TidBITS#1173/06-May-2013

Big things are happening at TidBITS this week, as we welcome Josh Centers as our new managing editor! Meanwhile, not so big things are happening with iOS, which saw a minuscule update aimed exclusively at the iPhone 5. In other news, the MacTips.info Web site is up for sale for anyone with an entrepreneurial itch, a bug in our commenting system could lead to an identity crisis for some users, we discuss why Apple is concerned about stock price on a staff roundtable, and David Rabinowitz digs into some of Apple’s recent financial twists. Lastly, Joe Kissell strikes again with another must-read edition of FlippedBITS, in which he explains all about Java and why Apple is deprecating it so. Notable software releases this week include Cyberduck 4.3.1, Postbox 3.0.8, Little Snitch 3.1, Transmit 4.3.4, SpamSieve 2.9.7, and GraphicConverter 8.6.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Please Welcome Josh Centers as Our New Managing Editor

  by Adam C. Engst: ace@tidbits.com, @adamengst
  1 comment

It gives me great pleasure to share the news that Josh Centers has agreed to join TidBITS Publishing Inc. full time as the managing editor of TidBITS, effective immediately. You can reach him at josh@tidbits.com or @jcenters on Twitter and App.net.

Last year, Glenn Fleishman “discovered” Josh while researching unwarranted cellular data usage in iOS 6, a problem that continues to this day for some people (see “What’s Behind Mysterious Cellular Data Usage in iOS 6?,” 29 September 2012). On Glenn’s urging, we invited Josh to write some articles for TidBITS, and in short order he had cranked out several well-written, accurate articles, impressing us with his enthusiasm, writing speed, and eye for detail. That got me thinking that he might be valuable to have on staff in a larger role, so I asked him to edit a few articles, another task that he carried off with aplomb.

Thanks to the revenues from TidBITS memberships, we felt we could offer Josh a full-time job to help with a wide variety of TidBITS-related tasks that were overwhelming me. Luckily, he wasn’t attached to his previous corporate job, so he jumped at the chance to put his journalism degree from Western Kentucky University to use and trade 2 hours of commuting every day for a home office.

Initially, Josh will focus on helping me with assigning, writing, editing, and coordinating articles, but once he has become familiar with how we operate, I expect him to start suggesting and implementing new directions for TidBITS, all within our mission of providing you with a carefully curated collection of thoughtful, professionally produced content. Frankly, I’ve been feeling increasingly curmudgeonly over the years, so I’m looking forward to working with someone who still has that youthful fervor for technology.

With Josh handling some of our day-to-day activities, I’ll have more time to write articles and to tackle some of the big picture projects that were sidelined while we worked to sweat the details, hit our weekly publication schedule, and respond to reader comments and queries. If it all works out as anticipated, we’ll all be happier and more productive with Josh on board!

Read and post comments about this article | Tweet this article


iOS 6.1.4 Updates iPhone 5 Speakerphone Audio

  by Adam C. Engst: ace@tidbits.com, @adamengst
  2 comments

Talk about a targeted update! Apple has released iOS 6.1.4, but it’s only for the iPhone 5 (both GSM and CDMA models). And please, forgive me for reproducing Apple’s release notes in their entirety, but I think I’d lose the nuance if I dropped even one of the five words: “Updated audio profile for speakerphone.” No, I haven’t the foggiest idea what the practical upshot of that is either, but at least it’s only 11.5 MB.

As always, you can update either on the iPhone 5 through Settings > General > Software Update, which is easiest, or through iTunes. Although I installed the update, confirmed that the speakerphone still works, and haven’t noticed any other ill effects, I can’t recommend bothering with this update unless you use the speakerphone often and aren’t happy with the audio quality. I don’t know that this new profile is any better, but Apple clearly thinks it is and is worth its own update. If you do install it, and can hear a change in the speakerphone’s audio afterwards, let us know in the comments.


Read and post comments about this article | Tweet this article


MacTips.info Web Site Goes Up for Auction

  by Adam C. Engst: ace@tidbits.com, @adamengst

Breaking into the Internet content business isn’t rocket science, but it can take a lot of hard work to generate quality content on a regular basis, build and maintain an Internet presence, and attract a following. If you want to earn real money, even more effort must go into marketing and business development, and a dash of luck never hurts.

If you’ve been thinking about dipping your toe into the field, there’s an opportunity to get a head start, since Miraz Jordan is auctioning off her 13-year-old MacTips.info Web site, complete with nearly 1,000 posts. As of this writing, the price is at $3,500, which doesn’t seem bad at all for that amount of content and a site that averages 30,000 unique visitors per month (with a peak of 105,000 visitors in January 2012), along with 350 email subscribers, 600 Twitter followers, 2,100 RSS readers, 400 YouTube channel subscribers, and 500 Facebook “likes.” The Flippa auction is slated to end on 7 May 2013.

MacTips.info isn’t currently generating vast sums of money, though it has made over $1,000 in affiliate sales from Take Control books, making it one of our top affiliates. The money is one reason Miraz is selling, but she’s also been writing for the site for a long time, lacks the energy to take the site to another level, and wants to do some different things with her life. That’s entirely reasonable, and I like the idea that even a single-author Web site can be akin to a small storefront, passing from one owner to the next while continuing to serve loyal customers.

Read and post comments about this article | Tweet this article


Mistaken Identity in the TidBITS Commenting System

  by Adam C. Engst: ace@tidbits.com, @adamengst
  3 comments

Mea culpa! Some time ago, we found and fixed a cosmetic bug in the TidBITS Commenting System that caused a small number of people to be associated with another user’s name when they attempted to post a comment. The problem arose when our code set an incorrect cookie in an unusual set of circumstances.

Although we fixed the bug as soon as we realized what was going on, we don’t know exactly how many people might have been affected. Unfortunately, because the incorrect identity is stored in a cookie with a far-in-the-future expiration date, the problem continues to crop up even now. Worse, we have no good way of identifying or fixing these munged cookies from our side.

The solution is simple: delete the “tbcomm” cookie associated with tidbits.com, but since we have no idea who might be affected, and thus can’t contact them, our only option is to write this article and hope that the affected users read it. Our sincere apologies both for this bug and for having to explain it here, but to make this article more broadly useful, here are instructions for deleting cookies in each of the three most popular Web browsers, should you ever want to do that for other reasons.

Safari

  1. Choose Safari > Preferences to open Safari’s Preferences window.

  2. Click the Privacy button.

  3. Next to Cookies And Other Website Data, click the Details button.

  4. In the search field, type tidbits.com

  5. Select the tidbits.com entry that appears, and click the Remove button. (There’s no way to delete just a single cookie in Safari.)


  6. Click Done and close the Preferences window.

Chrome

  1. Choose Chrome > Preferences to open Chrome’s Settings page.

  2. At the bottom, click Show Advanced Settings.

  3. Under the Privacy heading (which is the first one to appear when you reveal advanced settings), click the Content Settings button.

  4. In the Content Settings dialog, under the Cookies heading, click the All Cookies and Site Data button.

  5. In the Cookies and Site Data dialog, enter tidbits.com in the search field.

  6. Select the tidbits.com entry, click the “tbcomm” button associated with the cookie we use for the TidBITS Commenting System, and click the Remove button. (You could also click the X button to delete all the tidbits.com associated cookies, and if you have cookies from other tidbits.com domains, you could remove all of them. The downside to doing that is, if you’re logged out, the site will forget whether you prefer to hide or show article summaries.)


  7. Close the Settings page.

Firefox

  1. Choose Firefox > Preferences to open Firefox’s Preferences window.

  2. Click the Privacy button.

  3. Under the History heading, click the Remove Individual Cookies link.

  4. In the Cookies window, type tidbits.com in the Search field.

  5. If necessary, scroll down until you see the tidbits.com cookies, and specifically the item with “tbcomm” in the Cookie Name column. Select it, and click the Remove Cookie button.


  6. Close the Cookies and Preferences windows.

Read and post comments about this article | Tweet this article


VidBITS: Apple Stock Price and the Daily Box Score

  by Adam C. Engst: ace@tidbits.com, @adamengst

After Apple’s recent earnings call, we were struck by how Apple’s executives spent more time cheerleading for the company and its products than discussing the quarter’s results (see “Apple Q2 2013 Results Show Higher Revenues, Lower Profits,” 23 April 2013). That prompted some internal discussion about why Apple should care about its stock price and just who Apple thinks it is serving — customers, with great products and service; shareholders, with dividends and by constantly growing the business; or speculators, who care not a bit for the business and are looking only to profit from fluctuation of the stock price. Of course, Apple doesn’t really give a hoot about speculators, but it can seem that way, since the mainstream media loves to cover Apple’s stock price, and Apple wants that coverage to be positive.

In the latest staff roundtable, Tonya Engst and Michael Cohen joined me to talk through just why Apple should care about its stock price. A couple of interesting thoughts came out in the discussion.

One reason why Apple, like many other companies, cares about stock price is that stock is a significant part of employee compensation, both through employee stock purchase plans and stock options. We didn’t get into this much in the roundtable, but it’s an interesting approach, because ensuring employees own stock gives them some level of ownership interest in the company, and thus gives them incentive to promote the business. It’s also useful in attracting and retaining talent. But since the company can’t control the stock price, share value is often decoupled from how well the business is going — it might make more sense to incentivize employees with bonuses based on profits.

Turning back to the media’s role in all this, stock price is as close as the business world gets to a daily box score that reflects the immediate health of a company. (Along those lines, we mentioned a Planet Money podcast that explains why the Dow Jones Industrial Average is seriously flawed.) Being able to say that Apple stock is up or down meets much the same desire as reporting on which sports teams won or lost. It also provides a spine for an ongoing narrative, but it’s a problematic approach, since stock price reflects the market’s perception of the future value of a company (and at worst, is driven by rumor and innuendo).

We closed with the question of whether there might be a more accurate way to develop a box score to judge the health of a company, and hit upon the idea of crowdsourcing it by analyzing posts in Twitter. This isn’t a new idea — performing what’s called “sentiment analysis” has had some success in predicting stock prices and was used as the basis of a hedge fund’s investment strategy. Of course, because of this, sentiment analysis is now being used as actionable input by algorithmic trading software, so stock price is now affected by what’s being said about the company in social media.

Still, I could imagine a sentiment analysis-based metric that could be used to report on the current perception of a company without explicitly dragging stock price into the equation. Some research turned up a few companies doing this sort of tracking, including Topsy, whose Pro service provides a sentiment score for a keyword and can graph it across time.


(Remember, you don’t have to watch the video; you can click the Listen link at the top of the article’s Web page to listen to the audio, or subscribe to the TidBITS podcast to have it downloaded to iTunes or your favorite podcast app automatically.)

Read and post comments about this article | Tweet this article


Digging into Apple’s Financial Decisions

  by David Rabinowitz: davrabinowitz@gmail.com, @david_rab
  2 comments

Apple has always come off as frugal, with the amount of money it has squirreled away in cash and short-term investments nearly doubling since July 2011, to $144.7 billion. As such, it was surprising enough last year when Apple announced a $10 billion stock repurchase plan and quarterly dividend (see “Apple to Pay Quarterly Dividends and Repurchase Stock,” 19 March 2012). Even more shocking was the recent announcement that the company would increase the buyback amount to $60 billion and increase the dividend by 15 percent.

These decisions mark the beginning of a new financial strategy that has Apple spending cash in unprecedented volumes. Or not. At least not precisely. It turns out that Apple is not using its own cash to buy back these shares over the next two years, but is instead borrowing the money. Why would a company with nearly $145 billion in the bank need a loan? And why is Apple suddenly starting to dip into its cash hoard now? Apart from the little-known fact that the company money pit is in fact full, it seems that Apple wants to return money to its shareholders, as inexpensively as possible.

To put this story in context (see “Apple Q2 2013 Results Show Higher Revenues, Lower Profits,” 23 April 2013), Apple reported second quarter earnings for 2013 two weeks ago. The company beat Wall Street expectations slightly but had a year-over-year decline in profit for the first time in a decade. Other key metrics, like earnings per share and gross margin, also fell, and Apple issued guidance for the third quarter that was below most analysts’ expectations. While all of this may sound bad, Apple is still making huge sums of money — $43.6 billion in revenue and $9.5 billion in profit in just the second quarter of this year. The worry is that Apple may be moving from being a growth stock to becoming a value stock, whose shareholders derive most of their gain from regular dividends. Instead of a potential jackpot, investors may now be seeing Apple as a slower moving, long-term investment.

In that earnings call two weeks ago, Tim Cook announced that Apple is going to start putting its money to work in two major ways. First, the company is increasing its stock buyback program by $50 billion, from $10 billion to $60 billion. Second, Apple’s quarterly dividend will increase by 15 percent, to $3.05 per share. Cook’s goal is to return $100 billion to investors by 2016. That may sound like a lot of money, but the recent fall of Apple’s stock price, from a high of just over $700 to its current spot around $460, erased over $200 billion in market capitalization. And, of course, Apple anticipates making plenty more money during that time.

Buybacks and dividends are a new direction for Apple. This move would have been almost inconceivable until last year, given that Apple’s most recent dividend was distributed in 1995. And despite advice from legendary investor Warren Buffett, Steve Jobs had resisted a buyback several years ago, when Apple’s stock price was in the $200s.

Most interesting about this decision is that Apple will be borrowing money to fund all of these endeavors, despite having around $145 billion in the bank. This makes sense once you look below the surface of that very large number. Since about $100 billion of Apple’s cash is offshore, repatriating it for use in the buyback would impose substantial tax burdens. Experts estimate that Apple might have to pay between 10 to 30 percent more in taxes if the company was to bring the money back into the United States. According to bond rating service Moody’s, Apple will save $9.2 billion by not repatriating its offshore cash, which would be taxed at 35 percent, and the $100 million a year of interest it will pay on the bonds is tax-deductible. So last week, Apple made the biggest non-bank bond deal ever by issuing $17 billion of bonds, and even then the supply apparently wasn’t sufficient to meet demand.

Taking out a loan to buy back shares has two notable advantages. The first and most obvious is that buying back shares reduces the amount in dividends the company must pay, an amount that would be even higher now that Apple is raising its dividend. The second, less obvious reason, is that the interest on the loan is tax-deductible. In essence, by borrowing the money, Apple has figured out how to get the best of both worlds. It reduces its dividend liability by buying back shares and gets to deduct interest on the loan it is taking to finance the buyback. Presumably, Apple also believes it can earn more on its cash than it’s paying on the bonds.

Buying back shares also helps Apple employees. Apple has an Employee Stock Purchase Plan that, up until a few months ago, appeared to be an investment with a high return. The program allows employees to use up to 10 percent of their salary (with a maximum of $25,000) per year to buy shares of AAPL at a 15 percent discount. Among other benefits, share buybacks are considered a tax-efficient way to return money to investors, whether employees, other individuals, or institutions, because dividends are taxable. When Apple first announced the stock repurchase program last year, Horace Dediu, the founder of Asymco, crunched the numbers and determined that “Apple will continue to offer shares as compensation and will do so in a ratio of 1:4 of wages.” The Employee Stock Purchase Plan and grants of stock options are a big incentive to employees, especially for a company like Apple, and by increasing the earnings per share and signifying that the company believes it is undervalued, buying back shares can increase the stock price, benefitting employees and long-term shareholders.

Apple has sat on its cash for years, so why change now? Apple has offered no official explanation, but a number of issues may have prompted these recent decisions. The company faced a lawsuit from activist investor and hedge-fund manager David Einhorn, who was unhappy that the company was holding so much cash. It’s possible that, by buying back shares, Apple can reduce its vulnerability to the whims of large shareholders. Also, when Apple’s stock price was rising, investors had little to complain about, since they were seeing such a substantial return on their investments. If Apple anticipates that its share price may no longer be able to turn in such consistent increases, shifting to more of a value-stock approach may make the company look better on paper (with increases in earnings per share and return on equity, in particular) and appease Wall Street.

At Apple’s scale, the company cannot focus solely on product engineering, but must also engage in deliberate financial engineering. Until recently, that money management could take place largely behind the scenes (as evidenced by Apple carefully maintaining overseas profits in those countries, rather than suffering the tax burden of repatriating that money). But if Apple’s growth is indeed slowing, as it inevitably must at some point, public moves like this massive share repurchase and increased dividend should help keep Wall Street happy. Some argue that this may presage a leveling off in technological innovation as well, pointing to the share price and technology stagnation suffered by Microsoft after a similar move. That then is Apple’s challenge — to buck expectations and act like a fast-growing firm at the product level while maintaining the solid financial behavior of a corporate titan.

Read and post comments about this article | Tweet this article


FlippedBITS: Java, JavaScript, and You

  by Joe Kissell: joe@tidbits.com, @joekissell
  7 comments

Lately, there have been a lot of news reports about security concerns with Java, Java-related software updates from Apple, and numerous conjunctions of the words “Java” and “danger.” At the same time, I’ve observed an enormous amount of confusion over what Java is, what the potential problems are, and what the consequences of getting rid of Java might be. There’s further confusion over Java updates coming from Apple versus Java updates coming from Oracle; what a Java Runtime is; how JavaScript relates to Java (spoiler: not at all), and more. In this installment of FlippedBITS, I’m going to attempt the quixotic undertaking of sorting all that out for you.

Let’s start at the beginning.


Java, East of Krakatoa -- Java is the name of the fifth-largest (and most populous) island in Indonesia. I’ve been there a couple of times, most recently when I turned 40. My wife and I hiked up to the rim of Mt. Bromo, an active volcano, at sunrise on my birthday. Come on over some evening and we’ll show you our slides over a nice cup of… java. It so happens that a great deal of high-quality coffee is grown on the island of Java, hence the nickname. (It also so happens that I single-handedly consume 3.5 percent of the world’s coffee; hence another nickname for coffee, “Joe.”) In the early 1990s when a team of engineers at Sun Microsystems was developing a new programming language, they toyed around with several names before settling on Java, allegedly because they, too, were coffee enthusiasts.

Image

So, for our purposes, Java is a programming language. I could tell you that it’s an object-oriented language largely based on C++, but if you’re a programmer you already know that, and if you aren’t, you wouldn’t care. Let’s just say that as programming languages go, Java is a pretty nice one. It’s powerful, popular, and — crucially — designed in such a way that once a Java application is compiled, it can run on many different platforms. That’s right, a given Java application can run on a Mac, a Windows PC, a Linux PC, or a smartphone without any modifications. (In practice, that’s a bit of an oversimplification, but it’s a convenient fiction.)

How does Java pull off this feat of legerdemain? It relies on something called a virtual machine. If you’ve ever run Windows or Linux on your Mac using an application like Parallels Desktop or VMware Fusion, you already have a general idea of what a virtual machine is — it’s an environment, created in software, that functions like a physical computer. Just as a Windows virtual machine lets you run Windows on a Mac (or even within another copy of Windows), the Java Virtual Machine (JVM) lets Java software run on any platform. Each host platform has a different JVM that’s designed to run on its physical hardware — for example, Intel x86 chips have one JVM, while ARM chips have a different one.

Now, there’s a little more to it than that, so please bear with me for two slightly technical paragraphs.

First, when I say the JVM lets “Java software” run on any platform, the software I’m referring to is what’s known as Java bytecode. Java bytecode isn’t Java as such, but rather a sort of intermediate language created when Java code is run through a program called a compiler. Ordinarily, this distinction wouldn’t be important to a non-programmer, except it turns out that other programming languages besides Java can also be compiled into Java bytecode, and then run by the JVM. So, someone could write a program in, say, Python or Ruby, and use a special compiler to build that into something that, as far as the JVM is concerned, is indistinguishable from a program written in Java. In this article, we’re concerned with any software that runs in a JVM, regardless of what language it was written in.

Second, a JVM by itself is usually not enough to enable Java bytecode to run on a computer. You also need a platform-specific version of the Java Class Library, which tells the JVM how to do particular tasks on that platform. For example, maybe a Java program contains an instruction to play the system beep sound. Mac OS X does that one way, while Windows does it another way. So, the Java Class Library takes an instruction that the JVM is trying to send to the host platform and passes it on in the form the host platform expects. The JVM and the Java Class Library are almost always distributed together as a package, and that package is known as the Java Runtime Environment (or JRE), commonly shortened to “Java Runtime.” The Java Runtime is sandboxed (much like iOS and Mac App Store apps), which was supposed to help with security, but secure sandboxes are extremely difficult to develop, and the Java sandbox hasn’t fared well — I’ll return to that issue shortly.

To sum up thus far: Any device with a Java Runtime installed can run Java bytecode, which may have been originally written in Java or some other language.

Once Upon a Platform -- In the early days of Mac OS X, Apple not only included a built-in Java Runtime (licensed from its then-owner Sun), it actively promoted Java as a “first-class citizen.” Developers were free to write their applications in Objective-C, Apple’s own programming language that was originally part of NeXTSTEP, or in Java. Either way, users would end up with a valid application that looked and felt (more or less) native. (Java apps have often been criticized as feeling “not quite right” because they often use interface elements that are different from those of native Mac apps, but that’s a relatively minor point.) As a result, lots of Mac apps were — and a few still are — written in Java.

Java isn’t just for stand-alone, double-clickable applications, mind you. A Java applet can also be embedded in a Web page. Assuming your computer has a Java Runtime installed, your browser has a Java plug-in (to support embedded applets), and Java support is enabled, highly complex programs called applets can run right inside your Web browser. Before Flash and Silverlight began to catch on, Java applets were a common way to add interactivity and complex computational capabilities to Web pages.

But over the years, Java has gone from first-class citizen to suspiciously regarded foreigner (and not just on the Mac). The whole story is long and twisted, involving a combination of technical, legal, and political issues. I’ll hit just a few recent highlights.

Java — including the tools to develop and compile it, the runtime environments, and various other pieces — has been open-source since at least 2007, but it’s maintained primarily by Oracle Corporation, which acquired Sun Microsystems in 2010. Although Oracle’s implementation of Java isn’t the only one, it’s as close as you can get to the “official” version. For a long time, the version of the JRE Apple included with Mac OS X was always several months or more behind Oracle’s latest version. And this was a problem when, for example, a security flaw was discovered. Oracle might fix it quickly, but Macs remained vulnerable for some time, until Apple caught up.

Let’s talk about those security flaws for a moment. I’m sorry to say the Java Runtime has had a lot of serious security problems, and more turn up all the time. (To be precise, Apple’s Java updates in 2013 alone address 56 unique vulnerabilities.) Notice that I said Java Runtime — it’s not the Java programming language itself that has issues, but rather the environment used to run Java bytecode. Even then, the real problem isn’t the Java Runtime as such, but rather the fact that if your Web browser has a Java plug-in installed and enabled, and you happen to visit a Web page that contains a malicious Java applet, it can do all sorts of serious damage. Some of the flaws enable Java code that’s supposed to stay safely within your Web browser to jump outside the sandbox, as it were, and cause all sorts of mischief elsewhere on your computer. It’s nasty, nasty stuff. And the bad guys have been working overtime to find and exploit these security holes.


Apple has used multiple tactics to address these problems, and for some time now has been trying hard to push users in the direction of not using Java at all.

Starting with Mac OS X 10.7 Lion, Apple no longer includes a Java Runtime with the operating system, but if you try to run a Java app, your Mac prompts you to download and install Java Runtime – it’s a matter of a few clicks. What you get if you do that is not the latest release. Apple gives you a version of Java 6 (that is, build 1.6.x), whereas the latest from Oracle is Java 7 (that is, build 1.7.x). If you want Oracle’s version, you can download it, and installing it will override Apple’s version. But you probably shouldn’t do that, because Java 7 has had even more security issues than Java 6. For the time being, Apple is actively updating its version of Java 6 with security patches, while Oracle is maintaining Java 7 with comparable fixes. And, unlike in past years, Apple is now delivering many of those patches just as fast as Oracle. In addition, Apple has blocked Safari from using certain particularly vulnerable versions of the Java plug-in. (Meanwhile, Java isn’t available at all on iOS, and you can see why.)

Joe on Java -- I want to reiterate two main points to be sure they’re crystal clear. On the one hand, neither the Java programming language nor the Java Runtime will hurt you or your Mac. Merely having the Java Runtime installed does not introduce any security risks. In fact, even running stand-alone Java applications is safe, as long as they come from well-known sources. Or, to put it differently, it’s just as safe to run a stand-alone Java app as it is to run any other app (because, after all, any app could in theory be compromised).

On the other hand, having Java enabled in your browser is, at this point, wildly dangerous. I strongly suggest turning it off. To do this in Safari, choose Safari > Preferences, click Security, and uncheck Allow Java. In Chrome, visit chrome://plugins and click the Disable link underneath Java. In Firefox, choose Tools > Add-ons, click Plugins, and click the Disable button next to the Java Applet Plug-in.

If you’re using the latest version of Safari, you can enable Java selectively for individual Web sites (leave Java enabled, but then agree to each site’s usage of Java individually if you’re sure it’s safe; for details, read “Safari Updates Add Extra Layer of Java Protection,” 26 April 2013). But the number of Web sites that legitimately use Java these days is small indeed, and I suggest leaving Java off in your browser unless you’re absolutely certain you need it.

Now, in case you’re wondering if you should go ahead and uninstall the Java Runtime altogether, I’ll lay it out for you. If you’re running Lion or later, you’ll have the Java Runtime on your Mac only if you tried to run a Java app (in which case, if you still want to run that app, you still need Java Runtime) or you downloaded it from Oracle yourself (again, presumably because you needed it). If you’re running CrashPlan, which I strongly endorse, you currently need Java. (CrashPlan developer Code 42 Software is working on a non-Java version of CrashPlan for Mac, to be released later this year.) Portions of Adobe Creative Suite, including Photoshop, rely on Java. So do OpenOffice, a few games, and a handful of productivity apps. If you need an app that relies on Java, you must hang onto the Java Runtime. Stick with Apple’s version of Java, and turn it off in all your Web browsers.

If you don’t need Java but still have it installed, you can uninstall it. Rich Mogull has instructions for either uninstalling or disabling it, as the situation warrants, in his Macworld article “How to disable Java on your Mac.”

JavaScript -- So that’s Java. But now we come to another coffee-like computing term: JavaScript. JavaScript is the name of another programming language, originally developed by Netscape. It bears only a vague resemblance to Java, in that both languages drew inspiration from the much older language C. The similarity in names was essentially a marketing stunt. JavaScript was previously called LiveScript, but Netscape apparently wanted to capitalize on the recent popularity of Java, so the company renamed it JavaScript. That’s a shame, because from day one people have assumed that JavaScript was somehow related to Java, but it isn’t. It’s just another language.

Unlike Java, JavaScript doesn’t rely on a virtual machine. However, it is an interpreted language, which means it doesn’t create stand-alone applications, or even applets. Software called an interpreter has to read the raw programming code and execute its instructions on the fly. JavaScript is most often used to add features to Web pages, so virtually every Web browser includes its own JavaScript interpreter.

JavaScript can do an amazing number of things on a Web page, including many of the tasks Java was previously used for. Lots of sites have dynamic menus and other navigational controls created with JavaScript. Photo galleries, Web apps for email and calendars, word processors like Google Docs, and many other common tools rely heavily on JavaScript. You can disable it in your browser if you want to. But don’t. It’s such a useful and pervasive tool that your experience of the Web will become quite poor without it — many sites may not even be usable at all. (And, I might add, JavaScript is available even on iOS devices.)

That’s not to say JavaScript has a perfect security record. Certainly it can be used for lots of annoying things, such as pop-up ads and resizing windows. But JavaScript’s threat level can’t compare to that of Java, because JavaScript can’t reach outside your browser.

Final Thoughts -- I’m quite fond of Java (the island, the drink, and even the programming language). But I’ve turned off Java in all my browsers, and when the Java software I depend on has been replaced with native Mac versions, I’ll uninstall Java and never look back. Java’s “write once, run everywhere” approach is brilliant in theory, but in practice isn’t worth the hassles. As for JavaScript, it’s all good — but don’t be surprised if I tweak my browsers to block pop-up windows and other annoying behaviors.

[Java map by Burmesedays. CC-BY-SA-3.0, via Wikimedia Commons.]

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 6 May 2013

  by TidBITS Staff: editors@tidbits.com

Cyberduck 4.3.1 -- Reminding everyone that Fetch and Transmit aren’t the only players in the file transfer app game, the Cyberduck team has released version 4.3 of the open source app, the first update since late 2011. The biggest news is that Cyberduck has dropped support for Dropbox, Google Drive, and Windows Azure, enabling the developers to get their ducks in a row to improve support for Amazon S3 (though a Cyberduck blog post notes that the team may reintroduce support for Azure and Google Drive should user demand be significant). The new release gets updates for OS X 10.8 Mountain Lion with support for Gatekeeper and Notification Center, plus it adds support for Retina displays. Cyberduck is now also integrated with Qloudstat, a service that provides analytics and monitoring for CloudFront distributions, S3 buckets, and containers in Rackspace CloudFiles. A few days after this update came out, Cyberduck 4.3.1 was released with a fix for an issue that prevented the app from setting the speed limit to unlimited. Cyberduck is free, though you can support it via a donation or a $23.99 purchase made through the Mac App Store. (Free, 26.1 MB, release notes)

Read/post comments about Cyberduck 4.3.1.

Postbox 3.0.8 -- Postbox has released version 3.0.8 of its eponymous email client, using the integrated graphics processor exclusively on MacBook Pro models that have dual GPUs in order to reduce power usage and thus save some battery life. The update also adds a Run Filters on Folder toolbar button, ensures that Notification Center alerts link directly to messages, displays the account name next to the folder name in the message pane, and adds automatic account configuration support for iCloud email accounts. Plus, it fixes an issue with Growl integration, a crash when indexing, and a crash when importing from Thunderbird. ($9.95 new, free update, 21.5 MB, release notes)

Read/post comments about Postbox 3.0.8.

Little Snitch 3.1 -- While it has been possible to use profiles in the Little Snitch traffic monitoring utility to create a set of rules that limit connections, you still had to remember to switch to that profile manually. With Little Snitch 3.1, Objective Development has added a new Automatic Profile Switching capability that enables you to assign a network (such as your home Wi-Fi network or a coffee shop hotspot) to a specific profile. When you first connect to a network, an alert window pops up to ask which profile you want to assign to the network. You can also choose to do nothing or configure a default profile that will be used for all unknown networks. No network traffic is allowed while the alert window is open to prevent email and file synchronization accounts from sending and receiving data in unwanted situations. Other changes in Little Snitch 3.1 include an improved Restore Factory Defaults feature, a bug fix for a rare issue that could cause a kernel panic, and an updated help section covering the addition of Automatic Profile Switching. ($34.95 new, free update, 13.2 MB, release notes)

Read/post comments about Little Snitch 3.1.

Transmit 4.3.4 -- Panic has released Transmit 4.3.4, a small maintenance release that should bring some joy to those running Mac OS X 10.6 Snow Leopard. The update squashes a bug where Transmit’s user interface wouldn’t respond when attempting to synchronize folders on Snow Leopard. In addition, the file transfer program fixes a connection failure for some servers when connecting to FTP via TLS/SSL, puts paid to crashes that occurred when minimizing the app during a transfer and when downloading server favicons for favorites, and fixes a problem with Transmit Disk auto-updating. ($34 new, free update, 29.4 MB, release notes)

Read/post comments about Transmit 4.3.4.

SpamSieve 2.9.7 -- C-Command Software has released SpamSieve 2.9.7 with improvements to overall accuracy in the spam-filtering utility. The update no longer links against AppleScriptKit, a change that removes some GUI scripting functionality but works around a bug that could prevent SpamSieve from launching. It also improves the movement of trained messages when Outlook has lost track of the special Junk E-mail folder, fixes an Outlook bug that prevented addresses from loading if an error was reported while acquiring a contact’s email address, fixes a permissions-related problem and works around a rule-syncing bug in Apple Mail, adds more checks to ensure that SpamSieve has proper permissions to access required folders, improves error reporting for Apple Mail and Growl, and improves the Japanese localization. SpamSieve now requires Mac OS X 10.5 or later (older versions compatible for Mac OS X 10.2 through 10.4 are available from this support page). ($30 new with a 20-percent discount for TidBITS members, free update, 10.8 MB, release notes)

Read/post comments about SpamSieve 2.9.7.

GraphicConverter 8.6 -- Lemkesoft has released GraphicConverter 8.6 with a number of new features, including the addition of layers, a brightness with curve function, and support for the DPHOTO online sharing and backup service. Other additions include a filmstrip option for displaying movies, shortcuts for both lossless and virtual rotation and mirroring, an option to save RGBA files as TIFFs with or without a premultiplied alpha channel, and a last-used zoom option. The graphic conversion and editing utility also receives a few updates, including improved WPG and WPG2 import, an updated ExifTool, extended keyboard control in the browser, and improved sharpen range. The update also fixes bugs that affected importing of CMYK TIFF files with JPEG compression, 32-bit grayscale TIFFs, and GIF animations in certain situations. As of this writing, GraphicConverter is still stuck at version 8.5.3 in the Mac App Store. ($39.95 new from the Lemkesoft Web site or $38.99 from the Mac App Store, 155 MB, release notes).

Read/post comments about GraphicConverter 8.6.


ExtraBITS for 6 May 2013

  by TidBITS Staff: editors@tidbits.com

A couple of anniversaries to read more about this week, including the World Wide Web celebrating its 20th year in the public domain and science-fiction publisher Tor marking its first year of DRM-free ebooks.

20 Years of the World Wide Web in the Public Domain -- On 30 April 1993, the organization behind the creation of the Web, CERN, officially put the World Wide Web project software — line-mode client, basic server, and common code library — into the public domain. And history was thus written by Tim Berners-Lee, with significant help by Robert Cailliau. You can now read more of that history, and see both the first Web site and the original legal documents, at the site that CERN has put up to celebrate this momentous anniversary. (Adam here. Little did I know, when I met Cailliau at the Hypertext ’93 conference in Seattle, exactly with whom I was having lunch and helping with directions to where he could shop for his teenage daughter. I was somewhat embarrassed, since I hadn’t said complimentary things about his MacWWW browser in my “Internet Starter Kit for Macintosh” book, given that the software was primitive and very buggy, but he was nonetheless very kind.)

Read/post comments

Tor Marks One Year of DRM-free Ebooks -- About a year ago, Tor Books, the highly regarded publisher of science fiction and fantasy, announced that they were dropping digital-rights-management protection on all of their ebooks. Now, Julie Crisp of Tor UK has revealed what that decision has meant in terms of ebook piracy: “As it is, we’ve seen no discernible increase in piracy on any of our titles, despite them being DRM-free for nearly a year.” (This, of course, is no surprise to us: we have been publishing our Take Control ebook DRM-free for nearly ten years, with exactly the same results.) Equally heartening to Tor is how much support their authors have for the DRM-free policy.

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Apple Internet community. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2013 TidBITS; reuse governed by this Creative Commons License.