It’s an atypical amoeba that survives for 15 years without even undergoing binary fission, but Apple software firm Rogue Amoeba has long stood out on the microscope slide.

Since its founding in 2002, Rogue Amoeba has been producing audio software of unusual depth, power, and utility. We rely on Audio Hijack to record audio versions of TidBITS articles each week, and we employ Fission to edit those recordings. (We even published “Take Control of Audio Hijack” back when Tonya and I were running Take Control Books.)

Although I don’t need the app often, I particularly appreciate the software artistry that has gone into Airfoil, which lets you broadcast audio from your Mac to other devices around your house. Rogue Amoeba also makes Loopback, which enables you to route audio between apps on your Mac; Nicecast, which lets you create your own Internet radio station; Piezo, for those who want a recording app that’s simpler than Audio Hijack; and SoundSource, which gives you vastly more control over sound on your Mac.

Congratulations then to Paul Kafasis and our other friends at Rogue Amoeba for outfitting the Mac community with extraordinary audio tools for so many years! To celebrate, they held a Fifteenth Anniversary Sale on all their apps through 30 September 2017. If you missed the sale, since it was active only between TidBITS email issues, note that TidBITS members can always save 20 percent on all purchases from Rogue Amoeba.

During a surprise announcement on 27 September 2017, Amazon unveiled a variety of new Alexa-equipped devices, including several new Echo smart speakers and a new Fire TV. Unless otherwise noted, they’re all available for pre-order now and will be released later this year.

First, before you ask, no, Amazon said nothing about the upcoming Amazon Prime Video app for the Apple TV. We still don’t know when it will become available.

The second-generation Amazon Echo is a tad smaller than the original, has a fabric covering like Apple’s upcoming HomePod, and starts at only $99.99, just over half of the original’s $179.99 price. You can also sign up for a payment plan of $20 per month for 5 months. Additionally, for a limited time, you can save $50 when you buy three units for $250 with the code ECHO3PACK.

The second-generation Echo comes in three different fabrics: charcoal, heather gray, and sandstone. There are also three non-fabric finishes — silver, walnut, and oak — available for $20 more.

If you want something a little more, you can opt instead for the home automation–focused Echo Plus for $149.99. Its marquee feature is that it can serve as a hub for devices like Philips Hue smart bulbs, and for a limited time, the Echo Plus comes with a free white Philips Hue bulb. A lot of home automation devices require some sort of Ethernet-connected hub, so the Echo Plus could save space and reduce clutter for home automation enthusiasts. Unsurprisingly, it can’t be a HomeKit hub.

The new Echo and Echo Plus will ship on 31 October 2017.

If you like the idea of the Echo Show, which features a 7-inch touchscreen, but don’t want to shell out $229.99, Amazon will be offering the new Echo Spot for $129.99 on 19 December 2017. The Echo Spot has a round, compact design with a 2.5-inch screen, much like an alarm clock, and Amazon provides a number of clock faces for it.

If you still use a landline phone, you may be interested in the Echo Connect add-on, which connects to your phone line and lets you use your Echo devices as speakerphones. The Echo Connect costs $34.99 and will ship on 13 December 2017.

And if there wasn’t enough Echo in your life, Amazon also announced a new product category called Alexa Gadgets, the first of which will be Echo Buttons, which can be used to play Alexa-powered party games. You can sign up to be notified when more information about Alexa Gadgets is available.

What’s next for Alexa Gadgets? Future versions of the Big Mouth Billy Bass will connect to Echo devices and respond to Alexa actions, such as singing and dancing to music. Here’s a video, if you’re somehow unfamiliar with the Big Mouth Billy Bass. Whatever would we do without such technological innovations?

The most exciting new product in Amazon’s lineup might be the new third-generation Fire TV, which supports 4K ultra HD resolution and HDR10 color (but not Dolby Vision). Unlike the $179 Apple TV 4K, it will support Dolby Atmos surround sound when it ships on 25 October 2017. Like the newer Google Chromecasts, the third-generation Fire TV is a dongle that hangs off your HDMI port, which some people don’t like. Most notably, at $69.99, it’s nearly $110 less than the Apple TV 4K. Ouch.

The big question is how Amazon’s content lineup will match up to Apple’s. Amazon Prime Video has offered 4K titles for a while, but its selection of 4K movies has been limited and expensive. However, Amazon recently slashed prices on 4K films. If the company can match iTunes by improving its collection of 4K HDR movies and upgrading HD movies that customers have purchased, Amazon will be hard to beat in the living room.

Similarly, Apple will have a tough time justifying the $349 price of the HomePod when you can buy four Amazon Echoes for that price. Don’t forget, Echo now does multi-room audio (see “Amazon Echo Gains Multi-Room Audio Capabilities,” 29 August 2017), so for the price of a single HomePod, you could fill your entire house with audio. Will the HomePod sound better? Probably. Will it work better with Apple’s ecosystem? Absolutely. But will it be four times as good? That’s the question you’ll have to answer.

Apple has released iOS 11.0.1, merely noting that it has “bug fixes and improvements.” However, in a separate note, Apple says this update resolves the issue with Microsoft-hosted email accounts detailed in “iOS 11 Mail Failing to Send with Microsoft-Hosted Accounts” (22 September 2017).

You can get the iOS 11.0.1 update, which is roughly 275 MB, in Settings > General > Software Update or via iTunes.

Those who were participating in the developer beta of iOS 11 may need to delete the iOS beta profile in Settings > General > Profile and restart the device to get iOS 11.0.1 to show up.

The iPhone X may still be a month away, but three of Apple’s recently announced products are now available: the iPhone 8 and 8 Plus, the Apple Watch Series 3, and the Apple TV 4K. Some hardcore Apple fans may have preordered without a second thought, but if you’re more discerning, you’re likely holding off until you can read the early reviews. Here’s a roundup of the most informative coverage of each product.

iPhone 8 and 8 Plus — With the next-generation iPhone X coming soon, we expected a muted response to the iPhone 8, with its merely evolutionary design. We were right.

Nilay Patel nailed the lack of enthusiasm in his review for the Verge with the simple statement, “It’s an iPhone.”

BuzzFeed’s Nicole Nguyen echoed those sentiments:

None of these updates are bad — together, they make the new iPhone 8 and 8 Plus slightly faster, more comfortable, more convenient, and better at taking photos compared to older iPhones. But make no mistake: if you were expecting the NEW! NEW! NEW! of a “whole” number iPhone (A new kind of port with the 5! A new bigger phone with the 6! Water-resistant and no headphone jack with the 7!), you might be underwhelmed.

Yahoo’s David Pogue agreed, saying, “…if Apple hadn’t unveiled the iPhone X, there’d be no buzzing at all. The other phone Apple unveiled that day, the iPhone 8, is a very minor upgrade indeed.”

However, that’s not to say the iPhone 8 isn’t a worthwhile upgrade, nor worthy of merit. TechCrunch’s Matthew Panzarino took a unique approach: “If the camera is a platform, the time to begin reviewing the iPhone as a camera is long overdue.” So how does the iPhone 8’s camera stack up? “Killer,” he said. Photographer Austin Mann agreed, and posted some impressive photos to back up that claim.

The iPhone 8’s speed is also impressive, and it has proved in tests to be notably ahead of the fastest Samsung phones. In a Tom’s Guide speed test, it took just 42 seconds for the iPhone 8 to export a two-minute 4K video clip, while that same export took the Samsung Galaxy Note over 3 minutes and the Samsung Galaxy S8+ over 4 minutes.

In summary, the iPhone 8 is the best iPhone yet, even if it offers relatively little new beyond Qi wireless charging. It will be interesting to see how the iPhone 8/iPhone X split affects iPhone sales, as Austin Mann points out:

As for the iPhone X, I feel a bit like the kid in the infamous Stanford Marshmallow Experiment from the 1960s where the researcher sets a marshmallow in front of a child and tells him he can eat one marshmallow immediately, or, if he can wait 15 minutes, he’ll be rewarded with TWO marshmallows.

When I wrote this shortly after the iPhone 8 launch, you could order an iPhone 8 and would have it in your hands within a week, regardless of capacity or style. I can’t remember an iPhone launch with immediate availability past the first hours of preorders! The most likely explanation is that people are waiting for the iPhone X, but Apple can reportedly make only 10,000 per day.

Apple Watch Series 3 — If the iPhone 8 reviews could be summed up as “great, if boring,” the Apple Watch Series 3 reviews were less kind.

Joanna Stern’s Wall Street Journal review set the tone. In testing the Apple Watch Series 3, she experienced poor battery life and spotty cellular connectivity. (You can watch her amusing video for free, but the article is behind a paywall. However, the text of the article is mirrored at Morningstar):

You’re lucky if the battery allows you to roam on cellular for longer than half a day — especially if you’re making calls. And only a limited number of third-party apps work without the phone close by. (No Instagram, Twitter, Uber.)

Most worryingly, my colleague Geoffrey Fowler and I experienced cellular connectivity issues on three separate pre-production models, in two different states, on two different 4G LTE carriers.

On the AT&T-connected models, the cellular connection dropped, calls were often choppy and Siri sometimes failed to connect. On the one that ran on T-Mobile, I experienced several dropped connections.

Lauren Goode discussed similar issues in her review for The Verge:

It became apparent after my first full day using the Apple Watch Series 3 with LTE that something wasn’t right. My review Watch was paired with an iPhone 8 and was on an AT&T wireless plan. In one of my initial tests, I went for a walk with the phone on airplane mode, and tried to send text messages and use Siri to initiate phone calls through the Watch. Those didn’t work. I tried asking Siri basic questions. That didn’t work. Siri also wasn’t “talking back” to me, something that’s supposed to be a new feature on the Series 3 Watch.

Phone calls did sometimes work from the Watch, but I had to manually tap through my contacts or recent calls list on the Watch and initiate the call that way. (Calls through Bluetooth headphones sound good, but the Watch’s built-in audio isn’t ideal for extended conversations.) By 11:42 that morning, after 60 minutes of working out with LTE, multiple attempts to use Siri, and two seven-minute phone calls, the Watch’s battery had drained to 27 percent.

So Apple replaced my original review unit with a second Series 3 Watch, also connected to AT&T’s wireless network. Siri was now audibly responding, which the company later said was attributable to the fact that the first batch of preproduction units hadn’t been set up properly with Siri.

But that doesn’t mean the LTE connectivity issues went away. On more than one occasion, I detached myself from the phone, traveled blocks away from my home or office, and watched the Watch struggle to connect to LTE. It would appear to pick up a single bar of some random Wi-Fi signal, and hang on that, rather than switching to LTE.

Apple later released a statement blaming those problems on a Wi-Fi bug and promising a fix. iMore’s Serenity Caldwell explains the problem in detail.

In the New York Times review, Brian X. Chen didn’t seem to have those problems but still found cellular capabilities to be of questionable value. However, he praised the Series 3 overall:

Although I think most people can skip buying the cellular model, the Apple Watch Series 3 is the first smart watch I can confidently recommend that people buy. While I don’t personally find it attractive enough to replace my wristwatch, the new Apple Watch is a well-designed, durable and easy-to-use fitness tracker for people who want analytics on their workouts and general health (R.I.P., Fitbit).

Daring Fireball’s John Gruber gave the Series 3 a glowing review, but lamented the monthly cost of its cellular service:

The only thing I don’t like about the addition of cellular networking to Apple Watch is out of Apple’s hands: the monthly price to add it to a cellular plan. AT&T and Verizon are both charging $10 a month per watch. I don’t expect it to be free, but $120 a year feels like too much for a device that I’m using instead of the iPhone I’m already paying (a lot) for. With our Verizon family plan, it also costs $10 a month to add an iPad. But an iPad is a device we use in addition to our phones, not instead of. I think $5 per month is the right price. (And DF readers in Canada and Australia report that’s about what it costs from the carriers in those countries — this is perhaps a U.S. problem, not a worldwide one.)

The takeaway seems to be that if you’re in the market for an Apple Watch, the Series 3 is good if you don’t care about spotty and overpriced LTE service. If you do want cellular capabilities, it’s probably worth waiting a while to see if watchOS updates improve performance.

Apple TV 4K — If you read only one review of the Apple TV 4K, make it Nilay Patel’s outstanding review for The Verge, which goes into incredible detail about how the Apple TV 4K stacks up as a high-end home theater device. Unfortunately, his verdict isn’t stellar:

But the new Apple TV doesn’t support Atmos. And it doesn’t support YouTube in 4K HDR. And it doesn’t have Disney or Marvel movies in 4K HDR. And it makes some 1080p content look less than great.

So from the jump, the Apple TV forces you to run your nice new 4K HDR TV at a suboptimal setting at some point during the course of using it. The specifics of this problem might only be of interest to A/V nerds, but the way it looks in the end will affect every single Apple TV 4K owner. I suspect Apple will eventually add an advanced setting to allow for mode switching, but out of the box right now, this is what you get.

Granted, many of these concerns are high end problems, but with the Apple TV 4K commanding a high end price of $179, the complaints are appropriate. Fortunately, Apple says the Apple TV 4K will support Dolby Atmos surround sound in a future update.

Likewise, CNET’s David Katzmaier said many good things about the Apple TV 4K, but concluded that it just costs too much for most people.

Tom’s Guide expressed the same opinion:

Ultimately, the Apple TV 4K is gorgeous and intuitive, but it’s not ambitious enough for the high price. If you’ve got a 4K TV and a lot of money tied up in the Apple ecosystem, this box is worth a look. Otherwise, you could probably invest the extra $80 in some excellent 4K movies instead.

Across the board, the reviews are lining up with the initial impressions I offered in “Apple TV Finally Enters the 4K Realm, but It Will Cost You” (12 September 2017).” The Apple TV 4K still provides the best user experience but is overpriced, especially considering how long competing products have offered similar technical specs.

Apple designed macOS’s Find My Mac feature to help those who have lost a Mac or had one stolen recover their machines while simultaneously rendering the computers inaccessible. Unfortunately, Find My Mac has recently been subverted by extortionists relying on usernames and weak passwords leaked from account breaches at major sites like Yahoo and LinkedIn — not iCloud itself.

These criminals log in to iCloud.com with a leaked username and password, lock your Mac via Find My Mac with a secret code, and then post a message on the screen telling you where to send Bitcoin to receive the numbers to unlock your Mac.

If you have fallen victim to this attack, do not pay the ransom! Instead, go to an Apple Store or independent Apple Authorized Service Provider and — according to Apple’s FAQ — with proof of purchase in hand, Apple can unlock your Mac. But change your iCloud password first.

You would think that Apple’s two-factor authentication (2FA) would block this attack, but it doesn’t, for the simple reason that Apple lets certain iCloud activities take place without a 2FA code. That’s an intentional security decision that Apple made to allow people to lock lost devices even if they couldn’t gain access to a trusted device or phone number — imagine that your Mac and iPhone are both stolen. But given how extortionists have subverted Find My Mac, Apple needs to rethink this feature immediately.

If you use the same password for iCloud and other sites or if you haven’t changed your iCloud password in years, change it immediately. Some pundits are recommending that you disable Find My Mac, but doing that removes a valuable tool for data protection and device recovery. The password is the issue, not the Find My Mac service.

To see if your credentials may have been exposed in one of these major account breaches, you should also consult Have I Been Pwned?, a trustworthy site run by Australian security expert Troy Hunt that compiles public account breaches.

This attack doesn’t work against iPhones and iPads that already have a passcode in place because iOS’s Lost Mode relies on the passcode to unlock the device. But if your iOS device lacks a passcode or if you have a Mac, the Lock (Mac) and Lost Mode (iOS) in iCloud.com’s Find My iPhone screen allow an attacker to enter a code only they know and display a custom message telling you how to pay up.

In addition to online reports and our testing, we have a direct report of this attack. A graduate student at Cornell (whose mother is a TidBITS reader and got in touch with us) fell prey to this attack this week. Both of the student’s MacBooks were locked, and a dialog appeared on her screens with an email address intended to appear as though it belonged to Apple.

Luckily, she had both Time Machine and Carbon Copy Cloner backups. Instead of responding to the email address, she called Apple and was told to take her MacBooks to the nearest Apple Store. (It’s an hour away, and they couldn’t fit her in for three days; just because Apple can help doesn’t mean it will be convenient.) Upon doing so, and proving ownership with receipts, the Apple Store employees were able to unlock both computers. And the student’s mother managed to refrain from admonishing her daughter for ignoring parental advice to use strong passwords and not reuse them across sites.

That’s all you need to know. However, if you want to understand why these attacks are happening now, read on.

A Feature Becomes a Bludgeon — To be crystal clear, iCloud has not suffered a major breach. Rather, this attack was made possible thanks to breaches at other sites that revealed usernames and passwords. The problem stems from people using the same password on both iCloud and a site that was breached. Since nearly five billion accounts have been exposed in breaches over the years, it’s entirely likely that the bad guys have your credentials from those snapshots.

You would think an attack relying on reused passwords would already have happened to iCloud, and it has: many iCloud users had problems a few years ago when weak passwords in early breaches were cracked. The thing is, crackers are still churning away at stronger passwords from those exfiltrated databases using ever more powerful computational engines. Thus, passwords that might have withstood cracking in the past are falling to this continued effort. Plus, because Apple now actively encourages two-factor authentication, some people still rely on relatively weak passwords due to the belief that 2FA will protect them. That’s actually a reasonable assumption — except in this one terrible case!

2FA does prevent someone with just your password from gaining full access to your iCloud. What criminals have realized more recently is that they can still wreak havoc on accounts that have crackable passwords, regardless of 2FA.

At iCloud.com, a login attempt for a 2FA-protected account begins with a request for the username and password. Next, on all 2FA-enrolled computers and devices, a prompt appears that asks the user to Allow or Don’t Allow the login attempt. But here’s the hole. Without dismissing that dialog, iCloud.com allows someone to access Find My iPhone, Apple Pay, and Apple Watch Settings, and from the Find My iPhone screen, lock a Mac or put an iOS device in Lost Mode. Apple should address this vulnerability immediately.

(Pay attention if you ever get an unexpected 2FA login request because it could indicate that someone has obtained your password. Whenever you receive an unexpected request, immediately disable Find My Mac on your Macs, change your iCloud password, and then re-enable Find My Mac. Also note that Apple recently changed what happens when you click Don’t Allow. Formerly, nothing happened. Now, on the device from which you clicked Don’t Allow, you receive a warning that someone might
be trying to access your account and suggesting that you change your password.)

The other reason these attacks are happening now is that the spread of ransomware has popularized the notion of locking someone’s files in exchange for payment. Such payments can be difficult to track to their recipients, thanks to Bitcoin, a largely anonymous cryptocurrency that can be readily used internationally and is the coin of the realm for illegal and dubious transactions. (Yes, Bitcoin is used for plenty of legitimate transactions, too, but it’s the preferred medium for online black markets.) And before you ask, yes, Apple
could track the IP addresses from which the Find My iPhone locking requests originate, but with VPNs, Internet cafés, and other ways to obfuscate origin, that wouldn’t help.

We believe that attackers won’t be able to erase your Mac or iOS device if you have 2FA enabled because erasure requires your second factor. We tested this with iOS but weren’t able to confirm the final steps with macOS, not having a Mac we could erase on hand. Nonetheless, the same process appears to be followed. (Apple doesn’t document these erasure steps to that degree of granularity, which would help.)

Improve Your iCloud and General Password Security — The summary of our best advice for your iCloud password and security, and for password hygiene in general, is as follows:

• Use a password manager. We use 1Password and LastPass around TidBITS. You can also use iCloud Keychain more extensively in iOS 11, which allows third-party apps to tap into an iCloud Keychain password store.

• Create a unique password for each site. With a password manager, this is trivial, both for creating them and filling them in.

• For services like iCloud, Google, and Netflix where you may need to type your password instead of using a password manager, use long passwords that are easy to type. The old advice — which many sites enforce, unfortunately — of using short passwords (often just 8 to 12 characters) with a mix of letters, numbers, and punctuation is outdated. The latest recommendations, including those promulgated by the National Institute of Standards and Technology, say longer, memorable, and easy to type is better. Password managers can create those for you, too.

• Enable 2FA everywhere you can, including iCloud. While this attack exploits a loophole in Apple’s use of 2FA, 2FA retains its advantages everywhere else.

For more advice on password selection, using password managers, and general account security, consult Joe Kissell’s excellent “Take Control of Your Passwords.”

Thanks to high-profile breaches, many sites have dramatically increased their password-encryption security. Any intelligently run company has shifted to using better algorithms and approaches for encrypting passwords. Many sites now choose an algorithm that has a scaling factor — over time, the site can keep dialing a number up to keep stored passwords infeasible to crack despite increases in computing power. 1Password, LastPass, and others already use this technique to protect their vault passwords. In 2015, LastPass suffered a severe breach, but there were no reports of cracked accounts because of the computational burden to
break through even a single password.

What we don’t know is whether users are now regularly choosing better passwords and not reusing them across sites. The popularity of 1Password and LastPass would point toward some improvements there, but I’d argue that the outdated password requirements presented by many sites have kept less-savvy users from increasing password strength. Sites need to get with the times, follow best practices, and give users the best modern advice (which is coincidentally less frustrating, too).

Apple Needs To Rethink This Loophole — Letting someone with just an iCloud password lock a Mac with a secret code seems like a bad idea. Perhaps Apple could change macOS’s behavior to mimic that of iOS, which lets you unlock a device with the passcode. What if you could regain access to a Mac locked via Find My Mac using one of its macOS administrator passwords?

Apple could adapt a feature already used with FileVault 2 to enable such a capability while still allowing Mac owners who had just lost all their 2FA-enrolled hardware to lock their devices.

With FileVault, Apple uses the Recovery partition to store account information for all macOS logins that have FileVault access. When you turn on or restart a FileVault-protected Mac, macOS actually boots into Recovery. Entering your password unlocks the full-disk encryption key used for your main boot partition and allows the startup sequence to proceed normally.

Right now, however, if you don’t have FileVault enabled, the Recovery partition has no account credentials that it could compare against when unlocking a Mac. That’s likely why Apple lets the person locking a Mac choose the secret unlock code. If Apple updated macOS to store encrypted credentials for an administrator account in the Recovery partition, it would become possible to unlock a locked Mac with just the administrator password, just as in iOS, where the passcode disables Lost Mode.

With such an update, Mac users wouldn’t have to worry about being extorted through iCloud password reuse, social engineering, or any other lost password scenario. We hope Apple is working to make this change or something similar.

Interarchy 10.0.7 — Receiving its first maintenance release since November 2014, Nolobe’s file transfer client Interarchy has been updated to version 10.0.7, adding compatibility with macOS 10.13 High Sierra. The release includes a workaround for a bug in High Sierra that prevented clicks in the sidebar and toolbar from registering, and the app now requires OS X 10.10 Yosemite or later. This Nolobe blog post promises that version 11 will be released soon and that those who purchase a new license for Interarchy 10 will receive a free upgrade to Interarchy 11 when it’s
released. ($64 new, free update, 5.7 MB, 10.10+)

Read/post comments about Interarchy 10.0.7.

iFinance 4.3.1 — Synium Software has released the financial management app iFinance 4.3 with new features and improvements. The update now enables you to add contacts to accounts as the account holder, adds automatic detection of transfers between accounts when importing via an HBCI/FinTS or CSV file, improves speed when downloading data from certain banks, modernizes memory management, adds an option to close the database after a certain amount of timed inactivity, and provides support for currencies with 1/1000 sub units (such as the Tunisian dinar, Bahraini dinar, Iraqi dinar, Kuwaiti dinar, and Libyan dinar).
Shortly after the release of version 4.3, Synium Software issued 4.3.1 to fix unspecified bugs.

Synium has discounted both iFinance for Mac and iFinance for iOS for a limited time, with the Mac app priced at $17.99 (normally $35.99) and the iOS app priced at $3.99 (regularly $8.99). ($35.99 new from the Mac App Store, free update, 24.6 MB, release notes, 10.10+)

Read/post comments about iFinance 4.3.1.

FileMaker Pro 16.0.2 — FileMaker has released version 16.0.2 of its FileMaker Pro database software for the Mac (reviewed by William Porter earlier this year; see “FileMaker 16’s Invisible Brilliance,” 12 June 2017). This maintenance release resolves a bug with the Script Debugger (which reset the scrolling position and showed the active script step at the bottom of the display area), improves the performance of the SortValues and UniqueValues functions, fixes a bug where external script steps evaluated calculated values for repetitions incorrectly, and
resolves an issue where opening and closing a record without modifying it increased the internal record modification count. If you have an individual license for either version 14 or 15, you can upgrade to FileMaker Pro 16 for $197 — upgrade eligibility for version 13 licenses ended on 22 September 2017. ($329 new, $197 upgrade, free update from version 16, 4.4 MB for updater file, release notes, 10.11+)

Read/post comments about FileMaker Pro 16.0.2.

VMware Fusion 10.0.1 — Skipping over version 9 (from its previous version 8, which debuted in 2015), VMware has released version 10 of its VMware Fusion virtualization package in both standard and Pro editions. Built for macOS 10.13 High Sierra and Microsoft Windows 10 (including the Fall 2017 Creators Update), both editions receive an updated interface, improved New VM and Migrate Your PC Wizards, and an enhanced Metal graphics engine with up to 65 percent better performance.

Designed for IT professionals and developers, VMware Fusion 10 Pro now includes a secure RESTful API service designed for automation and third-party software integration, adds support for Microsoft’s new Virtualization Based Security features, and improves integration with VMware’s vSphere platform with stability and performance enhancements to take advantage of newer Intel Kaby Lake and AMD Ryzen CPU features.

Shortly after the announced release of version 10, VMware issued version 10.0.1 to fix a number of bugs, notably an issue for users running non-English versions of macOS who experienced a failure when powering on virtual machines with 3D acceleration enabled.

Both editions of VMware Fusion 10 can run on all Macs released in 2011 or later (except the 2012 Mac Pro with the Intel Xeon W3565 processor), as well as 2010 Mac Pros. 10.11 El Capitan is now the minimum OS requirement.

VMware Fusion 10 costs $79 for the standard edition and $159 for Fusion Pro (a $40 decrease from the previous release). Those with Fusion 7, 8, or 8.5 licenses can upgrade for $49 (standard) or $119 (Pro). Purchases of version 8.5 made on or after 22 August 2017 are eligible for a free upgrade. You can download a free trial from this VMware store page. ($79.99/$159.99 new, $49/$119 upgrades, free update from version 10, 470 MB, release notes, 10.11+)

Read/post comments about VMware Fusion 10.0.1.

BusyCal 3.2.2 and BusyContacts 1.2.2 — BusyMac has released BusyCal 3.2.2 and BusyContacts 1.2.2 with improvements to both apps. The BusyCal 3.2.2 fixes a redraw bug that occurred when selecting search results on macOS 10.13 High Sierra, resolves an issue with pasting multiple events from the clipboard into other apps, improves handling of .ics calendar event files containing leading spaces, and disables natural language processing when entering new events in Month view day cells. (A few days before BusyCal 3.2.2, BusyMac had released version 3.2.1 to fix unspecified issues
in High Sierra.)

BusyContacts 1.2.2 corrects a problem with the Activity List not displaying emails and chats in High Sierra and fixes a bug pasting multiple contacts from the clipboard into other apps. ($49.99 new for BusyCal from BusyMac or the Mac App Store, free update, 11.6 MB, release notes, 10.11+; $49.99 new for BusyContacts from BusyMac or the Mac App Store, free update, 5.5 MB, release notes, 10.9+)

Read/post comments about BusyCal 3.2.2 and BusyContacts 1.2.2.

Piezo 1.5.5 — Rogue Amoeba has released Piezo 1.5.5, adding full compatibility with macOS 10.13 High Sierra and ensuring that Piezo’s popover now behaves as expected in High Sierra. The “charmingly simple” audio recording app also updates its audio capture engine to fully support single-site browser (SSB) apps such as those made by Epichrome. Piezo requires 10.10 Yosemite or later (a requirement added in version 1.5.3, released in July 2017). ($19 new with a 20 percent discount for TidBITS members, free update, 8.3 MB, release notes, 10.10+)

Read/post comments about Piezo 1.5.5.

Hazel 4.2 — Noodlesoft has released Hazel 4.2, rejiggering the Copy action to use APFS’s cloning feature on APFS-formatted drives. The file cleanup utility also resolves a crash that occurred after entering a comma in the tag field, adds VoiceOver support for tokens in pattern fields, revises the Export All function to provide more descriptive names if more than one folder shares a name, fixes a bug with RAR files that would result in the parent folder being moved to the trash after unarchiving, and resolves an issue where matching dates with “am” in them had their hour altered. ($32 new or $49 for five-member
family pack, free update, 9.4 MB, release notes, 10.10+)

Read/post comments about Hazel 4.2.

iStat Menus 6.0 — Bjango Software has released version 6.0 of iStat Menus, a major upgrade for the menubar-based system monitoring utility that adds customizable notifications, hotkey support, and a new weather widget. You’ll be able to configure alert banners that appear in Notification Center (such as a daily weather forecast or when memory usage tops a specified amount), and the customizable Notification Center widget gives you a quick glance at CPU, Memory, Network, Disk, and Processes data.

In addition to a refined interface with more colors and theme options, iStat Menus 6.0 also enables you to set keyboard shortcuts for each menu dropdown, adds improved history graphs with tooltips for timestamps and values, lets you reorder pop-up menus and hide sections, provides support for AirPods battery level display, enables you to add multiple world clocks, and adds new localizations (for 36 languages in total).

The Weather menubar dropdown menu is powered by Dark Sky and Weather Underground, and it includes current temperature, hourly forecast, weekly overview, and more. However, the Weather feature requires an additional subscription. Purchase of iStat Menus 6 provides 6 months of free weather data that’s refreshed every 60 minutes. After 6 months, you can buy a data pack that lasts for 12 months for $1.99 (60-minute updates), $3.99 (30-minute updates), or $5.99 (15-minute updates). For more details on the weather feature, see this Bjango support page.

iStat Menus 6.0 costs $18 for a single license with 6 months of weather data ($25 for a family pack that can be installed on up to five Macs), and you can upgrade from iStat Menus 3, 4, or 5 for $9.99 ($14.99 for the family pack). ($18 new, $9.99 upgrade, 20.3 MB, release notes, 10.11+)

Read/post comments about iStat Menus 6.0.

Mellel 4.0.1 — RedleX has issued Mellel 4.0.1, the first maintenance release following the word processor’s recent major update to version 4.0 (see “Mellel 4.0,” 27 August 2017). The update fixes many issues in Mac OS X 10.6 Snow Leopard (including missing palettes and a “misbehaving” side pane), improves find-and-replace performance, fixes a bug that caused bad rendering of references inside notes, and resolves an issue that turned on the discrete GPU when Mellel launched (causing higher energy consumption). ($59 new from RedleX and the Mac App Store, $29 upgrade, free update, 93.6 MB, release notes, 10.6+)

Read/post comments about Mellel 4.0.1.

iBooks Author 2.6 — Apple has updated iBooks Author to version 2.6 with the capability to add images and videos from the Photos app using the Media Browser or via drag and drop. The ebook production and publishing app also gains support for wide color gamut images and Apple’s standard unspecified performance and stability improvements. (Free from the Mac App Store, 409 MB, 10.11+)

Read/post comments about iBooks Author 2.6.

Banktivity 6.2 — IGG Software has released Banktivity 6.2, adding compatibility with macOS 10.13 High Sierra and reintroducing the Category Interval Report (formally known as the Expense Timeline Report). The personal finance app also gains an improved import-matching algorithm, ensures that scheduled transactions display correctly, and opens the Print Settings window when printing uncategorized check transactions. ($64.99 new from IGG Software with a 20 percent discount for TidBITS members and from the Mac App Store, free update, 19.0 MB, release notes, 10.12+)

Read/post comments about Banktivity 6.2.

ScreenFlow 7.1 — Telestream has released ScreenFlow 7.1, the first maintenance release since the popular screencast recording and video editing app’s recent major upgrade (see “ScreenFlow 7.0,” 6 August 2017). The update adds support for exporting HEVC files (H.265) when running macOS 10.13 High Sierra, updates the canvas to show a color change when using the color picker, resolves a crash that occurred after importing Apple ProRes format files (.apcn, .apch, and .apcs), fixes an issue with iOS recordings having incorrect durations when recorded in High
Sierra, and corrects text cursor flashing when recorded by ScreenFlow in High Sierra. ($129 new from the Telestream Web site or from the Mac App Store, free update from version 7, $39 upgrade, 55 MB, release notes, 10.11+)

Read/post comments about ScreenFlow 7.1.

OmniFocus 2.11 — The Omni Group has released OmniFocus 2.11, addressing compatibility issues with macOS 10.13 High Sierra and requiring a minimum of 10.12 Sierra. The task management app resolves a couple of crashes (when displaying notes with certain types of attachments and opening the Print dialog), fixes a bug that caused placeholder fields in Quick Entry to render in the wrong color, restores rounded corners to the Quick Open window, fixes rendering of sidebar text, and corrects a problem where the repeat inspector’s layout was incorrect. ($39.99 new for Standard and $79.99 for Pro from the Omni Group Web
site, $39.99 for Standard from Mac App Store with in-app purchase option to upgrade to Pro, 31.4 MB, release notes, 10.12+)

Read/post comments about OmniFocus 2.11.

Yojimbo 4.1.1 — Bare Bones Software has released Yojimbo 4.1 to fix a crash when viewing PDFs in macOS 10.13 High Sierra. The information organizer now stores its data folder in your home directory by default. New data stores and future backups will be stored in Home/Yojimbo/ and Home/Yojimbo Backups/ respectively, though existing data stores located within the current Home/Library/Application Support/ location will continue to work. The update also resolves a WebKit exception when running 10.12 Sierra,
fixes a bug that made it possible to encrypt items using an incorrect password stored in the keychain, and changes its minimum requirement to 10.11.6 El Capitan. Shortly after releasing version 4.1, Bare Bones Software issued version 4.1.1 to fix a bug that broke Undo. ($30 new, free update, 7.8 MB, release notes, 10.11.6+)

Read/post comments about Yojimbo 4.1.1.

Airfoil 5.6.4 — Rogue Amoeba has released Airfoil 5.6.4 with improvements for interacting with the Apple TV, including correctly resetting stored passwords that have gone stale, reporting incorrect passcodes, and resolving an issue where pairing could fail with tvOS 11 (see “tvOS 11: The TidBITS Review ⭐⭐⭐,” 25 September 2017). The wireless audio broadcasting app also prevents the Preferences window from being minimized. ($29 new with a 20 percent discount for TidBITS members, free update, 14.2 MB, release notes, 10.10+)

Read/post comments about Airfoil 5.6.4.

ChronoSync 4.8.1 — Econ Technologies has released ChronoSync 4.8.1, bringing full compatibility with macOS 10.13 High Sierra and adding a few enhancements following its recent feature-packed release (see “ChronoSync 4.8,” 17 September 2017). The synchronization and backup app adds the capability to schedule a freestanding task document if no tasks are being tracked in the ChronoSync Organizer window, reimplements interface animations for all Assistants and the Validator function, improves logging and progress feedback when “blessing” a
destination volume in a bootable backup, fixes a bug that could cause a deadlock between ChronoSync and the ChronoSync Scheduler, and resolves bugs associated with automatic update checks. ($49.99 new for ChronoSync with a 20 percent discount for TidBITS members, free update, 48.4 MB, release notes, 10.10+)

Read/post comments about ChronoSync 4.8.1.

macOS Server 5.4 — Apple has released macOS Server 5.4 with support for APFS volumes and new restrictions, payloads, and management commands for Profile Manager. The update now hides Open Directory and Software Update Service by default; integrates Caching Server, Time Machine Server, and File Sharing advanced options into macOS; and enables you to migrate Server data from a volume with OS X 10.10.5 Yosemite and Server 5.0.15 or later. Changes to Profile Manager include new supervised-only Classroom restrictions in iOS 11 to allow managed class behavior for unmanaged classes on
supervised devices, new payloads in macOS (Extensions, Smart Card, and System Migration), and a new AirPlay Incoming Security payload for tvOS.

Note that you’ll need to install macOS Server 5.4 manually because updates aren’t automatically installed (even if you’ve selected other apps to update automatically from the Mac App Store). macOS Server 5.4 requires macOS 10.13 High Sierra. ($19.99 new, free update, 194 MB, release notes and security content, 10.13+)

Read/post comments about macOS Server 5.4.

iMovie 10.1.7 — Apple has released iMovie 10.1.7, adding support for the new High Efficiency Video Coding (HEVC) format used by macOS 10.13 High Sierra and iOS 11 (see “HEVC and HEIF Will Make Video and Photos More Efficient,” 30 June 2017). The update also improves compatibility when sharing videos to YouTube. iMovie now requires macOS 10.12.2 Sierra or higher. (Free from the Mac App Store, 2.14 GB, 10.12.2+)

Read/post comments about iMovie 10.1.7.

OmniOutliner Essentials and Pro 5.1.2 — The Omni Group released version 5.1.2 of OmniOutliner Essentials and OmniOutliner Pro, adding a new Go to Search Field menu option to the Find menu (Command-Option-F) that changes focus to the toolbar Search field. Both editions of the outlining and information organization app improve compatibility with macOS 10.13 High Sierra — ensuring audio recording attachments are useable, keeping templates from flashing on screen during installation, and keeping input fields in the Row inspector to the correct width.

The update also fixes issues related to interacting with attachments after being opened and ensures that dragging of attachments using the Control key modifier correctly creates a link. OmniOutliner 5 is available from the Mac App Store as a free download (providing a 2-week free trial) with options for unlocking Essentials and Pro features at $9.99 and $59.99 respectively. ($9.99 new for Essentials, $59.99 for Pro, $4.99/$29.99 upgrades, 37.3 MB, release notes, 10.11+)

Read/post comments about OmniOutliner Essentials and Pro 5.1.2.

In ExtraBITS this week, Twitter has seemingly dropped its Apple Watch app, the FCC wants Apple to enable radio chips that don’t exist, Apple explains Face ID security details, Twitter is experimenting with doubling its character limit, Siri goes back to using Google searches, and it turns out that you can pair a cellular-capable Apple Watch Series 3 with an Android phone, though doing so is a bad idea.

Twitter’s Apple Watch App Disappears — With a recent update to Twitter’s iOS app, the company seems to have eliminated its associated Apple Watch app. In a statement, Twitter said that it is “focusing on supporting more robust, media-rich notifications” and is “committed to providing the very best Twitter experience on iPhone, iPad, Apple TV and Apple Watch.” The company never acknowledged removing the Apple Watch app or suggested that it might return. Twitter is the latest major tech company to abandon its Apple Watch app, following Amazon, eBay, and Google. Perhaps the
lesson here is that users see many Apple Watch apps as largely gratuitous. Just because you can build it doesn’t mean you should.

Read/post comments

Hey FCC, iPhones No Longer Have FM Chips — Ajit Pai, chairman of the U.S. Federal Communications Commission, has called on Apple to activate hidden FM chips in iPhones to aid in hurricane relief efforts. The only problem, as Daring Fireball’s John Gruber points out, is that newer iPhones don’t have such chips. FM chips did exist incidentally in older iPhones, but they weren’t wired up in such a way to work at all. Pai may be well-intentioned (or else he’s trying to distract attention from how the FCC has responded to the recent hurricanes), but his crusade against Apple is ultimately a
quixotic quest he could have avoided with a little research.

Read/post comments

Apple Documents Face ID Security Details — Apple has released a white paper explaining some of the finer details of Face ID, the facial recognition system coming with the iPhone X. Much like Touch ID, Face ID stores only a partial version of your biometric data on the device, so even if an attacker extracted the data, they couldn’t reconstruct your face. Also, Face ID occasionally adds photos from successful logins to its model so it can continue to recognize you as your face changes over time. Unfortunately, Face ID may not be adequate to foil evil twins
(we’re not kidding!).

Read/post comments

Twitter Doubling Character Limit to 280 — Say it isn’t so! Twitter has announced that it is doubling the character limit for tweets from 140 to 280, nominally to allow those who write in languages like English, French, and Spanish to express as much information as those who write in Chinese, Japanese, and Korean. Twitter is rolling the feature out slowly, and so far the accounts with the new 280-character limit are being as obnoxious as possible about it. But what else would you expect?

Read/post comments

Siri Goes Back to Google — Siri originally used Google for search results, but starting with iOS 7, Apple switched to Microsoft’s Bing search engine in an attempt to reduce its dependence on Google. However, Bing’s results have never been as good as Google’s, leading many people to avoid searching with Siri. We were chuffed to see that, soon after the release of iOS 11, Apple quietly switched Siri and the Mac’s Spotlight back to Google for searches other than image searches, which still use Bing. So far, it seems like an
improvement.

Read/post comments

Nutty Hack of the Week: Pair an Apple Watch Series 3 with Android — In the Stupid Apple Tricks department, iMore’s Serenity Caldwell has discovered that it is possible to pair a cellular-capable Apple Watch Series 3 with an Android phone, although she admits that it’s a terrible idea. The process involves tricking the Apple Watch by inserting the SIM from an Android phone into an iPhone, pairing the Apple Watch, and then moving the SIM back to the Android phone. It works, but your Apple Watch will lose many features and have awful battery life. In other words: don’t try this at home.

Read/post comments