Next week is the Thanksgiving holiday in the United States, so we won’t be publishing an email issue on 22 November 2010 as we get ready for family and food. (I for one will be consulting Joe Kissell’s “Take Control of Thanksgiving Dinner” ebook, which is also now available in the iBookstore—which it isn’t yet possible to link to—and as an iPhone app, for my dinner preparations.)

Although the weekly email edition of TidBITS won’t appear on Monday, we’ll no doubt continue to post to the TidBITS Web site. Check back at the site or subscribe to the our RSS feed or Twitter stream to keep up with everything we’re writing. And look for the next email issue on 29 November 2010!

Barely two weeks have passed since the formal release of Office for Mac 2011 from Microsoft and its first update is now out the door, bringing with it an assortment of “improvements to security, stability, compatibility, and performance.”

The security fixes address a vulnerability, rated Important by Microsoft, that allows remote code execution when a user previews or opens a specially crafted RTF email message in Outlook 2011. Microsoft’s security bulletin notes that a successful exploit of this vulnerability gives an attacker the same privileges as the Mac’s current user: those who run their Macs from an administrator account are the most vulnerable.

In addition to patching the vulnerability, the Microsoft Office for Mac 2011 14.0.1 Update applies fixes and improvements for Excel, Word, PowerPoint, and Outlook. It also provides form-based authentication for all Office applications when users connect to a SharePoint server, and fixes an issue that erroneously locked images copied to ChemDraw from any Office application.

Excel users who have experienced crashes when enabling a macro will be glad to hear that Microsoft claims to have fixed this problem; those who have seen Excel fail to update some calculated spreadsheet cells when related data has changed will also be happy to learn that affected cells now update properly. Word users who have seen crashes when using the Equation Tools will find this problem fixed as well. PowerPoint bug fixes include one that led to crashes during slide shows, and another that caused PowerPoint to display numbered lists incorrectly in presentations created in PowerPoint 2007 and PowerPoint 2010.

The newest Office for Mac application, Outlook 2011, came in for its share of fixes. Aside from patching the previously mentioned security vulnerability, the update fixes a number of other Outlook issues. A flaw that caused only one email message to be deleted when multiple messages in an IMAP account were selected for deletion has been fixed; Sync Services Agent no longer requires users to quit it manually when installing a new update; passwords are no longer deleted from the keychain when Outlook imports new mail accounts; database rebuilds no longer delete mailing list rules; and when users import identities, Outlook no longer prematurely ends the import when it encounters an identity with a category called “Untitled.”

The free 110.5 MB update requires a Mac running Mac OS X 10.5.8 or later. It is available directly from Microsoft or can be obtained by running Microsoft AutoUpdate: in any Office 2011 application, choose Help > Check for Updates.

It’s not quite a no-brainer, but it’s close enough: just about anyone can get an iPhone or iPod touch connected to a Wi-Fi or 3G data network, as millions of satisfied iOS device users can attest. But just because something is easy doesn’t mean it’s simple. Many subtleties and features lurk beneath the surface of iOS networking, and you can make better and safer choices if you understand them. And that’s where Glenn Fleishman’s latest effort in our Take Control ebook series, “Take Control of iPhone and iPod touch Networking & Security, iOS 4 Edition” comes in.

In the 165-page ebook, you can learn how Glenn thinks about iOS networking, and thereby profit from his explanations of, and advice about, key networking topics. Mystified about how networking security works? Confused about which 3G data plan to use? Baffled by what it means to tether your devices? Wondering how to connect a Bluetooth device to your iPod touch? Concerned about what you should do if you lose your iPhone in a bar near Gizmodo headquarters some evening? The ebook covers all of that and more (well, except for the Gizmodo bit).

From the moment iOS 4 was announced in June 2010, Glenn has been researching and writing this book, and now his comprehensive and detailed look at the iOS networking landscape is ready, both for those who already have their devices in hand, and for those who will soon receive a shiny new iPhone or iPod touch during the holiday gift-giving season. It’s $15 and is available in PDF and print now, with EPUB and Mobipocket coming in a few weeks for those who purchase the PDF.

(If “Take Control of iPhone and iPod touch Networking & Security, iOS 4 Edition,” sounds like a familiar title, you’re likely thinking of Glenn’s older “Take Control of iPad Networking & Security,” which is up for a minor update once iOS 4.2 ships for the iPad. The two books are somewhat similar, and we may combine them into a single title for iOS 5 if enough of the differences have been ironed out.)

But that’s not all that Glenn has been up to: together with co-author Adam Engst, he has been working on an update to the 109-page “Take Control of Your Wi-Fi Security,” aimed at those who want to understand and implement wireless security for home or small business networks. Like previous updates to this longstanding title, this version 1.7 is a free update for everyone who has bought the book already, but the update brings it up to date with the latest operating systems from Apple and Microsoft, current security issues, and recommended protection mechanisms. It’s $10, and is also available in PDF and print forms, with EPUB and Mobipocket coming soon.

’Tis the season to network safely!

Congratulations to Nelson Ayuyao at uic.edu and Alan Duchan at me.com, whose entries were chosen randomly in the last DealBITS drawing and who each received a copy of Simon 3.0, worth $499. But don’t fret if you didn’t win, since Dejal is offering all TidBITS readers significant discounts (20 to 50 percent) on the different levels of Simon, along with other Dejal products, through 31 December 2010. To take advantage of the discount, order from Dejal’s store. Thanks to the 290 people who entered this DealBITS drawing, and we hope you’ll continue to
participate in the future!

With the just-released Mac OS X 10.6.5, the latest version of Snow Leopard, Apple continues to eliminate bugs that were undoubtedly either unknown until recently or so minor that they weren’t deemed sufficiently important to address before this. Also addressed are numerous security vulnerabilities.

Feature Enhancements and Bug Fixes — The only two functional enhancements in 10.6.5 are SSL support for transferring files with iDisk, which is a welcome nod to the need for secure connections, and raw image compatibility with additional digital cameras. For a full list, see “Mac OS X v10.6: Supported digital camera RAW formats.” (Also released last week was Digital Camera RAW Compatibility Update 3.4, which extends raw image format compatibility to Aperture 3 and iPhoto ’09 for some new camera models.)

In fact, the details of the rest of the fixes are so specific that I can’t even see any way to group or summarize them. I recommend reading down the remaining 22-item bullet list to see if you’ve encountered any of the problems that 10.6.5 addresses.

• Improves reliability with Microsoft Exchange servers. (TidBITS Contributing Editor Mark Anbinder tells me that if the user sets a message priority in Mail, Exchange no longer discards that attribute when the message hits the server. He went on to say that a much bigger deal is that calendar permission delegation in iCal seems to have been fixed.)

• Addresses performance of some image-processing operations in iPhoto and Aperture.

• Addresses stability and performance of graphics applications and games.

• Resolves a delay between print jobs.

• Addresses a printing issue for some HP printers connected to an AirPort Extreme.

• Resolves an issue when dragging contacts from Address Book to iCal.

• Addresses an issue in which dragging an item from a stack causes the Dock to not automatically hide.

• Resolves an issue in which Wikipedia information may not display correctly in Dictionary.

• Improves performance of MainStage on certain Macs.

• Resolves spacing issues with OpenType fonts.

• Improves reliability with some Bluetooth braille displays.

• Resolves a VoiceOver issue when browsing some Web sites with Safari 5.

• Improves Bluetooth pairing with Magic Trackpad.

• Resolves performance issues with third-party displays that use InstaPort technology.

• Resolves an issue when opening 4-up Photo Booth pictures in Preview.

• Addresses keyboard responsiveness issues in the Dock when Spaces is turned on.

• Resolves an issue syncing Address Book with Google.

• Fixes an issue when replying to a Mail message sent by a person whose name contains certain characters such as é or ü.

• Improves performance for users bound to an Active Directory domain.

• Improves reliability of Ethernet connections.

• Systems with a Mac Pro RAID Card (Early 2009) installed can now be put to sleep. For more information, see “Mac Pro RAID Card (Early 2009): Enabling system sleep.”

• Improves reliability of fibre channel connections, resolving a potential Xsan volume availability issue.

Mac OS X Server 10.6.5 includes all of the above changes, along with numerous other fixes and small enhancements to Chat Service, client management, Directory Services, Mail Service, Podcast Service, Server Admin, Software Update Service, System Image Utility, PHP, Web Calendar, Wiki Service, and Xsan. Plus, Apple has released Server Admin Tools 10.6.5, with all the latest versions of Apple’s administration tools.

Security Fixes — More important, though less obvious to most Mac users, are the numerous security fixes rolled into 10.6.5, over 50 all told. Vulnerabilities were eliminated in numerous areas of the operating system, including AFP Server, AppKit, Apple Type Services, CFNetwork, Core Graphics, Core Text, Directory Services, disk image handling, the fsck_hfs application, Image Capture, ImageIO, Image RAW, the kernel, Quick Look, QuickTime, Safari RSS, Time Machine, and Mac OS X’s printing and networking subsystems.

Along with vulnerabilities closed in those parts of Apple’s code, Mac OS X 10.6.5 also rolls in updates to bundled open source software, including Apache, CUPS, gzip, neon, OpenLDAP, OpenSSL, PHP, python, X11, and xar.

Flash Player merits special attention, since Apple’s inclusion of version 10.1.102.64 (the current version) addresses 56 different vulnerabilities since the previously shipped version. That’s somewhat deceptive, since Mac OS X 10.6.4 shipped with Flash Player 10.0.45.2 even when 10.1.53.64 was current with fixes for numerous security holes. In short, don’t depend on Apple to provide the latest version of Flash Player; it’s a huge target for security exploits and Adobe is constantly releasing new versions to address significant problems.

Three of the security changes are specific to Mac OS X Server, notably fixes to Password Server and Wiki Server, and a new version of MySQL.

As always, there’s no telling how many of the vulnerabilities, if any, have actually been exploited by scoundrels, but it’s generally a good idea to stay current with security fixes since many of them can be triggered by opening a maliciously crafted file, and there’s no way to know in advance if a file is malicious.

Downloading — With updates to Mac OS X, it’s usually easiest to let Software Update download just the code that applies to your specific Mac and version of Mac OS X. But Apple does provide a delta installer to update 10.6.4 to 10.6.5 (for both Snow Leopard and Snow Leopard Server) and a much larger combo installer to update any version of 10.6 to 10.6.5 (again, for both Snow Leopard and Snow Leopard Server). Apple pulled the Snow Leopard Server updates briefly, but replaced
them shortly after with no indication of what had changed other than a security note indicating a fix to a problem with the Dovecot mail server.

As always, make sure you have a current backup before you update, and don’t interrupt the upgrade process once it has started.

On 10 November 2010, Apple released Mac OS X 10.6.5, an important update full of bug fixes and security patches. But for users of Symantec’s PGP WDE (Whole Disk Encryption) product, updating their Macs resulted in disastrous consequences as they were completely unable to boot their systems. Reports started appearing in the PGP WDE support forums, and this was quickly confirmed by TidBITS Senior Editor Joe Kissell—not through intrepid investigative reporting, but due to being locked out of his own laptop after trying to upgrade.

This isn’t the first time PGP WDE users have struggled with Mac OS X upgrades, and to understand why, it’s worth taking a moment to talk about how disk encryption works.

And for any of you who are locked out of your PGP WDE-encrypted drive, the good news is that your data is safe, and PGP issued recovery software and instructions on 12 November 2010. Also, for those PGP WDE users who haven’t yet upgraded to Mac OS X 10.6.5, Symantec also posted instructions on that page about how to upgrade safely using the latest version of PGP WDE (10.0.2).

How Full Disk Encryption Works — Disk encryption is the single most important security control for anyone with sensitive data on a laptop. Without it, if your laptop is lost or stolen, anyone with a modicum of knowledge can easily access your data. Circumventing passwords isn’t all that difficult on any operating system, and Mac OS X is no exception.

One option for Mac users is to use Apple’s built-in FileVault technology, which encrypts your home folder. FileVault is extremely secure, but it can make managing backups difficult. For example, if you use FileVault, Time Machine will back up your home folder files only when you log out of your account (unless you are one of the rare few storing your backups on a Mac running Mac OS X Server). FileVault also protects only your home folder, which may not be sufficient for everyone.

Finally, as I documented in “The Ghost in My FileVault” (13 September 2007), like any encryption, FileVault can be persnickety at times and can lock you out of all or some of your data. (Since encryption modifies the file system at a low level, single-bit errors can sometimes lead to much wider corruption).

Another option is called Whole Disk Encryption (WDE) or Full Disk Encryption (FDE). Unlike FileVault, which stores your data in an encrypted disk image, WDE products encrypt nearly the entire contents of your drive at the disk sector level. WDE products are powerful, since they encrypt everything, and by encrypting at such a low level all your backups work normally.

This is so effective that when I’m advising large enterprises on how to protect their mobile workers, I always tell them their most important security control is to deploy WDE on all portable systems (and to encrypt smartphones and iPads, but that’s an article for another day).

Note that Symantec’s PGP WDE is currently one of only two WDE products sold directly to Mac consumers; the other is WinMagic’s SecureDoc, and I know of two additional products for corporate users.

WDE works by integrating with the firmware on your Mac so that when you boot your computer you enter an unencrypted “pre-boot” environment. This is nothing more than a highly secure mini operating system whose sole job is to ask you for your password, and then decrypt and give you access to your normal operating system, which lives in an encrypted disk partition. (Joe Kissell discusses more about how WDE works in “Securing Your Disks with PGP Whole Disk Encryption,” 31 October 2008.)

That’s why, for those of you using PGP WDE, when you turn on your Mac you see the PGP prompt… which looks nothing like Mac OS X. Entering your password there is what enables the pre-boot operating system to recover the protected encryption key that unlocks the rest of your system, and then loads Mac OS X.

Why OS Updates Break WDE — When a minor software update affects only the main operating system, it shouldn’t cause any problems for WDE products. The issue is usually seen with major updates, which may change how the operating system loads or interacts with the firmware that, among other things, enables the hardware of your computer to see storage devices and load the operating system code.

That’s the reason I no longer use PGP WDE, even though I had initially switched to it after my problems with FileVault. When Mac OS X 10.6 was released, PGP (which wasn’t yet owned by Symantec) warned all users that the product was not compatible with the changes in the operating system and the Mac firmware (EFI, the Extensible Firmware Interface). Since I needed to write about 10.6, I had to upgrade, so I decrypted my system and removed PGP WDE. Around the same time I also bought a spiffy new Mac Pro, thus relegating my laptop to a secondary system. Since I wasn’t worried about backing it up, I switched back to FileVault. (PGP eventually provided Snow
Leopard compatibility; see “PGP Whole Disk Encryption and PGP Desktop Professional 10.0,” 14 May 2010.)

In their knowledgebase post, Symantec states that they tested PGP WDE with all development versions of Mac OS X 10.6.5 and there weren’t any problems, but that the shipping version of the update overwrote one of the changes PGP WDE makes to the boot.efi file used to load the operating system. This prevents loading of the pre-boot environment, and thus eliminates password entry.

Joe Kissell solved the problem by booting his laptop from an unencrypted external drive that also had PGP WDE installed, and then decrypting his main drive with that version of PGP. You might have such a setup if part of your backup plan includes a bootable duplicate, as most experts (including Joe) recommend.

Symantec’s solution is a bootable disk containing a version of PGP WDE designed specifically to recover from this problem. Instead of decrypting the drive and removing the security, when the password is entered, it accesses the drive and modifies the files needed to enable PGP WDE to work normally again.

If Symantec’s statement is true, this means Apple modified the release version of the update without giving developers the chance to evaluate the changes and update their products. Apple has done this in the past, which can lead to a variety of frustrating software issues. It’s one of the common criticisms from enterprise users who have to support hundreds or thousands of systems and, often, custom software. If the update was in the development pre-releases, then Symantec is at fault. Either way, this was a completely preventable problem.

Should You Encrypt Your Disk? — I still highly recommend encryption for anyone worried about losing a laptop and thus exposing its information. A whole disk encryption product offers the best security, and easiest backups, but since this software isn’t provided by Apple, there is a greater chance of upgrade issues. You might also encrypt a desktop if you’re worried about theft.

FileVault is also very secure, and if you are comfortable with altering your backup strategy to account for its limitations, it has the added advantage of being free and completely supported by Apple. It also allows you to encrypt only your own files if you share a system with another user.

Either way, keeping current backups is absolutely essential, and I recommend having at least one good backup of important data (especially sentimental items like photos) that you can access even if your encryption breaks. A great option is to use a backup service like CrashPlan that backs up your data to a remote drive or location, and encrypts it in an entirely different way (for more about CrashPlan, see “CrashPlan: Backups Revisited,” 26 February 2007 and “CrashPlan Adds Direct-to-Disk Backups,” 15 December 2008).

With Halloween fading into last month, you might think you’re safe from zombies for another year. But that may not be true, and if you’re like me, your Mac may be concealing a host of zombies that are eating the brains of your 32-bit programs.

The first hint that zombies were infesting my Mac came shortly after I installed BBEdit 9.6 (see “BBEdit 9.6 Released; Still Doesn’t Suck,” 26 October 2010). Within a few hours, BBEdit crashed, twice! That exclamation point is intentional; BBEdit almost never crashes for me, and apart from Mailplane and my Web browsers, it’s the most-used program on my Mac. Luckily, I know Rich Siegel of Bare Bones well, so within a few hours of BBEdit sending in its crash reports, he pinged me on iChat. But he wasn’t interested in troubleshooting the problem further because my crash logs had revealed that I was running input manager hacks, which Rich hates with an all-consuming passion spawned
from the crashes they cause in his products.

(By the way, if you want to see if an input manager might be implicated in a particular crash, open the crash log—usually stored in ~/Library/Logs/CrashReporter—in Console and do a search for InputManagers. If you get any hits, that’s an indication that one or more input managers were loaded into that application when it crashed.)

I promised to remove the input managers, restart, and let him know if I had any more crashes, and in fact, since then BBEdit has been solid. But that got me thinking. Didn’t input managers go away with Mac OS X 10.6 Snow Leopard? I distinctly remembered that being one of the big issues when Snow Leopard came out, but the details were hazy in my mind.

To learn more about what was going on, I called Matt Neuburg, knowing that his dislike of input managers was on par with Rich’s—long before Snow Leopard was released, Matt wrote an article for TidBITS called “Are Input Managers the Work of the Devil?” (20 February 2006). Like me, Matt couldn’t initially remember the exact details beyond the basic impression that Snow Leopard had done away with input managers, but within a few minutes, we’d come up with the real story.

It turns out that Snow Leopard didn’t so much do away with input managers as tighten the conditions under which they work. The two most relevant changes are that input managers in Snow Leopard work only if they are located in /Library/InputManagers and only in 32-bit applications. (The other changes relate largely to file permissions and process privileges.) The practical upshot of these changes is that input managers in Snow Leopard don’t work in 64-bit applications, such as the Finder and Safari (which had previously been a popular target for input manager-based hacks), and input managers installed in
~/Library/InputManagers won’t be loaded no matter what.

But a large number of my commonly used programs—including BBEdit, Mailplane, Firefox, Google Chrome, iTunes, Panorama, Fetch, Things, TweetDeck, NoteBook, LaunchBar, and iPhoto—are still 32-bit apps, presumably since recoding to make them 64-bit compliant doesn’t provide much of a benefit. And worse, when I looked in /Library/InputManagers, I found four input managers there (another, Smart Crash Reports, was located in the Snow Leopard-disabled ~/Library/InputManagers folder; Unsanity says it isn’t Snow Leopard-compatible anyway). The four that were loading were:

• 1PasswordIM (used by 1Password 2.x and replaced in 1Password 3)

• GearsEnabler (used by Google Gears, which isn’t compatible with Snow Leopard)

• SIMBL (used by various Safari hacks and now updated for Snow Leopard, but my version was from 2007)

• Menu Extra Enabler (used for putting icons in the system-wide menu bar; Unsanity says it’s incompatible with Snow Leopard)

In short, these four input managers were still being inserted into the executing code of every 32-bit application on my Mac. Regardless of the fact that these input managers had once performed useful tasks, all four were entirely obsolete and doing nothing useful for me any more. They were zombies, lurching around my Mac’s memory and eating the brains of my applications. And I’m willing to bet that many of you out there have zombie input managers in your Macs as well.

You might wonder why Apple didn’t make the Snow Leopard installer disable input managers by default (as happened with incompatible kernel extensions, for instance), and so did I. All I can think is that Apple felt that the tightened restrictions on how input managers load would significantly reduce the problems they were causing, with no need for installer intervention. Plus, since some input managers could continue to operate in Snow Leopard with 32-bit applications, Apple may have felt that it wasn’t appropriate to disable functioning software.

Luckily, removing these zombie input managers is easy. Just open /Library/InputManagers (that’s the InputManagers folder in the top-level Library folder) and drag everything in there to the Trash, or if you’re not certain you wish to delete them right away, to the Desktop. When prompted, enter your admin password. Then restart your Mac—as long as the input managers aren’t in that folder, they won’t load. (You can also delete any input managers in the ~/Library/InputManagers folder—the one in your home folder’s Library folder—but that’s just for cleanliness, since they aren’t loading in Snow Leopard anyway.)

Although it’s unlikely that modern software would install an input manager under Snow Leopard, it’s not difficult to prevent them from being installed. If you want to go this route, check out Bill Bumgarner’s instructions.

I can’t promise that removing old, unused input managers will make your Mac more stable, but it certainly can’t hurt. And I’m curious—how prevalent are these zombies in the Mac world? If you have any obsolete input managers that are still loading other than the ones I’ve found, let us know in the comments.

Perfect timing: I had just seen the first low power warning from my Magic Mouse overlay my iMac’s screen when my phone rang—it was Dennis, my older brother, asking me what I wanted for my birthday. “How about an Apple Battery Charger?” I immediately asked, thinking about that battery warning and remembering that the dish where I toss depleted batteries before taking them to a recycle drop (as if!) was getting full. Just two days later, right before the alkalines in my mouse flatlined, I found a small package at my front door. The charger that came out of the small package was even smaller.

The Apple Battery Charger, unpacked and removed from its thin cardboard box, is white and minimalistic, as so many Apple products are. And it’s a little pricey ($29), as so many Apple products are. But it’s also so nicely designed that it feels worth it.

But is it worth it? That depends on your expectations.

It’s certainly easy to use: just stick in one or two of the six supplied AA NiMH batteries and plug the charger in. A pinhole-size light at the plug end of the charger glows amber when it’s charging, green when it’s done charging, and turns off after six hours.

And it’s convenient: When it’s not charging batteries, the charger draws only a measly 30 mW, which means you won’t drive up your electric bill even if you leave it plugged in all the time. A set of batteries recharges fully after five hours.

But what I really wanted to know (and what I’m sure you want to know) is, how long do the batteries last?

First, let’s look at what happened when I stuck my first set of newly charged Apple NiMHs into my Magic Mouse: my iMac reported that my mouse batteries were at 91 percent of capacity. To double-check, I swapped in a different set of fully charged NiMHs, and the iMac registered an even lower 86-percent power level. Not a promising sign.

Now, remember my dish of dead batteries? Slothful as I am, I haven’t taken any batteries to be recycled since I got my Magic Mouse, so I have a baseline for comparison. I got the mouse in mid-November 2009, and the dish held eight dead soldiers before I got the Apple charger at the beginning of this month. Add in the dying batteries I had just removed, and there are now ten dead batteries in the dish, which means that my Magic Mouse had been getting better than two months of service from each set of the alkalines I’ve been using.

By comparison, after only two days of (admittedly heavy) mousing around, the Apple NiMHs that started at 86 percent had dropped down to 62 percent of a full charge. Seeing this, I didn’t think I was going to get two months out of a set of charged NiMHs. More like a week or two per set if the power depletion rate I’d seen so far remained constant.

But it turns out that the depletion rate isn’t constant. The NiMHs don’t run down the same way that disposable batteries run down: once my current set of Apple batteries hit about 60-percent capacity, the rate of decline slowed drastically. Although it took only two days for my batteries to go from 86 percent to 62 percent, it took four more days to go from 62 percent to 56 percent, and a full week after that to go from 56 percent to 54 percent.

The reason for the initial weak showing of the NiMHs, of course, is quite simple. The typical fully charged alkaline AA battery delivers 1.5 volts and has a 2500 mAh capacity. By comparison, the low self-discharge (LSD) NiMHs that Apple supplies with the charger deliver 1.2 volts when fully charged and each have a 1900 mAh capacity. With that difference, I am surprised to see that a fully charged set even registers 86 percent of capacity on my iMac. (Note that the Apple charger can also work with other LSD NiMH AA batteries, some brands of which may have different capacities than the batteries supplied by Apple.)

The depletion curve of the NiMHs is also as precipitous at the end of a duty cycle as it is at the beginning: after about three weeks of the slow decline following the initial quick fall-off, the batteries began a race to the bottom. Only a few hours after I saw the 20-percent capacity warning appear on my iMac, the batteries were no longer able to keep my mouse in contact with my iMac. All told, the NiMH batteries in my Magic Mouse had lasted about three and a half weeks on a charge.

Even though my Apple batteries don’t last as long per charge as disposable batteries, I am far from disappointed. The LSD NiMHs that Apple supplies are designed to hold a charge when not in use, and lose only 20 percent of their charge after a year in storage. That means I can charge up a set of my Apple batteries in five hours, stick them in a drawer, and, whenever my Magic Mouse begins warning me, I can just swap the charged batteries in and recharge the depleted ones in an afternoon; after that, they can go in the drawer until needed. And though they turn out to run down significantly more quickly than disposable batteries, I’d still rather do a more frequent swap-and-charge exercise than buy a six-pack of disposable batteries
every few months, and then have to look for a place to recycle the dead batteries (especially given my sorry record in this regard), or, worse, surreptitiously toss them in the trash in the dead of night.

But will you be disappointed? Beats me. If you need the high initial charge and the other performance characteristics of disposable batteries, you might be. Otherwise, Apple’s Battery Charger with its supplied batteries seems like a reasonable investment.

Much as I’m impressed by Apple’s industrial design with the iPad, I sometimes wish they had used the polycarbonate plastic from the early iPhones for the iPad’s back. The aluminum is a little slick, and there are times when I’m holding it that I’m a little worried that it’s going to slip from my grip. Plus, although this hasn’t affected me personally, I could see someone’s hand getting tired of gripping an iPad for an extended period of time.

That concern was the impetus behind the invention of the Hand-e-holder, a clever device that in essence enables you to palm an iPad much as Michael Jordan would palm a basketball, but with no effort and virtually no chance of dropping it. However, it was running, not basketball, that led to the invention: the Hand-e-holder was developed by Burns Computer Services (BCS), a pioneer in the computerized timing of races. I was introduced to BCS founder Mike Burns by some mutual friends who had just written an iPad app called iResults for BCS and who knew that I was interested in both iPads and running.

BCS’s goal with iResults was to enable the organizers of large running events (a big race can easily have tens of thousands of participants) to equip volunteers with iPads (linked wirelessly to a results server) to show race participants the finishing times, places, and splits immediately following the event. For waiting friends and family, iResults could also be used to display runners’ progress as they pass various check points. But, as Mike Burns told me, one problem quickly became obvious—sooner or later a volunteer would inevitably drop an iPad by accident. At $499 per iPad, that’s an expensive slip.

Hence, the Hand-e-holder, which, while it can be helpful for any iPad user, is particularly useful for medical professionals, delivery people, mechanics, cooks, or anyone who needs to hold and display the iPad securely. Nonetheless, there’s nothing iPad-specific about the Hand-e-holder at all: it works just as well with a Kindle DX, a clipboard, or one of those whiteboards that basketball coaches use to diagram plays.

Talk to the Hand — There are two parts to the Hand-e-holder: an adhesive 3M Dual Lock ring that almost perfectly surrounds the Apple logo on the back of the iPad, and the Hand-e-holder itself, a combination of two rigid plastic plates attached to a neoprene strap. To use it, attach the Dual Lock ring to the back of the iPad, and then mate it with the Dual Lock-covered plastic plate on the Hand-e-holder. The Hand-e-holder’s second plastic plate is permanently attached to the first, but rotates freely, and the neoprene strap goes through a loop
so you can resize it to fit snugly around the back of your hand. (Should you want to remove the adhesive ring at some point in the future, Mike Burns has assured me it peels off without hurting the iPad.)

When I demoed the Hand-e-holder at a recent meeting of the Oneonta Mac user group, there was a collective gasp from the attendees when I stuck my hand into my laptop bag, slipped it into the Hand-e-holder, and then pulled the iPad out and held it up without gripping it by the edge. Another gasp came when I turned my hand over as though I was palming a basketball, since the iPad was poised to fall to an untimely death if the Hand-e-holder hadn’t kept it firmly attached to my hand.

So is there any concern that the Hand-e-holder might lose its Dual Lock grip on the iPad? None that I’ve seen yet, and honestly, I’m not at all worried. 3M’s Dual Lock fasteners use hundreds of interlocking mushroom-shaped protrusions that snap together—we’re talking way beyond Velcro here. Apparently, breaking the Dual Lock connection by pulling straight up and down would require 170 pounds of pressure, which would likely do something bad to the iPad well before the Dual Lock let go. For a video
demonstration of just how much confidence Mike Burns and crew have in the Hand-e-holder and the Dual Lock fastening system, watch the video of them playing ping pong using Hand-e-holder-equipped iPads as paddles.

But Dual Lock is indeed a removable fastener; the trick is that its shear strength (pressure applied parallel to the back of the iPad) is only 8 pounds. This means you can easily detach the Hand-e-holder from the Dual Lock ring on the back of the iPad if you need to insert it into a case or the like. Just catch the edge of the bottom disc with your finger tips, and use a peeling motion to detach it.

In fact, the hardest part of getting started with the Hand-e-holder is attaching the two Dual Lock pieces together; you have to press down just a bit harder than feels right. You can align one edge and push down, then press down on the opposite edge to finish the job. There’s a nice pop as the Dual Lock mushrooms mesh with one another.

Gotta Hand It to You — I’ve found that I leave the Hand-e-holder attached to my iPad all the time, since it’s almost always easier to slip my hand into the neoprene strap than to grip the edge of the iPad (which I can still do, if I’m just picking it up for a few seconds). Attached as it is to the center of the back of the iPad, it doesn’t get in the way of docking the iPad in the iPad Keyboard Dock. If you have a form-fitting case like the Apple iPad Case, you can cut out a circle so that the Hand-e-holder’s Dual Lock ring shows through; watch the
video for instructions.

But the real reason I like leaving the Hand-e-holder attached at all times is that the company also makes a wide variety of stands that use an acrylic Adapter Plate with notches on either side spaced perfectly to hold the Hand-e-holder’s second plastic plate. Slide the Hand-e-holder into the notches in the Adapter Plate, and the iPad is held firmly in the stand; a pair of holes at the top can accept a retention pin that prevents the iPad from slipping out the top of the Adapter Plate, should the stand be jostled or turned over.

You can buy the Adapter Plate by itself. It has a pair of screw holes so you can attach it to a wall, which might be an especially good way to display the iPad in picture frame mode or to mount it at eye-level in a kitchen.

However, the Adapter Plate is more commonly used with stands. Hand-e-holder currently offers three basic stands in different designs: a tear-drop base, a rectangular base with a groove to hold an Apple Wireless Keyboard, and a single-piece acrylic stand. More interesting, though, are the specialty mounts: a tripod with non-skid feet, 1.5- and 2.5-inch C-clamps, and a spring clamp. And, for you pilots accustomed to keeping maps and flight plans on a kneeboard that straps around the thigh, a Leg Strap Kit makes it easy to attach an aviation app-equipped iPad to your thigh instead. (The screenshot shows the tripod and the spring clamp stands, and my iPad is floating next to my desk courtesy of the C-clamp stand.)

Adjustment knobs on all the various stands and mounts make it possible to position the iPad in a wide variety of angles and orientations, and the Hand-e-holder folks are always interested in hearing about specific needs. For example, they made a C-clamp mount with a long, straight arm for a professor who wanted to use an iPad to display research results at a conference. For the security-minded, they’ve made versions that replace the Dual Lock fasteners with unremovable standard adhesives and coupled them with
screw-attached mounts and a lock that fits into the hole at the top of the adapter plate.

The Hand-e-holder itself costs $39.99, the Adapter Plate by itself is $19.99, and the various stands and mounts range from $39.99 to $49.99. You can also buy extra Dual Lock rings for $6, so you can use your Hand-e-holder with multiple iPads or other devices.

The prices seem a touch high, but Mike Burns said that he refuses to outsource manufacturing to China when so many people in his home state of Michigan need jobs. Otherwise, I haven’t found much about the Hand-e-holder to criticize. Some of the stands, while highly functional, aren’t as elegantly designed as other iPad stands I’ve seen. Furthermore, the retention pin, which is separate from the Adapter Plate used by each of the stands and mounts, is the sort of thing that can be lost quickly unless you attach its keyring to the mount with some string. And lastly, I can see the Hand-e-holder being incompatible with certain other cases.

But in the end, the Hand-e-holder is a neat solution to a particular problem that many iPad users may have, and it’s well worth checking out if you want a better way to hold and display your iPad or similarly shaped object.

iTunes 10.1 — Just as the first appearance of autumn leaves signals a change of seasons, the appearance of iTunes 10.1 signals the imminent arrival of iOS 4.2. In fact, the release notes cite the capability of this release to sync the iPhone, iPod touch, and iPad with iOS 4.2. Also added to iTunes 10.1 is AirPlay, which provides the capability to stream video from iTunes to the new Apple TV. Furthermore, this version enables users to disable Ping in the new iTunes Sidebar, and brings with it a changed license agreement that specifies the kinds of information Apple receives from
users when Ping is used. And, of course, iTunes 10.1 contains the customary “important stability and performance improvements” and security fixes. The update is available from Software Update and directly from Apple. (Free, 90.63 MB)

Read/post comments about iTunes 10.1.

BBEdit 9.6.1 — Following swiftly upon the release of BBEdit 9.6 (see “BBEdit 9.6 Released; Still Doesn’t Suck,” 26 October 2010), Bare Bones Software has issued a minor update to their flagship text editor. The release notes for BBEdit 9.6.1 list one addition and two changes, along with a number of bug fixes. The addition is an expert preference, set via the command line, to show SCM administrative files in disk browsers and projects when Show Invisibles is enabled. The two changes are a
new location for FTP/SFTP cache files and an expert preference to display multi-file search results in a flat list rather than hierarchically by file. Among the several dozen bug fixes is one that fixes the loss of the final character of a URL that appears at the end of a document when BBEdit tries to resolve it (a bug that Adam Engst first reported); another fix eliminates crashes caused when BBEdit erroneously attempts to load out-of-date language modules instead of ignoring them. ($129 new, free update, 15.8 MB)

Read/post comments about BBEdit 9.6.1.

Security Update 2010-007 (Leopard and Leopard Server) — The just-released Mac OS X 10.6.5 includes numerous security fixes that are also relevant to Mac OS X 10.5.8 Leopard and Leopard Server. For you Leopard users out there, Apple has now released Security Update 2010-007 Leopard Client and Security Update 2010-007 Leopard Server to address 32 vulnerabilities spread throughout the operating system. You can read the details on Apple’s Web site.

Flash Player merits special attention, since Apple’s inclusion of version 10.1.102.64 addresses 56 different vulnerabilities since the previously shipped version. That’s somewhat deceptive, since Mac OS X 10.6.4 shipped with Flash Player 10.0.45.2 even when 10.1.53.64 was current with fixes for numerous security holes. In short, don’t depend on Apple to provide the latest version of Flash Player; it’s a huge target for security exploits and Adobe is constantly releasing new versions to address significant problems.

Four of the security changes are specific to Mac OS X Server 10.5.8, notably fixes to Password Server and Wiki Server, and new versions of MySQL and PHP.

Security Update 2010-007 is most easily downloaded via Software Update, but standalone installers are also available via the links above. (Free, 240.74 MB for Mac OS X 10.5 Leopard, 448.10 MB for Leopard Server)

Read/post comments about Security Update 2010-007 (Leopard and Leopard Server).

1Password 3.5.0 — Good news for Google Chrome users! 1Password, the Web password manager from Agile Web Solutions, has been updated to version 3.5.0, and the big news in this version is an “awesome new extension” for the Google Chrome Web browser, available only to Mac users, that achieves feature parity with 1Password’s Safari and Firefox extensions. Also new is a Dropbox sync status display in the sidebar. Other changes include reduced disk space for stored attachment icon files and usability enhancements for item editing. In all, the release notes list 34 changes. 1Password requires Mac OS X 10.5.8 or higher. ($39.95 new, free update, 19.1 MB)

Read/post comments about 1Password 3.5.0.

Coda 1.7 — Coda, the code editor and transfer application from Panic, Inc., has received an update to version 1.7. New in this version is code completion for the latest HTML5 tags, improved syntax checking for Perl and CSS, and added keyboard shortcuts. The release notes itemize the changes in the latest version. ($99 new, free update, 20 MB)

Read/post comments about Coda 1.7.

HP Printer Drivers v.2.5.2 — Apple has released revised printer drivers for Hewlett-Packard printers. The driver package provides support for hundreds of HP printer models and requires Mac OS X 10.6.1 or later. The update is available via Software Update as well as directly from Apple. A complete list of supported printers is available in an updated knowledgebase article. (Free, 448.7 MB)

Read/post comments about HP Printer Drivers v.2.5.2.

Carbon Copy Cloner 3.3.6 — The popular Carbon Copy Cloner backup utility from Bombich Software has been updated to version 3.3.6. In the latest version, handling of damaged media has been improved so that read errors produce error dialogs more quickly, so the user can decide how to proceed. Other usability enhancements include a task scheduling setting option so that users can choose to be prompted to initiate the scheduled backup task instead of the task automatically starting, and a confirmation prompt that appears when the user tries to stop the verification stage of a block-copy operation. Version 3.3.6 fixes a
bug introduced in 3.3.5. The release notes list all the changes, additions, and fixes. (Free, 4.3 MB)

Read/post comments about Carbon Copy Cloner 3.3.6.

Just two worthwhile links for you this week—news that Apple and Oracle will be collaborating to ensure that Java remains available for Mac OS X and an Apple-acknowledged bug in iOS 4.1 that messes up repeating alarms.

Oracle and Apple Announce OpenJDK Project for Mac OS X — Those who feared that the days of Java on Mac OS X were over following Apple’s announcement that it was “deprecating” Java on Mac OS X will be heartened by the news that Oracle and Apple are creating the OpenJDK Project. Apple’s press release states that “Java SE 6 will continue to be available from Apple for Mac OS X Snow Leopard and the upcoming release of Mac OS X Lion. Java SE 7 and future versions of Java for Mac OS X will be available from Oracle.”

Read/post comments

Reset iOS Clock App Alarms after Daylight Saving Time Change — There’s a bug in iOS 4.1 that causes repeating alarms in the Clock app to trigger an hour later than they should shortly before and after the daylight saving time change. Apple says the bug is fixed in the forthcoming iOS 4.2, but in the meantime, you can fix your alarms by deselecting all days in the repeat interval, saving, and then resetting the alarms for the days you need them.

Read/post comments