Archive for Geek Stuff

I Am Entirely Willing To Be Wrong

So. That iPhone naming thing. Ahem.

If you are the kind of person who is reading this, then you are probably the kind of person who already knows that the golden master for iOS 11 was leaked at the end of last week and you already know that the supposed nomenclature for the new iPhones is “8”, not “7s”.

If that is indeed the case then I was as wrong as wrong could be about the whole thing. Fair enough. Mea culpa. And so on. Two things of note, however: One, it is rather curious – the changes to the name were made extremely late in the process and divert from the extremely successful “expectation foundation” that Apple has spent the last few years building. Two, I’m not entirely sold that the leaked GM is legit – there is a distinct possibility that the both the leak and the contents thereof are a plant to ferret out security issues at the company. Either way, there is a story behind the scenes that we may never know, which is kind of too bad, because I bet it’s as interesting as hell.

We will know more later today. We will probably never know everything. Dang.

When Are The New iPhones Coming? Try September 12th.

A box of 64 Crayola crayonsFor all of the folks who keep asking me about this, the newest iPhones (and the newest Apple Watch) are going to be announced on September 12th. And since clueless people keep asking me about the “iPhone 8”, here is the nomenclature:

Two of the new models will be the iPhone 7S and iPhone 7S Plus. These are direct upgrades to the two existing “7” models and – while some people don’t seem to grok this – the “S” release of any iPhone is generally the best of breed in iPhones because the changes are all performance-based. More horsepower = more awesome.

The third phone announced will be the iPhone Pro, a one-off special model to mark the 10th anniversary of the device that changed computing forever. It will (unfortunately) have an OLED screen to allow for an edge-to-edge display and will probably feature a garish finish to compliment the hideously garish colours that you get from an OLED screen. Hopefully Apple will learn their lesson and go back to displays that don’t look like something out of the ol’ Crayola 64-colour box (with sharpener!) after the ten-year hoopla.

Hopefully.

Oh, and the new Apple Watch? That will just be called the Apple Watch Series 3, which makes sense.

Digital Pancakes. For Real.

This is probably the single most useless application of modern printing and digital imaging technology on the planet. Who could possibly want a $200 programmable pancake batter pourer?

Me, that’s who. Me me me me. This is totally stupid and completely wasteful and I want one. Really, really want one. Please and thank you. You can also get a swank red one for a couple of hundred bucks more, but that’s pretty much gilding the pancake lily. Black is just fine.

Photo of the digital pancake creator

UPDATE: Mashable has a cool video of the thing in action – check it out.

Monday, June 5

Because it’s tradition …

Yes: New MacBook, new MacBook Pro, 10″ iPad Pro, new MacOS, new iOS, new WatchOS, new tvOS, HealthKit expansion, Home expansion.

No: New Mac Pro, new iMac, new phone, new watch, anything with “Air” in the name.

Maybe: Siri-based home assistant. If this drops it’s going to be more of a “home audio device that has Siri” than a “Siri device with home audio” … Sonos is the target, not Alexa.

OneLogin Data Fail – What You Need To Know

The gang over at WordFence have put together an excellent and to-the-point summary of what happened at OneLogin, why the company deserves untold amounts of scorn for how they handle user data, and what you need to do right now if you are a subscriber. The money quote:

On Wednesday, May 31, 2017, we detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.

Note the bold text: including the ability to decrypt encrypted data. This means that OneLogin is violating virtually every tenet of best practises when it comes to data management, including the number one rule of cloud security: The vendor should never, ever, ever have the ability to decrypt user data. Period. Full stop. End of story. Compare this to legitimate cloud services like Dropbox and iCloud where the vendor has no ability to unscramble your data under any circumstances, and have gone so far as to stand up in court for the absolute need to do so on behalf of customer security. OneLogin’s cavalier and reckless attitude towards user security means each and every one of their subscibers needs to take a long hard look at why they use OneLogin and ask themselves whether they should continue to do so. I would venture in the vast majority of cases the answer should now be “hell, no”.

Click here to read the full article and get yourself squared away in case this affect you. Now.

Pixelmator. On Sale.

A screen shot from the Pixelmator image editing appQuick and dirty: Pixelmator is the best image editing software for iOS, period. And that’s a real fact, not some alternative one. Right now it’s on sale on the App Store for a measly 99 cents but that price won’t hang around so you need to get it right now.

Doesn’t matter if you are an average dabbler or an actual design pro, you want Pixelmator. Does everything … image editing, touch-ups, sketching, compositing, talks to your Mac, talks to Photoshop, just quit reading this and go buy it, okay?

Right. Now.

Sheesh.

Duck Off

Despite all of the jokes and/or memes about the failings of auto-correct, it’s undeniable that the technology is generally a helpful and handy thing. It’s not a stretch to assume that most people would be heartbrokenly bereft if they had to do without this particular little piece of digital magic.

That said, there are times when the iOS version of auto-correct really gets in the way of evocative typemanship. Let’s not mince words here: Once in a while you just need to tell someone that you are fucking starving and to hurry the fuck up.

“I’m ducking starving so hurry the duck up!” just seems to lack a certain amount of verisimilitude.

img_0566Fortunately, there is an easy solution. Buried deep within the Human Interface Guidelines for iOS is an interesting little nugget regarding the way auto-correct deals with proper names that the system gleans from your contacts list … specifically, auto-correct gives anything it finds in the name fields there a pass.

Well then. All you need to do is add a couple of bogus entries to your address book and you are in business. Add a contact named fuck fucker and another one named fucking fucked and you are in business! A couple of things to remember … one, make sure you put the two parts of each name separately in the First Name and Last Name fields, and two, remember not to capitalize them. If you capitalize them iOS will only recognize them as such (proper names, dontcha know) and still give you the ducking runaround if you use them mid-sentence.

Oh, and as always … you’re welcome.

Got WordPress? GET WORDFENCE.

WordFence - Install ScreenYup. That’s all-caps in the title. And for good reason … actually, two good reasons. One, over the course of 2016 WordPress installations became the number one target of professional cyber-attacks. WordPress had long been the favourite target of the script kiddies, basement crackers, and other sorts of amateur slime but over the past 12 months the big players started turning their attention to the platform as well. Two, WordFence is the shit.

THE SHIT.

If you have an installation that runs WordPress in any shape or form – whether it’s the platform for your entire web presence, just the blogging component of a larger site, or anywhere in between – you need to harden it now. Not tomorrow, not this weekend when you are taking a break from surfing porn, not next week after you run it by yet another committee. It’s free* (as in beer), it works, and it’s stupidly easy to use … either start it up and forget about it until it tells you that you need to do something, sit down and tweak the crap out of it, or split the difference and get it started as is for now and tweak it later. The choice is yours.

You can download it for manual installation here, or you can look under the Plugins – Add New section of your WordPress dashboard for an automated install. Just get it. You’ll thank me later.

*NOTE: There IS a “pro” version that requires a subscription. And if you are an enterprise user of WordPress it is money well spent – I would encourage you to upgrade to the pro version right away. But for everyday “hobby” bloggers, the free version works extremely well, and is probably all you need.

UPDATE – Firefox Zero Day Exploit Traced To FBI

Yesterday a rather worrisome exploit was found in the Firefox browser and all products that use the underlying Mozilla engine – Thunderbird, Tor Browser – that allowed otherwise safe and trusted web sites to inject malicious code into computers using the Windows operating system. You can read about it (and get links to updated versions of the software that correct the problem) here.

Now an even more startling development reveals that the exploit may have been added to the Firefox/Mozilla codebase by law enforcement officials, specifically the FBI. Since James Comey assumed the leadership of the FBI they have constantly targeted the Tor Browser, ostensibly as a way to investigate and prosecute offences in child pornography but with a quietly stated endgame of adding to their toolbox for mass surveillance upon all citizens of the United States. It’s not out of the realm of possibility to assume that they will be ramping up these efforts with an incoming president who is publicly committed to destroying personal privacy and free speech rights, and this is the first stage in surreptitiously broadening their listening powers. The widespread fallout that compromises the computer security of millions of innocent “cyber bystanders” would likely be considered acceptable collateral damage in the current political climate.

A full update has been added to the original post on the WordFence blog. It’s definitely worth a perusal – if you only have the time to read one article today, this is definitely the one.

And remember – UPDATE YOUR FIREFOX/MOZILLA PRODUCTS NOW.

Firefox Zero Day Exploit – Alive And Extremely Dangerous

A freshly discovered “zero day” vulnerability in the Firefox browser is currently being exploited and – if you are using Windows – can compromise your computer simply by visiting otherwise benign web sites. Fortunately, the exploit was published rather quickly and the Firefox team was able to issue a security patch within a few hours.

However – the exploit uses benign websites (especially ones that are commonly used as starting pages for browser sessions) as “watering holes” and any use at all of previous versions of Firefox is contraindicated until you download and install the newest release. If you use Firefox you need to immediately switch to another browser such as Safari or Chrome until you update Firefox. You can get the update here:

Firefox 50.0.2 Release Notes And Download

If you use Thunderbird for your email you also need to update as it uses the same Mozilla engine for parsing HTML within email messages. This is only a concern if you have Thunderbird set to allow inline content to be displayed automatically or you manually select content to load, but it would be in your best interest to update regardless:

Thunderbird 45.5.1 Release Notes And Download

Finally, if you use the Tor browser and security package, you also need to update as it contains a discrete version of the Mozilla engine that is affected by the same exploit:

Tor Browser 6.0.7 Release Notes And Download

Remember – you should not use either Firefox or Tor for any reason, even to download the updates, until you have the newest versions installed. Kudos to the Firefox/Mozilla team for getting these updates out so quickly. If you are interested in how the nuts and bolts of this works, there is an excellent write-up along with some pro analysis at the Wordfence Blog.