apple-list April 2014

apple-list@lists.umanitoba.ca

2 participants
10 discussions

FYI: iPhone 5 Sleep/Wake Button Replacement Program

by Wayne Billing

...from: https://ssl.apple.com/support/iphone5-sleepwakebutton/ iPhone 5 Sleep/Wake Button Replacement Program [cid:37743076-1E1C-4A47-AB95-1BE932D24092] Please select a Country Asia Australia België Belgique Brasil България Canada (English) Canada (Français) Česká republika 中国 Danmark Deutschland Eesti EMEA España Ελλάδα France Hong Kong (English) 香港 Hrvatska India Ireland Italia 日本 대한민국 Κύπρος Latin America América Latina Latvija Lietuva Luxembourg (English) Luxembourg (Français) Luxemburg (Deutsch) Macau (English) 澳門 Magyarország Malaysia Malta México Nederland New Zealand Norge Österreich Polska Portugal România Россия Singapore Slovensko Slovenija Schweiz Suisse Suomi Sverige 台灣 ไทย Türkiye UK United States Other countries Apple has determined that the sleep/wake button mechanism on a small percentage of iPhone 5 models may stop working or work intermittently. iPhone 5 models manufactured through March 2013 may be affected by this issue. Apple will replace the sleep/wake button mechanism, free of charge, on iPhone 5 models that exhibit this issue and have a qualifying serial number. The sleep/wake button is located on the top of your iPhone 5: [iPhone 5 sleep/wake button detail] Eligibility If your sleep/wake button isn’t working properly, please enter your iPhone 5 serial number below to see if it qualifies for this program. Please see the Replacement Process section for next steps. Finding your iPhone serial number is easy. See how.<http://support.apple.com/kb/HT4061> Note: If your iPhone 5 sleep/wake button does not show any signs of this issue and/or does not have a qualifying serial number, no action is required on your part at this time. Replacement Process As of April 25, 2014, the replacement process will be available in the U.S. and Canada. In other countries, it will be available as of May 2, 2014. Replacement of the sleep/wake button mechanism is done at an Apple Repair Center. There are two ways to send your iPhone to the repair center—carry-in or mail-in. See below for details. The replacement process takes approximately 4-6 days from the time your iPhone is received at the repair center until it is returned to you. Your iPhone will be examined prior to any service to verify that it is eligible for this program and is otherwise in working order. Before sending your iPhone to Apple for service, you will need to back up all your data and erase all your content and settings. Note: If your iPhone 5 has any damage such as a cracked screen which impairs the replacement of the sleep/wake button, that issue will need to be resolved prior to the sleep/wake button replacement. In some cases, there may be a cost associated with the repair. How to send your iPhone 5 to an Apple Repair Center * Carry-in * Bring your iPhone 5 to a participating provider<https://ssl.apple.com/support/iphone5-sleepwakebutton/locate/> - Apple Retail Store or Apple Authorized Service Provider. * Your iPhone will be examined to verify eligibility, and then sent to the local Apple Repair Center. * You will be notified when your iPhone is ready for pickup. If you require a loaner during the time that your iPhone is being serviced, participating Apple Retail Stores and Apple Authorized Service Providers will have iPhone 5 models (16GB only) available. Note: To use the carry-in option, you must visit an Apple Retail Store or participating Apple Authorized Service Provider and not a wireless carrier partner. * Mail-in * Call Apple<https://ssl.apple.com/support/iphone5-sleepwakebutton/> and request a postage paid box to send your iPhone in to the local Apple Repair Center. * Your iPhone will be examined by the Repair Center to verify eligibility. * After it has been serviced, your iPhone will be returned to you by mail. Preparing your iPhone 5 for service Make sure your iPhone is ready for service by completing the following steps: * Back up your data<http://support.apple.com/kb/HT5262> to iTunes or iCloud * Turn off Find my iPhone<http://support.apple.com/kb/PH2702> * Erase data and settings in Settings > General > Reset > Erase all Content and Settings * Remove any case or cover Note: If you are running iOS 6, your iPhone will need to be upgraded to iOS 7 after the sleep/wake button mechanism is replaced. Additional Information Apple may restrict or limit repair to the original country of purchase. Your iPhone 5 must be in working order to qualify for this program. If you believe you have paid for a replacement due to this issue, contact Apple<https://ssl.apple.com/support/iphone5-sleepwakebutton/> regarding a refund. This worldwide Apple program does not extend the standard warranty coverage of the iPhone. The program covers iPhone 5 models for 2 years after the first retail sale of the unit.

10 years

FYI: iPhones and Macs get fix for extremely critical bug

by Wayne Billing

...from: http://arstechnica.com/security/2014/04/iphones-and-macs-get-fix-for-extrem… <http://arstechnica.com/security/> iPhones and Macs get fix for extremely critical “triple handshake” crypto bug Flaw makes it possible for attackers to bypass some HTTPS protections. by Dan Goodin<http://arstechnica.com/author/dan-goodin/> - Apr 22 2014, 4:46pm CDT Apple has patched versions of its iOS and OS X operating systems to fix yet another extremely critical cryptography vulnerability that leaves some users open to surreptitious eavesdropping. Readers are urged to install the updates immediately. The flaw resides in the secure transport mechanism of iOS version 7.1 and earlier for iPhones and iPads and the Mountain Lion 10.8.5 and Mavericks 10.9.2 versions of Mac OS X, according to advisories here<http://seclists.org/bugtraq/2014/Apr/135> and here<http://seclists.org/bugtraq/2014/Apr/133>. The bug makes it possible to bypass HTTPS encryption protections that are designed to prevent eavesdropping and data tampering by attackers with the capability to monitor traffic sent by and received from vulnerable devices. Such "man-in-the-middle" attackers could exploit the bug by abusing the "triple handshake" carried out when secure connections are established by applications that use client certificates to authenticate end users. "In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other," Apple's warning explained. "To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection." The patch comes three months after the disclosure of a separate serious HTTPS vulnerability dubbed "goto fail"<http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-i…> that similarly threatened iOS and OS X Mavericks users. It wasn't fixed in OS X<http://arstechnica.com/apple/2014/02/apple-releases-os-x-10-9-2-patches-ssl…> until four days after the bug became widely known, a delay that prompted criticism from security professionals<http://arstechnica.com/security/2014/02/four-days-in-and-still-no-patch-for…> because it potentially gave attackers a window to exploit Mavericks machines. By contrast, the triple handshake bug may be considered less severe because it affects a smaller class of applications. Still, it's a serious bug because those apps are typically used by businesses and government agencies, where security is especially sensitive. More information about triple-handshake weaknesses is available here<https://secure-resumption.com/>. More recently, the Internet was severely threatened by another extremely critical vulnerability in HTTPS software—the so-called Heartbleed bug in the widely used OpenSSL cryptographic library<http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-open…>. Apple has reportedly updated its Airport Base Stations<http://www.macworld.com/article/2146391/apple-releases-heartbleed-fix-for-a…> to fix that critical flaw as well, according to Macworld. The iOS and OS X updates Apple issued Tuesday, which Ars wrote about earlier here<http://arstechnica.com/apple/2014/04/apple-releases-ios-7-1-1-with-further-…>, fix a variety of other serious security vulnerabilities, some of which also affect Mac OS X Lion. Users should install them as soon as possible.

10 years

SECURITY: Apple Says iOS, OSX and “Key Web Services” Not Affected by "Heartbleed"

by Doug Hamilton

Apple Says iOS, OSX and “Key Web Services” Not Affected by "Heartbleed" Security Flaw http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-af…

10 years

INTEREST: Apple’s updated environmental report card by the numbers

by Wayne Billing

...from: http://9to5mac.com/2014/04/21/apples-updated-environmental-report-card-by-t… Apple’s updated environmental report card by the numbers<http://9to5mac.com/2014/04/21/apples-updated-environmental-report-card-by-t…> Ahead of Earth Day celebrations planned for tomorrow, Apple today has completely revamped its environmental site<http://9to5mac.com/2014/04/21/tim-cook-discusses-apples-environmental-effor…> with new stats alongside announcements for initiatives planned for the year to come. It also gave an interview with its new head of environmental issues Lisa Jackson<http://9to5mac.com/2014/04/21/apples-lisa-jackson-talks-environmental-initi…>. If you don’t want to dig through and read the multiple pages in Apple’s updated report, below we’ve put together a roundup of all the numbers and initiatives Apple announced today: -2013 Carbon Footprint: 33,800,000 metric tons of green house gas emissions. -9 percent increase in carbon footprint for 2013 (after improving data accuracy from years prior). -169 percent increase in the use of renewable energy at Apple corporate facilities worldwide (35% in 2010). -In 2013, converted 73 percent energy for all facilities — 86 percent for corporate campuses, and 100 percent for data centers. -Already 120 U.S. retail stores powered with renewable energy in 2014. -Two 20-megawatt solar arrays, nation’s largest privately owned onsite solar installation. -Maiden data center generates 167 million kilowatt‑hours of renewable energy onsite per year — enough to power the equivalent of 13,837 homes. [cid:32477DB7-F547-488C-9CBB-90716BCD3B79] -18‑ to 20‑megawatt solar array with new photovoltaic panel planned for 2015. Will generate over 43 million kilowatt‑hours of clean, renewable energy per year. -Apple Campus 2 will use 30 percent less energy than a typical R&D office building. - The cost to charge the battery of an iPhone 5s once a day in the U.S. is 51¢ per year. -Power consumption in idle with the display on is 33 percent less than the previous‑generation 11‑inch MacBook Air. -The 11‑inch MacBook Air consumes the least total energy in its class — 0.25W when off, 0.75W in sleep, and 6.0W with the display at full brightness. -Timer Coalescing lets a Mac use less energy by grouping operations together, reducing CPU activity up to 72 percent. -iPhone packaging mass reduced by 26 percent from 2007 to 2013. -Mac Pro uses 74 percent less aluminum and steel than last gen. -30% recycled material in aluminum iMac stand. -30% post-consumer recycled plastic in Mac Pro speakers. -Over 90 percent of recycled material from non-Apple products. -421 million pounds of equipment diverted from landfills since 1994. -Reduced the average total power consumed by Apple products by 57 percent since 2008. -New Clean Water Program pilot to increase water reuse and recycling at 13 water‑intensive supplier sites. -Rollout of PVC‑free cables in China across all products complete. -Cupertino HQ energy initiates saved enough energy to power 1200 homes per year.

10 years

INTEREST/FUN: Pathé News Archives now free and online

by Wayne Billing

From: [cid:7954AF20-81A7-46B8-8BA3-F1F2DF8C6725] ...to: [cid:0EF79680-3C01-44E7-B44A-374057BB0EB5] ....to: [cid:385363F8-6314-4D90-81C0-5DCAA55A5F46] .....to: [cid:356A045B-AA9E-477B-8A4A-31EC17A3718A] ....and more. It's all there now to be watched: [cid:B7906E6A-248F-4589-A23E-F4720CA094AE] ...from: http://britishpathe.wordpress.com/2014/04/17/british-pathe-releases-85000-f… British Pathé releases 85,000 films on YouTube [cid:D20FA27E-7DE2-4A75-B9F3-BAC89C06163E] Newsreel archive British Pathé has uploaded its entire collection of 85,000 historic films, in high resolution, to its YouTube channel. This unprecedented release of vintage news reports and cinemagazines is part of a drive to make the archive more accessible to viewers all over the world. “Our hope is that everyone, everywhere who has a computer will see these films and enjoy them,” says Alastair White, General Manager of British Pathé. “This archive is a treasure trove unrivalled in historical and cultural significance that should never be forgotten. Uploading the films to YouTube seemed like the best way to make sure of that.” British Pathé was once a dominant feature of the British cinema experience, renowned for first-class reporting and an informative yet uniquely entertaining style. It is now considered to be the finest newsreel archive in existence. Spanning the years from 1896 to 1976, the collection includes footage – not only from Britain, but from around the globe – ofmajor events, famous faces, fashion trends, travel, sport and culture. The archive is particularly strong in its coverage of the First and Second World Wars. Alastair White continues: “Whether you’re looking for coverage of the Royal Family, the Titanic, the destruction of the Hindenburg, or quirky stories about British pastimes, it’ll be there on our channel. You can lose yourself for hours.” This project is being managed by German company Mediakraft, which has been responsible for numerous past YouTube successes. The company will be creating new content using British Pathé material, in English and in foreign languages. You can view and share films from this invaluable resource here<http://www.youtube.com/britishpathe>.

10 years

FUN: In the Battle for Best Smartphone, Apple Still Beats Samsung

by Wayne Billing

...from: http://bits.blogs.nytimes.com/2014/04/18/in-the-battle-for-best-smartphone-… In the Battle for Best Smartphone, Apple Still Beats Samsung By FARHAD MANJOO<http://bits.blogs.nytimes.com/author/farhad-manjoo/> April 18, 2014, 4:03 pm Over the last couple weeks, many of my colleagues in the tech press have published reviews of the Galaxy S5, Samsung’s newest top-of-the-line smartphone. They all arrived at more or less the same conclusion: The S5 is a very nice device. Although it offers no spectacular advances over the previous version, Samsung seems to have done just enough with the S5 to stay ahead of every other Android phone maker. The only plausible competition comes in the form of the HTC One, which, as my colleague Molly Wood wrote<http://www.nytimes.com/2014/04/10/technology/personaltech/samsung-edges-htc…>, is prettier than the S5 but not as functional. The upshot of all these reviews is that if you’re looking for the best Android phone, Samsung’s is the one to buy. But that’s not the whole story. While there are probably some people who go out to shop for the best Android phone, I suspect that most people want to know which phone is best of all, whatever operating system it runs. In other words, how does the Galaxy S5 compare to the iPhone 5S, Apple’s six-month-old flagship device and the champion to beat? The answer: Not very well. I’ve been using the new Samsung for about three weeks, and while I do think it is the best Android phone you can buy, it sure isn’t the best phone on the market. By just about every major measure you’ll care about, from speed to design to ease of use to the quality of its apps, Samsung’s phone ranks behind the iPhone, sometimes far behind. If you’re looking for the best phone on the market right now, I’d recommend going with the iPhone 5S. This is not to say you’ll hate the Galaxy; as everyone says, it’s a great phone, and if you buy it you’ll be fine. The Galaxy does have slightly longer battery life than the iPhone, and it is waterproof, an unusual feature among top-end phones. To me, though, these two advantages are slight. Indeed, for many people, there will only be a single obvious reason to buy the Galaxy S5 over the iPhone 5S: The Samsung phone has a much bigger screen. Size isn’t an objective advantage but rather a matter of preference — some people like big phones and some people like small ones. For the next few months, for big-phone lovers, Samsung’s massive size will make it the clear winner. Yet that points to a looming problem for Samsung. News reports<http://online.wsj.com/news/articles/SB1000142405270230485650457933861162092…> and common sense suggest that Apple will almost certainly unveil a bigger iPhone later this year. If you assume that everything else about the iPhone-versus-Galaxy matchup will remain the same after the size increase, it means that Samsung will lose its single greatest advantage over Apple. And what will Samsung do then? When you compare the Galaxy to the iPhone, it’s not obvious that Samsung will have any real way to fight back once Apple makes a bigger phone. I don’t mean to sound glib. But in many ways, the battle for smartphone supremacy is a pretty simple fight. Apple makes at least two thirds of the profit in the smartphone business, and Samsung makes about the other third. No one else makes any money selling smartphones<http://bits.blogs.nytimes.com/2014/02/12/apple-and-samsung-took-all-handset…>, so any gain for Apple is a loss for Samsung, and vice versa. In recent years, the growth rate for iPhone sales has slowed down. This is partly because, when it comes to expensive phones, consumer preferences appear to have shifted in favor of big phones — and Samsung has been more nimble than Apple at responding to the demand. Apple highlighted<http://www.theverge.com/2014/4/4/5571926/apple-document-shows-concern-for-i…> this fact in a sales presentation recently disclosed as part of its patent-infringement fight against Samsung. “Consumers want what we don’t have,” the document stated, noting that most of the growth in the profitable segment of the smartphone business had been in phones with screens larger than the iPhone’s 4-inch display. But as my management-consultant friends say, the flip side of a problem is an opportunity. If Apple’s major shortcoming is a too-small phone, all it has to do is make its phone larger. Making a larger phone isn’t trivial, but it is a relatively easy fix. Apple has done it well before — two years ago, it put out the iPhone 5, which had a screen just a bit taller than its predecessor — and I suspect it can easily manage the transition once more. Samsung’s problems, meanwhile, will be more difficult to address, as you can tell by spending some time with the S5. One of its major new features is a fingerprint-sensor meant to let you unlock your phone without typing a passcode, a feature Apple introduced on the iPhone 5S last year. I don’t fault Samsung for copying Apple’s fingerprint idea, just as I won’t fault Apple for copying Samsung when it makes a bigger phone. Fingerprint unlocking is a good idea, and more phones should have it. But I do fault Samsung for the slipshod manner in which it introduced fingerprint scanning. I’ve been using the iPhone’s fingerprint sensor for the last six months, and it has worked about nine times out of 10 for me. The Galaxy S5’s finger sensor is unusable. It has failed to recognize my finger just about every time I have tried it. It has been so terrible that the sensor feels more like a marketing gimmick than a legitimate feature. And it makes me wonder about Samsung’s capacity to keep up with Apple’s innovations. So, too, does the Galaxy’s speed. The S5 is really fast, but the iPhone 5S is faster. While the speed won’t be a big deal to most users (you’ll mainly notice it in games and web browsing), it does point to a problem for Samsung. The rapid increase in year-by-year mobile chip performance has been a hallmark of the phone business for years. It’s unusual in this industry for a new phone to be slower than a phone released six months ago. When Samsung’s Galaxy S4 came out last year, it was much faster than the iPhone 5 that preceded it<http://www.anandtech.com/show/6914/samsung-galaxy-s-4-review/4>. But this year, Samsung couldn’t keep up; as the speed-testing gurus at AnandTech showed<http://www.anandtech.com/show/7903/samsung-galaxy-s-5-review/7>, by just about every speed metric, the aging iPhone 5S beat the brand-new Galaxy S5. Then there are the perennial problems for Samsung’s devices. Like the S4, the S5 has a cheap-feeling plastic body, and it’s hobbled by a proprietary software interface filled with byzantine menus and settings screens. You feel this complexity throughout the phone. Even in places where Samsung has introduced novel features that are better than Apple’s — like some of its advanced camera features — they’re buried in a user interface that makes them difficult to discover. None of these problems are crippling for Samsung just yet. With its 5.1-inch screen, the Galaxy S5 is the best big phone you can buy, and it will be so for months. After that, though, Samsung’s smartphone ascendance may look a bit uncertain.

10 years

INTEREST: Heartbleed bug may bite millions of Android phones, other devices

by Wayne Billing

...from: http://arstechnica.com/security/2014/04/vicious-heartbleed-bug-bites-millio… Vicious Heartbleed bug bites millions of Android phones, other devices Not the exclusive province of servers, Heartbleed can hack end users too. by Dan Goodin<http://arstechnica.com/author/dan-goodin/> - Apr 14 2014, 5:30pm CDT The catastrophic Heartbleed security bug that has already bitten Yahoo Mail<http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-m…>, the Canada Revenue Agency<http://arstechnica.com/security/2014/04/heartbleed-bug-exploited-to-steal-t…>, and other public websites also poses a formidable threat to end-user applications and devices, including millions of Android handsets, security researchers warned. Handsets running version 4.1.1 of Google's mobile operating system are vulnerable to attacks that might pluck passwords, the contents of personal messages, and other private information out of device memory, a company official warned on Friday<http://googleonlinesecurity.blogspot.com/2014/04/google-services-updated-to…>. Marc Rogers, principal security researcher at Lookout Mobile, a provider of antimalware software for Android phones, said some versions of Android 4.2.2 that have been customized by the carriers or hardware manufacturers have also been found to be susceptible. Rogers said other releases may contain the critical Heartbleed flaw as well. Officials with BlackBerry have warned the company's messenger app for iOS, Mac OS X, Android, and Windows contains the critical defect<http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB35882&…> and have released an update to correct it. The good news, according to researchers at security firm Symantec<http://www.symantec.com/connect/blogs/heartbleed-reports-field>, is that major browsers don't rely on the OpenSSL cryptographic library to implement HTTPS cryptographic protections. That means people using a PC to browse websites should be immune to attacks that allow malicious servers to extract data from an end user's computer memory. Users of smartphones, and possibly those using routers and "Internet of things" appliances, aren't necessarily as safe. Chief among vulnerable devices are those running Android. While exploiting vulnerable handsets often isn't as simple as attacking vulnerable servers, the risk is high enough that users should tightly curtail use of their Android devices until users are sure their handsets aren't susceptible, Lookout's Rogers advised. "If you have a vulnerable device and there's no fix available for you, I would be very cautious about using that device for sensitive data," he told Ars. "So I would be cautious about using it for banking or sending personal messages." How Android phones are vulnerable Rogers said the most likely scenario for an attacker exploiting a vulnerable Android device is to lure the user to a booby-trapped website that contains a cross-site request forgery<https://en.wikipedia.org/wiki/Cross-site_request_forgery> or similar exploit that loads banking sites or other sensitive online services in a separate tab. By injecting malicious traffic into one tab, the attacker could possibly extract sensitive memory contents corresponding to the sites loaded in other tabs, he said. A less sophisticated version of the attack—but also one that's easier to execute—might simply inject the malicious commands into a vulnerable Android browser and opportunistically fish for any sensitive memory contents that may be returned. "Defective" phones from AT&T, Verizon, Sprint, T-Mobile pose risks, ACLU says. Luckily, Android's security sandbox design prevents a malicious app from being able to access memory contents used by separate apps. Also fortunate is the fact that the majority of Android phones aren't susceptible. Still, the risk shouldn't be dismissed. About 34 percent of Android devices run on version 4.1.x of the mobile OS, according to figures supplied by Google<https://developer.android.com/about/dashboards/index.html>. Google has said it's working with partners to roll out a patch, but as Ars has chronicled before<http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unf…>, millions of Android smartphones never, or only rarely, receive available updates<http://arstechnica.com/gadgets/2012/12/the-checkered-slow-history-of-androi…> that patch dangerous security defects. What's more, the threat of a vulnerable Android device being exploited by someone on the same Wi-Fi network as the targeted user, or by someone combining a Heartbleed attack with a separate exploit, should be enough to give people pause, even if they don't intend to visit banking sites or connect to Web-based e-mail or other sensitive services, Rogers counseled. "The risk is that someone could either man-in-the-middle your Internet connection or use a cross-site request forgery-type attack or could use some kind of malicious thing to trick you into doing something secure and then fish out your secure credentials while you do that," he said. "That risk is sufficiently high as to say that you should be careful if your device is vulnerable." Because Android is frequently customized for specific devices or manufacturers, it's possible some versions besides 4.1.1 and 4.2.2 are vulnerable. For that reason, Android users should download Heartbleed Detector<https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector>, a free app developed by Lookout. In the vast majority of the tests Ars carried out, it found various Android versions contained a vulnerable version of OpenSSL, but that the Heartbeat extension that hosts the coding bug wasn't enabled, making the devices immune to attack. The sole exception was when Ars executed the app on a handset running version 4.1.1, which returned the screenshot below. Security researchers have only begun to analyze the risks Heartbleed poses to people using home and small-office Internet routers, modems, and all kinds of other devices that rely on OpenSSL. It's too early to say which, or how many, of the appliances are susceptible to exploits that extract passwords or other data. But until more thorough audits are performed, users shouldn't rule out the possibility.

10 years

FYI: "Heartbleed" bug: Apple services and products not vulnerable

by Wayne Billing

...from: http://9to5mac.com/2014/04/10/apple-says-heartbleed-security-flaw-did-not-a… Apple says Heartbleed security flaw did not affect its software or services<http://9to5mac.com/2014/04/10/apple-says-heartbleed-security-flaw-did-not-a…> With an estimated half a million sites vulnerable to the “Heartbleed” vulnerability<http://heartbleed.com> revealed earlier this week, which allows an attacker to access user details of websites previously believed to be secured by industry-standard SSL/TLS, your favorite social networks, stores, and other services around the web could potentially be handing out your password or other personal information to anyone who exploits the issue. The bug exists in a library called OpenSSL, which is an open-source SSL implementation that many—but not all—web services use to secure sensitive traffic. If a website you use is affected by the bug, your personal data could be given to just about anyone. Unfortunately, changing your password on an unsecure site won’t even help unless the site’s owners have installed a fix (because the attackers can simply exploit the bug again to get your new password). This serious issue affects a number of high-profile sites, but it seems your Apple ID is safe. Today, Apple gave the following statement to Re/code<http://recode.net/2014/04/10/apple-says-ios-osx-and-key-web-services-not-af…>: “Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key web-based services were not affected.” We used a tool for testing a site for the vulnerability<http://filippo.io/Heartbleed/#www.apple.com> that was released earlier this week, and can confirm that both apple.com<http://apple.com>, the various iTunes servers used for hosting Apple’s stores, and WordPress.com<http://WordPress.com> (the hosting system used for 9to5Mac and 9to5Google) are secure. Users running a web service powered by OS X 10.8 or 10.9 were also unaffected by this bug, as the server builds of those operating systems use the same (safe) encryption libraries as the consumer versions.

10 years

INTEREST: mesh networking: How an Under-Appreciated iOS 7 Feature Will Change the World

by Wayne Billing

...from: http://www.cultofmac.com/271225/appreciated-ios-7-feature-will-change-world… How an Under-Appreciated iOS 7 Feature Will Change the World 1.8K Mike Elgan (3:07 pm PDT, Mar 22nd) A curious download hit Apple’s app store this week: a messaging app called FireChat. It’s a new kind of app because it uses an iOS feature unavailable until version 7: the Multipeer Connectivity Framework. The app was developed by the crowdsourced connectivity provider Open Garden and this is their first iOS app. The Multipeer Connectivity Framework enables users to flexibly use WiFi and Bluetooth peer-to-peer connections to chat and share photos even without an Internet connection. Big deal, right? But here’s the really big deal — it can enable two users to chat not only without an Internet connection, but also when they are far beyond WiFi and Bluetooth range from each other — connected with a chain of peer-to-peer users between one user and a far-away Internet connection. It’s called wireless mesh networking. And Apple has mainstreamed it in iOS 7. It’s going to change everything. Here’s why. It can also extend an Internet connect to a place where none exists — for example, to a hotel basement, cave or to rural areas where cell tower connections are non-existent. It does that through the mesh networking capability inherent in the Multipeer Connectivity Framework. With multiple users in the area, FireChat can relay messages just like the internet does, from node to node (phone to phone). (Apple’s AirDrop works in the same way, by the way.) Here’s an example. There’s an ultramarathon that takes place in California each year on a trail called Skyline-to-the-Sea. It’s a roughly 30 mile trail through giant redwood forests where there is no cell connectivity. Using FireChat or some other app that uses iOS 7’s Multipeer Connectivity Framework, race volunteers, staff and participants could extend Internet connectivity and communication in an ad hoc mesh network that extends the length of the course. The benefit of such an ad-hoc network is how trivially easy it is to set up. Everybody just use FireChat or AirDrop or any other similar app. Boom! Connectivity for everyone. You can imagine the uses in a disaster area where cell towers have been knocked out, or other situations where people need to communicate but where no WiFi or mobile broadband is available. In many poor countries and areas, people might be able to afford cheap or used phones, but not wireless service fees. Wireless mesh networks can provide free Internet connectivity to entire villages, slums or towns. And, of course, Multipeer Connectivity Framework-based mesh-networking apps like FireChat can become a factor for young people. For example, parents who have given their kids iPod Touch devices can chat with the family using FireChat without connecting to the Internet. And teens who get in trouble with their parents and have their phone contracts cancelled or suspended can still chat with friends with their iPhones using FireChat (with the neighbor kid’s help). Because FireChat can be used anonymously, it could be very secure. Not only is it hard or impossible to determine who the anonymous users are, it can’t even be hacked remotely over the Internet if no Internet connectivity is being used. This application and the services in iOS 7 that make it possible seem ideal for communication in repressive, Internet censoring countries. The big picture here, though, which the public hasn’t understood at all (because apps like FireChat are so new) is that mesh networking is about to go mainstream for consumer use. Note that Open Garden, the creator of FireChat, already offers wireless mesh networking on Android, but not in the form of a chat app — it’s just the networking. Apple is a leader here with its Multipeer Connectivity Framework. But it appears that Google is also going big with consumer-level mesh networking also. Google’s senior VP Sundar Pichai was interviewed at SXSW recently, and mentioned mesh networking twice in the context of wearable devices (such as those that support Google’s more recently announced Android Wear initiative, and also in the context of home automation. With Apple and Google building in the foundations for app developers to easily create ad-hoc wireless mesh networks wherever they go, it’s only a matter of time before the wonders and power of mesh networking hits the public in a big way. Think of wireless mesh networking as giving app developers the ability to create tiny, private or public Internets that are limited in time and place. It will have a somewhat similar impact as the Internet itself in how it undermines authority control over communication. Ubiquitous wireless mesh networking could erase many of the places and situations where connectivity isn’t possible, or connectivity over the Internet isn’t desirable. Kudos to Apple for building this into iOS 7. It’s the first major mainstream implementation of wireless mesh networking that I’m aware of. Thanks Apple’s Multipeer Connectivity Framework, wireless mesh networking is here. It’s peer-to-peer. Get excited about it. Read more at http://www.cultofmac.com/271225/appreciated-ios-7-feature-will-change-world…

10 years

FYI: Amazon FLUNKS New Energy Report — Facebook and Apple Get 'A's

by Wayne Billing

...from: http://www.businessinsider.com/greenpeace-cloud-computing-report-2014-4 BUSINESS INSIDER<http://www.businessinsider.com/> Amazon FLUNKS New Energy Report — Facebook and Apple Get 'A's [cid:64B47D61-5262-492A-A46F-E3039E1D0353]<http://www.businessinsider.com/author/aaron-gell> AARON GELL<http://www.businessinsider.com/author/aaron-gell> <mailto:agell@businessinsider.com> <http://twitter.com/aarongell> APR. 2, 2014, 10:30 AM [Google server farm] Google<http://www.youtube.com/watch?v=avP5d16wEp0&feature=player_embedded> A Google server farm According to "Clicking Clean<http://www.greenpeace.org/usa/en/campaigns/global-warming-and-energy/A-Gree…>: How Companies are Creating the Green Internet," a new Greenpeace report on energy usage by the cloud-computing industry, IT behemoths like Apple, Facebook and Google are leading the charge for renewable energy, while several others — notably Amazon Web Services and Twitter — receive failing grades due to their reliance on “dirty” power from coal and other greenhouse-gas emitting sources. At a February shareholders meeting, Apple CEO Tim Cook even suggested<http://www.businessinsider.com/tim-cook-versus-a-conservative-think-tank-20…> that climate skeptics "get out of the stock," if they didn't approve of the company's green initiatives. “Apple’s rapid shift to renewable energy over the past 24 months has made it clear why it’s one of the world’s most innovative and popular companies,” said Gary Cook, the report's lead author and a senior IT analyst for the environmental group. “By continuing to buy dirty energy, Amazon Web Services not only can’t seem to keep up with Apple, but is dragging much of the internet down with it.” The cloud industry is growing rapidly, and those endless server farms burn a lot of power — more each year than all but five of the world's most energy-hogging countries, the report states. Fortunately, it’s also among the environmentally responsible sectors of the global economy. The report is generally upbeat, noting that six of the top cloud-computing companies — Google, Apple, Facebook, Box, Rackspace and Salesforce — have made strong commitments to the goal of powering their data centers with 100% renewable energy. As such companies make decisions about where to situate their operations, these clean-energy policies are causing a scramble among states and energy utilities to adopt green policies to woo their business. [screen shot 2014-04-01 at 5.44.55 pm.png] Greenpeace A chart showing the relative environmental impact of various web companies Apple, for instance, has increased its use of green energy at its iCloud data centers from 35% to 75% in three years, rolling out massive solar arrays near its server farms in North Carolina and Nevada, and relying on wind energy for its sites in Oregon and California. Google powers its server farms in Iowa, Oklahoma and Finland with renewable energy, and has made major investments in solar power. The report heaps praise on Facebook for pulling back the curtain on its energy footprint, going so far as to provide “facility-specific performance dashboards,” so anyone can see exactly where the company’s power is coming from. (It has also made the software open-source, inviting other companies to follow its lead.) One new Facebook data center, based in Sweden, uses 100% hydropower, and the company announced plans to build a new server farm in Iowa that will run entirely on wind-power. [screen shot 2014-04-01 at 5.43.45 pm.png] Greenpeace How various web companies fare regarding clean energy, according to Greenpeace. eBay, which has had a more mixed record on green energy, recently installed natural gas fuel cells around its Utah data center rather than continue to purchase energy from local coal-powered plants. And Apple, Google and Facebook — all of which operate data centers in North Carolina — successfully pressured Duke Energy, the largest utility in the country and, according to Greenpeace “one of its biggest emitters of global warming pollution,” to launch a program in the state to offer renewable energy to major customers. But other big tech companies, notably Amazon and Twitter, get slammed in the report for making use of “dirty” energy from coal and other fossil feuls and for failing to be transparent about energy usage. Twitter, which rents its server space from “colocation” companies, the report says, “[discoloses] no information about its energy footprint,” earning an "F" for transparency on Greenpeace’s report card. The company has made, “no public effort to procure renewable energy for its data centers,” the report adds. "Twitter believes strongly in energy efficiency and optimization of resources for minimal environmental impact," a spokesperson for the service emailed Business Insider. "As we build out our infrastructure, we continue to strive for even greater efficiency of operations." Amazon, which provides cloud services for Netflix, Pinterest, Spotify, and Vine, among many other companies, was named the least transparent company in the report, “[failing] to make public even the most basic details on its energy footprint.” The company also gets dinged for operating “without any apparent regard to environmental impact or access to renewable energy.” Amazon did not respond to a request for comment. UPDATE - Shortly after this post was published, Amazon emailed the following statement: “We agree with Greenpeace that technology leaders should help safeguard the environment by implementing both efficient use and clean sources of energy. However Greenpeace’s report, “Clicking Green,” misses the mark by using false assumptions on AWS operations and inaccurate data on AWS energy consumption. We provided this feedback to Greenpeace prior to publishing their report. We work hard on our own, and together with our power providers all over the world, to offer AWS Cloud services in an environmentally friendly way in all of our Regions. AWS operates efficient and highly utilized datacenters across 10 different Regions globally, two of which (Oregon and GovCloud Regions) use 100% carbon-free power. We like offering customers the choice of being able to run carbon-free, and we love doing it without charging a premium over other North American regions. Running IT infrastructure on the AWS Cloud is inherently more energy efficient than traditional computing that depends on small, inefficient, and over-provisioned datacenters. With AWS, customers can reduce their overall consumption of IT resources while also improving utilization. Collectively, AWS customers are the driving force in this effort by eliminating hundreds of thousands of individual datacenters worldwide, along with the associated wasted capacity and overprovisioned energy.”

10 years

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

apple-list April 2014