Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
Show excerpts


Two bits of sad news occupy this week’s issue: the suicide of Internet activist and advocate Aaron Swartz, and the closing of the pioneering podcast network ITConversations. On a happier note, Jeff Porten has filed not one, not two, but three reports of new products from CES 2013, some of which might even ship someday. Back in the world of the practical, Adam Engst explains how to remove duplicates from the Finder’s Open With contextual menu and looks at Amazon’s new AutoRip service, Josh Centers shares how iFlicks can improve an iTunes video library, and Rich Mogull answers the question of whether or not Mac users need antivirus software in today’s world. Notable software releases this week include MacBook Air EFI Firmware Update 2.6, Firefox 18, and Fission 2.1.1.

Glenn Fleishman 2 comments

Aaron Swartz, Who Helped Free Information, Is Dead

The coder, activist, and open-access advocate Aaron Swartz died 11 January 2013 by his own hand. From the age of 13, when he won a prize given to youth who created non-commercial Web sites that were “useful, educational, and collaborative,” Swartz dedicated his life to writing code and sites that allowed information to flow more freely and advocating successfully against efforts to restrict access.

Swartz provided the code and technical underpinnings for Creative Commons at its formation, joined the founders of Reddit early on and created the software to run it in its early days (which he later released into the public domain), built Open Library with the Internet Archive, and founded Demand Progress, one of the groups instrumental in rallying support against SOPA and PIPA copyright legislation. Swartz also worked on RSS 1.0 (not the original RSS developed by Netscape and adapted and popularized
by Dave Winer that resulted in RSS 2.0), which led him to help put together the Resource Description Framework (RDF) specification at the World Wide Web Consortium (W3C).

More recently, Swartz became a vociferous advocate of freeing information from behind paywalls that was outside copyright protection or that he thought should be outside such protection, including court records and, more controversially, academic articles. His latter effort led to federal computer crime charges that were unresolved at his death. A trial was slated for April 2013, and could have led to years in prison.

Swartz is remembered not just for each of these and many other projects he was involved with, even though most have significance in the evolution of the Internet. On top of his contributions to the public good, he will also be remembered for his early genius, his keen insight, his warmth, and his generosity. BoingBoing has assembled an ongoing collection of tributes to and articles about Swartz, including a remembrance by one of its editors, Cory Doctorow, who was one of Swartz’s friends.

Jeff Porten 1 comment

CES 2013: Cases, Chargers, Docks, and Houseplant Monitors?

Greetings from the Bali Hai Country Club in Las Vegas, where I’m recuperating briefly after the opening events of the 2013 installment of the Consumer Electronics Show. The decor is 1970s tiki, the temperature outside is 37°F, the music is thankfully not Don Ho, and the only thing that’s making this glass-walled room bearable is the gas torch six inches from my back.

I just came from the CES Unveiled event at the Mandalay Bay, where numerous CES exhibitors pony up a few (or more than a few) thousand dollars extra to get an advance shot at capturing press attention, and in turn, yours. A few items intrigued me enough to share with you.

Other World Computing is always good for interesting gadgets, although I’m not sure what’s new for the show. But since I accidentally dangled my new iPhone 5 by its headphone cord over concrete yesterday, I’ll be checking out their Nuguard KX case, which doesn’t seem to increase the profile of the phone by much.

Lilliputian Systems is here with Nectar, a $299 attractively curved black box that accepts $9.99 “Nectar Pods,” cylinders that each power a mobile device for up to two weeks. I’d like to give you details and specifications, but that’s all I’ve got; for what it’s worth, Nectar will be featured in the Brookstone catalog, which I tend to associate with cool gizmos that are overpriced for their components.

Also of interest in the same category: the myCharge Hub Series of 3000, 6000, and 9000-milliamp-hour batteries that come with Lightning, micro-USB, and USB cables to recharge anything that might need power; Lightning is usually the odd man out in these things. Unfortunately, these won’t be available until April 2013 (and July 2013 for the 9000).

And, for the kind of families where even the dog has an iPhone, Griffin is rolling out the $99 PowerDock 5, which stacks and charges up to five phones and tablets in a reasonably attractive and space-saving manner. Also, they have a new line of WoodTones headsets and cables that are… um, made of wood.

Belkin demoed their $199.99 Thunderstorm Handheld Home Theater, which is an iPad case that provides stereo surround audio when docked with an iPad 2, or a third- or fourth-generation iPad. Separate models are available for the old dock connector or the new Lightning port. I didn’t hear a demo, but I already hate this product for its name; as if Lightning and Thunderbolt aren’t enough? Just imagine the parental tech support calls: “So I tried to connect the Thunderbolt to the storm thing… or am I suppose to use Lightning instead?”

The folks at Parrot, who brought you the AR.Drone quadcopter that you pilot with an iPhone (see “CES 2010: Blending the Future,” 7 January 2010), are blowing my mind with their press release announcement of the Bluetooth-based Flower Power that, I kid you not, monitors your houseplants, presumably for water, though perhaps it’s bidirectional so you can serenade your schefflera too. I will check out their booth and let you know if this is a spoof, or if someone at Parrot drank
a bad batch of Bordeaux before writing the press release.

Jeff Porten 4 comments

CES 2013: Pepcom’s Digital Exhaustion… er, Experience

Greetings again from CES 2013, or, rather, from the Starbucks at Planet Hollywood, where the Wi-Fi is surprisingly good, the venti coffees are the most expensive I’ve ever seen, and the house band in the casino is covering Guns N’ Roses. The Starbucks is conveniently located past the midpoint of my 40-year trek through the desert from the MGM Grand Ballroom to my hotel; about half of those years were through the MGM Grand, the largest hotel in the United States. I say with no exaggeration that I heard at least three people burst into sardonic laughter while following signs to the ballroom, when turning yet another corner led to yet another long hallway to be

Tonight’s “(literally) feed the beast” press scrum was Pepcom’s Digital Experience, which alongside tomorrow’s Showstoppers serves as an alternate CES. While some of the exhibitors are also at the real CES starting tomorrow, these two shows are run by separate companies. Exhibitors here get direct access to members of the media, usually at lower cost than having a CES booth; the press comes because it’s open bar and free food, while tomorrow we’ll be paying $20 for a Coke and a hot dog at the Las Vegas Convention Center.

First up are a pair of cellular network services hoping to break the phone carrier death grip on the marketplace. Truphone provides a $30 GSM SIM card that you can slot into your unlocked mobile phone to roam internationally on the Truphone service, which the company purchases wholesale from regional providers. Truphone offers both prepaid by-the-month service and ongoing plans. In theory, you’ll save money over roaming with your existing cell phone plan — however, checking their rates for an upcoming trip to Canada gave me an eye-popping quote of $4.29 per megabyte. That’s a win over AT&T’s roaming rate of $15.36 per megabyte, but far more
expensive than the cost of AT&T’s international data package, which costs $30 for 120 MB ($0.25/MB). I’ll hang onto Truphone’s press giveaway SIM card in case they’re a good choice for future travel; it’s certainly easier than finding a local provider every time you touch down in a new country. New at CES from Truphone is a nano SIM that can be used in an iPhone 5, and a U.S. headquarters to expand their market beyond their decidedly UK-centric Web site.

On the other hand, if free 4G data is more interesting, FreedomPop would like your attention. They had on hand numerous $99 gadgets, including a MiFi-like hotspot, and cases for the iPhone 4, 4S, and iPod touch that connect to their 4G service (subcontracted from Sprint). The service is free, provided you can stay below 500 MB per month; additional data can be purchased at competitive rates, or “earned” by watching advertisements or making purchases with their partners. I’d say this is a great service for occasional users, but 500 MB is a low ceiling.

Grokr caught my attention with the tag line “predictive search for iOS.” Predictive search is another way of saying, “we’re going to track everything you do with us (and optionally on Facebook, Twitter, and LinkedIn), and use that to predict what you’re looking for when you launch the app.” In theory, you end up with a nearly psychic assistant that cuts down on how long it takes to look things up, and alerts you about upcoming events of interest. In practice, it’s all about how well
their algorithms work, but they earn points from me for the “Stranger in a Strange Land” branding. Grokr is a free download in the App Store.

Rambus was on hand with their LED replacement 60-watt bulb, displaying a lamp in what was possibly the world’s worst comparison environment for light quality and color. It was certainly bright enough to defeat my iPhone’s capability to take a decent picture, but if you’re willing to trust Rambus’s pictures of it, it’ll be on sale in the next three to six months.

Lytro displayed their light field cameras, which allow the focus and angle of a picture to be changed after the fact, due to some optical technology which my smarter friends assure me isn’t actually magic (see “Orders Start for Unique Lytro Light Field Camera,” 19 October 2011). The hardware appears to be unchanged from last year’s model, although firmware updates starting in October 2012 have added new features to existing cameras. Lytro
demoed upcoming software that will allow photographers to share their light field pictures on Facebook, Twitter, and Web sites, with code that provides viewers the same angle and focus controls as in the camera. Possible downside: Lytro hosts these photos on their servers, and there’s no other option for sharing these pictures unless you export them to a flat JPEG first. Lytro’s cameras still cost $399 (8 GB of memory) and $499 (16 GB) in a range of colors.

Brookstone landed another one in the “halfway between cool and ridiculous” zone with their upcoming $129.99 SoftSound Pillow, due for release in April 2013. It’s a memory foam pillow with wireless speakers, marketed as “enjoy TV without disturbing your partner” — or, more importantly for me, without waking up in the morning with headphone dents in my face.

I’ve seen several Internet commentaries saying that the Lenovo IdeaCentre Horizon 27-inch tablet is either fantastic or insane. It’s basically an 18-pound (8.1 kg) PC with a split personality: prop it up at an angle and it’s a Windows 8 computer; lay it flat and it switches into Lenovo’s Aura touch interface that reminds me a lot of the original Microsoft Surface, which Microsoft
installed in (very few) bars and restaurants. Personally, I think this is one for the CueCat category of things we’ll be laughing at in a few years; if a 27-inch touch surface were inherently that interesting, they’d be spending less time demoing the interactive Bluetooth dice that automatically integrate with games, all of which will ship sometime in the future.

Following up on yesterday’s note about the Parrot Flower Power plant monitor: okay, it’s actually much less frivolous than I thought (see “CES 2013: Cases, Chargers, Docks, and Houseplant Monitors?,” 7 January 2013). The monitor comes with an iPad app containing encyclopedic descriptions of 6,000 houseplants; if you’re like me and you can kill a plant at 100 paces, you can look plants up via descriptive tags. Once you’ve told your iPad which plant the device is monitoring, it uses sensors for sunlight, moisture, temperature, and fertilizer density to tell even people like me what to do to keep plants happy, and when. It’s still in development with no price tag yet, scheduled
for release “this year.”

It’s rare that a booth makes me gleeful over the sheer fact that it exists, but that’s the feeling I got from Stern Pinball. Pinball was my quarter-sucking vice of choice long before I ever discovered video games, but every manufacturer except Stern has been driven out of business by the decline of arcades. Stern has taken an interesting marketing angle on this: their new pinball machines come in various sizes, with smaller units designed for home use, and larger ones for
arcades and public play. The playfield on any given game will be largely the same, but arcade models will have more animatronics and a larger backglass (the vertical display). Most importantly, home units have arcade quality playfields, flippers, and mechanisms. Stern pinball games for home use run $2,500, compared to $6,000 through $8,000 for the versions that eat quarters by the handful.

Also in the category of “surprised and glad to see them,” both FileMaker and Parallels had booths here, without much to announce in the way of tech news. (FileMaker Go for iOS has been downloaded 500,000 times as of last month, which isn’t much of a hook.) What strikes me about this is that it’s one thing to walk into a non-Mac press room and see dozens of glowing apples winking back at me; quite another for these two companies to deem it useful to drop
kilobucks on getting onto the radar of the press corps. And, for what it’s worth, despite ongoing Twitter wars about the last time Apple exhibited at CES, if FileMaker counts, Apple is still here.

Jeff Porten 8 comments

CES 2013: Showstoppers from Useful to Insane

Greetings a third time from CES 2013 after leaving the Showstoppers event at the Wynn, where the catering is excellent, the stores are très expensive, and the hotel Wi-Fi set a record for ridiculous by charging $20 for 40 minutes. For that price, I expect each kilobit to be carried out on a silver platter by the cast of “Downton Abbey.” As I did yesterday (see “CES 2013: Pepcom’s Digital Exhaustion… er, Experience,” 8 January 2013), I have stopped for caffeine on the way back to my hotel; it may not be as ritzy, but this is the first Starbucks I’ve been to that has its own volcano.

I have to lead off my coverage of Showstoppers with a disclaimer. It’s no secret that trade shows are infamous for providing brib… that is, “review units” to honored and respected representatives of qualified press organizations. It’s common for writers to return home with a few techie gewgaws, most of which end up on a shelf. But this time, not to put too fine a point on it, I made out like a bandit. Therefore, anytime I mention a company that gave me stuff, I’ll include the Unicode emoji symbol for wrapped present: ?. Note that outright bribery by no means guarantees that a company will be mentioned, and certainly doesn’t guarantee that they’ll be covered positively.

Ground rules properly established? Then away we go.

DisplayLink caught my eye, almost literally, with their demo of a MacBook Air running two side-by-side external monitors at 1920 by 1200 each. Those are 1080p videos you see on each screen, with room to spare. The MacBook Air was connected by USB 3.0 to a Lenovo dock driving the monitors; DisplayLink makes the chip, which will be sold in other docks through outside manufacturers, including Belkin. DisplayLink also works with USB 2.0, and will downsample the external image if it needs more bandwidth than 2.0 can handle.

The Olloclip snap-on lens has been updated to fit the iPhone 4, 4S, or 5, and now includes an adapter for use with the iPod touch. The lens adds wide-angle, fisheye, and macro lens capabilities to the built-in camera lens. I’m at best a highly amateur photographer, so at $69 this is too pricey for me, but a lot cheaper than most lenses. I also admire its “throw it in the bag for later” gadget form factor.

Flicpost demoed their free iPhone app that sends actual printed photos. Through the physical mail. To people who might not have Internet connections. Pricing for the first photo is $0.69 for U.S., UK, and a few other destinations, $0.99 elsewhere in the world, and $0.20 for each additional photo. This isn’t really new, but what caught my attention was the press kit, a mocked-up envelope addressed to Neil deGrasse Tyson (see
“What Makes a Technology Cool,” According to Neil deGrasse Tyson,” 9 October 2012).

Also in the blast-from-the-past category, SoloMatrix impressed me with their… yes, physical keyboard for the iPhone. I don’t know how many BlackBerry users are left who are finally making the switch, but the Spike TypeSmart slaps a decent keyboard over an iPhone’s virtual keyboard in portrait orientation. This earns a mention because it uses a case with a Lightning or 30-pin connector instead of Bluetooth; the keyboard folds flush into the case when not in use; and the demo guy remained extremely friendly even when I dropped his iPhone and snapped off the “first keyboard out of ten that just flew in from China.” Oops. Pre-order pricing is $35, $60, or $150, depending on the type of case that accompanies the keyboard.

I am not an audiophile and my hearing is awful (see “iOS Hearing Aids… or, How to Buy Superman’s Ears,” 8 February 2011), so I’m not qualified to review the audio quality of any headset. But I like the idea behind the $69 BlueAnt Ribbon ?, which separates out the Bluetooth part of a Bluetooth stereo headset into a normal 3.5mm headphone jack that can be hooked up to anything, such as your existing headset or
other speaker equipment. The Ribbon can attach to your clothes, and it’s lightweight enough to dangle when used as a Bluetooth driver for external speakers. I’m a fan of this approach, because I’ve lost count of the number of times my laptop bag has yanked my wired headset out of my ears.

I’m also not qualified to review children’s apps, as I tend to like children just fine… in a Béarnaise sauce with a side of leafy greens. That said, TCKL’s Drip Drops Color the World 3D, for ages 2–6, looked pretty nifty. The child (or an adult brain-fried by childrearing) is led through a storyline where she can color 3D objects, which then become part of future events; a globe canvas in the first scene becomes the ball an onscreen character plays with in the next scene. It will be
available in late January 2013 (and is different from the free 2D version already in the App Store); pricing hasn’t yet been set. Warning: do not click on this link if you are not ready for astonishingly cheerful music, such as if it’s 3:30 AM in your Las Vegas hotel room.

Perhaps also fitting into the “Jeff hates children” category is the Tethercell. It’s a casing that fits over a AAA battery and turns it into a AA battery with Bluetooth. This then connects to a smartphone app that enables you to set times-of-day when the battery can be used, and mercifully provides you with a master Off switch for all of your Tethercell-enabled toys. The Tethercell is an Indiegogo pre-order at the moment, although the booth demoed a prototype and seemingly complete iOS software. As a representative of childless people everywhere, I beg you to make this exist.

Spigen SGP is the only vendor that earned its place here through outright bribery; I had passed their booth without stopping until someone noticed my bare iPhone 5 and said, “You know they’re giving away screen protectors, right?” It’s the quality of the screen protector that led to their inclusion: I had expected yet another flimsy plastic film, but instead, their line of $27.99 GLAS.t ? and $34.99 ? protectors are oleophobic tempered glass, which feel identical to a bare iPhone 5 screen. The has rounded corners that resist chipping when used on an otherwise uncased iPhone, while the GLAS.t is recommended for an iPhone with case. When the iPhone is exposed to a potentially screen-shattering event, both protectors are designed to absorb the force and perhaps crack themselves, keeping the iPhone display intact. Spigen also gave me their $17.99 Slim Armor ? iPhone
case, which is attractive but otherwise unremarkable, and which will remain untested for drop protection for as long as humanly possible. iPhone 5 versions of all of the above are new at CES or very recent releases.

One for the “can’t believe it” category: if you always wanted a Bluetooth-enabled fork, HAPIlabs has one. The HAPIfork reminds you to eat more slowly by vibrating when you eat too fast. The best bit: it can tell because it uses the electrical conductivity of your mouth to close its circuit. HAPIfork works with a computer over USB, a smartphone over Bluetooth, and your deep sense of existential despair over a pint of Ben & Jerry’s.

Also in the “can’t believe it” category is NeuroSky’s $129.95 MindWave Mobile, which they recommend for use with Neurowear’s $99.95 Brainwave Cat Ears. The MindWave Mobile is a headset with a sensor that rests on your scalp, and then ostensibly uses your brain’s conductivity to interact with smartphone apps — or the Cat Ears, which perk up or droop based on how much attention you’re paying at any given moment. Facial expressions alone are so 2012. Shown below are the $20 Obsidian replacement ears if you really want to be a black cat.


Last, and very definitely least are the LiteBrix. I include them because they inadvertently infected me with the 1970s Lite Brite commercial as a permanent earworm, and the only cure is to share the misery.

Adam Engst 9 comments

Eliminate Duplicates in the Open With Submenu

Every now and then, solutions to problems just fall from the sky, or, in this case, from TidBITS Talk. In a recent post, Shirley Jordan noted that whenever she right-clicked on a document in the Finder and displayed the Open With submenu to open the document in something other than its default application, every application in the menu appeared twice. Quick responses from Miraz Jordan, Alan Forkosh, and Curtis Wilcox revealed that the problem was a corrupt Launch Services database and a single Terminal command can resolve it, as can options in utilities like Cocktail.

I was in the same situation — I’d been seeing two or even three copies of each application in the Open With submenu, but it was never annoying enough to hunt down the solution. So I was happy to have it fall in my lap via email, and after pasting the command below (as one line) into Terminal and relaunching the Finder by Control-Option-clicking its Dock icon and choosing Relaunch, my Open With submenu shrunk to only a single copy of each application.

Conrad Hirano subsequently noted that relaunching the Finder wasn’t sufficient for his Mac to reset its Open With submenu completely, and he needed to log out and back in to finish the job. Personally, whenever anything is being weird, I prefer restarting the Mac entirely, which doesn’t take significantly longer.

sudo /System/Library/Frameworks/CoreServices.framework/Versions/Current/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user

As far as I can tell, there’s no downside to rebuilding the Launch Services database in this fashion, though it’s also not something you should do without good reason, such as the duplicate entries in the Open With submenu.

Adam Engst 10 comments

Amazon AutoRip: Not iTunes Match, but Still a Time Saver

Buy a CD today, and what are you going to do? Rip it to MP3 or AAC right away, of course, so you can play it from your computer, phone, or tablet. I’m sure plenty of people still have physical CD players, but I found it difficult to continue with the disc-swapping once I became accustomed to the ease of choosing music from a large digital library. That’s much of the allure of buying music from the iTunes Store or the Amazon MP3 Store, since there’s no need to go through the effort of ripping the CD in the first place, nor do you have to find space for it on a shelf or in a box.

But don’t count CDs out entirely. They’re far more satisfying to wrap and toss under a Christmas tree than iTunes gift cards, they’re a built-in backup (less of a concern now that both Apple and Amazon let you redownload purchased music), and they can make for interesting artifacts, thanks to the album art and liner notes. And I’m sure that there are plenty of people who just prefer a solid bit of plastic to the ephemeral digital download.

Amazon has just announced a new service, called AutoRip, that aims to let those who want to buy CDs get the best of both worlds. If a CD purchased from Amazon is among the 50,000 albums that are eligible for the service, when you buy it, you’ll automatically receive MP3 versions of the songs for immediate download. No ripping necessary. (The AutoRip logo appears under the Add to Cart button for eligible albums.)

The AutoRip MP3s appear in Amazon Cloud Player, a Web app that stores and plays music purchased from the Amazon MP3 Store along with music you’ve uploaded (see “Amazon Puts Your Music in the Cloud,” 2 April 2011). You can also play stored music using apps for iOS, Android, Sonos, and Roku.

Taking advantage of AutoRip is merely a matter of buying a CD that’s included in the program, but Amazon has sweetened the deal by including CDs purchased as far back as 1998. So, if you log in to the Cloud Player site, it will tell you if it’s giving you music from previously purchased CDs, and it marks them with a special blue-green icon. I have no idea how many CDs I’ve purchased from Amazon since 1998, but only four showed up in Cloud Player for me.

Before you ask, no, CDs purchased as gifts are not eligible for AutoRip, since then two people would be getting the music. Of course, Amazon has no way of knowing that you’re purchasing a CD as a gift unless you pick the CD from someone’s wishlist or indicate during the checkout process that it’s a gift. Also pay attention to the terms surrounding returns; if you return a CD after downloading the MP3s, you’ll be
charged for them, but if you return it without having downloaded the MP3s, they’ll disappear from your Cloud Player library and you won’t be charged.

How does AutoRip compare with Apple’s $24.99 per year iTunes Match service? Only peripherally. Both services give you high quality, DRM-free digital copies of music, but iTunes Match works with all your existing ripped music and AutoRip works only with music from CDs purchased from Amazon, and only a subset of those. But AutoRip is free, so if you like getting physical CDs, it’s another reason to purchase from Amazon rather than some other retailer, which I’m sure is precisely the point.

Glenn Fleishman 1 comment

ITConversations Winds to a Close

The first all-podcast network, ITConversations, founded by Doug Kaye in 2003, has stopped producing new episodes. When it shut down last month, the network had nearly a decade and about 3,300 episodes across many shows and topics of interest to information technology professionals. But Kaye’s influence was much broader than the particulars of any given podcast.

Kaye started the network before the term “podcast” had even been coined. His intent was to create downloadable audio programs, starting with conference events, as sufficient bandwidth, interest, and audience had developed, but without trying to cash in on the proposition. In the process, he shared pretty much everything he learned with listeners and the world at large. Most of the work has been done by volunteers.

Podcasting transformed ITConversations from links on a Web page into an audio publishing stream by integrating audio enclosures directly into RSS news feeds which could, in turn, be automatically imported into iTunes. (Syndication and auto-import were Dave Winer’s and Adam Curry’s big ideas.) The ability to obtain podcast episodes automatically and store them in a program like iTunes made it vastly easier to attract a substantial audience, and Kaye was one of the very first to integrate the necessary technical pieces in his feed. IT professionals were more likely to install the scripts and early software, making his topics a perfect fit, too.

Kaye was also responsible for the creation of The Levelator, which we use at TidBITS to improve the audio quality of our podcasts (“PodBOT Improves TidBITS Audio,” 7 May 2012). The Levelator turns a podcast that may have many different input levels — from a local mic, a remote Skype party, a patched-in phone call, and others — into an audio file with a consistent loudness. That is, all parties sound about the same volume, including lows and highs, so listeners don’t need to constantly fiddle with the volume for comfortable playback. Kaye’s audio engineer colleagues, notably Bruce and Malcolm Sharpe, developed an audio
normalization utility that eventually became The Levelator and was released for free. It was a great gift to the Internet that keeps on giving.

Kaye turned over day-to-day management of ITConversations to Phil Windley back in 2006, but stayed deeply involved. I had some great conversations with Kaye back when I was planning and launched a short series of podcasts for my Wi-Fi Networking News blog (I recorded 26 episodes in 2006). He was generous with his time and insight and offered to host the podcast at ITConversations. Windley is also one of the Internet’s good guys, more interested in sharing his expertise broadly than hoarding his hard-won knowledge. Both Kaye and Windley wrote notes about the end of the run back in August and September 2012; I only heard the news recently when they announced the final episodes. The two of them had a final conversation — in podcast form, naturally! — on 3 December 2012.

Why did it shut down? To quote Kaye:

We’ve helped event producers and podcasters to create and publish programs themselves, and increasingly that’s what they’re doing. There simply isn’t as great a need for a service like The Conversations Network. So we’ve decided to complete our mission by helping our remaining partners continue their podcasts on their own Web sites.

So here’s to Doug Kaye and Phil Windley! The Internet has long been associated with generous spirits, and they are two of the best, having helped thousands of podcasters and millions of listeners along with their crew of over 200 paid and unpaid staff who worked on podcasts across the years. Let’s not be sad that ITConversations has put into the Internet Archive’s dry dock; rather, let’s celebrate that it launched a thousand new voices.

Josh Centers 5 comments

iFlicks Improves iTunes Imports

If you’re invested in the Apple ecosystem, watching video can be a challenge. Sure, it’s easy if you purchase all your TV shows and movies through iTunes or stream them with Netflix, but what about all your other movies and TV shows? The ones you’ve ripped, recorded via an Elgato EyeTV device, or obtained through, um, other means?

DVD rippers like Handbrake can convert your DVDs to an iTunes-friendly MP4 file, but it isn’t always a sure bet. Movies I’ve ripped in Handbrake don’t always work perfectly on all my devices. They might play fine on my Apple TV but be choppy on my Mac, or vice versa. And even if they do work smoothly, what about the cover art and metadata? There’s little worse than staring at an iTunes window full of missing cover art. Subler is a popular metadata editor, but it can be a bear to use and has known issues with OS X 10.8 Mountain Lion. Who wants to go through so much trouble just to
watch a movie?

That’s where iFlicks ($19.99) comes in. Simply drag and drop your movies and TV shows into iFlicks and it does the rest, wrapping them in an Apple-friendly format, automatically pulling in art and metadata, and importing the videos into iTunes. You can add several at once, which is handy if you’re digitizing your entire library.

I’ve been using iFlicks for months, and it’s nearly flawless. For any video encoded in H.264, which is the Apple-preferred video codec, conversion is fast and simple, taking only a couple of minutes even for high-definition videos. Most MKV and FLV video files, as well as most Handbrake-ripped discs, are encoded this way. For these, I use the default “iTunes compatible” preset, which doesn’t alter the video quality, instead merely wrapping the content in an Apple-friendly format.

For videos not encoded in H.264, like many AVI files, the process can take longer. For these, I often have to use the Universal preset, which uses the Perian QuickTime plug-in to re-encode the video to the standard definition resolution of 720 x 576 (Perian is no longer being updated, but an iFlicks update is due soon to remove its necessity — see “QuickTime Format Extender Perian to Cease Development,” 16 May 2012.) Fortunately, high-definition videos not encoded in H.264 are few and far between.

A tricky aspect of video conversion is subtitled content, but iFlicks has no problem handling subtitles. If you have a subtitle file (they usually have a .srt file extension) in the same directory as the video, iFlicks adds it automatically. You can then enable subtitles in the video as usual: in iTunes, you can click the word bubble while watching a video, and on the Apple TV, by holding the center button on the remote while watching a video.

How does iFlicks recognize your video? Automatically, based on the video’s file name, and it does a terrific job of finding the right metadata. iFlicks uses and for its information. I dropped a brand-new episode of a TV show into iFlicks, and it automatically recognized the episode and even pulled in the cover art for the current season. If iFlicks doesn’t get it quite right, it allows you to edit the metadata manually by double clicking on the video in the main window.

But what if your video is already in iTunes? No problem, iFlicks comes with a Services menu accessible from within iTunes. You can either update the existing metadata or re-encode problematic videos without leaving iTunes.

iFlicks is the easiest method I’ve found to create iTunes-friendly video files. It takes the headache out of digitizing your video collection, and even makes your collection beautiful to look at. iFlicks is worth every bit of its $19.99 price, though it has gone on sale for as low as $2. If you want to organize your movie collection in iTunes, iFlicks is a must have.

Rich Mogull 10 comments

Do You Need Mac Antivirus Software in 2013?

It has been over four years since I wrote “Should Mac Users Run Antivirus Software?” (18 March 2008). Although much has changed since then, my recommendations mostly haven’t. While Macs aren’t immune to malicious software (malware), and we even experienced one reasonably widespread incident in 2012, malware on Macs is still not nearly common enough to recommend antivirus software for everyone. And while antivirus tools are effective against certain known attacks, they often don’t provide the level of protection people expect.

More Malware, but Still Rare — In April 2012, we experienced Flashback, the first real, widespread malware attack against Macs (see “How to Detect and Protect Against Updated Flashback Malware,” 5 April 2012). By some accounts over 500,000 Macs were infected at one point, but there is no evidence that any infected Macs or Mac users were actually harmed in the attack. This quickly led to predictions in certain corners that the Apple “age of innocence” had come to an end, and Mac users would now face as many and as severe malware attacks as Windows users.

Since that fateful week we have seen not a single additional widespread attack, and only a handful of smaller pockets of infection similar to the pre-Flashback days. (Note that there were some attacks against specific targets, but antivirus is relatively ineffective at stopping these.) Despite those predictions, Mac users haven’t seen any significant increases in malware, and it is still quite rare.

Some of this is due to steps Apple took both before and in response to Flashback, which I outlined in “Examining Apple’s Security Efforts in 2012” (20 December 2012). Gatekeeper was designed to reduce the likelihood of a user being tricked into installing malware on their own computer — still the most common attack against Macs (see “Gatekeeper Slams the Door on Mac Malware Epidemics,” 16 February 2012). Apple continues to harden the operating system itself, making it more difficult (but far from impossible) to exploit remotely. All apps in the Mac App Store must now implement sandboxing, which reduces the harm they can cause if
they are compromised — although, embarrassingly, Apple has yet to sandbox its own apps. And Apple significantly changed how Java and Adobe Flash, the software exploited by Flashback, are supported and enabled to further restrict their use as a vector for infection via a Web browser.

Plus, if reports are accurate, Flashback failed to net any significant profits for the attackers. For the most part, bad guys are in it for the money, and they drop unprofitable product lines like any other business. In fact, Apple’s security changes have, by its own admission, focused more on disrupting the economics of malware than trying to stop any single vector of attack.

This doesn’t mean there won’t be successful attacks against Macs, but all signs point to those attacks being limited — occasional one-off incidents rather than the constant maelstrom of endless attacks we have seen against Windows. The ecosystem — thanks to its size and Apple’s protections — simply can’t support ongoing waves of Mac malware. Even the latest versions of Windows don’t face the same malware issues as earlier efforts.

Some of these future incidents will be widespread, but they will also very likely be discovered and contained quickly. As for antivirus, the odds are against the tools playing a significant role in preventing these attacks due to their inherent limitations.

The Limits of Antivirus — There are two main ways to detect malicious software: detect unusual activity, or recognize something in the software that marks it as malicious. Nearly all antivirus tools on the market rely mostly or exclusively on “signatures” for malware detection.

A signature is typically a string of text, often a hash value of a portion of a known piece of malware. Antivirus companies scour the Internet looking for malware samples. Once they find a malicious program, they create a signature based on the application’s code, then push this signature into the antivirus software on your computer when you update your virus definitions. Your antivirus software scans new files as they come into your computer, plus all files on your system periodically, looking for these signatures.

Security tools tend to avoid relying on behavioral analysis because it is very hard to know whether any particular action on a general purpose computer is “bad.” For any malicious action you can think of, odds are there is a legitimate reason for that activity in a different context. It is also difficult to hook into an operating system at the right level to capture this activity. And unless you detect and manage to prevent the act of infection (which may look exactly like normal software installation), the malware gets to run on your system before the tool has an opportunity to detect bad activity. Behavioral analysis is thus fairly limited, and more effective in controlled environments, such as enterprise servers, than on personal

The advantage of signature scanning is that if there is a match, and the signature is well-crafted, you have positively identified a known piece of malicious software. You can also scan software before it ends up on your system or runs in the first place. But there are two very large downsides.

The most obvious limitation is that to create a signature, the antivirus vendor needs a sample of the malware. They can build signatures only for what they find, meaning new malware always has some running time before the first sample is collected, turned into a signature, and pushed down to client computers. Not every malicious program is created from scratch, so theoretically an antivirus tool should have a reasonable chance of picking up new variants. But the bad guys know this and buy the major antivirus programs to test their variants before release. Or, if they are on a budget, they run the samples through sites like VirusTotal, which test samples against dozens of antivirus tools.

The second major issue is that malware is a popular market, with massive numbers of new variants appearing daily. Some antivirus vendors report on the order of 65,000 new malware variations every day! That is 65,000 signatures they need to create, test, and release to their customers on a daily basis (now you know why it’s important to update virus definitions). Together these two factors make it nearly impossible for antivirus vendors to keep up. Their tools do filter a lot of malware, but never get close to catching everything bad, and there is always a window where new malware spreads before being detected.

Far less malware exists for Macs, but even there we see limited effectiveness across tools. For example, in a recent test by Thomas Reed, even the best Mac malware tool detected only 90 percent of the known malware samples used. This is a poor showing — we only see dozens of Mac malware variants per year, compared to 65,000 per day for Windows.

Despite Flashback being used as a call to arms to encourage people to adopt antivirus tools, most of those tools failed to detect Flashback for weeks — until it was highly publicized.

There are additional technical issues, as well. The more analysis and detection you want, the deeper antivirus tools need to hook into your system, and the greater their potential for failure. Apple doesn’t help much, being much more concerned with preventing malware from taking over the operating system than with helping antivirus vendors — who, after all, need to monitor all access to files and exercise control over launching applications and opening files, which are just the kinds of things malware authors want to do, too. There are also major performance impacts, and nearly every antivirus vendor has issued a bad signature at some point, causing serious issues for customers — typically false claims that a critical system or
application file is a virus, which of course causes problems when the software attempts to prevent the (critical, legitimate) file from “compromising” the system.

Considering the current state of Mac security and the malware environment today, I find it hard to recommend Mac antivirus tools for most consumers. OS X’s built-in security and basic malware protection currently stops most or even all existing Mac malware, and new malware variants don’t appear often enough for antivirus tools to provide a significant benefit by protecting personal Macs. Mac infections are so rare, and antivirus tools are so limited, that they simply don’t offer enough value for most Mac users — even the free ones.

When to Use Mac Antivirus — Those limitations aside, there are situations where antivirus software is still useful.

The first, and best, is when you don’t use it on the desktop. Signature-based filtering in email stops known viruses before they ever hit your desktop. I highly recommend using an email service such as Gmail, iCloud, Yahoo, or Hotmail that filters all email for viruses before it is downloaded your computer. For businesses I also recommend Web filtering, but that isn’t easily available to regular consumers.

The next group who might benefit from antivirus is family members running older versions of OS X. Nearly all the best anti-malware security features of OS X are available with 10.8 Mountain Lion, with 10.7 Lion being second-best. We know TidBITS readers largely stay up to date with Mac and iOS operating system updates, but if family members don’t, then antivirus may be warranted.

Corporate users may also need antivirus software to comply with corporate policies or other requirements.

If you consistently engage in high-risk behavior, then antivirus software may be useful. For example, if you turn off Gatekeeper and routinely download illegal or dubious software, antivirus tools might prevent infection. Maybe. Of course malware appears on mainstream sites as well, but if you stick with Gatekeeper and known developers your chance of infection is almost nil.

Lastly, you might simply want antivirus for peace of mind — understanding that antivirus tools are far from infallible, and their users do still get infected, especially if you ignore the necessary patches and definition updates.

If Mac antivirus tools offered 100 percent effectiveness — or even 99 percent — I might take a different position. If we ever see massive volumes of malware, as happens in the Windows world, I might change my recommendations. But at this point, there are so few Mac malware infections, and antivirus tools are so limited, that for most users of current versions of OS X, antivirus doesn’t make sense.

During the Flashback infection there were accusations that Mac users were too smug, or too ill-informed, to install antivirus software. But the reality is that antivirus tools offer only limited protection, and relying on antivirus for your security is as naive as believing Macs are invulnerable.

TidBITS Staff No comments

TidBITS Watchlist: Notable Software Updates for 14 January 2013

MacBook Air EFI Firmware Update 2.6 — Apple has issued EFI Firmware Update 2.6 for the MacBook Air models that were released in June 2012. The update resolves a color issue with connected HDMI displays, a bug that caused the system to freeze if a Thunderbolt device was unplugged while in standby mode, and a problem with properly booting Windows using Boot Camp. It requires OS X 10.8.2 Mountain Lion. As always with firmware updates, we recommend relying on the App Store to ensure you get the firmware update for your specific model and being careful not to interrupt the update process. (Free, 4.76 MB)

Read/post comments about MacBook Air EFI Firmware Update 2.6.

Firefox 18 — Reaching voting age in record time, Mozilla has released Firefox 18 with the new IonMonkey JavaScript compiler, which Mozilla claims will improve the speed of Web apps and games by up to 25 percent. The new release also gets Retina display support (joining the already Retina-fied Safari and Chrome Web browsers) for those running Mac OS X 10.7 Lion and later. It also adds “preliminary” support for the Web Real Time Communication (WebRTC) open framework that enables in-browser video chat capabilities. Other changes include improved performance when switching tabs, improved image quality thanks to a new HTML
scaling algorithm, a fix that disables insecure content from loading on HTTPS pages, and improved proxy responsiveness. Note that if you haven’t opened Firefox in a while and allowed the automatic updates to be applied, you’ll have to go through multiple updates to get to Firefox 18 (our version needed to jump first from 16.0.1 to 17.0.1 and then to 18). (Free, 36.6 MB, release notes)

Read/post comments about Firefox 18.

Fission 2.1.1 — Rogue Amoeba’s Fission audio editing software gets a minor update with version 2.1.1, which offers a lone feature addition: the Batch Converter now accepts folders containing audio files as well as individual files. The release also ensures that the Save panel remembers the last saved location, corrects an issue with chapterized AACs and very large image files, and fixes an issue with the Mac App Store version where attempting to save a file would cause an error. Additionally, Fission now includes a hidden preference accessed via the
Debugging window that enables the app to check for and prevent rare instances of Normalization clipping. ($32 new with a 20-percent discount for TidBITS members, free update, 10.7 MB, release notes)

Read/post comments about Fission 2.1.1.