 2 is still overwhelming, with Apple still quoting two to three weeks for delivery of online orders. If you already own an original iPad, however, did you know you have nearly all of the new features of the iPad 2? In this MacVoices appearance, Jeff Carlson talks with Chuck Joiner about what’s new in iOS 4.3 when dealing with media — playing video and audio, reading ebooks, and other media tasks — as part of a discussion about his timely title “Take Control of Media on Your iPad, Second Edition.” Follow the audio, or watch the discussion on video at MacVoices.tv.

Read/post comments

Apple Faces In-App Purchase Class-Action Lawsuit -- Ars Technica reports on a class-action lawsuit filed against Apple about the ease with which children could make in-app purchases of add-ons for programs within the 15-minute window after an iTunes password was entered to install or update an app. iOS 4.3 added a separate in-app password requirement (see “iOS 4.3 Now Prevents Inadvertent In-App Purchases,” 11 March 2011).

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2011 TidBITS; reuse governed by this Creative Commons License.