Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
Show excerpts


If you’re planning to do your holiday shopping online this year, don’t pull out that credit card until you’ve read Rich Mogull’s article on ensuring that your electronic purchases are secure. Also in this issue, we detail the enhancements in the iPhone 2.2 Software for the iPhone and iPod touch and look at what’s new in the Apple TV 2.3 update. Matt Neuburg returns with a look at Script Debugger 4.5, Glenn Fleishman notes AnchorFree’s no-cost VPN for the iPhone, and Doug McLean – the newest member of the TidBITS staff – looks at Google’s new SearchWiki service. We wrap up with the release of “Take Control of Syncing Data in Leopard,” a DealBITS drawing to win a copy of MacSpeech Dictate, our annual Gift Guide survey to determine what will appear in the 2008 TidBITS Gift Guide, and the revival of the ExtraBITS name for a collection of interesting links from around the Web. Lastly, in this week’s extra-large Watchlist, we note the releases of HandBrake 0.9.3, MacSpeech Dictate 1.2.1, Freeway 5.3, Default Folder X 4.1, Adobe Camera Raw 5.2, Safari 3.2.1, DiscLabel 5.4, iTunes 8.0.2, Apple’s Pro Apps Updates 2008-004, PopChar X 4.1.1, KeyCue 4.3, OmniFocus 1.5, The Missing Sync for Windows Mobile 4.0.4, Daylite 3.8, AccountEdge 2009, Yum 3.0, Apple’s Compatibility Update for QuickTime 7.5.5, and Apple’s MacBook/MacBook Pro Trackpad Firmware Update 1.0.

Jeff Carlson No comments

Apple TV 2.3 Adds AirTunes, Volume Control

Apple has updated the Apple TV software to version 2.3, adding a few refinements to the company’s “digital living room” appliance.

In an earlier update, Apple added the capability to use the Apple TV as an AirTunes speaker: you can start playing music from your Mac or Windows computer in one room, and have it play in the living room via the Apple TV, in another room via an AirPort Express, and so on. With the 2.3 update, the Apple TV can now be the music source, streaming to AirPort Express units or other Apple TVs on your home network.

If you own a third-party remote control (such as a Harmony universal remote), you can make the Apple TV learn its settings (go to Settings > General > Remotes > Learn Remote). The Apple TV also now recognizes iTunes playlists that contain movies, TV shows, music videos, and podcasts. (In a related change, I see that you can now play music videos back-to-back, although I’m not sure if this capability is specific to the 2.3 release; under the Apple TV Software 2.0, you could watch only one music video at a time.)

Finally, the Apple TV gains a feature that’s been missing from day one: you can control volume (in music only) using the Apple remote.

The update is available only from the Apple TV itself: go to Settings > General > Update Software.

Adam Engst No comments

Please Welcome Doug McLean

Back in August, we started searching for a staff writer to help with all the TidBITS and Take Control writing that was overwhelming us. We got quite a bit of interest, and ended up hiring Doug McLean, a 25-year-old Cornell graduate once again living in Ithaca while his girlfriend works on her MFA degree at Cornell. Doug’s background is in art as well – he has a BFA from Cornell, putting him in the same category as Glenn Fleishman, whose art degree is from Yale.

(For the record, my degree from Cornell is in Hypertextual Fiction with a double major in Classics, Tonya majored in Communications, Jeff Carlson has an English Writing degree, Joe Kissell has a Philosophy BA and a Linguistics MA, Mark Anbinder stuck with Linguistics for his undergraduate work, Matt Neuburg studied – and later taught – Ancient Greek, and Rich Mogull spent 8 years accumulating more credits than most grad students on his way to a History degree with an emphasis in Molecular, Cellular and Developmental Biology.)

Much as we seem to attract people with humanities backgrounds, it was Doug’s post-collegiate experience that made him stand out. He had worked at several New York City art galleries (which, if you’ve ever been to any, seemingly all use Macs), done testing for the New York Times Web site, and oversaw Mac support at the Montserrat College of Art in Massachusetts. Most recently, he had been doing freelance editing of graduate school admission essays for non-English speakers, both editing the text and explaining how English works so the students could improve their writing.

It has been truly enjoyable to work with Doug so far, thanks to his indefatigable enthusiasm for learning new stuff. And while he’s extremely capable on a modern Mac with current software, since he was in second grade when we started TidBITS, there’s a ton of history and context that he’s been picking up as he goes. Sometimes his inexperience in the industry is a benefit too, since he doesn’t always share our assumptions and preconceptions.

Although it was important to us for this staff position to be located in Ithaca for in-person meetings, Doug and I have been using iChat screen sharing frequently as he learns the ropes of our sometimes idiosyncratic systems and methods of working. Sometimes it’s helpful if I can offer suggestions while he’s working or guide him in the right direction; at other times it’s easier if I can drive while he watches. No matter what, we’ve found screen sharing to be astonishingly useful, and if you haven’t yet given it a try, you’re missing out.

So the next time you see Doug’s byline under an article you found useful, drop him a note and let him know that you appreciated his efforts.

Adam Engst No comments

DealBITS Drawing: Win a Copy of MacSpeech Dictate

Seamless speech recognition is one of those holy grails of computing, and although we’re not yet at the Star Trek level, the accuracy of speech recognition on the Mac took a major step forward this year with the release of MacSpeech Dictate, which uses the same engine as the Windows market leader – Nuance’s Dragon NaturallySpeaking. The current MacSpeech Dictate 1.2 adds the capability to spell out unusual words or acronyms, phrase training that enables users to fix incorrectly recognized words right away, and a Move command for verbal editing.

In this week’s DealBITS drawing, you can enter to win a copy of MacSpeech Dictate, worth $199. Entrants will also receive a discount on MacSpeech Dictate, so be sure to enter at the DealBITS page. All information gathered is covered by our comprehensive privacy policy. Remember too, that if someone you refer to this drawing wins, you’ll receive the same prize as a reward for spreading the word.

Jeff Carlson No comments

Vote in the 2008 TidBITS Gift Guide Survey

Over the past two weeks, TidBITS readers around the world have been suggesting ideas for this year’s 2008 TidBITS Gift Guide. Suggestions have included Apple hardware, games, utilities, USB devices, speakers, laptop bags, iPhone apps, and many more esoteric items. Now it’s time to whittle down the suggestions into a guide to the top items to get for the Mac geeks in your life (and to add to your own list too, of course).

Please take a few minutes and vote in the 2008 TidBITS Gift Guide Survey, which is now open. Rate each item on a 1 to 5 scale, where 1 is the lowest ranking and 5 is the highest. If you’re unfamiliar with an item, you can either check it out via the link provided before voting or just skip it. We’ll collect votes through the end of the week, tally them, and publish the final results by 08-Dec-08.

And of course, if you have more ideas to submit, just post them in the appropriate thread in TidBITS Talk. We won’t be able to include them in the survey, but they’ll be available for everyone to see.

Matt Neuburg No comments

Script Debugger 4.5 Offers Power Editing to AppleScripters

As is so often the case in the cyclic world of software development, history repeats itself, but (despite Marx’s dictum) it’s better the second time. A couple of years ago, my TidBITS contributions fell off temporarily while I worked flat out on some projects connected with AppleScript (“Notes From the AppleScript World,” 2006-02-13). Well, it has happened again. For the last few months I’ve been assisting Mark Alldritt, veteran programming wizard and AppleScript master extraordinaire, with the documentation and development of the new version of Script Debugger, the flagship application of his Late Night Software.

As a Late Night employee, I can’t praise Script Debugger 4.5 without risking a conflict of interest, but it’s fine for me to tell you what it does and why I use it (and in any case my opinion is already a matter of public record). In an amazing feat of technical magic, Script Debugger instruments AppleScript so as to make it debuggable, letting you set breakpoints and step through your script one line at a time, watching the values change. It also helps solve the perennial headache of scripters everywhere, learning what aspects of a scriptable application are scriptable, by exposing the application’s “object model” in real time before you’ve written a single line of code. For example, it instantly shows you,
graphically, that iTunes currently has such a thing as “album of file track 2 of browser window 1’s view”; armed with that kind of knowledge, you can easily start scripting.

What’s new in Script Debugger 4.5? Most profound is that Script Debugger itself is now once again scriptable (having lost its scriptability in the trauma of being rewritten as a Cocoa application in version 4.0, owing to the shortcomings of Cocoa’s own scriptability implementation). This permits automation and enables some new debugging techniques. Also, Script Debugger is now much more canny about that perpetual bugbear of AppleScript on Mac OS X, the annoying tendency of applications to launch when their scripting dictionary is accessed; in several situations it warns when this might happen, and can even prevent it.

Overall, users will experience Script Debugger 4.5 as a vastly more sophisticated editor. The editing window can be split horizontally and vertically, the code block structure can be highlighted, find-and-replace can use regular expressions, and menu item shortcuts can be customized. Even better, Script Debugger uses its internal knowledge of AppleScript language syntax to make text entry far more convenient. Start to type an AppleScript term; Script Debugger can complete it. Type a user-defined abbreviation; Script Debugger will expand it (so that typing just “dd”, for example, could enter an entire “display dialog” command with all the trimmings). Type an opening delimiter (like a left parenthesis); Script Debugger can close it (with
a right parenthesis). And my absolute favorite: Type the start of an AppleScript block (like a “repeat” or a “tell”); Script Debugger can enter the corresponding block closing for you (“end repeat”, “end tell”). The drudgery relief is palpable all over the AppleScript world.

Other improvements bring Script Debugger into the modern Leopard world: Unicode literal strings are legal, limitations on script length are removed, and Quick Look and Spotlight are supported. Oh, and I suppose I ought to mention that the online help documentation (“cross-referenced and cross-linked out the ying-yang,” as John Gruber would say), as well as the tutorial introduction, and Script Debugger’s extensive and example-filled scriptability dictionary, are all thoroughly rewritten by moi.

Finally, I should mention that Script Debugger 4.5 is the product of the best beta-testing process I have ever participated in. The testers exercised the application thoroughly at every stage, and found bugs that left me gasping in amazement at the cleverness of their very discovery. Plus, they freely offered suggestions and criticisms at every level. The developer, for his part, took all of this on board with goodwill, providing the testers with complete access to information about what he was changing and where he was heading and what bugs remained open, and allowing Script Debugger’s usability and clarity to be honed by the testers’ real-world experience and needs. This is beta testing at its finest, and all users are its

Script Debugger 4.5 requires a PowerPC G4, G5, or Intel processor and Mac OS X 10.4 Tiger or Mac OS X 10.5 Leopard; the latter is recommended. It costs $199, or $49 to upgrade from version 4.0. A 20-day full-featured demo is available as a 10.7 MB download.

Doug McLean No comments

Google Tests New Search Customization Feature: SearchWiki

Google’s just-announced SearchWiki, despite its name indicating a focus on collaborative capabilities or a lightweight Web editing tool, is essentially a collection of customization tools for the Google search engine. Features include the capability to comment on search results, view other user comments, rearrange the search results, delete results to prevent them from appearing in similar searches, and have desired-but-missing URLs appear when conducting similar searches. With the exception of added comments, none of your actions will be seen by others or affect their search results. Even your comments won’t be visible unless others explicitly
activate the user comments for a particular search result.

These features at first sounded relatively useful and interesting (could there be a Google Reality Distortion Field?), but I slowly became confused by them and unconvinced that they would improve my search experience. Google’s big win is that they’ve made results smart without you having to do anything beyond enter search terms and click links. Conceptually, these new features muddle that simplicity without adding any major benefit.

Typically when you’re searching you don’t know where to go or even necessarily what you’re looking for – that’s why you’re searching and not simply navigating to the desired site. Rearranging, adding, and deleting results seem counterintuitive to that basic principle – these actions imply familiarity with the material. Granted, sometimes you’ve searched for something and want to get back to it, but typically the desire to return to the information is coupled with a previous lack of foresight that you would want to do so. Otherwise, why not just bookmark the page?

In particular, adding URLs and rearranging results seem incompatible with the essential function of a search engine. If you already know the address of the Web site you’d like to visit, why not just bookmark it rather than add it to your Google results page? The same issue exists with rearranging results; if there are a few sites that you consistently want to see at the top of a results page, why not just bookmark them and cut out the middleman?

Comment features make sense in some places, such as product reviews. The cost of purchasing and evaluating a product by yourself is high compared to the cost of reading other users’ opinions. But when evaluating a Web page, the cost of doing the work yourself is much lower, and it would be far easier and faster to go to a Web page yourself than to read 20 reviews on it – especially when you have to explicitly activate those comments to see them. Additionally, you may find yourself sifting through comments made by trolls, bots, boosters, whackjobs, or simply people who seem way off the mark.

Given these problems, I’ve yet to see how SearchWiki could be attractive to a widespread population, though there may exist a niche market for this kind of search engine interaction. While it’s always valuable to rethink and retool established ideas and methods, this particular attempt seems to fall short of bringing real change and innovation to the search engine. I think it’s likely Google will simply use the data generated from this experiment to further refine their search algorithms than to seek to make SearchWiki a widespread release. For the moment, though, SearchWiki is merely a curiosity.

You may not see these features in your Google search results yet, since Google has enabled SearchWiki for only a subset of the massive Google user base. Plus, it may not last. Google’s SearchWiki FAQ says, “This is an experimental feature served to a random selection of participants and may be available for only a few weeks.”

Adam Engst No comments

iPhone 2.2 Software Enhances Maps, Tweaks Interface

Apple has released the iPhone 2.2 Software Update for all models of the iPhone and iPod touch, beefing up a number of key features and refining the interface even further. The software is about 248 MB and is available only via iTunes.

New Features — Chief among the new features of the iPhone 2.2 software are enhancements to the Maps app, including the extremely helpful addition of public transit and walking directions, pictures from Google Street View, a Share Location button that creates an email message containing a Google Maps URL to the location, and the capability to display the address of dropped pins. (These features were not added to the iPod touch Maps application.)

Google collects Street View information by driving the streets of major cities around the world with cameras that capture information in a nearly complete sphere (excluding most of the sky) around the vehicle. Street View is shown on Google Maps on the Web and via the desktop version of Google Earth. In the browser version, you click a Street View button, and blue outlines appear around city blocks in which Street View information is available.

No such luck on the iPhone. To use Street View, you must drop a pin (or perform a search and tap on a pin), and then examine whether a tiny Street View icon – an orange person – is tinted fainter or at full intensity on the descriptive bubble that appears. If at full intensity, you tap the tiny icon, and the Maps application rotates into landscape view to display a navigable image.

A small circle shows the current cone of sight and street location. You can drag, pinch, and expand, while tapping an arrow moves the view to the next street slice. There’s no warning when data runs out; an empty “holodeck” image appears instead.

The iTunes app also gains the capability to download podcasts over either Wi-Fi or the cellular network. Previously, podcasts could be downloaded only to the iPhone or iPod touch’s host computer and then synced via USB. However, for reasons I don’t yet understand, the iPod touch can’t play the TidBITS podcast within the iTunes app, although downloading it works fine.

Interface Refinements — Although I’m guessing there will be more interface tweaks found by alert users in the days to come, Apple calls out a few in particular:

  • You can now jump from any extra Home screen back to the first one by pressing the Home button. This is a good first step, but Apple will have to improve the Home screen interface further, since it’s becoming nearly impossible to find any given icon after installing a bunch of apps.
  • There’s now a preference to toggle auto-correction in the Keyboard Settings. Although auto-correction is generally a good thing, there are times when it’s annoying, and some people absolutely hate it.
  • Safari features a new search-friendly interface, which means basically that a Google search field shows next to the address field, much as in the full version of Safari.

Bug Fixes — The main advantage of a “soft” phone like the iPhone (where much of the functionality is in software, rather than burned into the phone’s chips) is that it’s possible not just to add features, but to fix problems that would bedevil other phones forever. Apple’s only copping to “Decrease in call setup failures and dropped calls,” the same wording used for improvements in previous releases, but if true, it’s certainly welcome. Apple also says that the sound quality of Visual Voicemail messages has been improved.

Mail receives two important bug fixes, one that resolves problems with scheduled fetching of incoming email, and another that improves the formatting of wide HTML-formatted messages. Too-wide email can play havoc with the iPhone’s narrow screen, as we’ve discovered with the hard-wrapped text edition of TidBITS, where the lines break tremendously awkwardly. If you want to read TidBITS in email on your iPhone or iPod touch, we strongly recommend that you subscribe to our full-text HTML edition, which displays very nicely.

Other bug fixes include improved performance and stability of Safari and fixes for problems connecting to certain secure WPA Wi-Fi networks.

Not surprisingly in this day and age, there are also quite a few fixes related to security. Along with the usual problems that could result in application crashes or arbitrary code execution (usually from visiting a malicious Web site or viewing a maliciously crafted image), there were a few more interesting items fixed.

  • A maliciously crafted TIFF could have caused the entire iPhone or iPod touch to reset, due to a memory exhaustion issue. I sometimes worry that my personal TIFF handling has the same problem, since I occasionally have memory exhaustion issues too.
  • The encryption level for PPTP VPN connections could previously have reverted to a lower setting, resulting in a lower security level than expected.
  • The Passcode Lock feature wasn’t properly restricting calls when locked to only emergency numbers. Also, restoring an iPhone from backup wasn’t always re-enabling Passcode Lock. And finally, SMS messages could be revealed while the emergency call screen was visible – there’s now only a notification that an SMS message has arrived.
  • It was previously possible for a phone call to be placed by a maliciously crafted Web site, if an app was launched via Safari while a call approval dialog was showing.

Overall, it appears that the iPhone 2.2 Software will provide extremely welcome improvements and fixes; the question as always will be if there are other problems introduced by the update, and for that we’ll just have to wait for user reports.

What’s Still Missing — Much as the new features and bug fixes in the iPhone 2.2 Software Update are welcome, the wishlist of features for future updates remains largely unchanged.

  • Copy-and-paste stays at the top of the wanted list, although there’s no question that this one will require some serious thought on Apple’s part, given the restrictions of the multi-touch interface.
  • Voice dialing is a close second, although I suspect AT&T will at some point offer a for-fee service that provides this capability, despite the fact that the iPhone could likely handle voice dialing in its sleep.
  • Despite the addition of transit and walking directions to Maps on the iPhone (but not the iPod touch), we still haven’t seen turn-by-turn voice directions. That would enable an iPhone to take over for a standalone car navigation GPS and would increase the iPhone value proposition greatly for some people. Apple has muttered about not wanting to be liable for GPS-caused driving mistakes, but I suspect there’s more to it than that.
  • It’s odd that a device as savvy about multimedia as the iPhone lacks MMS (Multimedia Messaging Service) support. I’d finger AT&T as the guilty party in this one.
  • Even though Apple previously promised system-wide push notifications on the iPhone by September 2008, this feature still hasn’t appeared. Since the iPhone doesn’t let third-party applications run in the background, this feature would provide another way for apps that aren’t currently running to receive real-time updates from Apple’s servers.
  • Finally, the iPhone still can’t handle Flash-enabled sites or content. Adobe is developing a Flash Player for the iPhone, but unless the performance can meet Apple’s standards, it may never see the light of day.

Glenn Fleishman No comments

AnchorFree Offers Free VPN for iPhone

Surfing at public Wi-Fi hotspots can be dangerous: laptops and Wi-Fi-enabled smartphones pass lots of secrets through the air unless you’ve taken specific measures to use encrypted connections to protect passwords and personal data. AnchorFree would like to encourage you to protect your data by offering you the best possible incentive: a free service.

I’ve long recommended that hotspot users employ a virtual private network (VPN) connection, which creates an encrypted tunnel from a computer or handheld to a server elsewhere on the Internet. All data entering and leaving the machine is safely wrapped up from prying eyes on the local hotspot network. Corporations make their remote employees use VPNs to ensure that sensitive information is accessible only on the employee’s laptop or within the corporation’s network, never while in transit between the two.

But individuals have also been able to get VPN protection via rent-a-VPN services like WiTopia’s personalVPN. I wrote about that firm and others, along with general security advice, in “Secure Your iPhone Connections at Macworld Expo – and Beyond,” 2008-01-09; that advice remains valid!

AnchorFree extended an existing free VPN service for laptops – Hotspot Shield – with an offering that works with the iPhone. The laptop version of Hotspot Shield is based on OpenVPN, which uses the SSL/TLS protocol to create a secure session. But Hotspot Shield has two problems for the iPhone. First, it requires that you download and install Mac OS X or Windows software to create a connection; the iPhone doesn’t yet allow VPN software to be installed. Second, the iPhone also doesn’t yet natively support SSL/TLS VPNs, despite their popularity.

To work around these problems, AnchorFree chose to add to Hotspot Shield a VPN type that the iPhone has built in: L2TP, which stands for Layer 2 Tunneling Protocol over IPsec (Internet Protocol security). L2TP is an extremely strong method of creating a secure connection, and is one of three methods that the iPhone 2.0 Software and later support. (Alas, the iPhone can’t maintain a seamless VPN connection when you roam among Wi-Fi networks or between Wi-Fi and cell data networks; you have to disable and then re-enable the VPN connection for each network move.)

To use Hotspot Shield with an iPhone – or an iPod touch with 2.0 or later software, which has the same included VPN support – sign up at the AnchorFree iPhone entry page for a free account, and then follow the directions the company provides for how and what to enter in the iPhone’s VPN connection setup area. No additional software for the iPhone is needed.

The service is offered at no cost, by the way, because AnchorFree uses it as a branding tool. The firm has a federated network of independently operated free Wi-Fi hotspots for which it pushes out ads and shares revenue, as well as offering advertising in its desktop VPN software. There’s no advertising – nor any possible – with the iPhone VPN account.

As with any VPN service (whether free or fee), it’s critical to remember that the termination of the VPN tunnel is at the VPN operator’s network operation center (NOC). That means your data is entirely protected in an extremely secure manner from your laptop to their servers – after that, it could theoretically once again be sniffed en route to its eventual destination.

That said, there’s not much to worry about. VPN providers like AnchorFree generally have additional protections in their NOCs, which may be located in their offices or in co-location facilities (like TidBITS’s network provider, digital.forest). Traffic from a NOC to a destination, like an email provider or Web site, is usually nearly impossible to intercept (unless you’re a government) because of the security of the routers that carry traffic between network hubs. You can’t just plug in and gain access, even if you could get into the sealed rooms in which the routers and servers are located.

In any case, using a VPN protects the weakest link when you’re working in public: the air around you that vibrates with your sensitive information.

Rich Mogull No comments

Security Tips For Safe Online Holiday Shopping

The annual American tradition of Black Friday shopping madness, with its irresistible deals and steep discounts for those willing to brave the crowds of the local shopping malls, has come and gone, but the rest of the mad shopping season is still going strong. These days, however, thanks to the wonder of the Internet, we can all experience the hustle and bustle of the mall from the comfort of our own homes. And to help keep your shopping experience authentic, there’s no shortage of cheats and thieves ready to yank your painstakingly chosen gifts right out of the virtual trunk of your Web browser, along with your credit card number.

In the spirit of safe and happy holidays, TidBITS presents our top tips for safe online shopping. Some of these tips also apply to the real world for those of you who just can’t resist the mall. (For your Windows-using friends and family I have a non-Mac version of this article available at my security blog).

Buy Safely With New Payment Options — Consumers have a number of relatively new options to protect their credit cards and bank accounts when shopping online. I recommend you use a dedicated credit card, temporary credit card number, or PayPal account for holiday shopping.

The most basic option is to pick your credit card with the lowest limit and use it exclusively for holiday shopping. Choose one you can monitor online, and check the activity at least weekly through the holidays. Also make sure your chosen card isn’t also a debit card, since debit cards don’t have the same fraud protections as credit cards, and you may be responsible for fraudulent charges. While you can always dispute a credit card charge, only some banks, on some accounts, allow you to dispute debit card charges (even if your card has a Visa or MasterCard logo on it).

To keep your card statement simple, turn off any automatic payments so you can dispute any spurious charges before making a payment. Keep tracking activity at least monthly after the holidays are over, and consider canceling the card if you notice any unusual charges that you can’t account for, even if they are low dollar amounts (a technique bad guys use to test for valid cards and people who aren’t paying attention). Save all email receipts for online purchases in a mail folder, since they’re extremely helpful when trying to remember what you might have ordered for $25.92 on November 30th.

I recommend you restrict your credit card use to major online retailers, and for smaller shops instead use either a PayPal debit account or temporary credit card. While you might get a better deal from, many smaller retailers don’t have security as strong as their bigger brethren. Those hosted or selling through a major service are usually safe, but few consumers really want to check the pedigree for specialty shops.

One approach is to create a dedicated PayPal account that’s not linked to any of your bank accounts or credit cards. You can pre-fund it via bank transfer with as much cash as you think you need and use it for online payments where you’re a bit dubious about the retailer. In the absolute worst case, you would lose only what’s in that account, and you can easily cancel it anytime.

Another option, depending on your credit card company, is a temporary credit card number for online shopping. These are disposable card numbers you generate yourself using your card issuer’s Web site, and they can’t be used again or leveraged to run up your account. Charges still appear on the same bill, and are tied to your main credit card account. Check with your credit card company to see if they offer this service, but most of the major card issuers do. I like temporary credit card numbers better than account passwords (such as Verified by Visa and Mastercard SecureCode) since they work everywhere, and you don’t have to worry about anyone sniffing them. Two examples are ShopSafe by Bank of America, and Virtual Account Numbers from Citibank.

Avoid Email Fraud — In the security industry we always see a rise in online fraud during the holidays, but there seems to be a larger spike this year as the bad guys try to take advantage of the economic downturn.

The first rule of Internet security applies here: if an email message relates to anything financial, don’t click links in it. Period. And if the message is a retail offer, be very cautious. It doesn’t matter if your best friend has seemingly sent you a really good deal in email. It doesn’t matter if it’s your favorite retailer and you’ve always gotten email offers from them. No special offers. No eBay member-to-member email messages. No “fraud alerts” to check your account.

Attackers are increasingly refining their phishing attacks, some of which are very hard to distinguish from legitimate email messages. When you see an interesting offer in email, and it’s a business you want to deal with, just open your Web browser, type in the company’s URL manually, and browse to the item, offer, or account area. Email is the single biggest source of online fraud and this year will be no different.

I also recommend you use an email account with a service provider that offers spam filtering (it’s built into MobileMe, Gmail, Yahoo! Mail, and Hotmail). These block most spam and phishing attempts before the messages even hit your inbox. If you have email accounts with providers that don’t filter, you should also look at C-Command Software’s excellent SpamSieve. Even though all my email accounts are filtered by my service providers and Apple Mail has decent filtering too, I still use SpamSieve to catch those last stragglers. Despite multiple public
email addresses, I see only about one to three junk messages per day on even my most-attacked accounts.

Protect Your Web Browser — Caution in email is great, but the primary avenue of attack is through your Web browser. You can reduce your vulnerability with some easy steps.

First, make sure your Web browser is updated to the latest version and turn on the highest security settings. For Safari 3.2, the two main security options in Preferences are Block Pop-up Windows and the new Warn When Visiting A Fraudulent Website. (For more information on how this works, see my article “Are Safari’s New Anti-Phishing Features Useful?” 2008-11-18).

Over the past few months, we’ve seen significant updates of all the major Web browsers to include enhanced security features. Since the Safari update last week, all major browsers now include features to help detect fraudulent sites – if you see such a warning, quit the browser immediately and don’t go back to that site.

All these browsers also prompt you before installing any software when you visit a site; when shopping, never allow the site to install anything. Either it’s a fraud or they don’t deserve your business. Pay particular attention to plug-ins purportedly for watching video or playing free games unless you know you can trust the site (both types of plug-ins are recent vectors for Mac trojans). Most browsers now enable security features by default, so I won’t provide detailed instructions here.

You can also install the NoScript plug-in for Firefox. This is a free plug-in that blocks anything from running in your browser that you don’t manually allow (like JavaScript, Flash, and so on). You won’t need it if you just stick with major sites like, but if you use Google to help you find a too-good-to-be-true deal on a Drink-With-Me Elmo doll, you shouldn’t be surfing the Internet without it. If you don’t want NoScript bothering you all the time, at least use it during your holiday shopping and turn it off later.

These simple steps won’t stop all fraud, but will significantly reduce both the chance that you’ll be a victim and the damage if you are. Good luck, and safe shopping!

Adam Engst No comments

Sync Smarter with ‘Take Control of Syncing Data in Leopard’

With clear directions and a humorous touch, “Take Control of Syncing Data in Leopard” explains how to sync data from a Mac running Mac OS X 10.5 Leopard with a variety of devices from Apple and other companies. Whether you want to sync phone numbers between your Mac and your mobile phone, share calendars and keychains between Macs, or move only new podcast episodes to a small iPod, syncing expert Michael Cohen has the answers. You’ll learn what software and gear you need and the best ways to move your data between different devices. The ebook also explains how syncing works under the hood and provides troubleshooting advice in case your sync engine throws a

Types of sync data covered include:

  • Calendar items stored in iCal, Entourage, and Google
  • Contacts stored in Address Book, Entourage, Yahoo, and Google
  • Data on Exchange servers
  • Dock items and Dashboard widgets
  • Apple Mail account settings, Safari bookmarks, and application preferences
  • Apple Mail and Entourage notes
  • Keychains (user names and passwords)
  • Items from software that uses Leopard’s Sync Services, including NetNewsWire and Yojimbo
  • Audio, video, photos, and associated metadata from iTunes

Types of devices covered include:

  • Macs, with detailed coverage of MobileMe and overviews of popular third-party options
  • iPhone and iPod touch, via MobileMe or iTunes
  • Old and new iPods via iTunes, with details on whether and how to use a USB or FireWire connection
  • The Apple TV via iTunes
  • Mobile phones, smartphones, BlackBerries, and Palm OS PDAs

Connection technologies and software examined include:

  • Bluetooth, USB, FireWire, Wi-Fi, and Ethernet
  • MobileMe, iTunes, iSync, IMAP (IMAP discussion is limited to Apple Mail)
  • Third-party products from BusyMac, Mark/Space, PocketMac, and Spanning Sync

Michael Cohen’s “Take Control of Syncing Data in Leopard” costs $10, or you can save 20 percent by buying it with a related title.

Doug McLean No comments

TidBITS Watchlist: Notable Software Updates for 01-Dec-08

  • HandBrake 0.9.3 is a significant update to the open-source video conversion program, most commonly used for converting DVDs to MPEG-4 video files. The latest version extends HandBrake’s capabilities so it can convert from any input source, not just DVDs. Other important changes include improved video quality, control over multiple audio tracks, persistent queues that stick around in case of a crash, more and better organized presets, better audio-video synchronization, and much more. Note that HandBrake no longer includes internal DVD decryption, but that’s irrelevant if you have libdvdcss installed as part of the open-source VLC 0.9.x video playing
    application. See the full release notes for all the details. (Free, 6.1 MB)
  • MacSpeech Dictate 1.2.1 from MacSpeech is a maintenance update for the speech-recognition utility, fixing reported issues and adding several features. Version 1.2.1 adds commands for next and previous fields, checks for incompatible keyboard layouts in Mac OS X 10.4 Tiger, and adds a preference for the number of recognition alternatives. A full list of changes can be found on the MacSpeech Web site. ($199 new, free update)
  • Freeway 5.3 from SoftPress Software updates the Web design software with added support for displaying Flash Video content on the iPhone. The software now enables users to add both FLV and QuickTime formats to a single page, accommodating a variety of devices including the iPhone. ($249 Pro/$79 Express new, free update, 64.9/63.3 MB)
  • Default Folder X 4.1 from St. Clair Software is the latest version of the Open and Save dialog-enhancement utility. Changes include increased toolbar and window response speed, full support for OpenOffice 3, improved compatibility with Spaces, and the capability to play audio files in the preview pane. ($34.95 new, free update, 9.3 MB)
  • Adobe Camera Raw 5.2 updates the Photoshop plug-in with raw file support for seven new digital cameras including the Canon EOS 5D Mark II, Canon PowerShot G10, Panasonic DMC-G1, Panasonic DMC-FX150, Panasonic DMC-FZ28, Panasonic DMC-LX3, and Leica D-LUX 4. Other changes include a Targeted Adjustment Tool that enables on-image adjustments, the capability to save all settings in a single reference, and new output-sharpening features for improved screen and print output. (Free update, 40.8 MB)
  • Safari 3.2.1 from Apple is a minor stability update for both the Leopard and Tiger versions and presumably resolves the issues that had been causing Safari to crash for some users after the version 3.2 release. Apple’s release notes are particularly terse, saying only, “This update includes stability improvements and is recommended for all Safari users.” (Free update, 39/25.7 MB)
  • DiscLabel 5.4 from SmileOnMyMac is the latest version of the company’s CD and DVD label design software. The update adds 15 new templates with designs for holidays, gifts, and businesses. Also new are multiple-selection capabilities in the design list and an alphabetical sort feature for design list folders. Finally, beta support has been added for zoom, swipe, and rotate gestures on the new MacBook and MacBook Pro. ($35.95 new, free update, 12.7 MB)
  • iTunes 8.0.2 from Apple is a minor update to the ubiquitous media player. Changes include VoiceOver accessibility for iTunes 8 and iTunes U, a fixed bug that had been causing poor quality in MP3s created on some computers, and a resolved connectivity issue with the iTunes Store and some Internet proxies. (Free update, 57 MB)
  • Pro Apps Updates 2008-004 from Apple is a substantial performance and stability update for Final Cut Pro, Final Cut Server, and Logic Pro, and includes a bundle of individual program updates. The programs included are Final Cut Pro 6.0.5, Compressor 3.0.5, Color 1.0.3, and Shake 4.1.1. Final Cut Pro 6.0.5 improves high-precision rendering, extends support for the Panasonic AG-HMC150 and HDC-SD9 camcorders, and brings added support for metadata from P2 cards. Compressor 3.0.5 resolves an issue where enabling the Back to My Mac feature would remove existing QuickClusters. Color 1.0.3 brings a slew of improvements including enhanced reliability, improved EDL
    handling, and a variety of bug fixes relating to display LUTs, DPX image sequences, interlaced media, and more. According to Apple release notes, Shake 4.1.1 “addresses compatibility issues for QuickTime codecs greater than 8 bits.” A full list of changes is available on Apple’s Web site. (Free update, 149 MB)
  • PopChar X 4.1.1 from Ergonis Software is a minor update to the long-standing tool for finding and inserting special characters. Among a variety of bug fixes, the largest one improves stability and compatibility with the illustration and layout program, FreeHand 10. (29.99 euros new, free update for purchases made in the last 2 years, 1.9 MB)
  • KeyCue 4.3 from Ergonis Software is the latest version of the popular keyboard shortcut utility. Updates focus on preventing accidental KeyCue activation by enabling a configurable activation key combination, introducing a new double tap option (which activates KeyCue only after the key combination has been double-tapped), and by displaying the activation keys at startup. Other changes include a new technique for adapting to various programs’ peculiarities, and a features that displays menu shortcuts and Keyboard Maestro macros simultaneously in a single table. (19.99 euros new, free update for purchases made in the last 2 years, 1 MB)
  • OmniFocus 1.5 from The Omni Group is a major update to the task-management utility. The most significant change is the added synchronization capability, which enables users to sync any number of OmniFocus for Mac and OmniFocus for iPhone databases. Users can sync over the Internet with MobileMe or a Web server, and sync locally with Bonjour. Also new is the capability to archive completed or dropped items to a separate file; that option is handy for reducing your database size and improving sync speeds. Finally, the interface has received an overall makeover with a variety of customizable preferences and viewing features. A full list of changes is available on The Omni Group Web site. ($79.95 new, free update, 17.1 MB)
  • The Missing Sync for Windows Mobile 4.0.4 from Mark/Space updates the popular Mac-to-smartphone syncing software with full support for Microsoft Entourage 2008. Users can now sync Entourage contacts, calendar events, and tasks with both Entourage 2008 and 2004. The update also includes enhanced device mounting capabilities. ($39.95 new, free update)
  • Daylite 3.8 from Marketcircle is an update to the calendaring, contact-management, and project-management tool, with the major addition being the Daylite MYOB AccountEdge Connector, which enables data transfer between Daylite and AccountEdge 2009. Other changes include a revised reminder system, which lets users set multiple alarms for a single task or appointment; enhanced iCal integration; added “Inbox” and “Someday” features for improving workflow; new user-management capabilities for administrators; and over 20 different bug fixes. ($99.99 new, free update for 3.x users, 50 MB)
  • AccountEdge 2009 from MYOB updates the small business managing and accounting software with a new user interface and a host of new features. Changes include new Business Insight tools (designed to help users assess the health of their business), integration with Marketcircle’s productivity suite Daylite, speed enhancements, and new design tools for improved customization. A full list of new features is available on MYOB’s Web site. ($299 new, $159 single user upgrade, 102 MB)
  • Yum 3.0 is the first update for the recipe-management utility since its acquisition by the Austrian company Dare To Be Creative. The only major change noted by the company is a new user interface “designed to make using [the application] more fun.” The previously free software now costs $19.95, perhaps an indicator of more substantial changes on the way. Yum enables users to manage their recipes, assign ratings, and create recipe-tailored shopping lists. To learn more, see Andy Affleck’s “Cook from Your Mac: 10 Recipe Tools Compared,” 2007-09-21. ($19.95 new, 2.9 MB)
  • Compatibility Update for QuickTime 7.5.5 from Apple is a minor update which, according to Apple’s succinct release notes, “improves QuickTime compatibility with iChat.” It’s available via Software Update or as a standalone download. (Free update, 2.8 MB)
  • MacBook/MacBook Pro Trackpad Firmware Update 1.0 from Apple is a valuable update for the late 2008 MacBook and MacBook Pro. The update fixes an issue in which trackpad clicks were ignored on some – but by no means all – machines. This would be the fix Steve Jobs recently referred to in a recent email reply to a complaining customer, “Software fix coming soon.” There have been some reports of trouble when installing this update via Software Update, so it might be worth using the standalone download instead. (Free update, 923K)

TidBITS Staff No comments

ExtraBITS for 01-Dec-08

We continue to slam up against the finite number of hours in the day when it comes to writing up everything that we’d like to share with you. So we’ve come up with a way of providing some extra bits that we think are relevant and worth reading, but that we don’t have time to write up more fully or that simply don’t need additional description. Plus, in some cases, our friends and colleagues at other publications have already done a bang-up job in the writing department, eliminating the need for us to weigh in on the topic.

On the TidBITS Web site, these links to other sites appear on our headline pages much like our own articles, complete with a title and a blurb. To ensure that no one confuses local links with external links, we made a few wording differences in the metadata and changed the rollover behavior when you hover your cursor over a link’s title (I particularly like the little favicons).

For each email issue of TidBITS, we’re planning to collect the previous week’s links into a single article, as you can see below. And to describe these collections, we’ve brought the ExtraBITS name out of retirement – it seemed apropos.

Without further ado, then, set aside some time to check out the linked articles below, and let us know what you think of ExtraBITS.

Video Podcast with the Northeast Ohio Apple Corps — Adam and Tonya once again join Chuck Joiner for a live video podcast, this time to the Northeast Ohio Apple Corps. They discuss their new MacBooks, troubleshooting a Mac with a dead clock battery, and the effect of switchers on the Mac community.

Video Podcast with the Huntsville Macintosh Users Group — Adam and Tonya joined Chuck Joiner for a special MacNotables video podcast – produced live via iChat for the regular meeting of the Huntsville Macintosh Users Group.

David Pogue Hates the BlackBerry Storm with Gale Force Intensity — I had to hold my iPhone an extra foot away from my face while reading David Pogue’s New York Times review of the BlackBerry Storm, Research in Motion’s entry into the touchscreen, iPhone-wannabe category: the carnage in words was too bloody to take close up. Pogue argues that RIM got it wrong in almost every respect, especially by excluding Wi-Fi. Put on your oven mitts before reading his review.

Joe Kissell Joins the MacJury Holiday Gift Discussion — In the second of a three-part MacJury series, Joe Kissell joins Jeff Gamet, Jean MacDonald, Fraser Speirs, and Chuck Joiner to discuss holiday gift ideas. Joe contributes some suggestions for gifts that are nicely compact – great for reducing clutter or sending to a loved one in another country.

Search Engine Land’s Q&A with Google SearchWiki Engineers — Danny Sullivan of Search Engine Land talked with engineers working on Google’s oddly pointless SearchWiki feature. The upshot? “Google knows best.”

Don’t Run a MacBook or MacBook Pro Without a Battery — If you were considering running your MacBook or MacBook Pro without a battery, think again. Aside from the obvious problem of causing a power interruption by bumping the easily dislodged MagSafe connector, Gearlog reports that running without a battery significantly hurts performance.

Latest Mac Virus, OSX_LAMZEV.A, Requires Manual Installation — We imagine it’s still a virus even though a user has to be naive enough to download the program and install it. The virus opens a backdoor, but it’s lazy enough to ask the user to select the incoming port over which the backdoor is available. Virus writers these days! Trend Micro has more details.

Zune Subscription Now Lets Users Keep 10 Songs per Month — Microsoft’s latest update to its Zune player now allows users who subscribe to the $14.99-per-month Zune Pass to keep 10 songs per month from certain labels. The music labels continue to punish Apple by giving others – now including Microsoft – DRM-free music. Read all about it in Microsoft’s press release.

The Black Art of PDF Compression — In the course of publishing Take Control ebooks, Adam has learned way more about PDF compression than he ever wanted to know, and he shares the most important lessons in this Macworld article.

Real Dan Lyons Shuts Down, Too — Sad news. The Associated Press reports that the writer behind the now-shuttered Fake Steve Jobs site, Dan Lyons, has pulled his own Real Dan Lyons blog as a result of perhaps too much honesty about Yahoo’s press team and the Wall Street Journal’s Kara Swisher; that didn’t sit well with his current employer, Newsweek.

Jeff Carlson No comments

Hot Topics in TidBITS Talk/01-Dec-08

Comparing Five iPhone File Transfer Apps — Readers recommend other applications for storing desktop files on an iPhone. (6 messages)

How Safari 3.2’s Anti-Phishing Does, and Doesn’t, Work — Readers dig deeper into the new security features in Safari, based on Rich Mogull’s article. (19 messages)

Wireless Access with Laptop Cards — It’s possible to use one wireless card (for connecting to cellular data networks, for example) on multiple computers. (3 messages)

Video card upgrade for MDD? A recommendation about replacing a video card in a Power Mac G4 brings up the question of whether it’s worth throwing money at a G4 machine at this point. (3 messages)

IMAP out of control — After setting up IMAP on multiple machines, a reader finds that attachments are apparently being duplicated. What’s going on? (1 message)

New iPhone Update Works for iPod Touch Too — A reader points out that the iPhone 2.2 software also applies to the iPod touch, and without charging an extra fee. However, the Maps application doesn’t gain the latest enhancements. (7 messages)

New Mouse Pad Is Solid Aluminum — Does a new aluminum mouse pad just make a visual impact, or is it functional as well? (12 messages)

Creating a server backup on a local drive — Readers suggest ways to back up the contents of a server to a local hard disk using Unix commands. (4 messages)

CD and DVD format — For archiving various types of materials, are there preferred disk formats? (3 messages)

Sorting out years worth of files — As the years have passed, a reader’s collection of digital files has migrated from several machines and formats onto ever larger hard disks. The process has also created a lot of duplicates; how best to sort the data without hours of drudgery? (14 messages)

Firefox on Mac does not load GIF link — Some server investigation is necessary to figure out why Firefox wasn’t loading an image that appeared in other browsers. (3 messages)

Safari says “host not found” but Firefox works — Could a proxy setting be responsible for Safari not loading Web sites when Firefox can? (3 messages)