Apple is sorry about your iCloud spam, and working on a fix

Apple’s statement about the recent increase of iCloud calendar spam to Rene Ritchie:

We are sorry that some of our users are receiving spam calendar invitations. We are actively working to address this issue by identifying and blocking suspicious senders and spam in the invites being sent.

Not sure “identifying and blocking suspicious senders and spam in the invites” is enough to get rid of this problem. The whole idea of being able to freely send calendar invites to anyone with an email address – or abuse Apples iCloud Photo Sharing – is frightening. I’m actually surprised it took the spammers this long to finally find this opening.

San Francisco Subway Hackers Now Threaten to Publicly Dump Data

Joseph Cox for Motherboard:

Over the weekend, riders of San Francisco’s municipal transit system (Muni) were allowed to travel for free because hackers had infected subway computers with ransomware. According to CSO Online, the attackers have demanded some $73,000 worth of bitcoin.

Now, the hackers have made a new threat: the release of 30GB of databases and documents belonging to the San Francisco Muni, including contracts and employee data, if they don’t receive payment.

https://twitter.com/josephfcox/status/803356374398857216

Update: According to SF Gate Muni fixed their systems and are back up running without even communicating with the attackers.

Sal Soghoian leaves Apple

The macOS Automation Sites:

Q. I hear you no longer work for Apple; is that true?

A. Correct. I joined Apple in January of 1997, almost twenty years ago, because of my profound belief that “the power of the computer should reside in the hands of the one using it.” That credo remains my truth to this day. Recently, I was informed that my position as Product Manager of Automation Technologies was eliminated for business reasons. Consequently, I am no longer employed by Apple Inc. But, I still believe my credo to be as true today as ever.

Q. What are you going to do?

A. Effective December 1, I will be considering opportunities and available for consulting. In the meantime, sign up to receive User Automation news, and I will keep you posted.

A sad day.

About that developer angle at WWDC

On yesterday’s Upgrade podcast with Jason Snell and Mike Hurley they talked about products that would only be introduced at WWDC if they had a developer angle1.

Seeing that it boils down to almost guaranteed updates for iOS and OS X – with a possible introduction of a new Apple TV we could see a couple of news that would have this angle. These news might further tie in into the streaming services, that are rumoured to be announced in early June to be launched later that month.

Apple Watch on the other hand may be largely absent from the show, with Apple just saying “We’ll get back to you later this year” when they are ready to show a WatchOS beta that brings a native Watch SDK. Continue reading “About that developer angle at WWDC”

Apple Photos released as part of OS X 10.10.3 Beta

After removing mentions about its upcoming Photos app for OS X a few days ago, Apple today published a new website detailing the new features in the iPhoto (and Aperture) replacement. While the beta version for OS X 10.10.3 – which includes Photos – is available for testers only, Apple also made the new app available to some select news sites:

The app itself felt stable and looks a lot like an scaled up version of the iOS 8 Photos app. It works the same way when navigating between Photos, Shared Photos and Albums. The Photos view also has the same model of drilling down from a yearly overview, to location and date based automated photo groups.

One big gripe is the iCloud data storage used if you want to sync photos between your Mac and iOS devices. This requires a lot of space and Apple only gives you 5 GB, which is shared not only with the photos you want to upload but also iOS backups, iCloud mail and all apps that use iCloud to store anything online in Apple’s cloud service.

Apple offers a variety of upgraded storage options (from 20 GB for $0.99/month to 1 TB at $19.99/month) but that doesn’t take away from making 5 GB feel like it’s 2008. Sharing that little amount of free storage across multiple iOS devices gets tight quick.

It’d be a different story if Apple would give you 5 GB per active device. So if you had a Mac, iPhone and iPad using the same iCloud account, you’ll get a total of 15 GB for free.

When it comes to the actual editing Photos seems to be a mix of iPhoto and Aperture, while definitely aimed at users of the former. It’s not a professional app like Aperture, let alone Lightroom. If you’re looking for anything more that simple editing features, Adobe’s Lightroom is the place to look at. For regular users iPhoto should be more than enough though. It’s certainly possible that Apple could add more features over time like it did with Final Cut Pro X after it was released and everybody got up in arms over its missing features that were part of Final Cut Pro 7 before.

Photos should be a welcome update, coming some time later this spring, most likely with the release of OS X 10.10.3 which it was bundled with in today’s developer release.

Adobe releases new creative apps for iOS, updates Creative Cloud, various CC apps

Adobe today released a slew of updates for their Creative Cloud apps. While the main Creative Cloud app promises OS X Yosemite compatibility and battery life savings, apps like Premiere Pro and After Effects include “expanded support for HiDPI displays”. These updates can be found in the Creative Cloud app.

As part of Adobe MAX, Adobe’s annual conference, they also released a couple of new and updated apps for iOS that work hand in hand with Adobe’s desktop apps. Among them two apps for Illustration (Illustrator Line and Illustrator Draw) and Premiere Clip that – as the name implies – is a simple version of Premiere Pro. Clip is Adobe’s first video editing app for iOS.

On the Imaging side Adobe released Photoshop Sketch, as well as updates for Photoshop Mix and Lightroom for iPad and iPhone. While Photoshop Mix is now also compatible with the iPhone, Lightroom mobile gains a few new social features and the ability to sync GPS information between Lightroom for iPhone and the desktop app.

Two step authentication, app-specific passwords available on iCloud.com

After several bad news in the past weeks and months concerning Apple’s security, specifically for iCloud, the company is now offering some ways to enhance the protection of their users against intruders that might try to guess your password. Signing in to iCloud.com now requires you to enter a four-digit PIN to get access to your mail, contacts, calendar, etc.

This PIN can either be sent to you via SMS or directly to an iOS device. There’s no specific app needed to use your iOS device for this, the feature is integrated in iOS. The four-digit number will show up on your device via push notification.

Phone numbers and iOS devices can be registered and verified on your Apple ID profile.

This is also where Apple now lets you create app-specific passwords, for example if you’re using Outlook, or other 3rd party clients that need access to your data on iCloud.com. Starting on October 1st, these will become a requirement for iCloud users.

More information about app-specific passwords can be found on Apple’s support site. There’s also a Two-Step Verification FAQ available.

goto fail: Apple’s SSL/TLS bug – Update your devices now

This is an ugly one as Adam Langley over at imperialviolet.org describes:

Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.

You can check if your browser is vulnerable over at gotofail.com.

Currently there are updates for iOS 7 – in form of iOS 7.0.6 – and iOS 6 – iOS 6.1.6. Both are available as OTA updates now. Apple even updated Apple TV to take care of that bug. The description of the bug is rather short though.

Google Chrome for iOS or OS X isn’t vulnerable. Safari for OS X 10.9+ (even the most recent 10.9.2 build) and iOS is – unless you update to iOS 7.0.6. It’s likely that Apple will provide an update for OS X and the beta builds in the (very) near future.

Do yourself a favor and update your iOS devices now.

Apple’s two-step verification available in Germany (and Canada, France, Japan, Italy, and Spain)

Apple has finally made two-step verification available in Canada, France, Germany, Japan, Italy, and Spain. Enabling this feature will greatly improve the security for your Apple ID.

Apple doesn’t use an authenticator app like Authy or Google Authenticator to send their 4 digit codes to iOS devices. The code is either send directly to your iOS device or alternatively you can add a phone number that will receive a SMS containing the code. Additonally you get a recovery key in case you aren’t able to access any of your devices or forget your password.

Once Apple requires a code to authenticate yourself you can then decide on what registered device you want that code to show up. A few seconds later you get the code and you just have to enter it on your screen.

You can enable two-step verification for your account on Apple’s My Apple ID page. From there go to Password and Security.

Additional information about two-step verification can be found in Apple’s Frequently asked questions about two-step verification for Apple ID.