TidBITS#1325/20-Jun-2016

What’s the best way to share a password with a relative or colleague? Standard email and text messages aren’t safe, so Adam Engst reviews the Web app One-Time Secret, which provides a more secure solution. Adam also addresses reader complaints about macOS Sierra, reminding us that it won’t be available until this fall and that we should maintain optimism for the future. Julio Ojeda-Zapata joins us this week to discuss the state of virtual reality on the iPhone, including the accessories and apps that put your iPhone at the center of a virtual reality experience. Notable software releases this week include Carbon Copy Cloner 4.1.9, Microsoft Office 2016 15.23 and Office 2011 14.6.5, and LaunchBar 6.7.
 
Articles
 

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Share Passwords Securely with One-Time Secret

  by Adam C. Engst: ace@tidbits.com, @adamengst
  4 comments

Have you ever needed to send someone a password? Perhaps a new volunteer is helping to update your club’s Web site, or you need to give someone access to your organization’s Twitter account. Sending an email message with all the necessary login information is the worst possible way to do this, since it puts the account’s username and password together in a convenient package that could potentially be sniffed in transit, seen on an unlocked Mac, or accidentally forwarded to the wrong contact. Even using Messages, which has a secure transport mechanism, isn’t ideal, since someone other than the recipient could later scan through your conversation history and see the account credentials.

A better approach would be to send the username (and any login URLs) in email, and then send the password separately in Messages, without saying that’s what you’re doing. That way, someone with access to the recipient’s computer would have more trouble connecting the two bits of data. But that method isn’t foolproof and all the necessary login info may still live on in various accessible places.

A better solution is offered by a free Web site I ran across recently, called One-Time Secret. Conceptually, One-Time Secret is simple. You enter some secret content like a password, click a button, and the site returns a link that can be used just once to retrieve your secret content. If the link isn’t used within 7 days, it expires. Links look like this:

https://onetimesecret.com/secret/azlfhb73410b2pl648epu5ajywxx9bs

To use One-Time Secret, visit its Web site, paste the relevant password from your password manager into the “Secret content goes here” field, and press the Create A Secret Link button.


Copy the link that’s generated, and send it to your recipient.


How you choose to do that depends on the importance of the account. For most situations, where hackers aren’t actively targeting you and the account in question doesn’t protect confidential data, it’s probably fine to send the username and the link to the password in separate email messages so they can’t be connected easily. For more security, send the username via email and the password link via Messages (or vice versa). Whatever method you choose, follow up with the recipient to make sure they were able to retrieve the password and store it in their password manager.


That follow-up is key. Since a One-Time Secret password link can be used only once, if the recipient isn’t able to access it, that’s solid evidence that someone else did. If this happens, change that password immediately!

These ways of transferring a password suffer from one major concern — what if someone is intercepting all traffic between you and your recipient? Or worse, has compromised the recipient’s computer such that the attacker can read all email and text messaging traffic? Unlikely, I know, but you can step up the security at One-Time Secret to address this possibility. In essence, you’ll protect your password with another password.

To do this, when you’re creating your password link, enter a word or phrase into the Passphrase field (make it easy to type, since you’re not going to communicate it as text). Then call your recipient — via phone, Skype, FaceTime Audio, Google Hangouts, Slack, or whatever — and convey the passphrase audibly. When they use the One-Time Secret link you send, they’ll be prompted for that passphrase, which only they could know, since it was transferred in an entirely different fashion. For the ultimate in security, you could communicate the passphrase indirectly with information only the two of you would be likely to understand (“It’s the nickname we use for the lead developer.”). Yeah, cloak and dagger stuff, I know.


The other advantage of using a passphrase is that One-Time Secret uses it to encrypt the secret content. Without using a passphrase, One-Time Secret has to store your private content until it’s retrieved, creating a 7-day window during which the site could conceivably be hacked. Of course, as long as you’re sending only passwords, without usernames or other login information, there should be a vanishingly small chance of the password being connected with the right account. But if you worry about that, just use a passphrase to encrypt your content and communicate the passphrase in person.

When used without an account, your secrets expire after 7 days and can contain a maximum of 25 KB of text. If you sign up for a free account, the expiration time increases to 14 days, and you can communicate up to 50 KB of text. These maximum sizes mean you could use One-Time Secret for messages other than passwords, but remember that the recipient can always create a copy of the text. The other advantage of signing up for an account is that One-Time Secret can send its links via email to recipients for you, making it seem as though the email comes from you. This isn’t a big win over copying and pasting the link manually, but it could be useful in some situations.


If you send someone a secret and regret it immediately, the confirmation screen provides a Burn It button that lets you delete your secret such that the recipient following the link won’t have any idea what the secret was.


For sysadmins who can reset user passwords but don’t want to know the new passwords, One-Time Secret offers an “Or Generate A Random Password” button. It’s intended to simplify the process of creating and sharing a password by making it a single step.

Sysadmins and developers will also appreciate the fact that One-Time Secret’s code is open source, so you could install it locally, and it even has an API and client libraries. That may be meaningless to those who aren’t programmers, but the practical upshot is that those who worry about using an Internet service can host it on a secure server, and if there were nasty backdoors or other problems with One-Time Secret, someone could have discovered them by now.

(After this article first appeared on our Web site, I was informed of a competing Web app called d-note, which claims to have better security. It’s also open source, and comes with instructions for installing on your own server. Although d-note can’t generate random passwords for sysadmins, it can create a QR code that you send to the recipient, who scans it to reveal the secret password instead of following a link.)

One final aside. The problem I solve with One-Time Secret is infrequent, one-off password sharing with people whose technical setup I seldom know. If you want to share passwords more regularly, better password managers like 1Password and LastPass simplify sharing as long as everyone uses the same app. In an ideal world, 1Password and LastPass would integrate the code from One-Time Secret or d-note into future versions to provide ad-hoc password sharing too.

I can’t say I use One-Time Secret regularly, but I’ve become quite fond of it, particularly when sharing passwords with non-technical friends, since it hammers home the need for using strong passwords and not communicating or storing them insecurely. Give it a try the next time you need to share a password!

Read and post comments about this article | Tweet this article


Myths and Misconceptions about macOS Sierra

  by Adam C. Engst: ace@tidbits.com, @adamengst
  23 comments

After writing about Apple’s announcement of macOS Sierra at WWDC and seeing comments in a variety of online venues, I’m a little depressed and disappointed (see “macOS 10.12 Sierra to Succeed OS X 10.11 El Capitan,” 13 June 2016). Not with macOS Sierra itself, but with how many people are responding to its unveiling. All that anyone can accurately say about macOS Sierra is what Apple has shared; even the developer preview release is so new that it would be unfair to criticize any problems it may have.

However, that hasn’t stopped the curmudgeon brigade from calling the keynote a “disaster” and referring to macOS Sierra’s changes as “fluff,” before complaining that they were being forced to upgrade.

I have no doubt that many people find change of any sort unsettling, but I’d like to encourage some calm and understanding. To go further, can we have some optimism for the future? The only way our experience as Apple users will improve is if Apple and its community of developers are excited to make things better. Not every change makes a positive difference, but just as with evolution, a lot of changes must be tried before we can benefit from the successes.

With that in mind, let me address three common myths and misconceptions:

#1: Apple is forcing me to upgrade. -- Not true. Apple’s black helicopters will not land in your front yard to disgorge an elite upgrade team that will hold you at gunpoint until you install macOS Sierra.

You can wait as long as you like to update. Just last weekend, I helped my aunt move from a 13-inch MacBook Pro running Mac OS X 10.6 Snow Leopard to a new 13-inch MacBook Pro with Retina display running 10.11 El Capitan. She had been using Snow Leopard since 2009 or so, and she skipped 10.7 Lion, 10.8 Mountain Lion, 10.9 Mavericks, and 10.10 Yosemite with no ill effects. She was ready to upgrade to El Capitan because she could no longer do online banking without a current Web browser, but she decided that after six or seven years, it was worth buying a new MacBook Pro.

Although you don’t have to upgrade, I think swearing off updates entirely is foolish, which is why I wrote “Why You Should Upgrade (On Your Own Terms)” (4 September 2015). But you can certainly put off any upgrades until early kinks have been worked out and it’s a convenient time.

#2: The new features are useless (because I don’t want to use them). -- It’s easy to look at the list of new features in macOS Sierra and scoff because you can’t imagine using them.

“Siri on the Mac? It’s not like it works that well on the iPhone. Desktop and Documents folder sharing across devices? Why would I want all that crud on my iPad? Universal Clipboard? I probably wouldn’t even remember how to use it the once or twice I might need it per year. Auto Unlock? The Apple Watch is an overpriced toy. Big emojis? Invisible ink messages? What are Apple’s developers smoking?”

Here’s the thing we all have to remember: No one of us is Apple’s target audience. Not you, not me, not anyone. Apple is a global company that wants to sell hardware — iPhones, iPads, Macs, Apple Watches, and Apple TVs — to as many people as possible. Yes, Apple very much wants to sell you at least one of each, and it’s going to create features that encourage buying into the overall Apple ecosystem. To do anything else would be, to quote Spock, illogical.

Plus, Apple is looking for broad appeal. While many long-time Mac users may be nonplussed by the emphasis Apple put on emoji frippery in Messages, for instance, those sort of features already exist in other messaging apps, and they’re huge in Asia, particularly among younger users. Attracting that audience is key for Apple.

So no, these features aren’t useless. They may not be useful to you, but they may be compelling to a teenage girl in China. Apple is just as happy to take her money as yours, and since the company has posted over $1 trillion in revenue in the past decade, it’s hard to argue with the strategy.

New features also help Apple compete with Microsoft and Google. In terms of desktop market share, Windows remains at about 90 percent, and on the mobile side, Android smartphones control 80 percent of the market. Apple may be one of the most valuable companies in the world, but there’s plenty of room for it to expand, if it can attract switchers.

#3: Apple is abandoning professionals. -- This myth is related to the earlier complaint about unwanted features, but debunking it requires a different perspective. Professionals don’t work in the operating system, they work in apps, most of which Apple doesn’t provide. Apple does make Pages, Numbers, Keynote, Logic Pro, and Final Cut Pro, but I can’t think of any category of productivity apps for which Apple is the sole supplier.

Your needs are undoubtedly different from mine, but for my work, I rely on BBEdit, Nisus Writer Pro, Adobe InDesign, Google Chrome, Mailplane, Preview, Slack, Trello, and Automator. As long those apps and the workflows I’ve built up around them continue to work, I can ignore literally every change in macOS Sierra.

That’s an important point. No one is going to force you to use new features in macOS Sierra. If Siri, Auto Unlock, Universal Clipboard, and Desktop and Documents folder syncing don’t make you more productive, don’t pay attention to them. I’ve never found Launchpad, Handoff, AirDrop, or Notification Center to be helpful in my work, so I don’t use them, and they don’t get in my way.

Some may say that Apple should put more effort into specific operating system or usability improvements. There’s no harm in that, but if you want to make suggestions, please be specific for two reasons. First, vague criticisms are worthless, and second, it’s likely that enterprising Mac developers have already provided a solution — cue Keyboard Maestro, LaunchBar, TextExpander, and a host of others. Just as Apple doesn’t provide all our productivity apps, the company shouldn’t be relied on to offer every imaginable interface or workflow tweak.

More generally, the job of an operating system is to provide a stable foundation and set of frameworks upon which developers can build. Apple has aimed many operating system changes at providing developers with capabilities they couldn’t afford to implement on their own. That results in more powerful apps or upgrades appearing more quickly, and that in turn makes professionals more productive. Taking advantage of new capabilities may require you to update, but time is money, and if the latest app lets you get your work done faster, it’s worth it.

Onward and Upward -- I won’t pretend that all change is good, or even that every change in macOS Sierra is likely to work out. As I said in “macOS 10.12 Sierra to Succeed OS X 10.11 El Capitan,” lots of questions surround the Optimized Storage feature that’s supposed to move rarely used data to iCloud. Personally, I wouldn’t trust it or encourage anyone to use it without a truly solid backup strategy. Even then, I’d want to wait until enough people had put it through its paces with no ill effects.

Although healthy caution is always warranted, it’s essential to realize that in the end, all this change does move our technology experience as Apple users forward. It might happen in fits and starts, but speaking as someone who has spent every working day over the last 26 years on a Mac, I have never been more productive or capable than I am today, working in my favorite apps in Apple’s current Mac operating system on recent Mac hardware.

I can’t guarantee that any given upgrade will make you or anyone else more productive, but productivity gains are inevitable in the long run. Do you remember when a Mac could run only a single app at a time, or when we wasted a lot of time scrolling because Mac screens were so small, or when extension conflicts required constant rebooting, or when attaching a hard drive needed SCSI termination voodoo, or when…. You get the picture, I hope.

We’ve come a long way, and how far we have left to go is limited only by our imaginations and those of the developers who provide our tools. So let’s not get bogged down in petty criticisms about an operating system that won’t even be released for several months.

Read and post comments about this article | Tweet this article


On the iPhone, Virtual Reality Is Unofficially Real

  by Julio Ojeda-Zapata: julio@ojezap.com
  2 comments

The common conception of “virtual reality” is a simple one: don futuristic goggles and journey to simulated yet hyperrealistic worlds. But while such virtual reality has been a staple of sci-fi books and films, it has not been easy to pull off in actual reality.

Serious attempts have been made since at least the 1990s, when VR stations popped up in movie theaters and video game arcades. Those efforts went nowhere, as a Kill Screen article details.

Now, though, a VR revolution appears to be underway for real – with the iPhone and other smartphones at the heart of the movement.

Imagine you are using your iPhone to watch a video of a helicopter flight over Manhattan. Instead of gripping your iPhone, however, you’ve placed it into a goggles-style mount that looks like a jumbo-sized View-Master.

The video itself is unusual, with two slightly different scenes, one for each eye. With the iPhone in its mount placed in front of your eyes, though, the two images blend into a single stereoscopic view that mimics the physical world. This is 360-degree video. You can look right and left, up or down, or all around. As you turn your head, your view shifts just as if you were there – and you might just feel vertigo as you float past 1 World Trade Center.

That, in a nutshell, is virtual reality – and it has lately been all the rage in the computer and smartphone universes. It’s a tech trend that appears to be taking hold, unlike fizzled technology fads like 3D TVs.

The last two years have seen a steady succession of VR hardware products, ranging from souped-up VR goggles for use with computers and game consoles to simpler, cheaper gadgetry meant to work with smartphones.

VR software and content has exploded too, with numerous hyperrealistic games for PC- and console-connected VR gear and an abundance of VR apps for iOS and Android. Video portals such as YouTube and Facebook have lately added a wealth of VR content, much of it viewable with VR goggles.

It’s a tricky time for Apple as competitors like Google, Facebook and Samsung push aggressively into VR. Apple has stayed silent on the subject, apart from one statement by CEO Tim Cook, who responded to a recent analyst question about VR by saying “No, I don’t think it’s a niche. It’s really cool and has some interesting applications.” Behind the scenes, the company is surely investing R&D resources to keep abreast of its technology rivals. If and when it will jump in is anybody’s guess.

Apple a VR Trendsetter? -- Despite this outward indifference, Apple is already, in a sense, a VR pioneer.

Longtime Apple aficionados may recall a QuickTime format called QuickTime VR that provided a rudimentary sort of virtual reality using still images (see “QuickTime VR is Actually Real,” 17 July 1995).

QuickTime VR content creators used specialized camera setups to capture images in all directions and then stitch these photographs together on a Mac to create spherical or cylindrical environments.


The result, from the user’s perspective, was a virtual tour of a building’s interior or an outdoor landscape that you could view on a computer screen in multiple directions — left and right and, in some cases, up and down – using mouse swipes for navigation.

Apple long ago stopped talking about QuickTime VR, which is now seemingly defunct, but its approach lives on in other photo tools that allow for the creation of similar virtual tours. Google makes it possible for amateurs and pros alike to wield the Street View app for shooting “photo spheres” that can be uploaded for public 360-degree viewing on Google Maps, for instance.

Notably, the photo-sphere technology was used not long ago to capture crowds of grieving Prince fans at a couple of Twin Cities locations after the singer’s demise.

Facebook recently unveiled the similar 360 Photos. Users can upload photographic panoramas, such as those snapped with the iPhone’s Camera app or Google’s Street View app, to be transformed into 360-degree environments.


VR for iPhone Users -- For Apple users wanting to experiment with VR, the iPhone makes it easy, though this approach is far from cutting-edge as VR tech goes.

First, you need a face mount for your iPhone. In 2014, Google created “Cardboard,” a specification for phone holders made of inexpensive materials like cardboard, foam, and plastic.

Dozens of Cardboard variations are now available for purchase. They vary widely in appearance, but none cost a fortune, and all serve exactly the same role in transforming a smartphone into a virtual reality viewer.

I’ve experimented with a handful of Cardboard variants, including the entry-level $15 Google Cardboard, a fold-out cardboard variation with bits of Velcro to hold everything in place, and the Powis ViewR, a $30 apparatus with better lenses along with foam cushioning for the phone.


Non-Cardboard variations are available, too. Speck has released Pocket-VR goggles that are meant to be used with an iPhone 6 or iPhone 6s, but require a user to have a matching Speck case.

Plus, a company called Merge makes Merge VR out of foam with a more flexible design made to accommodate virtually any smartphone model from the past two years.


Firing up VR Apps -- Once you’ve purchased your VR mount and slipped your iPhone into it, it’s time to experiment with VR apps. These are legion and – fair warning – there’s a lot of garbage out there.

Many VR-based games are crude constructs that seemingly exist just to promote non-VR iOS games. Even apps that are good-faith attempts to provide VR experiences are often abysmally designed with weak content and coarse image quality.

I’ve combed through the App Store and turned up a few VR gems. They include:


VR Video Streaming -- Beyond the limited world of apps, there are thousands of VR videos that you can stream just like any other video, though with enhancements. As you watch a VR video, you can pan around with your mouse on a computer or with a finger on a smartphone screen to see in all directions. Similarly, when watching VR on a smartphone, you can swing the device around while held in your hands to change the vantage point within the 360-degree environment.

Streaming VR video shines, however, when viewed with VR goggles, such as the Cardboard variants. In this regard, it behaves no differently from Cardboard-compatible content in the aforementioned VR apps. In fact, a lot of the content found in those apps, like the “Pearl” animated short, also is available as streaming video.

There’s a ton of VR video available for streaming, though. A great deal of this is on YouTube, which is arguably the preeminent venue for VR streaming. Unfortunately, as with VR apps, there is a lot of VR crud. When watching 360-degree YouTube on your iPhone, be sure to do so with the YouTube app, and not using YouTube’s site in Safari or Chrome.

A good place to start is Google’s own 360° Videos channel, with scads of VR sequences. These are of wildly variable quality, though.

So I created this playlist with a few of my favorites, including:

Facebook is another high-profile source of 360-degree videos, but strangely, the VR sequences on its site are currently incompatible with phone-powered goggles, and can be interacted with only by panning with your fingertip or swinging a phone around while in your hands to see in every direction. For now, only Facebook’s 360 Photos support goggles.

Creating VR Content -- Most Apple users are happy just to watch VR videos. But for those who want to plunge into VR content creation, the cost and complexity of such projects have dropped dramatically of late.

Until recently, if you wanted to make a VR video, you needed multiple GoPro cameras shooting in unison while fitted into a special mount. The footage from the GoPros then had to be stitched together on powerful computers using specialized software. Such a setup could cost tens of thousands of dollars.

While such pro gear is still required to create the highest quality video, options for frugal amateurs are beginning to emerge. One good example is the 360fly brand of consumer VR cameras, each of which consists of a little ball with an integrated panoramic lens for 360-degree shoots.

I’ve experimented with a $399.99 360fly HD model, which shoots mediocre video and provides primitive editing tools (including Mac and iOS apps). Still, it’s a total rush to shoot VR content with this camera, as I did during a St. Paul winter carnival parade and at a local blogging conference. 360fly provides all manner of mounts for attaching the camera securely to a tripod, ski helmet, bicycle handlebars, and even a surfboard.


The video does not measure up to professional VR video, such as the piece a friend of mine shot at the carnival parade using his multi-GoPro rig, but it hints at what is yet to come for casual VR-content makers. Already, a $499.99 4K version of the 360fly is out, and the manufacturer’s software is improving.

For those who aren’t satisfied with the simple video-editing apps offered, it is possible to pull off more sophisticated VR video editing in Final Cut Pro after just a bit of self-training – I got the hang of it after a day or two.

Entry-level VR cameras also can be used to shoot Google Photo Spheres and Facebook 360 Photos. Ricoh’s $349 Theta S is a camera suitable for such Google and Facebook use, and the device includes Mac as well as Windows software. The 360fly camera should work properly for this as well, but I haven’t tested it yet (my 360fly HD review unit was on the fritz as I wrote this).


Apple at a VR Disadvantage? -- While a lot is going on with VR and Apple devices, those wanting Apple to be at the forefront of the wave have reason to fret.

While Apple remains mostly silent on the subject, competitors like Samsung are aggressively pushing into this market. Samsung has been giving away its Gear VR goggles to those who purchase compatible handsets such as the Galaxy S7 and Galaxy S7 Edge.


Samsung is about to release a $361 Gear 360 cam, as well, and that device apparently works only with Windows PCs.


Google, meanwhile, is positioning its Android platform for a VR future with Daydream, a just-announced set of software enhancements and hardware specifications for a new generation of VR-friendly Android gizmos. Such devices will include phones, goggles, and handheld controllers, some of which Google plans to make itself.


It is much the same in the desktop computer arena, with a new generation of souped-up VR goggles like the Oculus Rift and the HTC Vive that require physical tethering to powerful PCs to provide their VR experiences. Even the most powerful Macs are apparently not powerful enough.

In March 2016, Oculus VR founder Palmer Luckey famously dissed the Mac. When asked if he’d consider making Oculus VR hardware compatible with the Mac, he responded, “That is up to Apple. If they ever release a good computer, we will do it.”



Microsoft and Sony have jumped into the VR arena, as well, each in their own way. Microsoft is perfecting a HoloLens headset that will combine VR with “augmented reality” (see “Microsoft’s New Hardware Challenges Apple’s,” 14 Oct 2015). Sony has taken a purer VR tack with a VR headset and related gear for use with the PlayStation 4 gaming console.

Your Move, Apple? -- All these high-profile developments in the VR space prompt the question: Where’s Apple?

Apple enters new markets carefully, and the company is not the sort to jump on bandwagons recklessly, even though it might be feeling pressure to do so.

Remember the cheap laptops known as “netbooks”? They were hot stuff at one time, and many an expert said Apple was foolish not to offer its own such laptop. Apple ignored that advice and, at a later date, released the iPad while publicly dismissing the netbook.

Apple is surely following VR developments closely, and probably even fashioning prototype hardware and software in its top-secret labs. As with MP3 players back in the day, the company is likely biding its time and permitting others to make the initial moves and mistakes before it shows its hand, which it eventually did with the iPod.

And who knows? VR may be just a fad and prove experts wrong yet again. But signs point to VR sticking around, and if so, Apple will have to enter the market at some point.

For now, though, there are plenty of independent Apple-friendly VR options to keep tech aficionados entertained.

Read and post comments about this article | Tweet this article


TidBITS Watchlist: Notable Software Updates for 20 June 2016

  by TidBITS Staff: editors@tidbits.com

Carbon Copy Cloner 4.1.9 -- Bombich Software issued Carbon Copy Cloner 4.1.8 (CCC) with a number of improvements to the backup utility. The new version proactively seeks out case conflicts on the destination when the source is a case-sensitive volume and the destination is not, improves SMTP account importing from the Internet Accounts database (only in OS X 10.11 El Capitan), adds an Always Show Progress Window option to the CCC menu bar application menu, and improves presentation of Gmail authentication failures. Shortly after the release of version 4.1.8, Bombich Software issued version 4.1.9 to change a configuration concern prompt if a USB device destination is larger than 2 TB (instead of 2 GB) and fix a crash associated with system files excluded from the backup task. ($39.99 new, 12.4 MB, release notes, 10.8+)

Read/post comments about Carbon Copy Cloner 4.1.9.

Microsoft Office 2016 15.23 and Office 2011 14.6.5 -- Microsoft has issued version 15.23 of its Office 2016 application suite, which patches a critical security vulnerability and provides some fixes and improvements. You can now export documents, presentations, and spreadsheets to the OpenDocument format, add any command you want to the ribbon for Word, Excel, and PowerPoint (requires an Office 365 subscription), and customize the Quick Access Toolbar. PowerPoint now also enables you to export a presentation for burning to disc, sending in email, or uploading to the Web. The Outlook update fixes a spike in CPU usage introduced in version 15.22, resolves an issue with AutoCorrect preferences, and reintroduces the Edit Message feature.

On the security front, both Office 2016 and Office 2011, which has been updated to version 14.6.5, resolve a memory corruption vulnerability that enables remote attackers to execute arbitrary code via an Office document. ($149.99 for one-time purchase, free update through Microsoft AutoUpdate, release notes, 10.10+)

Read/post comments about Microsoft Office 2016 15.23 and Office 2011 14.6.5.

LaunchBar 6.7 -- Objective Development has released LaunchBar 6.7, adding support for Emoji and Font Awesome icons, as well as support for the Ulysses text editor (a recent 2016 Apple Design Award winner). The keyboard-based launcher also improves handling of hanging action scripts written in AppleScript, fixes a bug with the Call with FaceTime Audio action that instead triggered a video call, updates phone number handling in several Call actions, ensures that Shift-Return correctly opens items in the current window, and improves 1Password integration. ($29 new with a 20 percent discount for TidBITS members, free update, 14.1 MB, release notes, 10.9+)

Read/post comments about LaunchBar 6.7.


ExtraBITS for 20 June 2016

  by TidBITS Staff: editors@tidbits.com

In this week’s ExtraBITS, we get a look at Apple’s differential privacy, which seeks to gather data while protecting your privacy, and we find out who won the 2016 Apple Design Awards.

What Is Differential Privacy? -- Apple briefly announced “differential privacy” at this year’s WWDC keynote, but didn’t go into details as to exactly what that means. Cryptographer Matthew Green isn’t sure what Apple means either, but he is familiar with the concept of differential privacy and explains the basics and how Apple could be implementing it.

To make features like Spotlight and QuickType more useful to you, Apple needs to collect data from your iPhone usage, but it doesn’t want to violate your privacy. Unfortunately, even if Apple collects data anonymously, it could still be analyzed later to identify you. In effect, differential privacy injects a certain amount of phony data into the system, sacrificing a bit of accuracy for more privacy. We’re curious to learn more about how this works, too, and how effective it actually is.

Read/post comments

Apple Announces 2016 Apple Design Award Winners -- Apple has announced the winners of Apple Design Awards for 2016, recognizing 10 apps, plus 2 student projects. The winners are the education app Complete Anatomy, a to-do list app aimed at helping users develop good habits called Streaks, a fitness training app called Zova that also works on the Apple TV, the video collaboration platform Frame.io, the multi-platform text editor Ulysses, an iOS and Apple TV running game called Chameleon Run, the puzzle game Lara Croft GO, an interesting take on pinball called INKS, Auxy Music Creation, and a DJ app called djay Pro that won an award back in 2011 as well. The two student apps were both games, the puzzle-based Linum, and Dividr, a 2D arcade game written entirely in Swift. Congratulations to all the winners!

Read/post comments


This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Apple Internet community. Feel free to forward to friends; better still, please ask them to subscribe!

Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.

Copyright 2016 TidBITS Publishing Inc. Reuse governed by this Creative Commons License.
TidBITS Publishing: 50 Hickory Road, Ithaca, NY 14850, USA 607-216-8248