TidBITS#1219/14-Apr-2014

Thousands of prominent Web sites — including Yahoo, Dropbox, Instagram, Netflix, and Minecraft — have proved vulnerable to the recently discovered Heartbleed bug, called “catastrophic” by a leading security expert. TidBITS Publisher Adam Engst teamed up with Security Editor Rich Mogull to explain the bug and what it means for normal Internet users. A more staid risk of computer use is neck strain, a problem that the ultra-portable Roost laptop stand seeks to solve — coffee shop patron Jeff Carlson offers an in-depth look. If you spend most of your time in places with Wi-Fi access, you may be able to avoid paying for a mobile phone entirely; we explain how to use an iPod touch or iPad as a phone. Josh also shares his impressions of being a Macworld Expo newbie, and in this week’s FunBITS, he reviews the new iPad adaptation of previous pick FTL: Faster Than Light. Notable software releases this week include OmniOutliner 4.0.4, PCalc 4, FileMaker Pro and FileMaker Pro Advanced 13.0.2, and BBEdit 10.5.10 and TextWrangler 4.5.8.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

The Normal Person’s Guide to the Heartbleed Vulnerability

  by Adam C. Engst: ace@tidbits.com, @adamengst, Rich Mogull: rich@tidbits.com
  23 comments

By now, it’s likely you’ve heard about the Heartbleed Internet security vulnerability, which has made headlines around the Web, albeit often with a level of hyperbole and technical detail that makes it difficult to evaluate. Let’s assume you’re not a system administrator, or in charge of a bank or ecommerce Web site (if you are, go read Troy Hunt’s write-up). What do you, as a normal user of the Internet, need to know, and more importantly, need to do? Thanks to our security editor, Rich Mogull of Securosis, for the bulk of this information.

What is the Heartbleed bug? -- It’s a security vulnerability that was introduced to OpenSSL about two years ago. OpenSSL is one of the most common software applications for implementing encrypted (SSL/TLS) connections to Internet servers; these are the secure https connections that we all rely on to protect our communications when shopping, banking, and working with confidential information. SSL/TLS is used by more than just Web browsers too; lots of Mac and iOS apps rely on it behind the scenes as well.

The Heartbleed bug enables an attacker to read parts of the memory of a server directly, assuming it’s running a vulnerable version of OpenSSL and is configured in a certain way. Security researchers have shown that the bug can be exploited to reveal usernames and passwords, encryption keys, and anything else that’s transmitted or stored in the server’s memory.

How bad is Heartbleed? -- We won’t lie — it’s extremely bad, and among the worst security bugs we’ve seen in recent history. It enables attackers to break encryption and potentially access other sensitive information from the server. Worse, it does so invisibly, so Web site administrators can’t go back and check logs to see if the site has been attacked in the past.

Security expert Bruce Schneier calls Heartbleed catastrophic, saying “On the scale of 1 to 10, this is an 11.” Half a million sites may be vulnerable to the bug, according to Netcraft, although some later discussion suggests that the number may be smaller than initially believed. With this tool from Filippo Valsorda, you can test sites you use regularly, although negative results may not mean anything, since conscientious system administrators are installing a new version of OpenSSL that patches the bug quickly. For a more complete testing tool, check out the SSL Server Test from Qualys SSL Labs.

On the plus side, our Web sites for both TidBITS and Take Control are unaffected by the bug, and eSellerate, which runs our Take Control cart, tells us that their servers have never been vulnerable to Heartbleed.

Do the bad guys (or the NSA) now have my passwords? -- Maybe. Bloomberg reported that the NSA has been exploiting the Heartbleed bug for several years, although the White House denied any prior knowledge of the bug.

We don’t yet — and may never — know if anyone else has been exploiting the Heartbleed bug to harvest information before it became public on 7 April 2014. But because the bug is now public, you should assume that any vulnerable Web site is under active attack, and if you have logged in since the bug was exposed, it’s best to assume that someone may have your password and potentially any other data you transmitted in that session.

We realize that’s incredibly paranoid, but we have no way to know which sites attackers are watching. And don’t get the impression that Heartbleed requires a person to do the watching; any online criminal or intelligence agency worth its salt would be automatically hoovering up as much information as possible.

Should I change my password at every major site I use? -- No. Only change your password if both of the following are true:

Heartbleed is a live exploit, which means changing your password on an unpatched site is more likely to expose it than doing nothing. Avoid vulnerable sites until you know they are fixed, and then go back and change your password. We expect responsible sites will notify their users once they are no longer vulnerable and will make all users change their passwords. That’s the other reason not to change your password now; if the site is vulnerable, you’ll just have to change it again once they patch their servers. Mashable has a list of major sites and whether or not they were affected.

What if I logged in the day before Heartbleed was public? -- There are two ways your password on a particular site could have been exposed before Heartbleed was revealed to the public:

Are my passwords stored in 1Password or LastPass safe? -- Yes, stored passwords are safe. In the case of the 1Password application from AgileBits, there’s no need to worry at all, since 1Password isn’t built on SSL/TLS in general, nor upon OpenSSL in particular.

LastPass requires more explanation, since the service is Web-based and the company’s servers do rely in part on OpenSSL. In fact, until LastPass patched its servers (shortly after learning about Heartbleed), Filippo Valsorda’s tool would have shown lastpass.com as vulnerable. But that’s deceiving, because the LastPass browser extensions actually encrypt all your sensitive data with a key that LastPass’s servers never see, so your data is never transmitted using SSL without first being encrypted with this additional key. So even if a bad guy was eavesdropping on LastPass’s servers, breaking the SSL encryption would reveal only more encrypted data. So, no need to worry about that. As an aside, LastPass has incorporated a Heartbleed vulnerability check into the service’s Security Challenge feature.

There are many other password management tools out there, and if you use something other than 1Password or LastPass, check your utility’s site and see what the company is saying on its blog or support pages. And if the company isn’t sufficiently transparent to comment on the issue, we recommend looking for a different tool.

What should I do? -- Right now, unless you are a server administrator, there isn’t much you can do. Test important sites you are worried about, and don’t log into those that are vulnerable until they are patched. Keep an eye on your email inbox, and as you get notifications from affected sites telling you to reset your password, do so. As always, if you’re concerned about the possibility of phishing, enter the site’s URL directly into your browser rather than clicking a password reset link. Yell at any vulnerable site that doesn’t patch in the next few days.

If you are a server administrator of a vulnerable site, install the OpenSSL patch, revoke old SSL certificates, and generate new certificates and private keys. Do it yesterday.

There is a lot of hyperbole out there right now. Yes, Heartbleed is as bad as it gets for those of us who manage servers or are in the security industry, but the practical risk to most people isn’t the worst thing we’ve seen on the Internet. That said, we’re not complaining about the hyperbole, because it helps us pressure the people that do manage the servers to fix them as soon as possible.

In short, the Internet isn’t melting down, but the people who manage vulnerable systems probably won’t be sleeping for a while. If you have other questions, feel free to ask them in the comments, and we’ll do our best to answer them and update this article as appropriate.

Read and post comments about this article | Tweet this article


Sit Up Straight for the Roost Laptop Stand

  by Jeff Carlson: jeffc@tidbits.com, @jeffcarlson
  4 comments

As someone who frequently works on my MacBook Pro in coffee shops, I see all sorts of unusual computer configurations. Yes, there are plenty of laptops and iPads, but occasionally I’ll see someone parked at a table with elaborate risers, keyboards, and equipment better suited to a regular office. And yes, I’ve seen people set up desktop PCs, flat-screen monitors, and even a laser printer once.

I don’t begrudge people their work styles (well, the desktop PC is taking things too far), because my needs are simple. I don’t want to carry more weight than I need to, and I try not to be the type of squatter who makes coffee shop owners lament providing tables in the first place.

When I was introduced to the Roost at Macworld/iWorld 2014, I was skeptical. The Roost is a spindly looking laptop stand that lifts the screen almost a foot above a table surface. Its purpose is to get the screen at a better eye level, so you’re not just another neo-Quasimodo hunched over a laptop screen (which exacerbates back and shoulder fatigue).


In fact, I didn’t go back to the booth until Richard Ford at Insanely Great Products encouraged me to check out the Roost’s design and materials (Richard builds all his own products, so he knows this stuff). Calling the Roost a “stand” might even give you the wrong impression. Instead of supporting the laptop’s weight at the front edge (below the trackpad), the Roost balances the computer at the hinge using curved tabs made of the same material as guitar picks, a plastic called Delrin. (Check the compatibility list to see if the Roost works with your laptop.)


The laptop’s base rests on top of the frame’s arms without connecting to them. Despite what looks to be a precarious position, the computer is attached securely. Nor does it appear that the tabs put any stress on the hinge area.


The Roost looks frail but is surprisingly strong. I didn’t verify this test for obvious reasons (namely, I didn’t want to be kicked out of one of my favorite coffee shops), but the Roost site includes video of the designers stacking 132 pounds of cinder blocks on the frame. I’m also impressed that I can torque the Roost and the Delrin plastic doesn’t deform or snap.

The key detail about the Roost’s design is how it folds into a compact rectangle just 13 inches (33 cm) long and 1.5 inches (3.8 cm) thick. It weighs only 6.5 ounces (183 g), so it really is light enough to put into my laptop bag and not notice the difference.

It may be light and compact when folded, but the Roost is definitely conspicuous in the wild. I felt self-conscious setting it up in a coffee shop the first time, as if I were erecting scaffolding on the tiny table to hold my MacBook Pro. Although in this respect I think scaffolding is the right comparison, because it’s an external frame, not a big plastic or metal slab like other stands I’ve seen.

The Roost also made me realize just how much I slouch when I’m not working at my desk at home — one of the main problems with working on a laptop is insufficient separation between screen and keyboard. In my office, the MacBook Pro sits on an old acrylic stand I’ve had for years, but my main focus is on an external monitor directly in front of me, and I type on an external keyboard at the correct height. Sitting at a coffee shop using the Roost, I have better posture because my eyes are looking straight ahead. The screen feels really high in this context.

In fact, I wonder if it’s too high. I’m 6 feet (1.8 m) tall, and my line of sight is almost at the top of the screen — maybe a fifth of the screen’s height from where the pixels begin at the top. I wonder if someone who is considerably shorter than I am would find herself looking up at the screen instead. The height isn’t adjustable; the only variation is a pin that lets you choose among typical 13-, 15-, and 17-inch laptop sizes.

Of course, with the laptop perched so high, it’s not convenient to use its keyboard. That means bringing along an external keyboard and mouse or trackpad. However, many slim Bluetooth devices exist that won’t bulk up your laptop bag. I own Apple’s wireless keyboard and mouse, so I’m already accustomed to using them in my office at home.

The biggest downside I’ve found while using it is that, on a table at a coffee shop, the whole apparatus shakes a bit while I type. Coffee shop tables are notoriously unstable in the first place, so striking the keys of the wireless keyboard transmits just enough vibration up through the Roost that my screen bounces slightly as I work. I’m noticing it less as I use it more, so perhaps it’s something I’ll adapt to. When placed on a more stable surface, the problem isn’t apparent. In fact, I’m considering replacing my old acrylic stand with the Roost when I’m at my home office.

When my coffee cup is empty and it’s time to leave, the Roost folds quickly and compactly. It takes an extra step to retract the arms that cradle the laptop, versus opening the Roost and having all pieces extend in one motion, but after you’ve done it once, it’s not tricky at all. I appreciate the design work that went into not only how the Roost stands, but how it moves, too.


The Roost costs $75 for the black model, or $80 for versions in green, silver, pink, purple, or yellow, if you really want to stand out at your local coffee shop.

Read and post comments about this article | Tweet this article


Use Your iPod touch or iPad as an iPhone

  by Adam C. Engst: ace@tidbits.com, @adamengst, Josh Centers: josh@tidbits.com, @jcenters
  13 comments

For many people, an iPhone might be expensive, but harder to swallow is the high monthly fee, especially given how few phone calls many of us make these days and how expensive text messaging is for what it costs the carriers. It’s also galling to pay every month if the cellular service in the areas you frequent is terrible.

Could an iPad or iPod touch stand in for an iPhone? Not directly, since they lack the necessary radio hardware. But functionally, could you use an iPod touch or iPad with an Internet connection to make phone calls and send text messages, while eliminating or at least reducing that monthly fee?

The answer is yes, though with some qualifications. Hacking together such a system won’t be as convenient as an iPhone, in terms of software (no Phone app) and hardware (dealing with audio, and you will likely need an extra device when away from Wi-Fi). But is some inconvenience worth $600 or more per year in saved cell phone bills, particularly if you have a landline at home and work?

Getting Ubiquitous Internet Access -- If you’re going to route all your phone calls across the Internet, you need Internet access. When you’re at home or work, or in specific hotspot areas like Starbucks, it’s easy to stick with Wi-Fi and pay nothing more. But if you’re trying to simulate an iPhone that you can use while commuting or traveling, you’ll need cellular data, and you’ll need to pay for it. Luckily, it can be a lot cheaper than a full-blown cell phone plan.

If you have an iPad with cellular capabilities, you’re all set — you can get Internet access via 3G or LTE when you’re out and about. (And if you haven’t yet purchased an iPad for this purpose, be sure to read Peter Cohen’s excellent carrier comparison at iMore.) But what if you have a Wi-Fi-only iPad, or an iPod touch?

The answer is a cellular-capable Wi-Fi hotspot, which connects to the Internet via 3G or LTE, and then distributes that signal via Wi-Fi to your iOS device (or even devices; many of these units support more than one simultaneous connection). The best known of these devices may be Novatel Wireless’s MiFi series, but there are a number of competing models. Like mobile phones, you generally purchase them from the carrier that will be providing the cellular connectivity, limiting consumer choice at the hardware level. Similarly, purchase prices (ranging from $0 to $50) are generally subsidized by required two-year contracts, though you can sometimes forgo the contract in exchange for a higher purchase price.

A variety of these mobile hotspots are available from AT&T (data-only plans starting at $40 per month), Verizon Wireless ($45 per month), Sprint ($35 per month), and T-Mobile ($20 per month). In each case, you can pay more per month for larger amounts of data.

As always, choosing a carrier is a balancing act between plan cost and coverage; Verizon generally has the best coverage, but also the highest prices, whereas T-Mobile is at the opposite end of the cost and coverage spectrums. The choice of mobile hotspot hardware may also factor in, but we don’t have a sense of how the devices compare; they’re all conceptually similar.

If Sprint is an option, also consider Virgin Mobile, which offers the Sierra Wireless Overdrive Pro 3G/4G mobile hotspot and no-contract plans for $5 per day for 250 MB, $25 per month (1.5 GB), or $55 per month (6 GB) plans.

For those who want to avoid a monthly fee, there is another option. FreedomPop advertises “100% Free Mobile Phone & High Speed Internet Service,” and does deliver, selling you a mobile hotspot (using Sprint’s network) and including 500 MB of free data each month, probably enough for a few quick calls and text messages. The downside is that FreedomPop is mind-bogglingly annoying to work with, constantly trying to upsell you on additional services that come with monthly fees. Plus, the free 500 MB is available only via 4G, not 3G, which means it won’t work in many Sprint coverage areas unless you pay for the $3.99 per month Pro 500 MB plan, or the $19.99 per month Premium 2 GB plan.

Working around the Audio Problem -- The iPod touch might look like an iPhone, but neither it nor the iPad were meant to be used as a phone. Yes, both feature a microphone and a speaker, but the speaker isn’t located at ear level, so you’re stuck using them as speakerphones, and they likely won’t work as well as an iPhone would, given the iPhone’s noise-cancellation capabilities that rely on dual microphones. But holding an iPad Air to your ear would just look silly, anyway.


A simple workaround is to place calls with Apple’s EarPods ($29). Unfortunately, they aren’t bundled with the iPad, and the ones included with the iPod touch lack the mic and remote.

If fumbling with a wire is a pain, a more convenient solution would be to use a Bluetooth headset, which pairs nicely with an iPad or iPod touch. Put it in pairing mode, and then, on your iOS device, open Settings > Bluetooth, enable Bluetooth if necessary, and select your device from the list.

Selecting Phone/Text Software -- Once you’ve figured out how you’re going to solve the Internet access and audio problems, it’s time to turn our attention to software, where there are two main free choices: Apple’s FaceTime Audio (and iMessage) and Google Hangouts with Google Voice. Apple’s software is highly integrated, but works only within the Apple ecosystem, whereas Google’s solution provides a nearly complete replacement for voice calling and text messaging.

Happily, both Apple’s and Google’s software also works on the Mac, which can be more convenient for when you’re at your desk anyway.

(There are numerous other apps nibbling around the edges of this topic that we haven’t tested, but it’s worth mentioning that we’re intentionally not discussing Skype, since it costs $5 per month for a Skype Number plus another $3 to $10 per month for a calling plan. More damning for Skype is the fact that its iOS app chews through cellular data when the app is active, but not being used in the background. That’s unacceptable for a situation where it would be standing in for the Phone app. It’s also worth noting that the Facebook Messenger app for iPhone now features user-to-user voice calls, but it is limited to Facebook users.)

FaceTime Audio -- If you and the people you talk to use iOS 7, FaceTime Audio is the easiest option for phone-free calls. It’s our favorite for audio calls to iPhone-using friends, as the quality is so good it’s like being in the same room. The downside is that you can’t use it for standard phone calls — it works only between iOS 7 devices and Macs running OS X 10.9.2 Mavericks. And before you say, “But everyone I know uses an iPhone,” think about your doctor, your bank, or any institution. They don’t.

To place a FaceTime Audio call in iOS 7, open the Contacts or FaceTime app, tap on the person you want to call, and, under the FaceTime heading, tap the phone icon. That’s it! It works like a regular phone call, only over your wireless Internet connection.


If you have OS X 10.9.2 Mavericks, you can also make and receive FaceTime Audio calls from its built-in FaceTime app. To make a call, click on a contact and then click FaceTime Audio. You can also click the Audio button for a person in the Mac versions of Contacts.


If you need to send and receive text messages, Apple has a built-in solution for that as well: iMessage within the Messages app. As with FaceTime Audio, that works only with other Apple devices. Smooth, convenient, and free, but limited.

For calling any phone in the world, or texting via old-fashioned SMS, read on to learn how to break free of the Apple-centric world.

Google Hangouts -- If you’re looking for a complete mobile phone replacement, Google has you covered in a package that’s only slightly less convenient than FaceTime Audio. Google Hangouts brings video conferencing and free Internet phone calls to your iOS device. It also works on the Mac, giving you the option of using it wherever is most convenient.

To use Google Hangouts as a true phone replacement, you must first sign up for a free Google Voice phone number. Even if you don’t think you need one, it can be handy to give out to companies so you can filter out junk calls and send the rest to any phone. It also, unlike FaceTime, offers voicemail and voicemail transcription, though the latter is often hilariously inaccurate.

Once you have a Google Voice number associated with your preferred Google account, install the Hangouts app for iOS. On the Mac, you’ll need the Hangouts extension for Google’s Chrome Web browser.

Now, when someone calls your Google Voice number, the Hangouts app on all your devices will “ring,” and you can answer much as you would a normal phone call. Conveniently, answering on one device shuts up the rest.

To place a call from your iOS device, open the Hangouts app, tap Calls in the lower right, and then tap the keypad button in the upper right. You can then switch between dialing manually with the keypad or selecting someone from your contact list.


On the Mac side, to place a call, click the Hangouts button in the extensions bar or on the Mac’s menu bar to reveal a window in the lower-right corner of your screen. Click New Hangout, and enter the phone number you wish to dial.

Calling normal phone numbers within the United States and Canada is free with Google Hangouts if you’re in those countries (1¢ per minute from everywhere else), and if you want to call internationally, per-minute rates apply.

On Android, Hangouts can completely replace the built-in text-messaging app. But on iOS, the Hangouts app can send text messages only to other Hangouts users, much like iMessage. To send and receive SMS text messages with your Google Voice number for free, you must install the free Google Voice app. It’s desperately in need of an update, and doesn’t support MMS messages, but the price (of the app and the SMS text messages) is right.


Cutting the Virtual Cord -- We’re sure there are other options that may be better in certain situations, but you can likely get by in most cases with FaceTime Audio and Google Hangouts, and pay no more than is necessary to get cellular data while away from Wi-Fi. This combination isn’t a perfect replacement for an iPhone, but if it can cut your costs by hundreds of dollars a year, it might be worth the extra hassle. And if you’ve run across other solutions that work better for you, let us know in the comments!

Read and post comments about this article | Tweet this article


Impressions of a Macworld Newbie… 2014 Edition

  by Josh Centers: josh@tidbits.com, @jcenters
  7 comments

Back in 1997, my friend and fellow TidBITS editor Jeff Carlson made his first trip to Macworld Expo (see “Impressions of a Macworld Newbie,” 20 January 1997). Seventeen years later, I’ve followed in Jeff’s footsteps, making my own first visit.

The show I visited was very different than the one Jeff attended. It has been over five years since Apple exhibited, with the company instead staging its own media events. Even if Apple were still exhibiting, Steve Jobs, who made his first public appearance after returning to Apple during Jeff’s first keynote, is now long gone. Even the show name is different, morphing from Macworld Expo to Macworld/iWorld to better reflect Apple’s current product line.

Some say that without Apple, the show is dying. Maybe they’re right, though I’d lay the blame more at the feet of the Internet. But for a “dying” show, the floor was often packed, slowing movement between booths.


A few veterans apologized for the show not being the spectacle it once was. But, truth be told, I don’t think I could have come on a better year. Despite it being my first show, I was graciously invited to speak about the NSA by Macworld/iWorld General Manager Paul Kent, and Macworld’s Philip Michaels invited me to compete in the Pundit Showdown at the suggestion of — who else? — former champion Jeff Carlson. Could someone with less than a year of industry experience have done so much under the shadow of Steve Jobs? I doubt it.

All that said, I’ll follow in Jeff’s footsteps by offering some observations.

Busting Myths -- First of all, I want to bust some myths about San Francisco itself, at least for those who, like me, hail from the South. Around these parts, the stereotype is that San Franciscans are smug, rude, and judgmental. That stereotype couldn’t have been more wrong. The vast majority of people we encountered were incredibly kind to me, my wife Hannah, and my baby son Harris. San Francisco hospitality gives our vaunted Southern hospitality a run for its money.

Similarly, despite the Southern view of San Francisco as a hippy paradise, it’s perhaps the most capitalistic place I’ve ever visited, with more startup companies than you can shake a stick at. The flip side is the pervasive gentrification, which is reflected by a growing homeless problem, many of my Bay Area friends fleeing the city, and anti-gentrification protests.

What about myths surrounding the show itself? Long ago, when the 12-year-old me imagined being a journalist at Macworld, I envisioned strolling around the show floor, being handed all sorts of free equipment.

There’s a sliver of truth to that, and Adam tells me there used to be more. As a member of the press, I did receive a free media badge, which gave me access nearly everywhere at the show, along with an invitation to a special preview event for a handful of vendors that paid to be there. And for my (otherwise unpaid) speaking duties, I received a lovely backpack full of goodies from exhibitors. More about the swag bag later, including a funny story.

But once the show started in earnest, exhibitors didn’t seem to notice my media badge. “Hi,” I would say, “I’m a journalist, and I’d like to learn more to see if we should cover your product in TidBITS.” “Sure,” they’d often reply, “we have a 30 percent off sale today.” It was distressing, because we need each other. Technology publications can’t afford to purchase everything they review, and companies, especially many of the startups at the show, need exposure to our readers. If I see something cool, I want to help spread the word, but some exhibitors made that nigh on impossible.

If you’re attending Macworld with your own hard-earned money, the floor can be a great place to shop, as there are often deep discounts. For the best deals, wait until early afternoon on the last day of the show. Any later, and exhibitors might have left already. But before they do, they want to get rid of as much stock as possible to avoid the hassle and expense of shipping it home, so you can buy many items for a song. If you live in the Bay Area, a $30 floor pass on the closing Saturday can lead to a shopping extravaganza.

Schmoozing -- The real win of attending Macworld for me was meeting people. It’s still a fantastic place to meet the stars of the Apple community and make new friends. I met dozens of people, including fans of TidBITS and my “Take Control of Apple TV” book, fellow media types whose work I admire, and of course, at last, my TidBITS colleagues. TidBITS is entirely decentralized, and the same is generally true of the industry as a whole, so Macworld is essential for providing a single time and place when everyone can gather.

The best thing about the Apple community is that it’s as egalitarian as it gets. People you might think of as celebrities are just folks, and if you see them, they don’t mind if you walk up, introduce yourself, and say hello. The only thing to remember is that we geeks don’t always have the best social skills, so if someone seems uncomfortable or distracted after a simple introduction, it likely isn’t anything you said.

The Panels -- Macworld also provides an opportunity to see great talks and panels, although some require a more expensive Conference Pass. There were many great speakers this year, even beyond my TidBITS colleagues. My real thrill, though, was being invited to participate.

First, I competed in the sport of kings — the Macworld Pundit Showdown, a “game” where the moderator (in this case, Macworld’s Philip Michaels) asks the panel questions, and assigns points based on how much he likes the answer. The tone is tricky, as it’s a mix of serious and sarcastic answers. I went up against Roberto Baldwin of Wired, UC Irvine’s Andrew Laurence, and TechHive Senior Editor Susie Ochs, and was narrowly defeated by the quick-witted Susie. It was a lot of fun representing TidBITS, and you can listen to the audio at Macworld.

My next panel was “The NSA and You,” which I had been working on for months, and it went better than I could have hoped. My guests included Kim Zetter from Wired, journalist Quinn Norton, our own Joe Kissell and Rich Mogull, and the EFF’s Parker Higgins, who were fantastic. My only regret is that we had time for only 5 of the more than 20 questions I had prepared. But the answers were incredibly deep and well thought out.


To be frank, the whole thing is kind of a blur now. But there was much more consensus than I had imagined. Here’s the gist:

The room filled up as the panel rolled on, and afterward, the stage was rushed by the crowd, who peppered the panelists with questions. Thanks again to Parker, Kim, Rich, Quinn, and Joe, all of whom were utterly fascinating and fun to talk to. They’ve expressed interest in revisiting the topic in a much longer panel, so if you’d like to see that in 2015, let the Macworld/iWorld organizers know!

Aggravations -- I had a blast at Macworld. The city is wonderful, the attendees were great, and IDG World Expo’s Paul Kent and Kathy Moran, who keep the wheels turning, were awesome to work with. However, the event staff — many of whom may have been temps — weren’t always so capable or amiable.

Remember the aforementioned swag bag? I took mine back to the hotel, only for my wife to text me a couple of hours later to tell me that there was an iPad inside with the Find My iPhone alert sounding off. After a terrifying hour or two, I figured out that the speaker office attendant had accidentally handed me a bag that another speaker left with them. Fortunately, it didn’t take long to set things right. In the end, the incident was more funny than disturbing, but it was a bit much at the time.

More troubling was an incident that occurred the next morning, while trying to get to the main stage for the Pundit Showdown. Philip Michaels wanted us there at 10:45 AM for audio setup. But the event security wouldn’t let any of us in, including Philip, until 11:00 AM, making for a bit of an on-stage scramble to get miked up.

Worst was what happened during my NSA panel. Paul and Kathy had given my wife an All Access pass so she could sit in on my panel, but security wouldn’t let her in with our baby, who was being well-behaved. Unfortunately, this happened during the panel, when there wasn’t much I could do, but afterwards I blew up at the guard in front of everyone. I was afraid that I had gone overboard, but a few folks quietly thanked me afterward. Given what Adam later told me about 2003, when IDG World Expo caused a huge fuss by banning children under 16 with almost no notice (“Macworld Expo New York’s Ill-Advised Age Policy,” 28 July 2003), I believe this was an isolated incident. But still…

As I learned from listening in on some random conversations throughout the rest of the event, several others had been bullied or harassed by event staff. I sincerely hope that these bad experiences don’t make attendees regret coming to the show, especially those who came at great expense. But if my wife and I were treated that way with All Access and Media passes, I hate to think what regular attendees might have experienced.

I don’t mean to paint Macworld as being monitored by hard-nosed thugs. Most of the staff were polite and helpful. But that wasn’t true across the board and will hopefully be addressed next year.

Cirque du Mac -- No Macworld adventure is complete without attending the exclusive Cirque du Mac party. The event, hosted by The Mac Observer, features acrobatic dancers, a healthy amount of free booze, and a performance by the Macworld All-Star Band, featuring Paul Kent, Bob LeVitus, Duane Straub, Chris Breen, Chuck La Tournous, Bryan Chaffin, and Dave Hamilton.

Don’t brush Cirque du Mac off as a lame nerd event. Apple geeks know how to party. The drinks are strong, the band amazing, and best of all, it’s your only chance to see Adam and Tonya tearing it up on the dance floor.

So, how do you get into this exclusive thing? It’s billed as invite-only, but don’t let that dissuade you. If you follow @MacworldExpo and @MacObserver on Twitter, there are several chances to score free tickets. Also, speakers generally receive a ticket in the swag bag; since I already had some, I gave mine to one of my Twitter followers.

Travel Tips -- If you’ve always wanted to attend Macworld, let me offer some tips.

Where to stay? There are two basic hotel options. If you’re trying to save money, places like The Mosser are fairly inexpensive but have tiny rooms. For a larger room and snazzier environment, you can pay more — sometimes a lot more — at traditional hotels like the Marriott Marquis. But there is a third option, which a number of people — including Adam and Tonya and a number of MacObserver editors — availed themselves of this year: Airbnb. It’s a service that connects travelers with normal people who have rooms, apartments, or even entire houses to rent out temporarily. It’s more like staying at a friend’s place, or even with a friend, but it can be more spacious and more relaxed than a hotel, while simultaneously being less expensive.

No matter where you stay, be sure to check out the bar at the top of the Marriott for a stunning view of the city.


While I was nervous about it beforehand, I’m glad I brought my son Harris, who is better traveled at 7 months than I was at 17 years. If you do bring the kids, but need a night on the town, I heartily recommend American Child Care, who will send a nanny to your room. At $30 an hour, it was reasonable, and worth it to give my wife a much-deserved sanity break. Our sitter, Lauren, was far more qualified than Hannah and I are, and she was great with our sometimes cantankerous child.

Once the kids are taken care of, the good news is that it’s almost impossible to have a bad meal or cocktail in the Moscone area, so feel free to browse. There are plenty of options for every price range, but if you’re unsure, look for recommendations on Yelp. And if you do want to make reservations, the OpenTable service is far easier than calling around. Both have iPhone apps as well.

Conclusion -- Attending Macworld has been a dream since I was 12, and 18 years later, it didn’t disappoint. I couldn’t have asked for better guides than Adam, Tonya, and the rest of the TidBITS crew. I did just about everything one could conceivably do at the show — I interviewed exhibitors, participated in panels, met amazing people I’ve looked up to for years, partied hard, and worked harder.

I’ve always felt as though there was — somewhere — a tribe of people I belonged to, and now I’ve finally found them. See you at Macworld/iWorld in San Francisco next year!

Read and post comments about this article | Tweet this article


FunBITS: FTL: Faster Than Light Moves to iPad

  by Josh Centers: josh@tidbits.com, @jcenters

Last July, I wrote about FTL: Faster Than Light (see “FunBITS: FTL: Faster Than Light,” 19 July 2013), an award-winning space simulator for Mac, Windows, and Linux, and lamented that there wasn’t an iOS version. In my 2013 FunBITS roundup (see “FunBITS: 2013 in Review,” 3 January 2014), I was happy to announce that not only was an iPad version coming, but it was arriving with an expansion for all platforms, FTL: Advanced Edition. The developer, Subset Games, has now released both, with FTL for iPad available for $9.99 in the App Store, and Advanced Edition also available as a free update for other platforms (it’s included with the iPad edition). FTL for iPad is a 173 MB download and requires iOS 6.0 or later and an iPad 2 or later.

For those of you who haven’t yet played FTL, here’s the summary. It’s a space simulator in the vein of roguelikes such as the venerable NetHack. You take control of a single ship, chased by the evil Rebel Fleet, jumping from system to system and trying to stay one step ahead. Ultimately, you want to reach the Federation base, but you have to destroy the Rebel Flagship before you can make it to safety.

FTL is unique in that you control every aspect of the ship: power levels, oxygen generation, doors, and even where to station your crew members. And you have to pay attention to everything so you can respond when something goes wrong. And boy, do things ever go wrong: fires, enemy boarders, hull breeches, failing systems — if something can go wrong, sooner or later it will. Murphy would have loved this game.


FTL is one of the most brutal, unforgiving games I’ve ever played. It does not suffer fools, and even with the best possible plan, your journey can end quickly. I’ve lost entire crews to oxygen deprivation, boarding parties, the Rebel Fleet, running out of fuel, and in some cases, just not having powerful enough weapons to defeat my foes. Of course, not every random encounter is bad; sometimes friendlies appear randomly to give you supplies and upgrades, and even some enemies offer generous surrender terms. If you need help (and you do), I recommend the YouTube tutorial series by Jeph Jacques.

So what about this new iPad version? I’ll put my cards on the table: FTL for iPad is my version of choice. It’s a game that is best played on a tablet, where you can take it with you wherever you go. Though it requires intense thought, it doesn’t provide the sort of immersive, cinematic experience that makes you want to sit in a chair for hours, like BioShock Infinite. It’s more like chess, where you might want to pick it up, make a few careful moves, then be able to put it away when it gets frustrating. However, there is no iPhone version, and the developers have told me that there never will be, because the controls won’t work on a tiny screen.

The iPad version’s controls work great, but there are some necessary adaptations to make up for losing the precision of a cursor. For instance, you can’t just click on a door to open or close it. You must first select the door controls in the lower-right corner, tap a door, and then deselect the door controls — and you can’t interact with anything else until you’ve deselected those controls. At first, I found this irritating, but after playing a few games, it made sense. Fortunately, the game pauses automatically when you select the door controls or crew members, so you won’t get blown up while tinkering with the details. After I got used to the iPad’s mechanics, I actually came to prefer them, as they’re somewhat more forgiving.


For those who didn’t get enough of the original FTL, Advanced Edition is a free expansion that comes with the iPad version, and is also available as a free update for all other platforms. If you don’t want the new stuff, don’t worry, there’s a switch to disable the expansion when you start a new journey.


Some of the new things in Advanced Edition include a new race — the Lanius, who don’t need oxygen to survive and actually drain the oxygen out of a room; the clone bay, which clones dead crew members; a new mind control system that turns enemies into allies; and a hacking system that lets you take control of enemy ship systems. You can find a full list on the FTL Wiki. These things are more likely to be used against you than vice versa, so unless you’re bored with the plain vanilla FTL, I recommend turning Advanced Edition off.

The iPad version and Advanced Edition are wonderful news for FTL fans. However, it hasn’t been great news for my wife, who has to put up with my muttered curses every night. And for good reason, as FTL is one of the most frustrating games I’ve ever played, and I think the iPad version has given me a neurosis.

So why do I, and so many people (as I write this, it’s number three in the App Store’s Top Paid list) keep tilting at FTL’s proverbial windmill? First, it’s never the same game twice. Each attempt is a whole new experience, and the game is sufficiently complex that there’s a lot of variety. Second, actually beating the game is a major accomplishment in and of itself. Third, a full game from start to (all too often) agonizing finish takes only an hour or two, so it’s not a huge commitment. Finally, since you have so much control, you feel responsible for whatever happens. Sure, there’s plenty of bad luck, but you always think that, if only you had taken a different approach, you could have scraped by.

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 14 April 2014

  by TidBITS Staff: editors@tidbits.com

OmniOutliner 4.0.4 -- The Omni Group has released OmniOutliner 4.0.4, with a fix for printing with manual page breaks, a solution for crashes when zooming, corrections to a number of documentation typos, and correct menu options when not running the Pro version. ($49.99 new, free update, 45 MB, release notes)


Read/post comments about OmniOutliner 4.0.4.

PCalc 4 -- TLA Systems has released PCalc 4, rewritten from the ground up to resemble its iOS sibling. The latest version of the powerful Mac calculator includes a number of new features, such as the capability to show multiple lines on the display; a “ticker tape” option to show a history of recent calculations; editable user functions and conversions that sync to iOS and other Macs via iCloud; smart searching for conversions, constants, and functions; enhanced AppleScript support; and more. PCalc 4 requires OS X 10.8 Mountain Lion and is a free update for both Mac App Store users and those who purchased PCalc 3 from Kagi after 1 April 2013. It’s now being sold exclusively through the Mac App Store. ($9.99 new on the Mac App Store, free update)


Read/post comments about PCalc 4.

FileMaker Pro and FileMaker Pro Advanced 13.0.2 -- FileMaker Pro and FileMaker Pro Advanced have been updated to version 13.0.2, with a slew of tweaks and bug fixes to the powerful database products. The update adds a “Preserve external container storage” option to skip re-importing external container storage, extends the functionality of the FMP URL protocol, removes the 2048 character limit from the XML import text fields, and addresses an issue where characters from condensed and expanded fonts were not placed in their correct locations, among a variety of other issues. ($299/$549 new, free update, 571.1 MB, release notes)


Read/post comments about FileMaker Pro and FileMaker Pro Advanced 13.0.2.

BBEdit 10.5.10 and TextWrangler 4.5.8 -- Bare Bones Software has released BBEdit 10.5.10 and TextWrangler 4.5.8, with both updates devoted solely to fixing a number of user-reported issues. The new versions address bugs like a Spotlight-related hang, a crash that would occur when using the New button in an FTP browser window while the item list was empty, and window-related problems when an external display was removed from a laptop. Both apps no longer claim to be able to edit “Java Web Start” files, which should prevent Mac OS X from opening them inappropriately after downloading, and both change Markdown handling so Quick Look should be able to preview Markdown files. BBEdit 10.5.10 also works around a display bug that would cause gray squares to appear in preview windows while resizing them. ($49.99 for BBEdit, free update, 13 MB, release notes; free for TextWrangler, 9.4 MB, release notes)


Read/post comments about BBEdit 10.5.10 and TextWrangler 4.5.8.


ExtraBITS for 14 April 2014

  by TidBITS Staff: editors@tidbits.com

In this week’s ExtraBITS, we have a profile of legendary Macintosh icon artist Susan Kare and recollections of Steve Jobs from Don Melton, the creator of Safari. Microsoft poked a bit of fun at itself with an Escape from XP game, NPR has arrived on iTunes Radio, and a former Apple Genius tells you how to maximize your iPhone’s battery life without turning off every feature. Finally, Managing Editor Josh Centers was interviewed on the Ask TUAW Live and The Tech Night Owl podcasts.

The Woman Who Gave the Macintosh a Smile -- Priceonomics has published a profile of Susan Kare, the woman who designed the original icons for the Macintosh, such as the Happy Mac. She later followed Steve Jobs to NeXT and also created the graphics for Microsoft’s iconic Solitaire game. Now she works independently, and has made icons for Facebook and PayPal.

Read/post comments

NPR Now Playing on iTunes Radio -- You can now listen to content from National Public Radio on iTunes Radio. The station is a mix of live news and pre-recorded shows. To listen, play the NPR News and Culture Featured Station in iTunes Radio.

Read/post comments

The Man Behind Safari Remembers Steve Jobs -- Don Melton, perhaps best known as the man behind the Safari Web browser, has republished his memories of Steve Jobs, which first appeared in Jim Dalrymple’s The Loop Magazine. Melton recollects his first embarrassing contact with Jobs, a Safari feature that he and Jobs came up with simultaneously, and an “epic” joke that Jobs played on Phil Schiller, Apple’s senior vice president of worldwide marketing.

Read/post comments

Microsoft Launches “Escape from XP” Game -- Wow! So 8-bit! Having ended support for its superannuated Windows XP operating system earlier this month, Microsoft has released an online game to convince users of the old operating system to get over it. In the browser-based game, Escape from XP, you first see XP boot up (faster than in real time), and then crash into the game itself, where you battle armies of marching PCs and flaming Recycle Bins, rendered in full 8-bit glory and accompanied by crunchy synthesized audio. Escape from XP is designed to show off the capabilities of modern browsers.

Read/post comments

The Ultimate Guide to iPhone Battery Drain -- Scotty Loveless, a former Apple Genius, has posted the best guide we’ve seen to solving iOS battery drain. Unlike many guides that tell you to turn off every feature, Loveless offers a more targeted approach, including instructions on how to test battery drain and specific suggestions that are likely to improve battery life. Two surprises: the Facebook app is a huge battery hog and quitting apps may hurt battery life.

Read/post comments

Josh Centers Talks Apple TV, WWDC on Ask TUAW Live -- Josh Centers swapped between his “Take Control of Apple TV” author and TidBITS managing editor hats while joining hosts Shawn “Doc” Boyd and Kelly Guimont on the Ask TUAW Live podcast to discuss what’s next for Apple TV, what Apple will announce at WWDC, the TidBITS workflow, and security tips.

Read/post comments

Josh Centers Discusses Office for iPad and Fire TV on Tech Night Owl -- TidBITS Managing Editor Josh Centers and Kirk McElhearn, author of “Take Control of iTunes 11: The FAQ,” joined host Gene Steinberg on The Tech Night Owl podcast. Josh discussed paranormal attorneys, what Microsoft has been up to, his first Macworld/iWorld experience, and Amazon’s new Fire TV. Kirk talked about his problems with satellite Internet, why expensive cables are a rip-off, and vinyl versus digital music.

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Apple Internet community. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2014 TidBITS; reuse governed by this Creative Commons License.