Apple has released iOS 9.3.4 with just a single security fix, implying that it’s an important one to install. In the ongoing trend toward subscriptions, AgileBits has introduced a 1Password service that bundles software updates and cloud sync. Don’t worry, though, since the service is optional: the standalone 1Password apps remain available for purchase and will still receive development efforts. Apple has overhauled its remote control iOS app for the fourth-generation Apple TV — “Take Control of Apple TV” author Josh Centers has the details. Finally, we have sad news about the venerable digital commerce company Kagi, which is going out of business after nearly 22 years due to fraud. Adam Engst has the exclusive inside story on what went wrong. Notable software releases this week include Quicken 2016 for Mac 3.5.1, SEE Finance 1.0.10, Capto 1.0.3, OmniFocus 2.6.1, and DEVONthink 2.9.1.
Just a few short weeks after the iOS 9.3.3 update (see “Apple Releases OS X 10.11.6, iOS 9.3.3, tvOS 9.2.2, and watchOS 2.2.2,” 18 July 2016), Apple has released iOS 9.3.4. It contains a single security fix for an IOMobileFrameBuffer vulnerability that could allow apps to execute arbitrary code with kernel privileges. That means that a malicious app could do nearly anything it wanted on the device.
It’s unusual for Apple to update an operating system for just one vulnerability, which suggests that the potential exploit may be more concerning than many others. As such, we recommend that you install iOS 9.3.4 soon. It’s a roughly 25 MB download, and you can update via Settings > General > Software Update or through iTunes.
In the latest example of software developers moving to subscription models, AgileBits has announced a new 1Password subscription for individuals that joins the company’s 1Password Families and 1Password Teams services.
Don’t panic! AgileBits CEO Dave Teare told us that the standalone 1Password apps for the Mac and iOS will continue to receive development and support, and existing syncing options will still be available. However, new features that depend on the hosted service won’t migrate to the standalone versions. The Mac and Windows versions cost $64.99, and while the iOS version of 1Password is free, its pro features are a $9.99 in-app purchase.
In contrast, individual 1Password subscriptions cost $2.99 per month (billed annually), and if you sign up before 21 September 2016, you get the first six months for free. You can cancel at any time, and if your subscription expires, you will still be able to view and export your data.
What does $2.99 per month get you? Here’s a list:
- Free access to all 1Password apps, including pro features and updates
- Built-in automatic sync via 1Password’s new cloud service
- Item history, so you can restore deleted or accidentally changed items
- Web-based access to your 1Password data so you can access it from anywhere
- Secure document storage
Unsurprisingly, AgileBits emphasizes security in the new service, promising end-to-end encryption, with 256-bit AES encryption on the server end. Data is encrypted on your device before being transferred, and only you have access to your master password. With the new subscription service, AgileBits is also adding a new two-factor security measure, called Account Key, which is a randomly generated 128-bit key used alongside the master password to access your data. Like the master password, the Account Key never leaves your device.
Despite the fact that this new service is merely an additional option for 1Password users, it will likely still trouble those who are opposed to software subscriptions on principle. But like it or not, the industry is increasingly moving toward subscriptions in order to even out the feast-and-famine revenues that result from infrequent paid upgrades. However, by continuing to support the standalone versions of 1Password and setting low prices from the start, AgileBits is going a long way to alleviate concerns.
When the fourth-generation Apple TV was released, many were dumbfounded that the Remote app for iOS didn’t work with it. Weeks later, the app was updated to support the new model, but it lacked key features like Siri support. Now, Apple has released a new app, called Apple TV Remote, that emulates the physical Siri Remote.
The new Apple TV Remote app is much simpler than its predecessor. For instance, it no longer connects to iTunes libraries, only second- through fourth-generation Apple TVs. It’s also an iPhone-only app; while it will run on the iPad, it’s not optimized for the larger screen. However, the previous app, now renamed iTunes Remote, remains in the App Store, and it can connect to iTunes libraries, as well as second- through fourth-generation Apple TVs.
Setting up the Apple TV Remote app is also easier; you no longer have to dig through a menu on the Apple TV to connect it. Open the Apple TV Remote app, select your Apple TV, and then enter the PIN displayed on your TV screen.
The app’s interface is basically the same as the Siri Remote, with a touchpad and buttons for Menu, Play/Pause, Menu, and Siri. As with the Siri Remote, you can tap the edges of the touchpad while watching video to skip 10 seconds, or hold the edges to rewind and fast-forward. If your receiver supports HDMI-CEC, you can control its volume with the iPhone’s volume buttons, per Apple’s support document about the app.
Notably, it adds support for controlling the fourth-generation Apple TV via Siri. In my testing, using it with Siri worked well, but the app causes the iPhone to vibrate when you hold down the Siri button, which is disconcerting.
The Apple TV Remote app also includes some contextual controls. While video is playing, ten-second skip buttons appear to the left and right of the Play/Pause button. A Details link appears in the upper right — tapping that brings up a screen where you can control media directly. There, you can scrub the video’s timeline, as well as rewind, play/pause, and fast-forward. Oddly, controls like these don’t appear when playing songs from Apple Music.
Highlighting a text field brings up a keyboard, which you can dismiss by tapping Done in the upper left. Bring it back again with the keyboard button at the top of the screen. This part of the app is a little buggy. Sometimes the icon remains even after I’ve left a text field, and sometimes it doesn’t appear when I access one.
The most interesting aspect of the Apple TV Remote app is that it doubles as a game controller. When you launch a game, a game controller button appears at the top of the screen. Tap it to reveal a landscape-oriented game controller, with a touchpad on the left and control buttons on the right. Just as with the Siri Remote, you can move the iPhone around in space to play motion-controlled games. (Don’t drop it!)
Overall, the Apple TV Remote app is an essential download for all owners of the fourth-generation Apple TV, and it’s much better suited for the device than the previous app. It’s a little disappointing that Apple didn’t extend its capabilities beyond what’s possible in the Siri Remote, with features like dedicated music controls and an iPad-specific version. But that gives us something to look forward to!
Apple has released the latest report detailing its continuing efforts to promote inclusion and diversity within the company. Available on a colorful, anecdote-heavy Web page that begins with a large headline reading, “The most innovative company must also be the most diverse,” the report presents interactive charts and statistics that describe the ethnic, racial, and gender distribution of its employees over the last three years.
Once you scroll past the anecdotage from eight representative employees and inspirational headlines, you get to the facts and figures. These tend to break out into two kinds of data: global gender diversity and percentages of U.S. underrepresented minorities (or “URMs”), the latter defined as “groups whose representation in tech has been historically low — Black, Hispanic, Native American, Native Hawaiian, and Other Pacific Islander.”
For a global company like Apple, such a breakdown makes a certain amount of sense: although every country in which Apple operates has roughly equal numbers of males and females, the ethnic and racial composition of different locales’ populations can vary widely. Choosing to present figures for URMs only in the United States sidesteps having to deal with which groups are underrepresented in places like Ireland or Singapore. What’s missing in the breakdown as presented, of course, is the gender diversity within individual URM groups, which would provide a more complete picture.
One of the quickest ways to change the gender and minority representation within a company is through newly hired employees, and that is the category that Apple presents first. Apple reports that 37 percent of new hires are female compared to 32 percent of current employees. Similarly, 27 percent of new recruits belong to URM groups compared to 22 percent of current employees. What’s missing here is the percentage of Apple’s total employee count that new hires constitute: if that percentage is small, even large changes in the minority and gender makeup of new hires would have a minimal effect on the company’s overall diversity.
Confusingly, having said in the first set of charts that 27 percent of new hires this year are URMs, the next section of the page proclaims that 54 percent of the new hires in the United States are minorities. Apple arrives at that number by adding in employees who are Asian or multiracial; they may be minorities, but they’re not underrepresented in the tech world.
The minority group breakdowns show an interesting mix. For example, 24 percent of new hires are Asian compared with 19 percent of current employees; both percentages vastly exceed the percentage of Asians among the general United States population, which is less than 6 percent. On the other hand, blacks make up 13 percent of new hires (compared to 9 percent of current employees), a figure that closely matches the percentage of blacks in the United
As for pay differences between groups, Apple simply says that it has “achieved pay equity in the United States for similar roles and performance,” and that it is examining salaries, bonuses, and stock grants among non-US employees and aims to address any pay inequities it finds.
The final set of interactive charts shows gender and minority representation over the last three years, broken down into job categories. Here you can see that Apple is slightly less masculine globally than it was three years ago, with men constituting 68 percent of the employee base today versus 70 percent in 2014. That small shift, however, is absent in the leadership ranks, which remained at 72 percent male from 2014 through 2016.
In the United States, Apple is also slightly whiter in 2016 than it was in 2014: 56 percent white this year versus 55 percent in 2014 (and the company was only 54 percent white in 2015). On the other hand, blacks make up slightly more (8 percent) of the workers in technology positions than in 2014 (6 percent). All of the figures presented, however, are not quite comparable, in that 8 percent of employees in 2014 declined to state their ethnicity; that figure is zero for 2016.
Diversity, of course, isn’t just a matter of numbers but of culture. Apple lists eleven different internal groups that provide support for minorities, such as the Apple Muslim Association and [email protected] Moreover, the diversity page links to the Creating Opportunities page, which describes the various programs and initiatives that foster technology training among underrepresented groups for which Apple provides support, such as President Obama’s ConnectED initiative and the highly regarded App Camp for Girls.
On the whole, the latest diversity report is a typical Apple product: attractive, inspiring, and with most of the operational details hidden from view. Still, market-driven as the page appears, it does seem to reflect the Apple leadership’s mindset: that diversity is important to the company and is a quality worthy of continued support.
The news was as sad as it was unexpected. Kagi, one of the earliest digital commerce companies and long a favorite of many Mac shareware developers, has shut down as of 31 July 2016, just shy of 22 years in business.
Kagi’s home page gives a brief explanation of the situation but to find out more, I spoke with Kagi CEO Kee Nethery, whom I’ve known since he was a product manager at Apple in charge of the Mac-based Apple Internet Server line. Here’s the story.
Over ten years ago, Kagi was looking to expand its business. In the process, they started handling subscriptions for a company selling a legal consulting service — the idea was that you’d pay a $29 monthly fee and be able to get answers to legal questions. The company was both legit and seemingly successful, and the service was real, but what Kagi missed in their due diligence was that the firm’s sales team used high-pressure sales tactics. As a result, many customers were unhappy, and to avoid further pressure when trying to cancel their subscriptions, they instead disputed the credit card charges, generating what Kee described as “an amazingly large number of chargebacks.”
(A brief aside here. When you dispute a credit card charge, the credit card company will usually reverse the charge for you without asking any questions, forcing the merchant to refund your money and charging the merchant an additional fee in the process, $25 in this case. Plus, such chargebacks reflect poorly on the retailer’s reputation with credit card companies. If you’ve been treated badly, disputing a charge may be appropriate, but it’s overkill if you just want a refund from a legitimate merchant who would be more than happy to give you your money back.)
All those chargebacks had two adverse effects on Kagi. First, both Visa and MasterCard put Kagi on a “watchlist,” which is usually followed by dropping the company as a customer. That would have been the end of Kagi. Kee was proud of the fact that Kagi was able to work its way back from the brink and be reinstated as a customer in good standing. He told me that a person who worked at Visa mentioned to him that he’d never seen anyone get off the watchlist before.
The second problem was more serious. The legal consulting company had quickly become Kagi’s largest client, to the point where it was averaging about 20,000 transactions per month. The percentage of chargebacks was high, but not initially beyond the pale. Plus, at that point in its history, Kagi was still processing chargebacks manually because there had been so few up to that point, and that manual processing obscured the severity of the problem. After four months of refining the legal consulting company’s process to set customer expectations appropriately and improving the chargeback process, however, Kagi realized that the problems weren’t going to go away and dropped the company as a client.
The legal consulting company then reneged on its responsibility to repay Kagi for both the $25 chargebacks and the $29 subscriptions, leaving Kagi with a massive debt. That’s an unacceptable way to run a business, to say the least, but when Kagi eventually took the matter to arbitration and won, the settlement didn’t even pay for Kagi’s legal fees.
Kagi could have shut down then and there but instead tried to work off the debt. For the last decade, they’ve been doing just that, working off $600,000 of the overall amount. Unfortunately, that required borrowing against the money they had to pay out every month to suppliers — the developers who sold their products through Kagi. The technique worked well as long as the monthly payout was larger than the debt, but in the last few months, the monthly payout has slowly dipped below the necessary threshold. Rather than string developers along, Kagi decided to cease operations entirely.
(As another aside, we’ve seen Take Control book sales dropping over the last six months as well. I don’t know if the unsettling tumult in national and global politics is responsible, or if there’s some other explanation, but it is concerning. Perhaps things will recover after the U.S. presidential election and once there’s a path forward for Brexit.)
You’ve undoubtedly heard of companies filing for Chapter 11 bankruptcy, part of the U.S. Bankruptcy Code, which allows companies to avoid paying creditors all that they’re owed while continuing to operate. There’s also Chapter 7 bankruptcy, under which the company goes out of business and its assets are liquidated to pay creditors. Chapter 11 wouldn’t work for Kagi, because what developer would continue to work with a company that couldn’t guarantee to pay on time? Even Chapter 7, while simpler, still involves courts and high legal fees.
Kagi is instead using a state-based option, called ABC, or Assignment for the Benefit of Creditors. It’s most common in California, where Kagi is located, but many other U.S. states have similar statutes. The advantage of ABC is that the costs are significantly lower, which means more money for creditors. Under ABC, an independent company takes over, liquidates all assets, and manages the payout of all the leftover money.
Right now, Kagi owes money for June and July to about 2000 clients, of whom fewer than 1000 were active sellers. Unfortunately for those companies, between the time necessary to work through the ABC and the fact that credit card companies are holding onto a lot of Kagi’s money to cover refunds and chargebacks, it will probably be six months before it’s known how many cents on the dollar each client will receive after taxes are paid.
In the meantime, Kagi is busy tearing down its racks of servers and shredding the hard drives that contain customer and credit card data. Kee has set up an entirely separate Web site and email system to handle support email, which mostly involves sending developers dumps of their license codes and customer data.
It’s a bad time to be a company that relied on Kagi. Payments for June and July will be both delayed and reduced by an unknown amount. Worse, these companies are scrambling to find a new digital commerce solution, such as Avangate, Comecero, FastSpring, and Paddle.
You might wonder why I didn’t include payment processors like PayPal or Stripe in that list. Both are fine choices for certain situations, and they charge lower transaction fees. But there are two big differences between a simple payment processor and a full digital commerce solution such as Kagi and the others provide.
First, digital commerce companies offer full-fledged shopping carts with options for bundles, coupons, subscriptions, order management, refunds, and more. That used to be worth a great deal, but there are now numerous independent Web apps that provide similar features for systems like WordPress, not to mention standalone platforms like Squarespace that offer their own e-commerce capabilities. These apps and platforms all work with systems like PayPal and Stripe.
Second and more important, anyone who sells to customers in other countries has to be aware of the tax implications of doing so. When a company sells to any country in the European Union, along with Canada, Japan, Norway, South Africa, South Korea, Switzerland, and the United States, it may need to pay taxes in that country. The details vary widely, and in some cases (like Canada, Japan, and South Africa), thresholds apply, so a handful of sales won’t matter, but most companies selling to the EU will have to collect and remit value-added tax (VAT).
The full-service digital commerce companies act as the “merchant of record,” which means that end users are actually buying from them, not the company selling the product, and because of that, they handle all tax collection and remittance. That’s hugely helpful for any business in the United States, where sales tax rates vary by state, county, and sometimes even city (but are required only in states where you have a “nexus”). It’s even more important when dealing with international tax authorities — Kee told me that paying Kagi’s VAT taxes to the EU was complex and required personal attention every financial quarter.
Simple payment processors like PayPal and Stripe don’t automatically do anything related to taxes because the company selling the product is the merchant of record. With extra configuration and integration with external services like Taxamo and Avalara, carts that work with PayPal and Stripe can be enhanced to identify the location of each customer in real time, and to calculate and collect the appropriate tax. It’s then up to the company to register for, file, and remit taxes to U.S. states, the EU, and other countries. (Avalara has a service that claims to handle VAT entirely, but I haven’t evaluated whether or not it’s a complete solution or if the
pricing is reasonable.)
Put bluntly, I cannot imagine most software developers having the time or expertise to tackle the task of managing taxes. It’s the primary reason we’ve long sold Take Control books and TidBITS memberships through eSellerate (parent company Digital River has eSellerate in maintenance mode, which is why I didn’t include it in the list above). It’s worth giving up a few percent of every sale to have Digital River’s tax team handle everything for us. My strong suspicion is that the vast majority of small companies relying on PayPal and Stripe are just ignoring their international tax responsibilities and hoping they’re small enough to fly under the radar. I have no idea what the liabilities of doing that might be.
Regardless of what companies who previously relied on Kagi end up doing, it’s sad to see the end of such an important player in the history of the Mac, and especially depressing to learn that the reason was an unsuccessful attempt to recover from a situation involving fraud.
Quicken 2016 for Mac 3.5.1 — Quicken Inc. has released Quicken 2016 for Mac 3.5.1 with an improved Reconcile feature, performance improvements in the Portfolio View, and dramatic file size reduction for those with lots of historical data. The update also changes the database structure to support future development. Once you open your database file in version 3.5.1, you won’t be able to use it in an earlier version, but the update automatically saves a backup file in the old database format that’s compatible with version 3.4.
The new Reconcile feature emulates the functionality found in Quicken for Windows and Quicken 2007 by calculating the beginning balance based on all uncleared transactions, which should result in a more accurate reconcile experience. The update also makes several improvements to 12-month budgets, fixes issues with the Portfolio View (including speed bumps and a display change that shows the number of shares up to six decimal places), and adds the capability to create Quick Category and Tag reports by right-clicking. ($74.99 new, free update, release notes, 10.10+)
Read/post comments about Quicken 2016 for Mac 3.5.1.
SEE Finance 1.0.10 — Scimonoce Software has released SEE Finance 1.0.10 with bug fixes for the personal finance app, which was one of the top picks of TidBITS readers in our survey earlier this year (see “Your Favorite Mac Personal Finance Apps,” 29 February 2016). The update enables you to merge non-account-specific categories into account-specific categories, no longer saves the Split category for memorized default information for payees, resolves an issue setting up downloads for Chase accounts, and fixes a bug with the Budgets view that prevented loading when
sorting data by a table column. For a limited time, SEE Finance is priced at $39.99 ($10 off its regular price) from both Scimonoce Software and the Mac App Store. ($49.99 new, free update, 31.9 MB, release notes, 10.6+)
Read/post comments about SEE Finance 1.0.10.
Capto 1.0.3 — Global Delight has issued Capto 1.0.3 with some new features added to the screen capture utility formerly known as Voila. The update adds a Numbering tool to highlight areas in an image with numbers and letters, a Pop-up/Floating Panel Capture feature that enables you to capture a screen with a floating window in it, a Highlighter Image Editing Tool with Doodle/Freehand and Rectangular highlighters, and a countdown timer. The release also adds support for using Force Touch on Macs with OS X 10.11 El Capitan and later, and fixes bugs related to Photoshop. Capto is free for those who purchased a license to
Voila on or after 1 October 2015. If you bought either Voila or Boom 2 before 1 October 2015 (from either Global Delight or the Mac App Store), you are eligible for a 50 percent discount on Capto through Global Delight’s storefront. ($29.99 new from Global Delight with a 25 percent discount for TidBITS members or from the Mac App Store, 24.9 MB, release notes, 10.10.5+)
Read/post comments about Capto 1.0.3.
OmniFocus 2.6.1 — The Omni Group has released OmniFocus 2.6.1 with a new file format, which may prompt you to update the OmniFocus database based on which other versions of OmniFocus you use on other devices. In addition to encrypting communications between OmniFocus and the server you sync to, the new file format enables your data to be encrypted at rest on the server. The update also automatically pushes a restored backup to your sync location and triggers a sync in your other clients, removes server files created during interrupted syncs, fixes a bug in OS X 10.11 El Capitan where text in the sidebar would
shift vertically during editing, and updates localizations. ($39.99 new for Standard edition and $79.99 for Pro edition from The Omni Group Web site, $39.99 for Standard edition from Mac App Store (with in-app purchase option to upgrade to Pro), 28.6 MB, release notes, 10.10+)
Read/post comments about OmniFocus 2.6.1.
DEVONthink 2.9.1 — DEVONtechnologies has updated all three editions of DEVONthink (Personal, Pro, and Pro Office) to version 2.9.1 with improvements and bug fixes related to the new synchronization engine introduced in the previous version (see “DEVONthink/DEVONnote 2.9,” 22 July 2016). All three editions now allow you to select and delete ink annotations in PDF documents, improve download speed from sync stores, support some new XML file name extensions, enable the content of DEVONagent searches to be indexed, improve Bonjour resolving, and fix an issue
with inconsistent error messages. Note that DEVONnote, which typically receives updates along with DEVONthink, remains unchanged.
The company also released version 2.0 of its DEVONthink To Go iOS app, which was rewritten from scratch to be faster and more robust, and to use the Mac version’s new synchronization engine. The new release supports direct connections via a local Wi-Fi network as well as via Dropbox and WebDAV servers, supports tags, enables direct data reorganization, and adds a rich text editor that supports editing and rendering of Markdown documents (see more details from this press release).
DEVONthink To Go requires DEVONthink 2.9 or later and costs $14.99. A Pro Package in-app purchase of $4.99 unlocks additional features, including space-saving metadata-only sync, PDF annotations, viewing email messages, and tabular data. (All updates are free. DEVONthink Pro Office, $149.95 new, release notes; DEVONthink Professional, $79.95 new, release notes; DEVONthink Personal, $49.95 new, release notes; 25 percent discount
for TidBITS members on all editions of DEVONthink; 10.9+)
Read/post comments about DEVONthink 2.9.1.
In this week’s ExtraBITS, Hulu is eliminating free access to its content, Apple’s top brass discusses the state of the company under CEO Tim Cook, Apple opens a bug bounty program, and we learn why there’s a controversy around emojis in iOS 10.
Hulu Drops Free Plan to Focus on Subscriptions — Video streaming service Hulu is dropping its ad-supported free tier. From now on, to watch Hulu content, you’ll have to pay $7.99 per month for the company’s Limited Commercials plan or $11.99 per month for the No Commercials plan (though a handful of shows still show ads due to the rights Hulu was able to obtain). Hulu is also partnering with Yahoo for a new ad-supported service, Yahoo View, which will run the five most recent episodes of shows from ABC, Fox, and NBC eight days after airing.
Inside Tim Cook’s Apple — Perhaps smarting from the media response to two relatively weak fiscal quarters, Apple sat three of its top executives down with Fast Company’s Rick Tetzeli to calm the waters. In the article, CEO Tim Cook, SVP of Internet Software Eddy Cue, and SVP of Software Engineering Craig Federighi discuss how Apple has changed in the Cook era, including how the problems with Apple Maps led to public betas of iOS. The wide-ranging discussion also touches on Siri and how subscription services are helping Apple’s revenues. While Apple’s top
brass avoided specifics, Eddy Cue did share the company’s overriding ambition: “We want to be there from when you wake up till when you decide to go to sleep.”
Apple Opens Bug Bounty Program — Tech companies have long paid bounties to security researchers who find flaws in their software. Until now, however, Apple hasn’t availed itself of this method of encouraging vulnerability discoveries. Apple has announced a bug bounty program that will pay between $25,000 and $200,000 to researchers who discover certain classes of security vulnerabilities in iOS or iCloud. The program is open only to invited researchers for now, but Apple says that if someone outside the program discovers an exploit in a covered class, they may be added to the program. Over
on the Securosis blog, TidBITS Security Editor Rich Mogull provides more details and calls it “a good start.”
The Controversy Around the iOS 10 Gun Emoji — Apple’s redesign of iOS 10’s emojis has generated controversy by changing the realistic pistol emoji (?) to a toy squirt gun. Jeremy Burge of Emojipedia argues that this shift could lead to tragic miscommunications, since every other platform, plus previous versions of Apple operating systems, displays that emoji as an actual gun. Burge suggests that the pistol emoji should be hidden from the keyboard entirely, and those who want to use the emoji could still copy it from elsewhere and paste it into messages. If nothing else, this kerfuffle shows why it
can be problematic to rely on pictographs for communication.