TidBITS#1176/03-Jun-2013

We’re back from our Memorial Day hiatus with a giant-sized issue of TidBITS! Since your last email issue, Apple was grilled by the U.S. Senate about its tax practices, but is the company doing anything wrong, or even unusual? Josh Centers digs into the issues, which are far more subtle than the headlines would have you believe. The Keyboard Maestro 6 macro utility debuted in a major new revision, and Adam Engst takes you on a tour of its new features. Adobe responds to complaints about its switch to the subscription-based Creative Cloud, and Smile has updated TextExpander touch for iOS with powerful new capabilities that bring the text-expansion utility closer to the Mac version — Michael Cohen runs down the details. In security news, Glenn Fleishman explains how Twitter has added two-factor authentication and how Apple’s two-factor authentication has come under fire for not being sufficiently comprehensive. Glenn also looks at how Google is taking a page from Apple’s iMessage playbook by switching away from the open XMPP chat standard for Google Talk and the new Hangouts. Lastly, Josh rounds out the issue with an installment of FunBITS that reviews the Marvel Unlimited comic subscription service. Notable software releases this week include Napkin 1.1, Evernote 5.1, and KeyCue 6.5.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Adobe Listening to Creative Cloud Complaints

  by Josh Centers: josh@tidbits.com, @jcenters
  3 comments

After Adobe announced that it was taking Creative Suite subscription-only (see “Adobe Flies from Creative Suite into the Creative Cloud,” 8 May 2013), many users cried foul. We analyzed the complaints and offered suggestions for how Adobe could address them in “Creative Cloud Complaints Darken Adobe’s View of the Future” (17 May 2013). Now, it looks like Adobe may be listening.

Adobe posted an update on Creative Cloud feedback to its blog on 28 May 2013, addressing concerns about the move to the subscription-based Creative Cloud. Some will be disappointed to learn that Adobe is sticking to its guns in general, saying, “We have no plans to change our focus on Creative Cloud.”

However, Adobe did speak to one of the complaints we’ve heard most often: maintaining access to your files in Adobe proprietary formats outside of a membership. Adobe agrees that customers should be able to access files even after their memberships have ended, but the company is as yet vague on details. “Our job is to delight our customers with innovation, but there are a number of options open to us here and we expect to have news around this issue shortly,” Adobe said.

Adobe also addressed photographers, saying that it is working on special packages for that audience. Finally, Adobe tried to alleviate the concerns of users who want to buy boxed software, reiterating that CS6 will be available for the foreseeable future. Eventually, though, updates to the heavy hitters in Creative Cloud will likely render CS6 less desirable, making a move to Creative Cloud unavoidable.

So while Adobe isn’t backing away from subscriptions anytime soon, at least the company appears to be listening to your feedback, and will hopefully be acting on it soon.

Read and post comments about this article | Tweet this article


TextExpander touch 2.0 Gains Features from Mac Version

  by Michael E. Cohen: mcohen@tidbits.com, @lymond

TextExpander touch 2.0 from Smile Software arrived in the iOS App Store this week, with an enhanced feature set that brings many of the niceties from its Mac sibling to iOS users. Compatible with the iPhone, iPad, and iPod touch, the $4.99 product also offers improved syncing with the desktop product. Upgrades from the previous version are free.

If you are unfamiliar with TextExpander, the concept is simple: it enables you to compose chunks of text, called “snippets,” and assign shorter bits of text, called “abbreviations,” to them. TextExpander then monitors the keyboard as you type, and, whenever you type an abbreviation, the software expands the abbreviation into the larger chunk of text assigned to it. For example, every time I type “ttx” as I write this article, TextExpander expands it into the name of the product, “TextExpander.” For a full discussion of what TextExpander can do, see my book, “Take Control of TextExpander.”

For a while now, TextExpander touch could perform this basic, but incredibly useful, expansion trick just like its Mac sibling could (within the limitations of iOS — more on that later), but was unable to perform some of the more complex snippet expansions available on the Mac. Now, with version 2.0, a number of these, ahem, expanded features have come to the mobile version. They include:

Most TextExpander touch users will also likely be using TextExpander on the Mac, where it’s faster and easier to create and modify snippets. So it’s worth knowing that TextExpander touch can synchronize its various sets of snippets, which you can organize into groups, using Dropbox, so that you can have the same sets of snippets on your mobile device that you do on your Mac. Or you can skip Dropbox and synchronize the snippets between your Mac and device directly over your Wi-Fi network.

All is not skittles and beer, unfortunately, when it comes to using TextExpander touch on your iOS device: because of Apple’s strict sandboxing rules when it comes to apps in iOS, only those apps that integrate support for TextExpander explicitly can make use of TextExpander’s expansion capabilities. (On the Mac, TextExpander works in almost any app.) Furthermore, iOS apps that already support TextExpander touch won’t support the new capabilities in version 2.0 until they themselves are updated. Only a few apps have been updated to exploit TextExpander touch 2.0 so far, such as Drafts (a personal favorite of our managing editor, Josh Centers), although others will still work with the previous TextExpander feature set until they are updated.

The number of apps that support TextExpander touch is growing: currently 157 apps include snippet expansion capabilities courtesy of TextExpander touch. And if you use an app that doesn’t, you can still compose text in TextExpander touch’s Notes editor, expanding snippets to your heart’s content, and then copy the note and paste it into the app of your choosing. You can also compose and send email directly from within TextExpander touch, taking advantage of all of its snippet-expanding capabilities as you write.

To get a sense of what using TextExpander touch is like, check out this 6-minute screencast created by David Sparks for his MacSparky blog.

If you don’t use an external keyboard, typing on an iOS device can be slow and awkward, but TextExpander touch, especially with its newly expanded capabilities, can help you streamline the process. TextExpander, whether on Mac or iOS, is one app I can’t live without.

Read and post comments about this article | Tweet this article


Twitter Adds Two-Factor Authentication

  by Glenn Fleishman: glenn@tidbits.com, @glennf
  4 comments

Twitter has joined the club of major Web services that let you set a higher level of security for accessing an account. PayPal, Apple, Dropbox, Google, Facebook, and several others now offer such a feature, which makes it significantly more difficult for a cracker, vandal, or jilted partner to break into an account and examine your private affairs or post in your name. An account can still be taken over, but doing so typically requires physical access to a computer, mobile phone, or digital key fob. (See “Apple Implements Two-Factor Authentication for Apple IDs,” 21 March 2013.)

A number of high-profile Twitter accounts have been hijacked recently, causing embarrassment and worse — as in the case of a bogus AP wire service tweet that said the White House had been bombed and President Obama injured. But Twitter account hijacks are extremely common even for average users, especially those with interesting handles — it was the root cause of the infamous hacking of Wired writer Mat Honan (we discussed this, and what you can do to prevent it, in “Watch TidBITS Presents “Protecting Your Digital Life”,” 22 August 2012). Typical attacks rely on weaknesses at email accounts used for backup. One friend of mine had his four-letter handle stolen because of a flaw in Gmail account recovery. (Twitter’s Safety & Security department got it back for him.)

Twitter’s two-factor login verification requires both a phone number and email address that must be verified through their system. Twitter uses SMS thereafter to send you a six-digit code that you enter to confirm a valid login. You will also need to generate temporary passwords to log in to Twitter on other devices.

I found that I first had to link my phone number to Twitter. Go to the Twitter Mobile settings page, and if your phone isn’t shown, you have to enter it and then send a text message to Twitter (it doesn’t automatically send a code to you). Send the text GO to 40404 to verify your number. The next important step is unchecking all of the Twitter SMS notification options beneath your verified number! I, for one, want none of those. Click Save Changes when you’re done.


Now you can click Account in the settings list on the left, scroll down, and select Require a Verification Code When I Sign In. A pop-up alert confirms that you’ll get a test message sent to your phone: click Okay, Send Me a Message. If the SMS comes through, click Yes. Finally, enter your password again when prompted. You may still back out at this stage by clicking Cancel; otherwise, click Save Changes.

It’s unfortunate that SMS is the only method Twitter uses for two-factor authentication; many firms now rely on a third-party token generation app like Google Authenticator or Duo Mobile, both free. (I now have six two-factor logins managed through Google Authenticator, and have a short-duration screen-lock set on my iPhone.) Apple makes use of its own special conduit to iOS devices through the Find My iPhone service. But Twitter says more security enhancements will follow, and I expect tying in with existing authentication options (especially in corporations) will be part of that.

Read and post comments about this article | Tweet this article


Elcomsoft Details Gaps in Apple’s Two-Factor Authentication Approach

  by Glenn Fleishman: glenn@tidbits.com, @glennf
  3 comments

When Apple added optional two-factor authentication for Apple IDs recently, many applauded the move (as we did in “Apple Implements Two-Factor Authentication for Apple IDs,” 21 March 2013). Requiring both a static password and a temporary code for logins from new devices reduces the chance of an undesirable party — online criminal, spurned lover, or repressive government — gaining access to your account. Two-factor authentication doesn’t eliminate the possibility of an account being compromised, but it sets the bar significantly higher.

Alas, Apple’s two-factor authentication isn’t as helpful as it might be. Elcomsoft, a Russian firm that makes password-cracking software intended primarily for investigators and security testers, posted a blog entry that explains a number of gaps in Apple’s system. Apple seems to have designed the two-factor system in reaction to documented cases of account hijacking, and while it addresses weaknesses that allowed those attacks, it’s not yet comprehensive.

For starters, if an attacker has acquired your Apple ID account name and password, that’s sufficient, according to Elcomsoft’s Vladimir Katalov, to gather a fair amount of your data, even if you turned on two-factor authentication. For instance:

Katalov also points out that the authentication code for two-factor access, sent via Find My iPhone, appears even on lock screens. Someone who obtains your password and can arrange to either get or view your device without you around can thus obtain the second factor as well. This seems like an obvious flaw, but Apple and other mobile OS developers show regular SMS text messages on the lock screen as well, unless you disable that setting. Twitter and others use SMS to send the verification code, so Apple isn’t alone here.

(The alternative to SMS or Find My iPhone is an authentication app, like Google Authenticator or Duo Security’s Duo Mobile, which require a device be unlocked to access the code. Apple should consider adding this method as an alternative, which relies on public algorithms for code generation, even though it cedes an aspect of security to third-party apps.)

But the other gaps should be plugged. Apple started with low-hanging fruit, including all the ways in which we purchase digital and physical stuff that the company sells, as well as access to our Apple ID account settings. iCloud.com should be upgraded to require a verification code, too, and it’s a little baffling why Apple didn’t make such a change alongside the Apple ID site update. (The reason likely has to do with the significant amount of cruft in Apple’s back-end systems. The Apple ID system must be running some code that’s at least a decade old, based on how it works — the string “WebObjects” in the system’s URIs (Uniform Resource Identifiers) reveals the dealt hand of the past — and its limitations.)

The next steps are harder because they involve either changing client software or the use of application-specific passwords. Google offers such passwords with its two-factor system. For email, calendar sync, and other client-based access, you go to Security settings to generate a unique password for a single service or app. As soon as you use it, it’s hidden and can’t be retrieved again, although you can revoke it if necessary. (At Google’s account page, log in and click Security in the left-hand navigation bar. Next to 2-step Verification — assuming you have it on — click Settings. Finally, click Manage Application-Specific Passwords.)

This sort of complexity is anathema to Apple, which wants everything to be explained easily to regular users in a couple of steps. Thus, Apple should develop a better approach to make this work more effectively. Perhaps the company needs to release something like an Apple Two-Step app for Mac OS X and iOS, which would be an Apple ID-specific way to generate (and copy to the system clipboard) a second-factor code or application-specific password.

Google is requiring third-party clients to move to OAuth logins, in which the login essentially occurs on Google’s servers via a pop-up window. You should be familiar with this from Twitter and Facebook “logins” at other sites. The Google Calendar-savvy BusyCal has already been updated to use OAuth, which allows two-factor logins, in its latest release.

Apple has suffered enough security stumbles in the last few years that it shouldn’t lag in this regard. The company has been behind the curve many times in ways that damage customers’ identities, online integrity, and safety. Apple needs to use its engineering prowess to solve this problem and solve it quickly. Google already has for its users.

Read and post comments about this article | Tweet this article


Google Drops Support for Standards-Based Chat

  by Glenn Fleishman: glenn@tidbits.com, @glennf
  2 comments

Google said recently that it will stop supporting XMPP (Extensible Messaging and Presence Protocol), which is used for instant messaging in Google Talk. A unified Google Hangouts service will extend and replace Google Talk over time, and doesn’t rely on XMPP, a protocol Google helped design and popularize. Immediately after the announcement, Google turned off “federated” access in Google Talk, which previously enabled Google users to communicate with those at non-Google XMPP servers. For Mac OS X users, this change reduces the utility of Messages, which — despite its many flaws — can act as a unified location for all text-based chat and some audio and video sessions.

XMPP had multiple purposes. It was a standalone messaging protocol that could be used for instant messaging as well as other kinds of signaling between individuals, software, and devices. XMPP servers are run by individuals and companies for their own social and business purposes, and by social networks (like Google Talk and Facebook) to provide instant messaging between members. Mac OS X Server includes an XMPP service. XMPP remains active for now in Google Talk, allowing the use of third-party software like Messages, but is not and will not be supported with Google Hangouts.

The protocol was also intended as a universal connector for chat services. Some services that had their own proprietary protocols and client software would allow XMPP connections and discovery. That makes it possible to use an XMPP client to talk with that proprietary service through a gateway to users within its network, as well as also communicate in a single logged-in session with other XMPP accounts on the local server and on other public XMPP servers. “Federation” of this kind between XMPP servers decentralizes authority, and puts more control in the hands of individual users as to how they interact with a network.

Google allowed such federation among other XMPP servers, and Google Talk users could be logged into Google’s Web app, Apple’s Messages, or other XMPP clients and see not only users on the Google Talk network, but also those on other XMPP networks. That feature was turned off on 15 May 2013 at the announcement of the transition to Google Hangouts.

Unfortunately, using a partly or fully “walled garden” approach — almost exclusively the case in the past and now coming around again — seems to give a competitive edge to a single company. Google can’t be criticized for moving to its own proprietary standard and locking out other software without also noting that Apple’s iMessage system blocks all third-party access and software, whether in iOS or on a Mac. Microsoft and Yahoo have been much more open about interchange, despite having tens of millions of active users on their networks.

The Electronic Frontier Foundation takes a stance that goes beyond the technical and competitive one, stating that Google switching from XMPP is bad news for user privacy, because open, competitive systems prevent any one party from making unilateral decisions about how they respect user privacy. And, while Google Talk lets you change one setting for all conversations to be “off the record” (not stored in a transcript on Google’s servers), Google Hangouts requires making that choice for every conversation every time you chat, even if it’s with the same person or people. (Google Hangouts also removes “presence,” where you set or allow software to show your current status of available, busy, away, and so forth.)

Apple’s Messages app isn’t limited to just iMessage, and includes prefabricated account styles for adding AIM, Google Talk (XMPP style), and Yahoo accounts, as well as generic XMPP accounts (which Apple still labels Jabber, the original XMPP chat service). The XMPP option lets you plug the values in for your local server or for Facebook and other public servers.

It’s possible to extend Messages on the Mac, too, as Steve Streza did with Project Amy, which ties App.net private messages directly into Messages as if it were just another chat service. (See “App.net Issues Passport iOS App,” 9 May 2013, for more on App.net.)

Just like Apple, Google wants control over the chat experience to further bind users to its network and its products (mostly advertising). By controlling the user experience, it can arguably ensure that it’s better, instead of being watered down to the lowest-common denominator required by XMPP. But the Internet abhors walled gardens, and it’s far past time to have a moat and keep the drawbridge up — whether with Google’s new move or Apple’s iMessage siege mentality.

Read and post comments about this article | Tweet this article


Apple Grilled Over Tax Practices

  by Josh Centers: josh@tidbits.com, @jcenters
  7 comments

On 21 May 2013, Apple’s CEO Tim Cook sat before a Senate panel, led by Michigan senator Carl Levin, that has accused Apple of legal, yet unethical methods of avoiding taxes in the United States.

Senator Levin has accused Apple of pursuing the “holy grail of tax avoidance,” saying, “They’ve created corporations that don’t exist anywhere for tax purposes.”

The Senate panel alleges that Apple paid only $4 billion in taxes on declared profits of $38 billion between 2009 and 2012, an effective tax rate of 10.53 percent — much less than the 35 percent corporate income tax rate in the United States. Also at stake is the more than $100 billion the company holds overseas that Apple says it will not repatriate due to a 35 percent tax rate for such transfers.

How is Apple avoiding so much tax, and why is it not illegal? There’s actually nothing new or extraordinary about it. Apple has employed a common tax-avoidance tactic called a Double Irish arrangement that it helped pioneer in the 1980s, according to Charles Duhigg and David Kocieniewski of the New York Times.

Make Mine a Dublin -- The Double Irish takes advantage of loopholes in Irish and U.S. regulations to avoid taxation in either locale. Apple and other multinational companies keep much of their holdings in Irish subsidiaries, which leaves much of the money in a “no man’s land” of taxation. Only a fraction is subject to Ireland’s modest 12.5 percent corporate tax rate.

The United States has only itself to blame for Ireland’s low corporate tax rate. After World War II, Ireland used U.S.-provided rebuilding funds to hire economic consultants from the United States. The consultants presented the Irish government with a lengthy report that briefly mentioned that Puerto Rico had successfully drawn in foreign corporations with low tax rates. Irish politicians seized on the idea.

But companies have moved beyond merely taking advantage of paying less to inland revenue. They’ve also invented other tricks to milk the shamrock, including:

Another trick Apple uses is borrowing money for things like its massive stock dividend and buyback program, despite being flush with cash. Overall, the interest rate on the loans is cheaper than the tax rate it would pay to repatriate the money. (See “Digging into Apple’s Financial Decisions,” 6 May 2013.)

The Villain of the Story -- Is there a place where fault should be laid for Apple engaging in these tactics, which are legal but fail the smell test? After all, any corporation making sufficient money uses one or more of these techniques, or others, to avoid paying America’s supposedly super-high 35-percent corporate tax. It appears only suckers pay that high rate, meaning smaller firms without the resources, or companies run by executives who find the legal behavior completely unethical in practice.

While Apple may have helped pioneer these techniques, like most Apple innovations, they’ve been copied by other companies. Microsoft, Google, Adobe, Facebook, General Electric, Johnson & Johnson, Oracle, and Eli Lily are just a handful of the companies that take advantage of Ireland’s temperate climate, rolling hills, and questionable laws.

Nor is Apple even the most egregious offender. In a study by NerdWallet for the 2011 tax year, Apple placed third lowest in effective tax rates, behind Exxon Mobil and Chevron. Exxon Mobil and Chevron paid only $1.5 billion on earnings of $73.3 billion and $1.9 billion on $47.6 billion to the United States, respectively, while Apple paid $3.9 billion. But General Electric makes its peers look like amateurs. In 2010, it paid no taxes on worldwide revenue of $14.2 billion. In fact, it received a refund of $3.2 billion from the United States government!

Cronyism is a better target for ire, as Congress has established all kinds of special tax advantages and loopholes through lobbying by high-dollar industry donors. Now the chickens are coming home to roost. Meanwhile, Ireland has lowered tax rates and turned a blind eye to funky accounting because it benefits from these shenanigans. The country denies any fault. Eamon Gilmore, Ireland’s deputy prime minister, has said, “Ireland doesn’t negotiate special tax rate deals with any companies.” That may be technically correct, but Ireland certainly provides all the tools companies need to avoid as much tax as possible. Other European Union Leaders, such as British prime minister David Cameron, have called out Ireland on their practices.

Why is Apple being singled out here, when there are far worse tax dodges operating in the United States? Perhaps it’s because Apple has such a high profile, or maybe it’s because John McCain wanted an excuse to lambast Tim Cook for having to update the apps on his iPhone constantly. Some have even suggested that Apple is being shaken down for its lack of congressional spending. There might be at least a hint of truth to this, as Apple has been slowly, but steadily, increasing its lobbying expenses, which used to be minimal.

To be fair, Senator Levin’s committee has, in the past, grilled Microsoft and Hewlett-Packard on their tax avoidance strategies. But Google has been an odd exclusion, despite the fact that its use of these same techniques has cost the United States at least $60 billion in tax revenues, and the search giant has been called out in Europe for its practices.

These methods may stink, but they are different from dodgy tax shelters employed by high-worth individuals and some companies that rely on sham transactions, which are often found illegal. Such tax dodgers are later forced to pay tax and penalties, and may also face jail terms.

Apple and other companies would likely be just as criticized by analysts for not using tax options available to them, as well as receiving complaints from shareholders — which include over half of all American households through direct investment, mutual funds, index funds, and pension plans. The directors of public companies are not, contrary to urban financial myth, legally required to maximize shareholder value. No such law compels them.

But shareholders have an increasingly active voice in corporate America, despite attempts to ignore them, and even the famously impassive Apple recently blinked. Activist investor David Einhorn successfully threatened Apple with a lawsuit over not sharing enough of its cash hoard with investors, and Apple responded by increasing its share buyback program and raising dividends.

As Kentucky Senator Rand Paul said at the hearing, “If anyone should be on trial here, it should be Congress. I frankly think the committee should apologize to Apple. The Congress should be on trial here for creating a Byzantine and bizarre tax code.” While Tim Cook and Apple should shoulder part of the blame, they are also working inside a convoluted system that practically demands abuse. Apple’s written statement to the Senate proposes tax reforms that would lower corporate income taxes, eliminate corporate tax expenditures, and implement a “reasonable” tax on foreign earnings so the company can bring its money back home.

Also in the statement, Apple counters claims that it doesn’t pay taxes on foreign earnings, saying, “Apple has substantial foreign cash because it sells the majority of its products outside the U.S. International operations accounted for 61 percent of Apple’s revenue last year and two-thirds of its revenue last quarter. These foreign earnings are taxed in the jurisdiction where they are earned (‘foreign, post-tax income’).”

Despite that, it’s evident that Apple makes as much of its revenue as foreign as it can. The question Congress must answer is how much of Apple’s legitimate foreign income belongs to the United States, and what measures will make Apple most likely to give it up?

Maximizing Taxpayer Value -- Instead of making Apple, or any company, the whipping boy, Congress should instead work on identifying the loopholes it has created, and how to close the ones it has missed. Furthermore, instead of asking companies why they’re bending the law, Congress should instead ask how business and government can work together to create a better situation for all. The fact is that businesses exist across borders, and our global economy means even the United States government has to compete.

The current system is a broken mess that benefits no one. We the people lose untold billions in tax revenue, while companies like Apple are throwing massive resources behind these insane, cockamamie schemes that lock their liquidity behind green bars. While I’m the last person to assume good faith from a multinational corporation, it’s just common sense that these tricks are a headache for Apple. Create a better business environment and everyone wins.

Read and post comments about this article | Tweet this article


Keyboard Maestro 6 Automates Web Pages, Adds Macro Syncing

  by Adam C. Engst: ace@tidbits.com, @adamengst
  9 comments

I’m always amazed when I see someone who considers themselves a Macintosh power user not using a macro utility like Keyboard Maestro. After all, computers excel at performing boring, repetitive, and tedious tasks perfectly each time, and do so far faster than we could do them ourselves manually. Don’t assume that such automation requires programming, though, at least beyond the most obvious of levels in which you tell the computer to perform Action A, followed by Action B, and so on.

In fact, many of my macros are utterly simple and obvious — I could type “cheers... -Adam” at the end of every email message I send, or I could press Control-period. Just because I’m saving only a few seconds doesn’t mean that it’s not worthwhile, when added up over tens of thousands of messages. Similarly, as much as I love LaunchBar, opening BBEdit with the F1 key triggering a Keyboard Maestro macro is a third of the work of LaunchBar’s Command-Space, B, Return. Those infinitesimal bits of time are like the energy drain from glowing lights on otherwise inactive electronics — meaningless in the individual instance, but vast in their overall impact.

Other macros do non-trivial bits of work for me and tie together multiple programs, often in ways that aren’t possible with AppleScript or Automator. For instance, one macro expertly alternates between simulating Tab and Command-C in Firefox to copy specific fields from a Web page used to build pages on the Take Control site. Another macro juggles that copied text and pastes it into the associated fields in the iTunes Producer app for submission to the iBookstore. It’s just copying and pasting between two apps, but Keyboard Maestro turns an annoying and error-prone task into an entirely accurate set of steps that takes only seconds.

So, point one: Keyboard Maestro rocks, and if you’re not using it, I can guarantee you’re wasting time (Keyboard Maestro even estimates how much time you’re saving — I’m up to 880 hours since the calculation appeared in 2008). Point two: Keyboard Maestro 6.0 is now out for OS X 10.8 Mountain Lion, and Peter Lewis of Stairways Software has added a cornucopia of welcome new features, some of which simply make Keyboard Maestro easier to use, whereas others extend its capabilities.

More Powerful -- Here’s where the macro rubber meets the road — Keyboard Maestro’s triggers and actions. In short, an action is something Keyboard Maestro can do (type text, switch applications, change the sound volume), and you combine actions together into macros. You invoke them with triggers, the most common of which is the simple hotkey trigger composed of a normal key plus one or more of the Command, Control, Option, and Shift modifier keys. Keyboard Maestro has around 200 actions and 16 triggers, and version 6 introduces important new entries for both.

There are four new triggers that will have long-time Keyboard Maestro users immediately pondering new possibilities. You can now invoke macros when a USB device is attached or detached — imagine having certain software launch when you turn on your scanner or plug in a Garmin GPS. And what about when a wireless network is connected or disconnected? That trigger lets you detect location changes, so when you connect to your office network, Keyboard Maestro automatically sets your network location (a new action!) and mounts the shared file server. Other new triggers can fire macros when a volume is mounted or unmounted and at the launch of Keyboard Maestro’s background engine process.

In terms of actions, new ones include the capability to show a menu, search through a variable or named clipboard using regular expressions, copy named clipboards, display notifications in Notification Center, access keychain passwords, sleep and wake screens, and more. If there’s an action you want that’s not available, you (or someone with scripting skills) can create it as a Plug In Action, which is basically an AppleScript or shell script. Previously, Keyboard Maestro has let you embed AppleScript or shell scripts in macros, but Plug In Actions are more powerful and convenient, and can be contributed back to the community.

The big news with actions, though, is that Keyboard Maestro now includes a slew of Safari and Google Chrome actions that let Keyboard Maestro read from, and write to, Web pages. Along with working with windows and tabs, Keyboard Maestro 6 can click links, wait for pages to finish loading, get and set fields, submit or reset forms, focus or select fields, execute JavaScript, and much more. I’ve already used this to create a macro that looks up selected text (in any app) in the Web-based management page for the TidBITS Publishing System, a fussy task that previously required copying text, loading a page in a Web browser, and pasting into a search field. Another macro sucks the current URL out of Chrome and pastes it wherever I am, since I need to send people URLs all the time, and a variant does the same thing but formats it as a Markdown link for when I’m writing TidBITS articles.

I mentioned named clipboards briefly a moment ago, which might have been confusing unless you know that Keyboard Maestro is also a powerful multiple-clipboard utility, and it enables you to create and work with named clipboards that don’t lose their contents as soon as something new is copied, as does the main system clipboard. I adore Keyboard Maestro’s clipboard history, which lets me go back in time to access data that I copied previously, and I’ve even made a macro that simply pastes the second-to-last item on the clipboard, since I find I often need not just the last thing I copied, but the thing before that. Keyboard Maestro 6 extends clipboard functionality largely in terms of supporting styled text, which is now preserved when working with clipboard contents.

Easier to Use -- The hardest part of building complex macros is working your way through each step, making sure it does the right thing (you can have Keyboard Maestro record your actions, but it tends to rely too heavily on brittle mouse clicks and keystrokes). New in Keyboard Maestro 6 is a macro debugger — choose Start Debugging from the Keyboard Maestro menu bar icon — that enables you to step through your entire macro, one action at a time. That’s huge, and was something I used a lot while creating Automator workflows, but missed until now in Keyboard Maestro. There are also debugger actions that can be worked into macros as you’re feeling your way into building them.


When you become dependent on your Keyboard Maestro macros, there’s nothing more annoying than using a system that doesn’t support them (the lack of my Control-period signature nags me whenever I use the Chromebook Pixel to write email — alas, Chrome OS has nothing comparable to Keyboard Maestro). And even on my MacBook Air, having my macros out of sync causes frustration, so I’m particularly happy that Keyboard Maestro 6 adds macro syncing via Dropbox (or any other file-sharing service that can make a single file available to multiple Macs). I put mine in ~/Dropbox/Application Support/Keyboard Maestro to match BBEdit’s use of an Application Support folder in Dropbox. Macro syncing is trivial to turn on — just select Sync Macros in the General pane of Keyboard Maestro’s Preferences window, and then choose either to create a new sync file (which you’d do from your main Mac) or open an existing one, overwriting any previous macros (which you’d do from a secondary Mac). After that, it just works, with changes on either automatically reflected in both places.

Another pain point for heavy Keyboard Maestro users is coming up with memorable hotkey triggers. It’s all too easy to have Control-C, and Command-Control-C, and Command-Control-Option-C, and so on. Keyboard Maestro 6 addresses this with the new Trigger by Name palette, and with an improved Conflict palette. For the former, just press a hotkey (it’s just another macro) and Keyboard Maestro displays a palette with a text entry field. Type a few characters and Keyboard Maestro shows just the macros whose names match. Select one and press Return to activate it. It’s a little like LaunchBar, without the learned abbreviations. (That’s a good idea for a future version of LaunchBar — invoking Keyboard Maestro macros!) The Conflict palette works similarly — assign the same hotkey trigger to multiple macros and when you invoke it, the Conflict palette lets you filter the list by pressing highlighted keys and then executes either the last one showing or one you click.


Finally, Keyboard Maestro 6 offers several aesthetic improvements. Most notably, a new Icon Chooser (available from Window > Icon Chooser while viewing the Keyboard Maestro Editor window) lets you pick and create new icons for macros and macro groups. It’s almost overkill for a utility you interact with visually so infrequently, though the icons do appear in the Keyboard Maestro Editor and in all palettes (apart from the built-in palettes discussed just above, you can create macros that are invoked only by a click in a custom floating palette). Especially clever is the way you can create your own icons by choosing a shape and embedding some text or an emoji picture in it. One last note — for those using Retina display-equipped Macs, Keyboard Maestro now has Retina-friendly graphics, but even Peter Lewis likens Retina support in Keyboard Maestro to putting lipstick on a pig.


Give It a Try -- Seriously, there are few programs I recommend as strongly as I do Keyboard Maestro, because nearly every Mac user I’ve ever watched could use it. I know not everyone is as concerned about speed and efficiency as I am, much as it pains me to say that, but along with the satisfaction of knowing that I’m not wasting time working for my Mac, there’s a certain joy in feeling as though I’m conducting an orchestra of apps, with the overall macro performance being greater than the sum of each mundane action.

So give Keyboard Maestro a try, if you can think of anything you do that seems tiresome or unnecessary. Even one of our staff members, who shall remain nameless, immediately installed Keyboard Maestro 6 after Tonya mentioned in our internal discussion that she had made macros for accepting changes in a selection in Pages, for creating a new comment and arrowing down to avoid deleting the timestamp, and for inserting a new comment with boilerplate text that reminds her to return to that spot later. You undoubtedly won’t want the same macros we do, but if any of the examples I’ve strewn throughout this article resonate with you, perhaps Keyboard Maestro can earn a spot on your hard disk as well.

There’s a demo version of Keyboard Maestro you can test out, and if you decide to buy, new copies are only $36 (with 20 percent off for TidBITS members), and you can use it on up to five of your own Macs. Upgrades from copies of Keyboard Maestro 5 purchased after 1 October 2012 are free; if you purchased before October 2012, the upgrade costs $18 through 31 July 2013 and $25 after that. Upgrades from previous versions of Keyboard Maestro are all $25. Because Apple’s sandboxing requirements would render Keyboard Maestro powerless, it isn’t available in the Mac App Store, but before Apple got all retentive about such things, it was, and if you purchased Keyboard Maestro 5 through the Mac App Store, you can convert to a direct license and upgrade by clicking the Mac App Store Version text in Keyboard Maestro’s About dialog. Keyboard Maestro 6 does require OS X 10.8 Mountain Lion; older versions remain available and version 6 licenses work with version 5.

[Disclaimer: I designed the Mac EPUB reader Bookle with Peter Lewis of Stairways Software, and although we share in the proceeds from that program, I have no financial interest in any other Stairways applications, including Keyboard Maestro. Peter’s need to focus on Keyboard Maestro stalled further work on Bookle; if anyone knows of a developer interested in taking over Bookle development, let me know. -Adam]

Read and post comments about this article | Tweet this article


FunBITS: Marvel Unlimited App a 97-pound Weakling

  by Josh Centers: josh@tidbits.com, @jcenters
  1 comment

Marvel Comics has always held a special place in my heart. One of my earliest memories is of my mother reading me a Spider-Man comic book as she put me to bed. In fact, I even remember the exact issue: Spectacular Spider-Man #145, published in December 1988, featuring the villain Boomerang.

My involvement with comics grew even more in the ’90s, with Jim Lee’s X-Men, the summer-long Spider-Man Maximum Carnage event, Todd McFarlane’s Spawn, and of course, Batman. It was a great time to be a comic nerd, with trading cards, card games, action figures, Wizard Magazine (RIP), and a seemingly endless stream of new titles and story lines.

But then, somewhere around the end of the decade, I lost interest. It wasn’t due to a sudden burst of maturity (far from it), but rather a string of ridiculous, disheartening story lines (Spider-Man’s clone from the ’70s has returned, but it was the real Spider-Man after all!) that became increasingly hard to follow. You might have to buy eight or more comics to see a story arc all the way through, like Age of Apocalypse. It became such a mess that Marvel eventually spun off the alternate Ultimate Universe in an attempt to start with a clean slate that wouldn’t overwhelm new readers.

I wasn’t alone in my waning interest. Marvel filed for bankruptcy in 1996, and in the 2000s, comic books, once a mainstay of practically every retailer in America, even supermarkets, vanished from the shelves and were relegated to book stores and comic book shops. Comic books went from being a common childhood pastime to being something only “enthusiasts” (i.e., freaks) pursued.

Even after the success of Marvel’s movies, such as Iron Man, I didn’t spot many kids reading the comic books that spawned their favorite superhero movies. The comic book seemed like a dead art form…

…until the iPad came around. All the major comic publishers smartly teamed up with the ComiXology service, which made buying and reading digital comics a joy, whether on the Web or the iPad. The free ComiXology app is great. Page loads are fast, and it even includes a Guided View feature that zips from one enlarged panel to the other, making the most out of the iPad or even iPhone screen.

But cost is still a factor. Most issues on ComiXology cost $2, with frequent $1 sales on back issues. That sounds cheap on the face of it, but when you consider that I can read an issue in 15 minutes and still be left wanting more, you’re talking an addiction that can rival cocaine or Fabergé eggs in cost! “Why, oh why,” I asked, “in this day and age of Netflix and Rdio, can’t I just subscribe to a cornucopia of comic books for a low monthly price?”

The fact is that you’ve been able to do just that for a while now. Marvel Unlimited has existed as a Web service since 2007. But Marvel made the unfortunate decision to build their service on Adobe Flash, which gave it the double whammy of a subpar desktop experience coupled with a complete lack of compatibility with iOS devices. And who wants to read comic books on a desktop or laptop computer, anyway? (You could conceivable hold a MacBook sideways to read, but you’d be taking a chance with an expensive piece of hardware.)

Marvel seemed to have finally gotten the hint in March 2013, when it released the Marvel Unlimited app for iOS. Now, you can access an enormous back library of the Marvel Universe from the comfort of your couch for only $9.99 per month or $69.00 per year! Excelsior!

But hold on before you click that subscribe button, True Believer. Unfortunately, Marvel has once again made some unfortunate choices that make Marvel Unlimited rather… limited.

For one, Marvel chose to base the app on HTML5, and while I don’t know whether HTML5 or just poor implementation is to blame, the result is a slow, clunky experience. Page turns are unresponsive, pages sometimes take ages to load, and the app just feels clumsy. To add insult to injury, while the Web app now provides an HTML5 reader, it’s available only to paying subscribers, meaning you need Flash to view samples and free issues (thanks to Jason Snell, Editorial Director of Macworld, for cluing me into that). Marvel would attract customers more successfully by putting their best face forward. Instead, potential subscribers are shown the worst of two worlds: HTML5 on mobile, Flash on the Web.

Once you’ve loaded a comic, the interface is minimal. Controls are hidden until you tap the screen, or more realistically, tap the screen multiple times before it responds, at which time the controls slowly appear. You have a tracking bar that lets you navigate an issue “quickly,” an information button to see credits for the issue, and a button that lets you change the page layout. You can choose between a one or two-page layout, or Marvel’s own implementation of Guided View, called Smart Panels. However, the Smart Panels are not nearly as clever as ComiXology’s Guided View, breaking the page up in weird, often unreadable ways.


The sluggish interface is bad enough, but what’s worse is that Marvel has done a much poorer job of cropping pages than ComiXology. The result is excessive whitespace around the content, which effectively shrinks the text, making it harder to read. The difference is small, but makes a huge impact on readability. (See what I mean in the screenshot below, with Marvel Unlimited on the left, ComiXology on the right.) Admittedly, I’m reading on a non-Retina iPad 2, but that’s never slowed me down when reading in ComiXology. Sure, you can pinch to zoom in, but the page-turning algorithm doesn’t adapt to the content width, leading to a maddeningly slow page bounce when you turn a page.


Marvel Unlimited requires a persistent Internet connection, but the app allows you to save up to six issues on your device for offline viewing. While this is nice, and something Netflix could mimic, six issues is not enough. I could blow through that many in the first hour of a long airplane trip. Needless to say, there’s no way to read the comics downloaded via the Marvel Unlimited app in any other comic-reading app.

I would love nothing more than to be able to recommend Marvel Unlimited, since $69 a year is a bargain to gain access to the Marvel back catalog, even if issues from the last six months have been withheld (I’m more interested in catching up and reading previously unexplored titles, than in staying up with the latest fictional happenings). But as the app currently exists, it’s an exercise in frustration and disappointment. I’m not alone in this view; as of this writing, the Marvel Unlimited app has a rating of only two stars in the App Store.

The entire effort seems half-hearted, and I suspect there’s a reason for that. It’s a well-known fact that subscription services bring in less revenue than a comparable number of outright sales, but Marvel has to realize that it’s now competing not only against DC and Image, but also against myriad other forms of entertainment and BitTorrent. One could easily download an entire comic collection from an aquatic-themed BitTorrent site, load it into any of the iPad’s excellent comic readers, and be reading in a matter of minutes. That’s what Marvel’s up against, and Marvel Unlimited has to improve if it doesn’t want to have sand kicked in its face by all the other comic apps.

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 3 June 2013

  by TidBITS Staff: editors@tidbits.com

Napkin 1.1 -- Aged and Distilled has released Napkin 1.1 with a new automatic guide feature added to the visual communication and screenshot tool (reviewed earlier this year by Josh Centers; see “Napkin Offers a Fresh Take on Visual Communication,” 16 February 2013). A temporary visual guide is now displayed when moving or resizing a Napkin item, and its edges and center point snap to other items on a napkin. You can turn off the automatic snapping by holding the Command key when moving or resizing. The update also fixes a crash that occurred when deleting an image from a napkin that contained a Call-Out, and patches some small memory leaks. ($39.99 new from the Mac App Store, free update, 8.6 MB, release notes)

Read/post comments about Napkin 1.1.

Evernote 5.1 -- With the release of version 5.1 of its information management app, Evernote adds a native reminders feature that enables you to set both in-app and email alarms. As Federico Viticci notes in his excellent overview at MacStories, Evernote’s new reminders are no replacement for hardcore GTD (Getting Things Done) practitioners, but at least the app now enables you to track task-related notes to completion.

Clicking the new clock icon at the top of a note (just to the left of the share button) does two things: it sends the title of the note to a new Reminders section placed at the top of the notebooks pane, and it offers you the option to add a due date. If no date is set, the title of the note remains in the Reminders section, but you’ll be missing out on the “remind” portion of this new feature (you can return to the note later to add a due date).


Reminders are also separated by notebook (if you have multiple notebooks), with your complete collection of reminders appearing when you select All Notes. Finally, you can opt to have Evernote send a list of the day’s reminders via email, which is received early in the morning on the due date. The email option is presented when you first open Evernote 5.1, and you can adjust this setting later in Preferences.

The Mac release also adds enhanced XAuth security, redesigns the vertical list view to display more notes on your screen, adds new Superscript and Subscript text styles, and makes some unspecified improvements to copy and paste. In conjunction with the Mac release, Evernote for iOS (version 5.3) also receives the new reminders capabilities. (Free from Evernote or the Mac App Store, 40.8 MB)

Read/post comments about Evernote 5.1.

KeyCue 6.5 -- Ergonis has released KeyCue 6.5 with improvements that make looking up keyboard shortcuts quicker. The update uses a new internal drawing order that improves the shortcut tables appearance and a new menu scanning technique to make it easier to scan deeply nested bookmarks in Safari. Other improvements include better compatibility with OS X 10.8 Mountain Lion and FileMaker 12, recognition of the “fn fn” shortcut to start dictation on Mountain Lion, and refined diagnostic messages when applications with incorrect menu structures are detected. KeyCue now also avoids beeping if you dismiss the shortcut table with the Escape key, and you can check for updates from KeyCue’s menu bar icon. Finally, Sibelius users will appreciate a downloadable set of extended shortcut descriptions for the music notation software (available from Ergonis’s download extras Web page), which can be imported into KeyCue to reveal 272 hidden keyboard shortcuts. (€19.99 new with a 25-percent discount for TidBITS members, free update, 2.6 MB, release notes)

Read/post comments about KeyCue 6.5.


ExtraBITS for 3 June 2013

  by TidBITS Staff: editors@tidbits.com

We have a heaping helping of ExtraBITS this week, including the death of the Camino browser, the EFF’s fight for podcasting, Apple’s cheaper iPod touch, Tim Cook’s grilling at D11, Glenn Fleishman’s purchase of The Magazine, and copyright in space. We ask whether Internet access is a human right and what effect electromagnetic fields have on humans. We also wanted to share pointers to a number of our own articles that didn’t fit in this week’s issue: a preview of the next generation of the Opera Web browser, the new Analog Camera app for the iPhone, how to move a Dropbox folder to another disk, the proper pronunciation of GIF, and Macworld’s ideas for Apple.

The End of the Line for Camino -- After more than 11 years, development on the open-source Camino Web browser has ended. Back in the dark ages of Mac OS X, before Safari and Chrome, the Camino Project was established to graft a Mac-native interface onto Mozilla’s Gecko rendering engine. Many of Camino’s developers were later hired by Apple and Google to work on their respective browsers. Web browsing on Mac OS X wouldn’t be what it is today without Camino, and for that, we thank the developers, salute them, and wish them the best in whatever they do next.

Read/post comments

Help the EFF Save Podcasting -- The Electronic Frontier Foundation is asking for your help to fight a patent troll who wants to kill podcasting. Personal Audio claims to have a patent on key podcasting technologies, and has been legally threatening many podcasters, including Adam Carolla and HowStuffWorks. Though the EFF has already raised over $60,000 as of this writing, beating its $30,000 goal in under 10 hours, legal fees can get expensive, and they need all the help they can get. So if you love podcasting, or just hate patent trolls, consider supporting their cause!

Read/post comments

Apple Releases Cheaper iPod touch -- Apple has released a new 16 GB variant of the fifth-generation iPod touch, which features a Retina display, but lacks a rear-facing camera and a loop attachment. The “new” model replaces the 16 GB fourth-generation model, which was still being sold. The fifth generation of iPod touch was unveiled in September 2012, starting at 32 GB of capacity for $299.

Read/post comments

Liveblog of Tim Cook’s Appearance at D11 -- Apple CEO Tim Cook sat down with Walt Mossberg and Kara Swisher to kick off the 11th D: All Things Digital conference. Though Cook was, as usual, careful not to give too much away, he called television an “area of great interest.” Cook also expressed an interest in wearable computing, though he dismissed Google Glass in favor of wrist-based solutions, and he suggested that Apple will make iOS more open to third-party developers in the future.

Read/post comments

Glenn Fleishman Buys The Magazine from Marco Arment -- Our own Glenn Fleishman has purchased The Magazine from its creator, Marco Arment, after having served as executive editor since the second issue. Arment launched The Magazine in October 2012 as an iOS-exclusive, general-interest magazine for geeks. Arment also recently sold another creation of his, Instapaper, leading to questions about his future plans. However, there are few questions about Glenn’s plans for The Magazine: they include a Web site redesign, a refresh of the app, and an upcoming podcast.

Read/post comments

In Space No One Can Hear You Violate Copyright, or, Copyright Control to Major Tom -- Canadian astronaut Chris Hadfield wowed the world with his haunting zero-gravity performance of David Bowie’s “Space Oddity” from the International Space Station, but how did he avoid the copyright cops when he landed on terra firma? The Economist’s mysterious “G.F.” breaks down the potential complications and pitfalls of copyright in space. While Commander Hadfield secured the rights from Bowie long before blasting off, does interplanetary war erupt if a Martian downloads “Game of Thrones” from BitTorrent?

Read/post comments

Arguing that Internet Access Is a Human Right -- In the Communications of the ACM, Cornell professor Stephen Wicker responds to a 2012 New York Times editorial by Google Chief Internet Evangelist and ACM President Vint Cerf that posits that Internet access is not a human right. In disagreeing, Wicker argues that a human right comprises both an “abstract expression of the right and some means for enabling that right,” and goes on to point out that the consequences of the Internet meriting human right status include non-discriminatory access to a wide variety of ISPs and support for common carrier rules that prevent ISP blocking or discrimination based on content.

Read/post comments

Mark Morford on the Nocebo Effect with Electromagnetic Fields -- Prompted by a study in the Journal of Psychosomatic Research about perceived sensitivity to electromagnetic fields, columnist Mark Morford of SFGate.com has penned a powerful commentary about why some people may suffer very real symptoms from seeming exposure to radio waves from Wi-Fi gateways and cell phones. He doesn’t dismiss either the severity of these symptoms or the fact that there are innumerable aspects of modern life that have been proven detrimental to human health, but emphasizes that we similarly cannot discount the power of suggestion or conviction.

Read/post comments

Opera Releases Chromed Preview of Next Browser -- Opera Software released a preview version of its Opera 15 Web browser with a smattering of new features. But the big news is this is the first version of Opera to use Blink, the new Chromium-based rendering engine, after ditching its home-brewed Presto engine. If you’re a long-time Opera user, you may find that Opera Next is missing some features and plug-in compatibility, so read the full story to find out about the changes.

Read/post comments

Putting Analog Camera in Your iPhone -- Does the iPhone need yet another photo filter app? Realmac Software’s Analog Camera makes a persuasive argument for why it should take over from similar apps. Analog Camera features a unique, gesture-based interface that makes taking and editing photos fast and fun.

Read/post comments

How to Relocate a Dropbox Subfolder to Another Disk -- Jeff Carlson wanted to use Dropbox’s Camera Upload feature for automatically copying photos from iOS devices, cameras, and memory cards, but doing so would fill up his 256 GB SSD with image files. Instead, he created a symbolic link (symlink) in Mac OS X to relocate the Camera Uploads folder to a separate volume.

Read/post comments

GIF Creator Says “Jif,” Once Again -- Steve Wilhite, the inventor of the Graphics Interchange Format (GIF), received a Webby Award for lifetime achievement. He reiterates that he intended it to be pronounced like “jif.” (Not to be confused with the peanut butter.)

Read/post comments

Macworld’s Ideas to Improve Apple Products -- Macworld is on a winning streak of constructive suggestions for how Apple could improve the products we all rely on every day. Josh Centers takes a look at some of their best ideas.

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Apple Internet community. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2013 TidBITS; reuse governed by this Creative Commons License.