ExtraBITS for 2 September 2013
Our own Josh Centers appeared on the Tech Night Owl Live podcast to discuss Steve Ballmer’s retirement from Microsoft and the future of the Apple TV. Apple is now accepting iPhone trade-ins, but is it a good deal? We also look at a number of security vulnerabilities in the Mac, iOS, Dropbox, and Android, and explain why Amazon dominates retail while Apple is the favorite of patent trolls. A clever modder makes a mini Mac (not a Mac mini!), businesses are excited about Google Glass, and the popular online RSS reader Feedbin goes open source.
Josh Centers Discusses Steve Ballmer and Apple TV on Tech Night Owl — TidBITS Managing Editor Josh Centers joins Gene Steinberg of the Tech Night Owl Live podcast to discuss Steve Ballmer’s retirement, the future of Microsoft, where Apple might be taking Apple TV, and how Apple may be readying a stealth attack on the gaming industry.
Apple Offering iPhone Trade-In Program — After much speculation, Apple has officially launched an iPhone trade-in program in its retail stores. When you bring in your old iPhone, an Apple Specialist will evaluate its condition and make an offer. If you accept, you must sign a new cellular contract, and you will be given a gift card in the amount of the offer. Don’t get too excited, as Apple appears to offer less than trade-in rival Gazelle. Even if you want to take advantage of the new program, we recommend waiting until
10 September 2013, the likely announcement date of the next iPhone.
Hackers Can Root Macs by Going Back in Time — A bug in OS X 10.8 Mountain Lion and 10.7 Lion allows attackers to gain superuser access if they reset the clock to 1 January 1970. The bug shouldn’t affect most people, as the attacker also needs shell access to the Mac, and the user must have enabled superuser access in the past.
Text Display Bug Can Render Apps Unusable — A vulnerability in iOS 6 and OS X 10.8 Mountain Lion can crash apps and even render them unusable if certain strings of text are rendered. The text strings can cause iMessage and Safari to crash, and can cause additional errors if a Wi-Fi network is named with the text. The problem is reportedly fixed in the betas of iOS 7 and OS X 10.9 Mavericks, but we expect Apple to address it in iOS 6 and Mountain Lion updates as well.
How Some User Interfaces Are Designed to Trick You — Over at The Verge, user experience expert Harry Brignull explains how some interface designers use “dark patterns” to fool you into doing things you otherwise wouldn’t do. One example is how Apple hides iOS 6’s ad tracking control in General > About > Advertising, instead of putting it in the privacy settings, and words it as a double negative (you have to turn it on to limit ad tracking). Brignull continues on with other examples, showing how some Web sites try to con you into buying subscriptions
or use trick questions to get you to sign up for spam.
Google Glass Isn’t for You — Many online pundits have taken jabs at the Google Glass heads-up display, but Quartz’s Simone Fox explains that despite Google’s marketing, the real audience for Glass is business. Fox spoke with two Explorers (early Glass adopters) who are developing inventory programs that could save manufacturers tens of thousands of dollars. Glass will also be useful in the financial sector — Fidelity Investments has developed Glass apps to monitor markets. And surgeons will be able to use Glass to ask colleagues for advice during
surgery.
Amazon Dominates Online Shopping — Amazon sells more than its 12 biggest competitors combined, according to documents from the U.S. Securities and Exchange Commission. Despite Amazon’s dominance, online shopping accounts for only 10 percent of retail sales. With Amazon forced to charge sales tax in many states and brick-and-mortar retailers catching up on pricing, Amazon’s reign may erode over time.
The Raspberry Pi Mini Mac — John Leake of the RetroMacCast has built a functional 1/3 scale model of the original Macintosh. The casing was built out of PVC, while the computer is powered by a Raspberry Pi, and the display is a 3.5-inch LCD monitor. Most impressive is that Leake used the Linux-based Mini vMac emulator to run System 6. Breaking from historical verisimilitude, the mini computer features two USB ports, an HDMI port, and an Ethernet port. Sadly, floppy disks are also not supported.
U.S. Government Confirms Android Security Problems — Common tech wisdom has long held that iOS is far more secure than Android, but a report issued by the U.S. Department of Homeland Security and the Federal Bureau of Investigation confirms it. Android represented 79 percent of mobile malware threats in 2012, while iOS only accounted for 0.7 percent. A whopping 44 percent of Android devices are running two-year-old versions of the operating system. Example security threats listed include SMS Trojans, rootkits, and fake Google Play domains.
The Apple of Patent Trolls’ Eyes — According to the latest report from PatentFreedom, Apple is the company most targeted by “non-practicing entities” — better known as “patent trolls” — companies that collect patents but do not release products. Apple was targeted 171 times between 2009 and 30 June 2013. Next on the list is Hewlett Packard, which was pursued 137 times in the same time period, followed by Samsung, with 133. The attacks against Apple have risen, from 27 in 2009 to 44 in 2012 — a 63 percent increase.
Dropbox Reverse-Engineered, Other Python Apps at Risk — Researchers Dhiru Kholia and Przemyslaw Wegrzyn have discovered a method to reverse-engineer Dropbox, which may open the door for open-source clients, but also gives attackers a way to intercept encrypted content and bypass the file sharing service’s two-factor authentication. The discovery has broader implications for the Internet, as the same methods could be used against any proprietary app built using the Python language. A Dropbox spokesperson said that while they “appreciate the
contributions of these researchers,” the discovery “does not present a vulnerability in the Dropbox client.” Dropbox argues that the exploit will not work unless the user’s computer is already compromised.
Google Reader Alternative Feedbin Goes Open Source — Ben Ubois, creator of the popular Google Reader alternative Feedbin, has released its source code on Github. Ubois lists his reasons as wanting help from the community, desiring greater transparency, and ensuring that the service will survive even if he loses interest. However, on Hacker News, Ubois was quick to point out that he was comfortable open-sourcing Feedbin precisely because the service is making money. While the backend software is now technically free, the service still costs $3 per month.