TidBITS#1284/10-Aug-2015

Thunderstrike 2 has been described as a scary new worm that could infect your Mac’s firmware, but Rich Mogull explains why you needn’t worry. Julio Ojeda-Zapata joins us to look at eight Apple Watch stands that are worth your attention, while Adam Engst reviews Dark Sky 5, a hyperlocal weather app that can warn you when rain is imminent in your exact location. Finally, in FunBITS, Josh Centers writes about Google’s DeepDream, software that’s designed to visualize how neural networks think and that can be used to create bizarre art out of any photo. Notable software releases this week include OmniOutliner 4.3 and Postbox 4.0.3.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

What You Need to Know About the Thunderstrike 2 Worm

  by Rich Mogull: rmogull@securosis.com
  14 comments

Wired has reported on new research being presented at this week’s Black Hat security conference on a proof-of-concept Mac worm that could spread through the Mac’s firmware, rather than software. While Wired’s piece makes this sound like a super worm capable of leaping through air gaps and infecting the world’s Macs, the reality is more mundane. The research itself is excellent and fascinating work from Trammell Hudson and Xeno Kovah, and as always we hope Apple patches all the flaws quickly, but this isn’t something most Apple users need to lose any sleep over.

Here are the answers to your most pertinent questions about this vulnerability.

What is Thunderstrike 2?

Thunderstrike 2 is the name of a new attack on Mac firmware that has evolved from the Thunderstrike research we discussed back in “Thunderstrike Proof-of-Concept Attack Serious, but Limited” (9 January 2015), also originally created by Trammell Hudson. The new version can infect a Mac’s firmware from malicious Web sites, email messages, and other common vectors. It will then hide in the firmware and replicate itself to any vulnerable connected hardware, including Thunderbolt network adapters and external hard drives.

The key difference from the original Thunderstrike is that the attack works through a malicious Web page, and once on the vulnerable Mac, infects any attached Thunderbolt device, which can then infect other vulnerable Macs. But don’t worry, this is self-limiting. It only works on Thunderbolt devices, and affects only vulnerable Macs.

Am I vulnerable?

Probably not. OS X 10.10.4 Yosemite breaks the proof-of-concept demonstration. That doesn’t mean Macs are immune from firmware attacks, but it does mean the current attack demonstration won’t work on Macs running the latest version of Yosemite.

Wait, this is just a demonstration? It isn’t being used for real yet?

That’s right. The researchers are the good guys, and this is just a proof-of-concept demonstration they wrote to show at the Black Hat security conference. Although firmware attacks have been seen in the wild (as reported by ThreatPost), they are very uncommon and typically used in advanced attacks, often against government-level targets.

Is this a new vulnerability?

Yes and no. The concept is based on earlier firmware vulnerabilities. According to articles, five new vulnerabilities were reported to Apple after the original Thunderstrike proof of concept. Of those, one has been patched, one has been partially patched, and three more are still being dealt with.

However, Apple also added code to block an attack from a Web page (or other software) from infecting the firmware. It may still be possible to attack the Mac’s firmware if the bad guy can gain physical access, but you don’t have to worry about your firmware becoming infected because you browsed to the wrong Web site.

So someone can infect me with a USB drive like how Iranian nuclear reactors were infected with Stuxnet?

No. This attack relies on Thunderbolt, which connects to your Mac in a different way than USB. It works only with Thunderbolt devices like network adapters and storage drives. That USB drive the nice NSA recruiter handed you is totally safe. Well, safe from Thunderstrike.

Can this worm jump air gaps like Wired says?

An air gap is a technique of protecting a sensitive system by unplugging it from any network and accessing it only directly or by hand-loading data from portable storage.

Thunderstrike 2 doesn’t magically jump air gaps. Someone needs to take an infected device and connect it to the air-gapped computer. If you’ve watched any hacker movie or TV show, you know this is a real way of attacking systems. But it isn’t the sort of thing average Mac users need to worry about, and those in secure environments already know to be careful (although they may still make mistakes).

Is Thunderstrike really a software worm?

A worm is software that spreads automatically from computer to computer without human interaction. In this case, an infected computer will infect something known as the option ROM on any vulnerable Thunderbolt device that’s attached. Then that device can infect any computer it’s connected to, and so on.

Yes, it’s a worm, and that’s the most interesting part of the research. But especially with the new patch in place, and the generally limited use of Thunderbolt, it would be hard for even a malicious version of this attack to spread very far.

Why are firmware attacks so bad?

Firmware is embedded in the hardware of your computer and runs below the level of the operating system. Thus, firmware infections can be invisible to any normal security detection or removal tools, and even swapping out the hard drive won’t eliminate the infection (you’d have to replace the logic board). Firmware attacks are extremely serious, persistent attacks when they work, but Apple and other computer manufacturers are working hard to make these already-difficult attacks even harder.

How can a network dongle infect my computer?

There are a bunch of different ways of connecting peripherals to computers. Most, like Thunderbolt, connect the device directly to special hardware chips in the computer that further connect to the processor and memory. This direct access is how manufacturers are able to make fast external hard drives and other devices; they “skip” the operating system and allow the computer to access the external hardware directly, just as if it were built in.

To make this possible, there is a little bit of software on a chip in the device that talks to special software on the chips in your computer, and all software can have vulnerabilities. Firmware attacks find vulnerabilities that enable them to overwrite the firmware on the chips in your computer, where they hide their malicious code (or, in this case, demonstration code). That firmware can then compromise the firmware on new, clean devices that are connected later on.

Firmware needs to be changeable, because the software embedded in it is never perfect and needs to be updated. This flexibility creates opportunities for attackers. Happily, Intel is adding features within the chips to make this a lot harder for attackers, and operating system vendors like Apple are adding their own protections.

What about the new USB-C port on the 12-inch MacBook?

USB is a different technology from Thunderbolt. While it might have its own vulnerabilities, Thunderstrike 2 doesn’t work with USB. USB-C is not vulnerable to this particular attack.

Is there anything I need to do?

No, nearly everyone can ignore Thunderstrike 2 entirely. The research really is excellent, compelling work that the Wired piece unfortunately turned into a bit of a fright-fest. The Web attack vector, in particular, is blocked in OS X 10.10.4. The worm can’t automatically jump air gaps — those in sensitive environments can easily protect themselves by being careful where they source their Thunderbolt devices, and this entire family of firmware attacks is likely to become a lot more difficult as hardware improves, and as device manufacturers update their firmware code.

I have no doubt similar attacks will continue to be used, especially against high-value targets, but the economics make it highly unlikely this is something we will ever see used at scale against consumers.

As I wrote this, I was at the Black Hat security conference (teaching a cloud security class). If you’ve noticed an uptick of security stories the past couple of weeks, that’s because Black Hat is one of the big research events where new and interesting vulnerabilities and attacks are made public. Some media outlets get carried away and forget to include the necessary context in their articles to help readers decide if they are personally at risk. This is unfortunate, since it detracts from the importance of security research and, at times, even makes security researchers seem like the bad guys attacking our computers.

This research plays an extremely valuable role in helping keep us all safe. Finding problems before the bad guys do, and reporting those problems to the vendors (as these researchers did to Apple), helps keep us all safer going forward. But when the research is reported by the media without sufficient context, it creates unwarranted fear. This is one of those situations where high-quality research is being blown out of proportion for page views. I suppose it’s still better than watching political ads.

Read and post comments about this article | Tweet this article


Eight Apple Watch Stands That Stand Out

  by Julio Ojeda-Zapata: julio@ojezap.com
  3 comments

Mobile devices needing frequent power-ups often spawn cradles, docks, and stands to make charging more convenient and pleasant. This has long been true for the iPad and the iPhone (for our most recent roundup, see “Apple’s new iPhone Dock Versus the Competition,” 24 June 2015), and the iPod in its various incarnations before that.

So charging gear for the Apple Watch was all but preordained. Third-party accessory makers, upon learning about the smartwatch’s magnetic charging system consisting solely of a cord with a circular power puck, rushed to augment this minimalist arrangement with charging stands in a dizzying array of sizes, shapes, prices, and materials.

Some of these stands emphasize mobility, for use on the go as well as at home, while others are intended for the desk or bedside table. Some attempt to offer value by giving users additional functionality, such as making room for an iPhone as well as an Apple Watch. And while some stands look and feel chintzy, others attempt to match Apple’s design efforts with clever approaches and luxurious materials; they’re practically works of art.

After trying a bunch of stands, I’ve found a handful of favorites.

But buyer beware: the ultimate Apple Watch charging accessories are yet to come. The current selection tends to be problematic in a couple of ways.

First, existing charging stands are useless without Apple’s own watch charger, which must somehow be accommodated. This is often executed awkwardly. In some instances, the charger’s cable is jammed in so tightly as to make me fear it will get damaged.

This problem will go away eventually because Apple recently gave accessory makers the go-ahead to build charging surfaces into their Apple Watch stands. This will enable users to keep their Apple chargers in reserve, much as users of iPhone cradles with built-in Lightning prongs are able to do.

The other problem is related to the Apple Watch’s new Nightstand Mode, a feature of the still-in-beta watchOS 2. The new mode adds a landscape orientation to the watch’s screen when the device is placed on its side, much like iPhones and iPads, which can be handy at the bedside if using the watch as an alarm clock. It also makes it so pressing the side button dismisses the alarm and pressing the Digital Crown snoozes.


Nightstand Mode had not been announced when the first wave of Apple Watch charging stands hit the market, and not all are designed to accommodate landscape orientation. Second-generation stands are certain to be more Nightstand Mode-friendly.

Fortunately, a number of existing watch stands are Nightstand Mode-friendly. This was one of my criteria when deciding which stands to test for this article, though it was not a requirement, and a couple of my choices won’t work with Nightstand Mode.

I also searched for elegance and ingenuity, and I gave nods to stands that are somehow iPhone-friendly.

Pad & Quill -- This company, located in Minneapolis just across the border from my St. Paul stomping grounds, has long offered iOS and Mac accessories. Now it also provides a growing line of Apple Watch accessories that includes wood charging stands.

Its Luxury Pocket Stand for Apple Watch (starting at $79.99) is a compact, highly portable wooden slab with a fold-out piece that flips around to become a lightweight but sturdy charging stand.


The flip-out portion, which sits at an angle when deployed, has a carved-out circular cavity for the round Apple charging puck. An adjacent groove feeds the charging cord away from the puck and to the rear of the accessory, and there’s a notch below the charger through which to tuck the band.

The Luxury Pocket Stand is hewn from a single piece of hardwood, with a choice of cherry or mahogany. It’s a great choice for travelers.

P&Q’s Timber Catchall (starting at $99) works on roughly the same principle as the Luxury Pocket Stand, but on a larger scale. The tray-like accessory has a flip-up watch stand on the left, with a big, shallow compartment on the right for placing your iPhone or anything else you like.


The Luxury Pocket Stand and Timber Catchall both allow the Apple Watch to be placed on the charging pad vertically or horizontally – with the latter necessary for Nightstand Mode when that becomes available. Since the watch adheres magnetically to the charging pad, it won’t slip off regardless of the angle or orientation.

Griffin WatchStand -- I was prepared to dislike this charging stand because it’s made out of plastic, but it’s a winner.

The WatchStand has a heavy, square base with a non-skid rubber bottom. One of the stand’s four edges has a raised lip for holding an iPhone in landscape orientation. A stalk rising from the base is topped with a sharply angled surface that builds in a circular cavity for the charging puck. The watch clings to the puck, magnetically and securely, despite the steep angle.


The seemingly simple stalk hides a couple of nice features. It can be lifted from the base and repositioned in any of the three other directions, which can be nifty at the bedside to get a better look at the watch screen. It also conceals a rubber core with a canal for winding as much excess length of the Apple Watch’s crazy-long charging cord as you’d like, hidden from sight.


The stand is Nightstand Mode-friendly, and at $29.99 is the cheapest of this collection.

HiRise for Apple Watch -- Many who use Twelve South’s fine HiRise for iPhone and iPad mini (see “Apple’s New iPhone Dock Versus the Competition,” 24 June 2015) will likely regard the HiRise for Apple Watch as a must-buy. They’re nicely complementary.

Both have sturdy metal bases with device holders jutting upward at a slight angle.

With the watch stand, an angled metal slab has a circular cutout for the charging puck, and a notch for tucking the watchband away. The charging cord is fed through a canal in the back of the slab, down into and through the base, and out the back. The cable canal in the base is hidden by a leather lid, which is a nice touch.


The HiRise for Apple Watch is available in black and silver for $49.99. The stand is Nightstand Mode-compatible.

DODOcase -- This is a prominent San Francisco maker of iOS-device cases and covers, competing directly with Pad & Quill since both specialize in wooden cases with book-like covers. DODOcase has now also entered the watch-stand market.

Its Apple Watch Charging Stand is my favorite stand so far. It’s a lovely wooden pedestal with a stainless-metal base, and looks terrific on a desk or nightstand. It’s made out of walnut.


The compact stand is also a good mobile option because it has a thin profile that allows the charging cord to be wrapped around it for transport without having to remove the Apple puck from its cutout compartment atop the charging stand.

My one worry is that the charging-cord canal in the back puts the cable at sharp and tight angles, which may be damaging over the long term, especially since Apple is not known for the durability of its cables.

This stand is Nightstand Mode-ready. It’s $99.95, but boasts a gorgeous, functional design.

DODOcase has another Apple Watch product called the Dual Charging Dock that looks like a book, as its iPad cases do. Flipping open the “cover” reveals a hollow wooden slab with a round cutout for the Apple charging puck, and slot to use as a phone stand.


The watch lies flat over the cutout (meaning this isn’t a good Nightstand Mode option), but the wooden platform is angled slightly when the front book cover is tucked underneath it.


Cords are hidden from view in the hollow belly of the wooden piece, which has grooves and a couple of metal pegs for cable management. The wooden slab attaches to the book-like cover with magnets.

At first blush, the Dual Charging Dock would appear to be a good mobile option since it folds flat for easy transport. But getting those cables arranged properly is a bit of hassle and not something I’d care to do repeatedly on a trip. I do like this product’s quirky design. The Dual Charging Dock costs $79.95.

Nomad -- This maker of smartphone accessories has two Apple Watch entries, one outstanding in its minimalism and simplicity, the other unusual in its functionality.

The Stand for Apple Watch couldn’t be simpler: it’s a single elongated slab of aluminum that has been twisted in such a way that one end of the slab becomes the base and the other the elevated surface upon which the watch rests. The watch platform is angled sufficiently for Nightstand Mode compatibility.


Added touches include a non-skid bottom, a canal cut into the back edge for the charging cable, and the usual circular cutout for the Apple charging puck.


This all works splendidly, though I would have made the canal a smidgen deeper to better accommodate the cable, which is hard to seat properly. That quibble aside, I love this stand. It’s $69.95.

Nomad’s other Apple Watch charging device, the Pod, has a vague resemblance to a hockey puck, and incorporates a battery that makes it a mobile watch charger – which is an unusual, but welcome, feature.


Pod setup is trickier than I would like, but worth the effort. First, I removed the Pod’s aluminum cover. Its interior incorporates a USB port into which I jacked my Apple charger, and a path around the edge for tightly winding the Apple cord.


This all took a bit of trial and error. I struggled to get the USB prong properly seated in cramped quarters, and I needed a couple of tries to wind the cord properly, with enough room left for the lid. Finally, I positioned Apple’s charging puck into a cavity atop the Pod’s inner base, and I put the lid back on.

The lid has a round cutout through which the puck can be accessed. To start a charging session, I tapped a button to wake the Pod, and placed the watch on it.

Four white LEDs beside the activation button show how much battery power remains. A fully charged battery should yield about three full watch charges while on the go.


The Pod itself is recharged via USB, but Nomad doesn’t provide a Micro-USB charging cord – only a key-sized Micro-USB NomadKey. You might also want to get a Micro-USB cable (or a USB extender for use with the NomadKey) since it would enable you to use the Nomad Pod as a wall-powered charger, not just a battery-powered mobile charger.

Because an Apple Watch lies flat on the Pod, it is not a Nightstand Mode-friendly product. It also presents difficulties for those using closed Apple Watch bands, such as the Link Bracelet or Milanese Loop, since these would have to wrap underneath the Pod, where they could potentially get scratched.

But for those with open Apple Watch bands, the Pod is a tempting option for $69.95.

Both of Nomad’s products are available in dark-gray and silver variants.

Wrap-up -- Accessory makers have shown their usual penchant for creativity with their initial wave of Apple Watch charging accessories.

DODOcase’s Charging Stand is my top choice due to its beauty and versatility, with good looks for home use, and high portability for those on the go. Nomad’s Stand is alluring in its sheer simplicity. I’m surprised at how much I like Griffin’s WatchStand with its plastic construction, as well, and its low price is a big plus.

Accessory makers are scrambling to redesign their Apple Watch stands with built-in charging pads and Nightstand Mode compatibility. Now is not the ideal time to buy one of these products, since better offerings are in the pipeline. But if you want an Apple Watch stand right away, you will find some good options at a range of prices.

Read and post comments about this article | Tweet this article


Dark Sky 5 Offers Hyperlocal Weather Forecasts for iOS

  by Adam C. Engst: ace@tidbits.com, @adamengst
  11 comments

For the last year or so, one of the prime spots on my iPhone’s home screen has been occupied by Dark Sky, a weather app that provides some smarts beyond the usual current conditions and 7-day forecasts. Most weather apps rely on the same set of data from the National Weather Service or other weather providers and differentiate themselves largely on interface. For years, my favorite of these was WeatherBug, which I reviewed back in 2010 in “WeatherBug Elite 1.0” (4 March 2010). And in fact, WeatherBug retains a spot on my iPhone, right next to Dark Sky, for reasons I’ll explain shortly.

So why does Dark Sky stand out, and why it has become one of my most-used apps? On its initial screen, under the current conditions, it provides a forecast for the next hour that is usually on target. Not everyone will care about this, such as those in California or other places in the world where the weather doesn’t change much. Nor will people who spend little time outside. But here in upstate New York, and speaking as someone who exercises outside most days, I care deeply about the weather. And more to the point, I care deeply what the weather is going to do soon, right where I am.


Perhaps I want to go for a run, and it’s raining. I don’t mind getting wet, but I don’t like to start that way, so if my check of Dark Sky’s next-hour forecast tells me the rain will be passing in 10 minutes, I’ll wait. Or if I’m heading out for a long ElliptiGO ride on a nice summer day, I’ll check to make sure thunderstorms aren’t likely to appear seemingly out of nowhere within the hour (this happens!).

Similarly useful are Dark Sky’s precipitation alerts, which can be configured to alert you to rain that’s going to dampen your specific location. While volunteering at an aid station during the Cayuga Trails 50 mile ultramarathon, I was mocked by my friends when I reported Dark Sky’s notification that light rain would start in 8 minutes; they changed their tune after the drops started hitting our tent exactly on time. Later that day, when Tonya and I were browsing the craft booths at the Ithaca Festival, several vendors downloaded Dark Sky on the spot after seeing that it could tell them when to drop the sides of their tents. And on more than one occasion, we’ve packed up a picnic early due to a Dark Sky notification that hard rain would be starting in 15 minutes.

All this works because Dark Sky’s near-future forecasting has proven itself quite accurate. Exactly how Dark Sky achieves this accuracy, I don’t know, though I suspect it does what I previously did by feel in WeatherBug, where I used the animation of precipitation blobs in a radar map to estimate the likely destination and arrival time of the rain. More generally, Dark Sky relies on Forecast.io, a weather service from the same developers that’s also used by many other weather apps.


You can help out, too. In the recently released Dark Sky 5, if its conditions don’t agree with what’s actually going on outside, you can report your local weather back to Forecast.io to help improve its forecasts. Plus, if you’re using an iPhone 6 or iPad Air 2, both of which feature a pressure sensor, a switch in Dark Sky’s settings lets the app periodically send pressure data back to Forecast.io to boost forecast accuracy.

While Dark Sky’s next-hour forecasts are unusual among weather apps, its 7-day forecast screen (swipe left) is less innovative, at least on its face. For each day, an icon indicates the general weather for the day, and a temperature bar shows the predicted high and low. If rain is predicted, a percentage appears under the icon. The problem with this display is that you can’t tell from it if that 100 percent chance of rain for the day means it will rain all day, or that it’s guaranteed to rain sporadically throughout the day.

However, tapping any row in the list expands that day’s forecast to an hourly view, showing when Dark Sky thinks it will and will not rain, with tappable options to show the predicted likelihood of precipitation, temperature, wind speed and direction, humidity, and UV index. Personally, I care only about precipitation and temperature, but I could easily see sailors caring about winds, and those concerned about sun exposure checking out the UV index. Sunrise and sunset times appear at the bottom. This expanded hourly view is easily closed with another tap, or you can expand other days and see them all in one long scrollable list. It’s an inspired interface, and nicely less modal than many other apps.


How accurate is Dark Sky’s 7-day forecast? Honestly, although its broad strokes seem generally on target, it’s hard to evaluate just how accurate it is (I’d love to see a weather app that reported back on its accuracy). It often doesn’t quite agree with WeatherBug (which relies on its own independent weather service), but neither is shockingly good. Yes, it will probably rain next Tuesday, but will there really be an early morning rain followed by another band coming through in the mid afternoon? I wouldn’t plan on it, since no forecast can yet predict exactly how fast a weather front is moving more than a few days in advance, and in this part of the world, we have what Tonya and I call “pop-up thunderstorms” — precipitation blobs on the radar that appear out of nowhere rather than marching predictably across the country, west to east.

As you can tell, I really like radar maps. I credit that to growing up on a farm, where we needed to know when we’d have 2–3 days of nice weather to cut and dry hay for baling. My parents watched a morning TV showed called “A.M. Weather” every day in the summer (happily followed by reruns of “The Rocky & Bullwinkle Show”), and we listened to NOAA Weather Radio’s constantly updated reports on a special weather radio throughout the day. We’d start with that morning image in our heads and then mentally update it based on the radio reports. So having an app show what we were imagining is nearly indistinguishable from magic.

But that’s the main place where Dark Sky falls down — its radar map (swipe right) is weak, at least in comparison to WeatherBug. Yes, it shows a pin at the current location, and you can pinch to zoom, and there’s a triangular play button to animate the map’s contents. All just like WeatherBug. But Dark Sky tries to get fancy with its map, eschewing a flat map for a spherical representation of the globe, and showing the entire planet at first. It’s pretty, but annoying, since you likely don’t care about the weather anywhere else in the world, and having to zoom in on your current location each usage is annoying. Plus, the globe simulation has inertia, so it continues to move after you stop scrolling. The map itself is topographical, showing hills and valleys, along with bodies of water and major roads, but it doesn’t label the roads, or even towns and cities, making it harder to orient oneself. Perhaps because it’s trying to do so much graphically, it’s often slow to render as you zoom and pan. Sadly, the recent Dark Sky 5 release didn’t improve the map at all, even as the developers tweaked and polished nearly every other aspect of the interface.

The main thing Dark Sky’s map gets right is that you aren’t limited to the automatic animation. Instead, you can also manually scrub through the past 3 hours of radar activity, and even 1 hour of estimated future activity. That makes it all the easier to see where a thunderstorm is heading, and if the map was more usable in general, I’d rely on it regularly.

Along with the longstanding precipitation alerts, Dark Sky 5 introduces a daily summary alert that gives you a forecast for the day, and custom alerts that can notify you at a specific time if temperature, precipitation probability, snowfall, wind speed, UV index, or humidity will hit certain levels. Then there are severe weather alerts (we’ve had several flash flood alerts this summer), and to ensure that rainfall alerts don’t wake you up, there’s even an in-app Do Not Disturb option that can have different times than the overall iOS setting.


A recent addition to Dark Sky is an Apple Watch app, complete with a glance, and while it’s fine, I never find myself using it. The glance shows the current temperature and conditions, with the predicted high and low temperature and the time until sunset. That’s replicated on the first screen of the actual app, swiping left once provides the hourly forecast for the rest of the day, and swiping left again shows the 7-day forecast. There’s something about being able to see everything at once on the iPhone screen that makes me prefer it to the Apple Watch’s tiny display.


Lastly, although Dark Sky defaults to showing you conditions and forecasts for your current location, you can add locations manually by tapping the location display at the top of the screen and entering the city’s name (and state or province, if necessary). Bring up the location display again to see the forecast for where you’re heading on vacation, for instance; you can swipe left in that list to delete unused cities. If you regularly want to check multiple widely separated locations, you’ll probably want to use a different weather app that makes switching easier — Dark Sky is about hyperlocal forecasts, not checking the weather around the world.

Dark Sky 5 costs $3.99 from the App Store and works on the iPhone and iPad, although its iPad interface isn’t any different from the iPhone interface apart from being presented on a larger screen. Nevertheless, if you’re as weather-involved as I am, it’s worth the price.

Read and post comments about this article | Tweet this article


FunBITS: Do Computers Dream of Psychedelic Bears?

  by Josh Centers: josh@tidbits.com, @jcenters

You may have seen some strange images around the Internet lately — even stranger than usual. Pictures of everyday scenes, distorted to the point that they start to resemble peacocks. (The image below was taken by our own Jeff Carlson and processed with deepdreamer.io.)


The source of this weirdness is none other than Google. The company developed an internal tool to visualize how neural networks think, and when the researchers found that their neural networks do some trippy things with images, they released the visualization code as DeepDream so that other developers could create their own psychedelic art.

DeepDream has become a bit of an Internet sensation, with a number of tools built around Google’s code, and even a Reddit community dedicated to creating and sharing DeepDream artwork.

Now, Realmac, creator of stylish productivity tools like Clear and Ember, has released its own native Mac client, Deep Dreamer, currently in beta. Despite its beta status, many features are unavailable unless you pay $14.99 for a full license (however, Realmac offers a money-back guarantee for an unheard-of six months).

Deep Dreamer appears complicated at first, but it’s really quite simple. The Deep Dreamer window is split into three sections: the left side displays previews of presets, the middle portion is where you drop and view images, and the right-hand side lets you tweak the settings by hand. (The image I use in the following screenshot was also taken by Jeff Carlson.)


Click Start Dreaming to begin the process, which could take some time. If you’re patient, you can watch it unfold, and even stop it if it presents an appealing result before it’s finished. There’s a slider that lets you see the image both with and without the DeepDream effect.


Unfortunately, Realmac doesn’t explain what all of these settings do. “We encourage you to explore the options in Deep Dreamer,” is all the manual says. But I will say that generally, the higher you crank up the settings, the weirder the output will be — and the more time and CPU cycles it will need.

It costs nothing to download Deep Dreamer and play around, but if you want to export what you create, generate transformation videos, and view more than two-thirds of the output, you’ll have to pony up $14.99.

I’m all for supporting developers, but it’s a bit irritating to be asked to pay that much to essentially test a beta. I could see paying that if DeepDream became a hobby, but it’s a bit much to dip my toe in. The other problem with Deep Dreamer is that since it processes images locally, it can be quite resource intensive for your Mac.

Thankfully, there are lots of Web-based alternatives. The one I like the most so far is deepdreamer.io, which is completely free and server-based. Upload a photo (or take one with a webcam), enter an email address, and deepdreamer.io will send you a link when it’s done processing. deepdreamer.io doesn’t offer as much control over the process as Realmac’s Deep Dream (nor is the output quite as bizarre), but it makes up for that by processing your image with seven settings, so you get seven different images as output, including three animated GIFs. It even keeps your previous images around, so everything’s accessible in one place.


Regardless of which tool you choose, I recommend using source images that have a lot of color and contrast. I tried the classic “Jony Ive in a white room” image from Apple’s Web site, but the results were mediocre (deepdreamer.io translated the transparency in Ive’s Apple headshot to black, which made things a bit more interesting). In general, I found that the white-heavy Apple aesthetic tends to lead to boring results. What does seem to produce interesting results are nature shots, like the pictures of Jeff’s that I used previously. I wonder what that says about neural networks?

In any case, now you know what the deal is with those bizarre images you may have seen online. It appears that machines think in a way that we may never understand.

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 10 August 2015

  by TidBITS Staff: editors@tidbits.com

OmniOutliner 4.3 -- The Omni Group has released OmniOutliner 4.3 with a focus on exporting data from the outline and information organization app. The update adds a PowerPoint (PPTX) export format that’s similar to the older Keynote export but with some enhancements for basic style support, as well as a new CSV format that pulls the separator character from the system based on what region it is set to. OmniOutliner Pro also receives an improved XSLT export plug-in that enables you to output multiple files as well as outputting one file per each first level row in the document, plus improvements to DOCX format exports. Both releases also fix a crash that could occur when removing the display title for a hyperlink, and they properly enable insertion of an image dragged from a Web browser rather than creating a hyperlink to it, as OmniOutliner did previously. ($49.99 new for standard edition (Mac App Store), $99.99 for Pro edition (Mac App Store), free update, 24 MB, release notes, 10.9+)

Read/post comments about OmniOutliner 4.3.

Postbox 4.0.3 -- Postbox has issued version 4.0.3 of its eponymous email client, a maintenance release that provides several improvements and bug fixes. The update adds URL autocompletion in the Quick Bar (which can be accessed by pressing Command-L in the Compose window; learn more about the Quick Bar from the Postbox blog), and URLs are automatically linked. Additionally, Postbox enhances how Topics are assigned in the Quick Bar, remembers your full-screen preference when quitting the app, fixes a bug that prevented Reply-All from adding all addresses in Summarize mode, resolves a problem where message selection could be lost after a Quick Move or when assigning Topics, fixes a bug that removed all labels if just one label was removed, and ensures that the dictionary in the French localization loads properly. ($15 new, free update, 25.5 MB, release notes, 10.9+)

Read/post comments about Postbox 4.0.3.


ExtraBITS for 10 August 2015

  by TidBITS Staff: editors@tidbits.com

Verizon is dropping smartphone subsidies and contracts, a university IT department literally took 36 iMac boxes for a spin, the author of “The Martian” explains how his Comcast email was hacked, and Apple has dismissed rumors that it will become a cellular carrier.

Verizon Dropping Contracts, Subsidies, and Family Plans -- On 13 August 2015, Verizon Wireless will radically change the way it sells mobile phones and cellular service. Contracts, subsidies, and family plans are being eliminated for anyone not on an existing contract. Instead, customers will pay the full price of their phones, with an installment plan available to spread out the cost. It will cost $30 per month for unlimited talk and text, plus 1 GB of data, with an additional $20 “access fee” for connecting a smartphone or $10 for a tablet. Other plans include 3 GB of data for $45, 6 GB for $60, and 12 GB for $80.

Read/post comments

Reinventing the (iMac) Wheel -- Thanks to Khoi Vinh for this link to a video from George Fox University’s IT department, which combined 36 iMac boxes into a giant wheel and then took it for a spin around campus. Big fun.

Read/post comments

How “The Martian” Author’s Comcast Email Was Hacked -- In a Facebook post, Andy Weir, author of “The Martian” (which we highly recommend reading!), explained how a hacker took control of his Comcast email address. The simple, yet disturbing answer is the hacker called Comcast customer service to gain access. When Weir called to regain control of his email account, all he had to provide was his street address and the last four digits of his Social Security number. Weir has now flagged his account so that any password changes require a call to Comcast’s security department and a special code. The moral of the story, wrote Weir, is: “No amount of password complexity or multi-factor authentication will protect you from bad company policies at your provider.”

Read/post comments

Apple Denies Plans to Become a Cellular Carrier -- In a rare move, Apple has refuted rumors that it will offer its own cellular service as a mobile virtual network operator (MVNO). Business Insider had reported that Apple was testing an MVNO service in the United States and was also planning to bring it to Europe.

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Apple Internet community. Feel free to forward to friends; better still, please ask them to subscribe!

Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.

Copyright 2015 TidBITS Publishing Inc. Reuse governed by this Creative Commons License.
TidBITS Publishing: 50 Hickory Road, Ithaca, NY 14850, USA 607-216-8248