Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
Show excerpts


We’re pleased to welcome a new sponsor: Automatic Labs, makers of the Automatic car adapter and iPhone app, which help you drive safer and smarter. For a limited time, TidBITS readers in the United States can take 20 percent off the $99.95 purchase price. Speaking of money, Apple is drowning in it, reporting record profits for Q2 2015. Apple said nothing about Apple Watch sales in the earnings call, but the TidBITS crew is here with our first impressions of the new device. Also on the Apple Watch beat is Security Editor Rich Mogull, who explains why the Apple Watch could lead to better security with less fuss. Finally, we’re happy to bring you the second edition of Joe Kissell’s “Take Control of the Mac Command Line with Terminal,” which adds 50 pages of new content for anyone who wants to use OS X’s Unix underpinnings better. We even put the book to use right away, with an article explaining how you can eliminate drop shadows from OS X’s screenshots. Notable software releases this week include Nicecast 1.11.4, iMovie 10.0.8, OmniFocus 2.1.3, Hazel 3.3.5, iMac Graphics Update 1.0, Fantastical 2.0.3, KeyCue 7.5, BusyCal 2.6.6, and BusyContacts 1.0.3.

Adam Engst 3 comments

Automatic Labs Sponsoring TidBITS

We’re pleased to welcome as our latest long-term TidBITS sponsor Automatic Labs, makers of the Automatic car adapter and connected apps. Described simply, Automatic is a little device that plugs into your car’s standard diagnostic port and then connects to your iPhone (or Android phone), transmitting driving data to your phone after your trip and letting you analyze it on the phone or a Web-based dashboard. Why might you want this? With more data, you can drive smarter, safer, and with fewer hassles.

In terms of driving smarter, Automatic can show you the cost and miles-per-gallon efficiency of every trip to help you find the most efficient route when commuting. It also decodes the check engine light and can even clear it for minor issues, so you don’t have to waste time taking the car in for repair unless it’s necessary. And it can gently warn you about speeding to reduce the chances of getting ticketed.

Safety gets a boost with Automatic too. If you’re in an accident, Automatic’s Crash Alert agent can dispatch assistance to you 24/7 anywhere in the United States, no subscription fee necessary. If you have a teenage driver (like we do!), the License+ option offers a 100-hour program that provides positive reinforcement for driving well. It provides some location tracking, but doesn’t invade the teen’s privacy — it’s more designed to help teach teens safe driving while giving parents insight into how well their teens are doing.

Automatic throws in a few small features that eliminate hassles and just make driving a little easier. It remembers where your car is parked, and can send that location to family members with whom you’re sharing the car — ideal for large mall or airport parking lots. It also tracks your mileage for expense reports, so you don’t have to write everything down, and can warn you that you’re running out of gas before the low fuel light comes on.

Some might be worried about the data Automatic collects, but the company’s engineers actually built their own hardware rather than use an off-the-shelf adapter in part so they could encrypt transmissions to prevent malicious attacks or data sniffing. Plus, Automatic lays out everything else it does to protect customer data in its privacy policy; the company clearly understands that trust is essential for its success.

Automatic works on most gas (not electric or diesel) cars sold since 1996, when the OBD-II diagnostic port became standard, and it requires an iPhone 5 or newer running iOS 7 or later. Practically speaking, Automatic is most attractive for those with older cars, but since the average age of cars in the United States is 11.4 years, there are plenty of perfectly functional cars without the bells and whistles of the latest models. Automatic provides those bells and whistles — and more — for $99.95. Or, actually, $79.96 after the 20 percent discount Automatic is offering to TidBITS readers in the United States. Those elsewhere in the world can sign up to be alerted when Automatic starts supporting other countries.

Thanks to Automatic for their support of TidBITS and the Apple community!

Adam Engst 4 comments

Level up with “Take Control of the Mac Command Line with Terminal”

It’s easy to forget that OS X is based on Unix, but those in the know often drop to the Unix command line for tasks that are difficult or impossible to accomplish in the Mac’s graphical interface. Six years ago, Joe Kissell penned “Take Control of the Mac Command Line with Terminal,” a book designed to help readers become comfortable on the command line. Today we’re pleased to bring you the second edition of this essential reference. It’s 167 pages, for $15.

If you’ve ever thought you should learn how to use the Mac’s command line, or worried about doing something wrong while following command-line-related instructions in an article or from the Web, “Take Control of the Mac Command Line with Terminal” will give you the skills and confidence you need to make your Mac even more capable than ever before.

Written from a Mac user’s point of view, the book starts with command-line fundamentals, helps you set up an environment that will work for you, and walks you through more advanced topics as your knowledge increases. Advanced topics include instructions for carrying out more complex tasks such as SSH-ing to a remote computer, transferring files via SFTP and scp, handling permissions, logging in as root, installing Unix software, grappling with grep, and writing shell scripts that contain logic.

Finally, to help you put it all together, “Take Control of the Mac Command Line with Terminal” showcases 52 real-world “recipes” that combine commands to perform useful tasks, such as listing users who’ve logged in recently, copying text from Quick Look, using a separate FileVault password, figuring out why a disk won’t eject, copying the source code of a Web page, determining which apps have open connections to the Internet, flushing the DNS cache, finding out why a Mac won’t sleep, sending an SMS message, and deleting stubborn items from the Trash.

Working at the command line often goes hand-in-hand with a general desire to work efficiently, so we wanted to mention that Joe also recently updated “Take Control of Automating Your Mac” to freshen it for 10.10 Yosemite. This 199-page title discusses the Mac’s built-in automation features, various popular automation apps (including a chapter about the macro utility Keyboard Maestro), and special Apple tools like Automator and AppleScript. It also comes with discounts on Keyboard Maestro, LaunchBar, Hazel, Nisus Writer Pro, TextExpander, TextSoap, TypeIt4Me, and Typinator. You can buy both books for 20
percent off
, dropping the price to only $24.

Whether you want to approach the Mac command line with confidence, or you want to set up some serious automation to make your work more accurate and less repetitive, these books will put you in control!

Michael E. Cohen Josh Centers 3 comments

Apple Makes Even More Money in Q2 2015

Surprising only those who have been hiding under a rock since the turn of the century, Apple continues to avoid doom, reporting record profits for the second fiscal quarter of 2015. With revenues of $58 billion and net profits of $13.6 billion ($2.33 per diluted share), the company’s profits are up $3.4 billion over those recorded in the year-ago quarter (see “Apple Posts Record Q2 2014 Revenues Despite Slipping iPad Sales,” 23 April 2014). Gross margin was 40.8 percent for the quarter, compared to a 39.3 percent margin for the same quarter last year. International sales dominated the revenue stream, providing 69 percent of the quarter’s revenue.

With the exception of Japan (which saw a 15 percent decline from a year ago), all of Apple’s operating segments showed an increase in revenue over the year-ago quarter, with the Greater China segment racking up a remarkable 71 percent increase. Right behind was the rest of the Asia-Pacific segment, with a 48 percent increase.

The iPhone business continues to boom: Apple sold about 61.2 million units for a total of $40.3 billion in revenue. The iPhone once again set a second-quarter record for sales, with year-over-year growth of 39.9 percent. The big phones are here to stay: about 20 percent of iPhone sales are upgrades to the iPhone 6 and 6 Plus. CEO Tim Cook credits the iPhone’s growth to a greater percentage of people switching from other platforms, as well as the App Store’s best quarter ever, with 29 percent year-over-year growth.

In a time of slowing PC sales, with the entire market contracting by over 7 percent, Mac sales displayed impressive year-over-year growth at 10.3 percent, for a total of over 4.5 million units sold. Cook didn’t specify sales for the new MacBook, but he mentioned that Apple has been “very happy” with the response.

Harshing Apple’s buzz, albeit only slightly, is the iPad, which saw a year-over-year sales drop of 22.8 percent, although that still amounts to 12.62 million iPads sold during the quarter. Also helping dispel the gloom is the fact that Apple sold more iPads in Japan and China than ever before. Still, it’s notable that Apple saw more revenue from the Mac than the iPad. “We’re seeing [iPad sales] cannibalization from the iPhone and from the Mac, but we’re not worried about that,” Cook said. Cook believes that iPad sales will increase over the long term.

Apple also did well with services this quarter, with revenue of about $5 billion, representing a year-over-year increase of 9 percent. Apple boasted that the App Store had 77 percent more revenue than Google Play in the quarter. While specific numbers about the new HBO NOW service were not offered, Cook indicated that he was pleased with the response, and called it one of Apple’s most-downloaded apps.

Cook reported businesses and banks continue to adopt Apple Pay, with Discover scheduled to adopt the system in the latter part of this year, and with Best Buy already accepting it for in-app purchases — all Best Buy retail outlets are expected to accept Apple Pay purchases within the next few months. The Best Buy addition is huge news for Apple Pay, since Best Buy is a member of the Walmart-led MCX Consortium that banned Apple Pay, preferring its own system (see “The Real Reason Some Merchants Are Blocking Apple Pay… for Now,” 26 October 2014).

Curiously, Apple did not offer any first-weekend sales numbers for the Apple Watch, although it should be noted that all sales took place after the end of the second fiscal quarter. When asked, Cook declined to offer specific sales numbers, but CFO Luca Maestri said that they expect Apple Watch margins to be below the company average. Cook did say that demand is outstripping supply, but Apple still hopes to offer the Apple Watch outside of the United States by late June 2015. Apple’s Other Products category, which includes iPods, Apple TVs, Beats Electronics, and accessories, brought in about $1.7 billion in revenue.

Apple ended the quarter with over $193 billion in cash on hand, and it expects to see revenues of between $46 and $48 billion next quarter, with margins falling into the 38.5 to 39.5 percent range, likely due to the Apple Watch.

The company is using part of its Smaug-sized cash hoard to build data centers in Ireland and Denmark (at a cost of about $2 billion, or roughly 1 percent of the corporate cash pile); to build a solar farm in China’s Szechuan province that is expected to generate more electrical power than Apple uses in its activities there; and to support its conservation efforts (see “Apple Buying 36,000 Acres of Forest,” 18 April 2015).

Investors will also be thrilled to note that Apple is expanding its capital return program more than 50 percent, to $200 billion for buybacks and increased dividends. Investors can expect a new dividend of $0.52 per share, payable on 14 May 2015 for investors of record at the close of business on 11 May 2015. Since the inception of the program in August 2012, Apple has returned over $112 billion to shareholders, including $80 billion in repurchases.

With yet another massive quarter, Tim Cook has assuaged even the harshest of Apple’s critics. Even if the Apple Watch were to be a flop, Apple would be far from doomed. Most companies would kill to have even Apple’s shrinking iPad business, not to mention its titanic iPhone segment. And with its ever-growing pile of cash, Apple has proven that it can’t even give money away to shareholders fast enough. Hopefully we’ll know by next quarter how the Apple Watch is doing, but we won’t be surprised if Apple posts record numbers again, regardless.

Josh Centers 21 comments

How to Eliminate Drop Shadows in OS X Screenshots

For anyone who documents tasks performed on the Mac, being able to take consistent, high-quality screenshots is paramount. We use some screenshots in TidBITS articles, but where we really rely on them are in Take Control books, which may include a hundred or more graphics.

There are dozens of screenshot utilities for the Mac, but Apple’s built-in screenshot functionality is pretty good, free, and doesn’t consume system resources. (And most of the utilities have gotten worse over the years, as Apple has removed the capabilities they relied on.) But there is a problem: OS X adds a drop shadow to each screenshot of an individual window.

Throwing Light on Shadows — For everyday users, who rarely take screenshots anyway, this is a benefit, since the drop shadow adds a visually pleasing border. But for us publishing types, the drop shadow can cause all sorts of problems. Most important, it’s much larger than a plain border, which wastes a ton of space in a book or article page. It can be edited out, but that requires additional time and effort. We’ve also had issues with the alpha channel, in which the drop shadow ends up becoming a large black border around the entire screenshot.

Thankfully, Apple offers simple, but obscure, solutions. One uses a keyboard shortcut for a temporary fix, while the other is a Terminal command that solves the problem permanently.

You probably know about the keyboard shortcut to take a screenshot of a portion of the screen: Command-Shift-4. (There’s also Command-Shift-3, which takes a screenshot of your entire screen, a trick that’s seldom useful.) Pressing Command-Shift-4 turns your cursor into a crosshair, and dragging out a rectangle takes a screenshot of the selected area. Less well known is the fact that if, instead of dragging out a rectangle, you press the Space bar, your cursor becomes a camera, and placing it over a window, dialog, or dropped-down menu highlights that object. Click the highlighted object and you get a screenshot of just that object, complete with drop shadow, on your Desktop.

But what if you don’t want the drop shadow? Easy. Instead of clicking the highlighted object, Option-click. That produces the same screenshot with no drop shadow.

What if you never want a drop shadow on your screenshots (like us)? In that case, you need to fire up the Terminal app. Then enter this command, courtesy of the just-released second edition of Joe Kissell’s “Take Control of the Mac Command Line with Terminal.”

defaults write disable-shadow -bool TRUE; killall SystemUIServer

Don’t be scared by the killall command. All it does is quit and relaunch the process that maintains the user interface to reflect the drop shadow setting in the first part of the command.

If you later want to re-enable drop shadows, open Terminal and enter this command:

defaults write disable-shadow -bool FALSE; killall SystemUIServer

Adding Borders — But what if you need a border around a screenshot so white edges don’t bleed into the white of the background? You could add one in Photoshop or Pixelmator, but that’s like driving nails with a sledgehammer: potentially fun, but more work than necessary. And as much as the image-annotation utility Napkin is great, it can’t yet add a simple line border (see “Napkin Offers a Fresh Take on Visual Communication,” 16 February 2013). Thankfully, Apple’s built-in Automator can do this for you, with a workflow also courtesy of Joe Kissell. We rely on this Automator workflow for Take Control all the

First, you need to download a free Quartz Composition filter called Borders, unzip it, and move the BC_Borders_1.5.qtz file to ~/Library/Compositions (remember that your Library folder may be hidden; hold down the Option key and choose Library from the Go menu in the Finder if so).

Next, open Automator and choose File > New. Select Application as your document type. Double-click the Get Selected Finder Items action to add it to the workflow as the first item. If you don’t want to modify the original screenshot, add the Copy Finder Items action to your workflow instead.

Now search on “quartz” to find and add the action “Apply Quartz Composition Filter to Image Files.” The default filter is Sepia. Instead, choose Borders from the drop-down menu. Feel free to experiment with the Border Size, Bottom Border Bias, and Border Color settings, but we use 1, 0, and dark gray, respectively. The workflow can take a few seconds to run, so if you want feedback that it has completed, add a Play System Sound or Speak Text action to the end.

When you’re satisfied, choose File > Save, and specify a name and location for your new bordering utility. The Applications folder is as good a place as any. An easy way to use your new homegrown utility is to put it in the Dock, and then drag your images onto it. You could also put it in the toolbar of Finder windows, or do what Adam Engst does, and activate it via a keyboard shortcut (courtesy of Keyboard Maestro) after selecting a screenshot file on the Desktop.

For more on Automator, Keyboard Maestro, and automating your Mac in general, see Joe’s other recently updated book, “Take Control of Automating Your Mac.”

Adam Engst TidBITS Staff 12 comments

Apple Watch First Impressions

A number of regular contributors to TidBITS wore their brand new Apple Watches nearly non-stop last weekend in order to answer the question of what Apple’s new wearable will mean for our everyday lives. Here are our first impressions — it’s certain that we’ll have more nuanced opinions later on, but our early experiences are likely to mirror yours.

Unboxing and Initial Setup — Unsurprisingly for Apple, the packaging for the Apple Watch Sport was stunning, with the watch laid out inside a long white box. There was a fair amount of plastic protecting various parts of the watch and charger; removing it was slightly annoying, but it ensures that the watch arrives unsmudged and unscratched.

Jeff Carlson wrote, “The setup process was a ‘wow’ moment for me. The animated data cloud image that pairs the Apple Watch and the iPhone was not only beautiful, but upon pairing, it resolved into this wonderful spirograph that then turned into a solid one with the watch details written around like on the back of a traditional watch. So beautiful.”

Before you start setting up a watch, make sure you’ve updated to iOS 8.3 and have updated your iPhone apps, since Apple Watch apps are embedded inside iOS apps. The setup process takes 15–30 minutes all told, depending on how many apps you have.

One quirk: I use different Apple IDs for iCloud and Messages, along with two-step verification, and connecting to Messages on the Apple Watch required me to set up and enter an app-specific password on the iPhone.

Physical Impressions — It’s impossible to say whether you’ll find the Apple Watch larger or smaller than expected. The 38mm model is smaller than the Pebble and the Garmin Forerunner 620 that I use for running. Its aluminum body is wonderfully smooth, which makes it slide under long sleeves well, though sleeves do get in the way, as they would with any watch.

Most of us weren’t bothered by the size or weight, although Tonya has found her left arm getting tired while typing (and thus supporting the watch’s weight as she types). This is undoubtedly something that she’ll become accustomed to over time.

We all got the Apple Watch Sport, with its fluoroelastomer band. Regardless of whether that translates to “plastic” or “rubber,” everyone thought it was smooth, soft, and comfortable to touch — “silky” is the word that comes to mind. It’s tricky to put on initially, though that will also likely fade with practice.

For most of us, the watch has been comfortable, with the notable exception of Tonya, who has struggled with the band sizing. She originally used the smaller band but wanted it sized between two of the holes — with one, it was clearly too loose, and with the other, it compressed a nerve and caused pain. She switched to the included larger band, which was also too tight at the smallest setting, and although the second-smallest hole seems to work, it now sits very low on her wrist. Tonya often has trouble wearing watchbands, and we’ll be interested to see what third-party bands appear, since Apple’s are ludicrously expensive. Moral of the story: try on bands in an Apple Store before buying if you’re at all worried about comfort
(for more on in-store try-ons, see “Apple Watch Try-Ons Are Both Hype and Help,” 17 April 2015).

Several of us found it quite uncomfortable to hold our arms in the necessary position to use the watch for any amount of time. We expect this will go away over time as we become accustomed to it, and in normal use, it should require only quick glances, not the extended fiddling it’s getting now. Agen Schmitz asked it to give him directions while driving, and although he appreciated the haptic notifications of when to turn, he found looking at the watch distracting, and fell back on looking at the iPhone screen when the watch buzzed him.

Of course, the watch is attached to one arm and may require interaction from the other hand. If you’re moving rapidly, that may not be convenient, or even safe. Tonya wore it biking, where controlling it would have been dangerous, and I found it tricky to control in any way while running. In contrast, an iPhone can be used one-handed for many tasks.

It doesn’t seem that you can wear the watch on the inside of your wrist, since its accelerometer doesn’t reliably detect that you’ve raised the watch when it’s worn in that position. Some have suggested that the heart rate sensor wouldn’t work in that position either, but it seemed to in my quick test.

It’s impossible to say anything useful about battery life after just a couple of days. No one had trouble except me; on my second day, the watch died at about 10 PM. I hadn’t used it particularly heavily, but there’s no way to tell what it’s doing in the background. Josh Centers felt that it using it hurt his iPhone battery life; no one else commented on that initially, although the next day my iPhone died surprisingly at 10 PM..

It’s worth noting that the charger that comes with the Apple Watch Sport is white plastic, not the shiny metal we’ve seen so far from Apple. Presumably that’s the version that comes with the stainless-steel Apple Watch model. The plastic charger is attractive and functional; the only strange thing is that it has an unexpectedly long 2 meter cord. We’re not complaining; it’s just surprising after the short Lightning cables Apple includes with the iPhone.

Eyesight is an important problem for some of us. For those of us whose eyes aren’t what they used to be, focusing at wrist distance is difficult. Personally, I never hold my iPhone that close, and reading the Apple Watch screen can get harder later in the day as my eyes get tired, or if I’m switching from looking out into the distance. If you use reading glasses, be sure to test an Apple Watch in person before buying. You can adjust text size in the Apple Watch app on the iPhone, but it’s not yet clear how much of the interface that affects.

General Usage — If anyone claims the Apple Watch interface is intuitive, slap them. It’s utterly unfamiliar, and it will take a day or so to wrap your head around it and probably weeks before it becomes second nature. That’s not to say that the interface is necessarily bad, just that it will take some getting used to. In particular, it’s hard to remember exactly what the buttons do and how to get back to the watch face state after wending your way through different screens.

Whenever you raise the watch to look at it, it turns the screen on, usually displaying your chosen watch face, although you can set it in the Apple Watch app to show whatever you were looking at last. There are only ten watch faces, and although you can customize them a little, the selection pales in comparison with the Pebble, which offers far greater variety. Jeff found the Mickey Mouse face more charming than he expected, Tonya went for the animated flower face, and I opted for the modular face that lacks graphics, but displays a lot of data, including my next event (and tapping that switches to the calendar).

There’s some disagreement about whether the screen comes on quickly enough when you raise the watch; some of us thought it was fine, whereas others felt that it was a beat too slow, such that you disconcertingly see the black screen for a half-second before it turns on. Everyone was unhappy about how quickly the screen goes black on its own after about 6–7 seconds. When coupled with the limited number of ways the human arm bends, this made the watch devilishly hard to demo to others.

The watch has five main views: the watch face screen that I’ve already mentioned, notifications, glances, apps, and friends.

Notifications come in automatically from the iPhone, and by default, the Apple Watch app on the iPhone is set to send all app notifications to the watch. That’s nuts; you’ll immediately want to turn off nearly all of them, since you don’t want the watch interrupting you constantly. You swipe down on the watch face screen to display notifications after the fact. Tapping a notification displays it in its entirety (where tapping one takes you to the app if possible) and offers a Dismiss button. You can also swipe left on it in the notification list and tap a button to clear it. Functional, but fussy.

Glances are more interesting. A glance is sort of an app’s widget, showing a little data or offering a few controls. Swipe up on the watch face screen to display them, and then swipe left and right to move between them. Tapping a glance takes you to the full app on the watch. The performance of glances for Apple’s built-in apps was good; glances from some third-party apps were much slower. You’ll want to specify which apps display glances in the Apple Watch app on the iPhone. You can include up to 20 glances, but that will become unwieldy, especially given that when you get to the one at the farthest right position, you can’t wrap around to the first position. That means up to 20 swipes back to the beginning.

The general way you access an app (apart from navigating in from a watch face, notification, or glance) is by pressing the digital crown to see the cloud of circular icons, and then tapping an icon. (Or, pressing the crown twice takes you to the last-used app.) Moving around in the icon cloud and tapping a specific icon is a bit tricky, though you can put them in an arrangement that makes sense to you using the Apple Watch app on the iPhone. (The Reduce Motion setting in Apple Watch > Accessibility makes all the app icons the same size, which might
help.) Several of us had trouble with the icon cloud because we don’t identify things by icon (if you have trouble differentiating icons in the Dock, you fit into this crowd). You can’t swipe up or down to access glances or notifications from the app cloud screen or in an app, which we found confusing.

Performance of Apple’s apps was usually good, though the Apple Watch incorrectly picked up my Ithaca City School District calendar (which is hidden in the Calendar app on my iPhone because it has hundreds of events) and that slowed it down. Restarting the watch solved that problem, hiding the calendar properly. Third-party apps are, almost universally, terrible. They’re slow, crash-prone, and generally wonky. But we expect that to get better fast now that developers have watches to test against.

The friends screen shows only 12 contacts, initially pulling them from the Favorites list in your iPhone’s Phone app. This makes some sense, but fell down for several of us who use the Favorites list to allow certain contacts through the Do Not Disturb cone of silence; that doesn’t necessarily mean we want those contacts in the Apple Watch. Luckily, you can control who appears in Apple Watch > Friends.

From the friends screen, you can call someone, message them, and send Apple Watch-specific communications. Unfortunately, the calling works only over the phone, not with FaceTime Audio, and the messaging is limited to canned messages (which you can edit in the Apple Watch app on the iPhone) or audio messages with Siri-based transcription. Being able to send heartbeats to other Apple Watch wearers elicited radically different opinions — Josh found it creepy, whereas Jeff thought it was nifty. Tonya and I have quite liked it; it’s clear to us that couples will be happier if both parties have Apple Watches.

Overall, messaging has worked poorly. Notifications often don’t arrive on the watch, and messages sent from the watch sometimes disappear into the ether. When they do work, they’re often slow to arrive (which also really hurt demos). Conversely, what little we’ve tried with making phone calls has been of surprisingly good quality, even when not holding the watch up like Dick Tracy.

Also disappointing was Siri. When it worked, it was brilliant, and I loved being able to make reminders on the watch. But Siri failed much of the time, sometimes with feedback, sometimes just failing to do anything. And while making reminders was great, when I tried to make a note, the watch directed me, via Handoff, to the iPhone. The same was true of searches; those that Spotlight can normally just answer, such as conversions or calculations via Wolfram Alpha, appear on the watch, but more general searches are handed off to the iPhone. I was particularly sad to have Siri tell me nothing was playing when I tried to use it to turn off music while running, since using the glance-based music controls worked fine.

Rich Mogull and Tonya particularly liked the glance-based option to ping the associated iPhone; if you often lose track of where in the house your iPhone is, the watch will help. But it would be better if it would automatically alert you when you left the iPhone behind, a problem that Tonya encountered this morning when she forgot to take her iPhone along on her run.

Apple puts a lot of emphasis on the fitness-related uses of the Apple Watch, but don’t get your hopes up. I took it for a run, and it was an almost complete fail. My first test, with the Strava app, would have worked better if I’d known about the setting to have the raising action display the previous activity rather than the watch face, and the activity must have been overwritten by the one from my Garmin Forerunner 620. Then I switched to Apple’s Workout app, which stayed on the screen properly, but would show only one screen of time, distance, or pace at a time. Worse, it captured only 0.99 miles of the 2.3 mile run. Part of that problem happened because I sprinted for a few hundred meters to intersect with Tonya and a friend
who were also out running, and doing that apparently detached the watch from my wrist enough to lock it (and stop the workout). The workout is reviewable only right afterward; once you save it, it’s only summarized on the watch, and I don’t see any connections to workout-tracking services like Strava or Garmin Connect. You can find workouts in the Activity app on the iPhone.

Sadly, the reminders to move, while theoretically welcome, are often inappropriate. If you’re watching TV or eating dinner, being told to get up is annoying (it’s even worse in a theater — be sure to turn on Do Not Disturb!), and I found that it was alerting me to stand up periodically even though I already work at a standing desk.

Should You Buy One? — I’ll come right out and say it. Unless you’re an early adopter who has probably already pre-ordered an Apple Watch, do not buy one yet. It’s a fascinating device, and Apple has done amazing work with this first iteration, but it’s painfully obvious that it’s a 1.0 product, both in terms of how confusing it is to use at first and how flaky certain usage aspects are. It has been fun using it, and we’re all looking forward to using it more, but it hasn’t been life-changing for any of us.

Luckily, most of the Apple Watch is software, and I anticipate both Apple and independent developers improving the experience quickly and significantly. As that happens, we’ll find out what limitations are related to the hardware, which might shed light on whether it makes sense to wait for the second-generation Apple Watch before buying.

Rich Mogull 1 comment

How the Apple Watch Could Improve Security

Every year at TidBITS we write a series of fabricated articles for April Fools’ Day. Our goal is to start with a nugget of reality that slowly expands to the amusingly implausible. Sometimes our articles eventually come true (for my most recent hit, see “iCloud for Families Debuts,” 1 April 2013), and sometimes we realize that an idea strikes too close to reality to include in that issue.

That’s exactly what happened when I started an article on some increasingly ridiculous ways the Apple Watch could enhance security as a second (after your iPhone) physical device an owner is likely to have, well, on hand. (Sorry.) The idea of leveraging the Apple Watch to improve authentication is irresistible to a security pro like me, and I strongly suspect we will see it happen before the next version of the Apple Watch hits the market. Here is how it might work, and the implications.

Who Are You?Identity and Access Management (IAM) is the entire process of managing digital identities, and how they can access electronic systems. It includes everything from provisioning and propagating an identity (like your TidBITS account), to determining specific actions you can take on a system or in an application, like reading a file or sending a message. The part most familiar to average users is the process of proving that someone is who she says she is, which we call “authentication.” This is a source of ongoing angst since it is typically inconvenient for users (you have to remember and enter passwords), and, if authentication credentials are
compromised, they allow an attacker to take over an account completely.

When you authenticate, you provide an identifier (typically a username) and then something to prove you “own” that account. That can be something you know (a password), something you have (a token, or a code sent to a known phone), or something you are (a fingerprint). Use only one, like a password, and it’s called single-factor authentication. Use two, like a password and a one-time code sent to a phone, and it’s called two-factor authentication. Use even more factors, and we give up counting and just call it multi-factor authentication.

The most common combination, used by services such as iCloud, Dropbox, and Evernote, is your password and a 4–6 character code sent to your phone as a push notification or text message. Another option is a Time-Based One-Time Password (TOTP), which is a code generated every minute or so using an algorithm that keeps it in sync with a server; you use an iOS app like Google Authenticator, Authy, or 1Password for this. Touch ID on your iPhone is actually still single-factor authentication since only one thing (your fingerprint) is used to unlock your phone. It isn’t more secure, it’s just more convenient, and allows you to more easily use a longer
password on a day-to-day basis.

Enter the Apple Token — The Apple Watch is fascinating since everyone with an Apple Watch will also have an iPhone, meaning all those users have two physical tokens handy most of the time. The question then becomes how to best leverage this extra device in a security context.

The iPhone (or any phone) makes a good token because most of us nearly always have it nearby, it’s portable, and it has a separate communications channel (text messages) tied to the identity of the device. That’s why combining it with a password is growing more common, and it adds an extra layer of security. But it still isn’t perfect. Lose your phone and those codes may be exposed, especially if you use a weak passcode to lock the device. That’s why you still need to remember passwords, since providers can’t trust the phone alone. Or even worse, you may be locked out of your accounts after losing your phone.

Add an Apple Watch and we can now use the connection between the Apple Watch and the iPhone as an additional factor, assuming the identity of either can’t be spoofed. At the simplest level, the possession of both the Apple Watch and its associated iPhone can be used as two additional authentication tokens. Combine that with a password, and you have three tokens. Imagine using this for iCloud — Apple would send a message to your registered iPhone, which you would confirm with your unlocked Apple Watch, which proves you have both devices in hand (or close enough).

Although someone could potentially steal both your iPhone and Apple Watch at the same time, they would need to do so in a way that doesn’t lock the Apple Watch after it stops detecting your pulse. It’s possible, but certainly not likely.

Creative Biometrics — Apple could reduce even that minimal risk by also keeping Touch ID (or your iPhone passcode) in the picture. The message would hit your iPhone and you would need to validate it by first unlocking your iPhone before confirming receipt on the Apple Watch. That hopefully proves that you have both the iPhone and the Apple Watch at the same time. You could even skip any sort of code entering on the Apple Watch (or any interaction at all) and merely register its physical proximity.

I use a multi-factor authentication system that’s similar to this model, minus the Apple Watch. My iPhone is registered with Duo Security, and I also have their app on my iPhone. When I go to log in to certain services it sends a push notification to my iPhone through the Duo service. I unlock my iPhone (typically using Touch ID) and then tap a big button in the app to prove I have the iPhone and the credentials to unlock it. No need to enter a code. (Duo also supports other, more traditional multi-factor authentication options in case you aren’t on a network).

Set up the system properly and you have multi-factor authentication that could be incredibly convenient. Depending on the depth of security requirements, a service like Duo or Authy (see “Authy Protects Your Two-Factor Authentication Tokens,” 6 November 2014) could merely require that your iPhone and Apple Watch are connected via Bluetooth, that the Apple Watch is unlocked and on your wrist (tied to the heartbeat sensor), and that you tap a button in an Apple Watch app to authenticate. Or it could require you to also unlock your iPhone with Touch ID. Security that’s protected by two physical devices validated to be in possession of the user is
extremely strong, yet all you need to do is tap a notification on your Apple Watch.

That’s the key to a system like this — adaptive authentication that supports multiple options, increasing security requirements if anything looks out of place. Most banks already do this by tracking which devices and browsers you use, requiring extra questions for new ones, and backing that up by sending email to your registered address if anything changes.

This could even include voice analysis. Far from being science fiction, my bank, in its iPhone app, allows me to authenticate with my voice or facial recognition. It’s acceptable only when performed from a device I previously registered and validated with my passphrase, PIN, and answers to security questions. The iPhone itself also has to have a system passcode enabled. That’s two-factor authentication without me having to enter the bank account passcode every time. Yes, I can think of ways around this, but it is more than sufficient for average users (and my current bank balance).

That’s why this article failed as an April Fools Day piece. We already have scenarios where even banks accept a phone as one authentication factor and a biometric reading as another, all without requiring a passphrase except when you register a new device. We already have push notification-based authentication that requires only a tap, without entering a code into your Web browser. Some of you working in IT may even have a physical token you use with your mobile device in very similar models.

Add the Mac to the Security Equation — The Apple Watch could even enhance the security of our Macs. OS X 10.10 Yosemite’s Continuity feature already allows all Apple devices registered with the same iCloud account to communicate behind the scenes when in physical proximity. For instance, I’ve become dependent on the Instant Hotspot feature to connect my Mac to the Internet via my iPhone or iPad when traveling.

Imagine walking up to your Mac, tapping the Space bar to wake it up, and then tapping an approval notification on your Apple Watch (or perhaps proximity would be sufficient). You will still need a (hopefully strong) passphrase to unlock the Mac after a restart, or maybe after the devices switch networks or lose their Bluetooth connection, but the watch could become a convenient tool to log in. Again, this is nothing new, and there are third-party apps and devices on the market to do exactly that. The advantage of building it into the Mac is it would work as seamlessly as the rest of Continuity, and could potentially be used to log different users in to different accounts on a shared family computer.

The same mechanism could be used to log in to Web sites. I can easily see a version of 1Password (or one of its competitors) that unlocks itself on the Mac by using your iPhone and Apple Watch for authentication instead of a passphrase.

All this excites me, because adding a second physical device you nearly always have with you opens up options beyond even this speculation. That’s especially true when you consider adaptive authentication, and models that let you mix and match security requirements under different conditions and combinations of devices. While it sounds complex, and it certainly is on the back end, this sort of multi-factor authentication has the potential to simplify the user experience, all while increasing security. That seems like the sort of challenge Apple enjoys tackling.

TidBITS Staff No comments

TidBITS Watchlist: Notable Software Updates for 27 April 2015

Nicecast 1.11.4 — Rogue Amoeba has released Nicecast 1.11.4, which reduces audio pipeline latency and updates Instant On to version 8.0.7. The Internet radio broadcasting app also adds title track capture support for djay Pro 1.1 and later, improves title track capture with the latest versions of Megaseg, and resolves an issue with Icecast servers that didn’t receive track titles. ($59 new with a 20 percent discount for TidBITS members, free update, 8.6 MB, release notes, 10.7+)

Read/post comments about Nicecast 1.11.4.

iMovie 10.0.8 — Apple has released iMovie 10.0.8 with a fix for a bug introduced with the previous version (see “iMovie 10.0.7,” 14 March 2015) that caused the video editing app to crash on launch (as reported in several Apple Support Communities discussions, such as this one). The release also updates compatibility with sharing to YouTube when using the built-in share sheet export option. ($14.99 new from the Mac App Store, free
update, 2.0 GB, 10.10.2+)

Read/post comments about iMovie 10.0.8.

OmniFocus 2.1.3 — Bringing more stability to its Getting Things Done-inspired task management app, The Omni Group has released OmniFocus 2.1.3 with a fix for the most common crash in version 2.1.2, as well as fixes for crashes that occurred if OmniFocus was running at midnight and when closing About OmniFocus. The update also improves responsiveness when switching to OmniFocus from another app, prevents Future from disappearing in Forecast, and resolves a problem with displaying multiple selections in the outline. Note that as of this writing, the Mac App Store version of OmniFocus was stalled at version 2.1.2.
($39.99 new for Standard edition and $79.99 for Pro edition from The Omni Group Web site, $39.99 for Standard edition from Mac App Store (with in-app purchase option to upgrade to Pro), 37.7 MB, release notes, 10.10+)

Read/post comments about OmniFocus 2.1.3.

Hazel 3.3.5 — Noodlesoft has released Hazel 3.3.5, which adds the capability to import images into Photos for Mac (select the Import into Photos action to direct files into the album of your choice). The file cleanup utility also fixes a bug that lost output attributes for JavaScript, no longer caps number adjustments to ±100, fixes multiple instances of a custom attribute appearing, and ensures that text replacements no longer operate on text already replaced. ($29 new, free update, 9.0 MB, release notes, 10.8+)

Read/post comments about Hazel 3.3.5.

iMac Graphics Update 1.0 — Apple has released iMac Graphics Update 1.0 to address an issue for specific iMac models released since September 2013. In particular, this update resolves a bug that could cause the system to stop responding, display a black screen, or restart when opening very large JPEG images. The Apple support page notes that this update is for 21.5- and 27-inch models released in late 2013, plus the 27-inch iMac with Retina 5K display released in late 2014. The list does not include the entry-level iMac introduced last year (see “Apple Introduces Entry-Level
iMac for $1,099
,” 18 June 2014). This graphics update is available via Software Update or via direct download from Apple’s Support Downloads Web site. (Free, 772 KB, release notes, 10.10.3+)

Read/post comments about iMac Graphics Update 1.0.

Fantastical 2.0.3 — Flexibits has issued Fantastical 2.0.3 with a number of improvements and fixes for the recently updated calendar app (see “Fantastical 2 Aims to Replace Apple’s Calendar,” 27 March 2015). The release adds a Manage Delegates button for Google accounts, enables you to snooze events until the start time, prevents duplicate alarm notifications from appearing occasionally, reduces CPU usage when syncing large calendars, improves how the mini window appears on small screens, fixes compatibility with certain CalDAV servers, resolves an issue with Exchange
events not snoozing correctly, and ensures that password-protected subscriptions prompt for the password. Fantastical 2 has a 14-day free trial, and currently costs $39.99 from either the Flexibits Store or the Mac App Store; the price will go up to $49.99 after an introductory discount period. ($39.99 new, free update, 12.2 MB, release notes, 10.10+)

Read/post comments about Fantastical 2.0.3.

KeyCue 7.5 — Ergonis has released KeyCue 7.5, which now enables you to omit certain keyboard shortcuts from the shortcut table — a handy feature that can reduce its displayed size. You can have KeyCue omit shortcuts for specific applications or system-wide shortcuts for all applications (so you aren’t reminded of shortcuts for standards like Cut, Copy, and Paste). The keyboard shortcut utility also improves update checking, fixes an issue where the Return key was shown with a color emoji character in some themes, and improves handling of the custom shortcuts for KeyCue’s Settings and Find Shortcuts. (€19.99
new with a 25 percent discount for TidBITS members, free update, 3.4 MB, release notes, 10.6+)

Read/post comments about KeyCue 7.5.

BusyCal 2.6.6 — BusyMac has released BusyCal 2.6.6 with a number of improvements and fixes for the calendar app. The update adds a Copy BusyCal Event URL to Clipboard command, as well as Smart Filter predicates for “is set” and “is not set.” It also adds support for matching tags in the Attendee and Contact fields from BusyContacts and auto-filling field members (requires the just-released BusyContacts 1.0.3). BusyCal 2.6.6 improves Quick Entry, improves speed when dismissing hundreds of notifications, fixes an issue that prevented alarms from going off when snoozed past
midnight, and adds a Simplified Chinese localization. ($49.99 new from BusyMac or the Mac App Store (version 2.6.6 available soon), free update, 10.3 MB, release notes, 10.9+)

Read/post comments about BusyCal 2.6.6.

BusyContacts 1.0.3 — BusyMac has released BusyContacts 1.0.3 with several helpful additions to the new contact manager app (see “BusyContacts Turbo Charges Mac Contact Management,” 17 March 2015). The update adds support for a tag extension that auto-fills the Attendee and Contact fields in BusyCal (requires the just-released BusyCal 2.6.6), adds a menu command for copying a contact’s busycontacts:// URL, and adds envelope printing capabilities. BusyContacts 1.0.3 also improves the URL
handler to support creation of new contacts, switches Facebook and LinkedIn syncing to the AddressBook framework (due to the upcoming shutdown of the two social network APIs; see this BusyMac blog post for more details), improves background syncing and auto-linking, and displays a confirmation dialog when filtering by tag and deleting a contact. ($49.99 new from BusyMac or the Mac App Store (version 1.0.3 available soon), free update, 5.4 MB, release notes, 10.9+)

Read/post comments about BusyContacts 1.0.3.

TidBITS Staff No comments

ExtraBITS for 27 April 2015

For your ExtraBITS reading pleasure this week, Apple will exchange Apple Watch bands, iFixit rips apart the Apple Watch, Comcast abandons its bid for Time Warner Cable, the mysterious Error 53 is killing iPhones, and YouTube has dropped support for the second-generation Apple TV.

Apple to Offer Band Swaps for the Apple Watch — Have you received your Apple Watch, only to find that you hate the band? The good news is that Apple may be willing to exchange it. According to internal Apple documents obtained by MacRumors, Apple is planning to allow Apple Watch customers to exchange just the band, instead of having to return the entire watch. However, there are a few restrictions: you must swap bands within the 14-day return window, the new band must be from the same collection as the watch, and the watch must have been purchased directly from Apple. Also, the swap
won’t be handled entirely in store — Apple Store employees will verify your eligibility, initiate the swap online, and a new band will be shipped to you.

Read/post comments

iFixit’s Apple Watch Teardown — A new Apple product hasn’t officially arrived until the boffins at iFixit tear it apart and document every component — which they now have. This probably won’t come as a surprise, but the Apple Watch isn’t easy to repair. And the idea of upgradeable watches can be put to rest: you have to tear the entire watch apart to reach the S1 chip.

Read/post comments

Comcast Gives Up On Time Warner Cable — Comcast Corporation has officially given up on its $45.2 billion merger with Time Warner Cable. The U.S. Federal Communications Commission was reportedly concerned about the ramifications of the top two cable companies merging, which would have given Comcast control of up to 50 percent of American broadband access.

Read/post comments

Error 53 Will Kill Your iPhone and No One Knows Why — There’s a mysterious issue affecting iPhones. The Daily Dot’s Mike Wehner happened across it when he tried to update his iPhone 6 Plus to iOS 8.3. The iPhone wouldn’t install the update, and when he tried connecting it to iTunes to update, he was presented with error 53. After that, the iPhone entered a reboot loop, which rendered it unusable. Error 53 isn’t mentioned in Apple’s list of numerical error codes, and Genius Bar employees seem unaware of it. So far, the only fix has been to replace affected iPhones.

Read/post comments

YouTube Drops the Second-Generation Apple TV — If you use a second-generation Apple TV, be aware that Google has dropped support for its built-in YouTube channel. Google overhauled the channel on third-generation Apple TVs last year, but the second-generation model has been effectively abandoned by Apple. However, the old YouTube channel was never great, and as Josh Centers advised in “Take Control of Apple TV,” a better option is to use AirPlay to broadcast YouTube content from an iOS device.

Read/post comments