23 Years of the Newton ¬

2016-08-05

It’s amazing how quickly the years flow by and that it’s been nearly 25 of them since the introduction of Apple’s Newton. Actually, it has been a full quarter century since John Scully, then CEO at Apple, was pitched the concept of a smaller, handheld device by Michael Tchao and decided to make it a reality. This week marks the 23rd anniversary of the MessagePad’s release on August 3rd, 1993, at MacWorld Expo in Boston, which Scully had initially previewed to press at CES in Chicago, back on May 29th of 1992. Crazier still, the release of the Newton came less than a decade after that of the Macintosh. Sadly, it never really got the chance to see its full potential.

Like every revolutionary product, there are many fascinating accounts of the development and release. Some of them documented in the book Defying Gravity: The Making of Newton, others in the Newton section of Andy Hertzfeld’s folklore.org. Douglas Luckie’s page covering the original Newton MessagePad is required reading on, and one can’t forget Landon Dyer’s account of the last minute ROM patching before the release! Luke Dormhel just wrote a nice little overview for Cult of Mac, and Benjamin Edwards had a more thorough piece for Macworld at the 20th anniversary.

While I personally can no longer fault Apple for cancelling the Newton in 1998, refocusing, blossoming, and developing a new generation of mobile computing with the iPhone and iPad, I still wish to see a future where Newtons had continued to be developed. While I still use my MessagePad 2100 every day and find it to be the best tool for many tasks—for me, at least, though I’m not the only one—it’s also a disappointing that it’s mostly stuck in 1998. I say mostly as a huge debt of gratitude is owed to all the individuals who have helped keep the Newton platform alive, producing patches, software, bits of hardware, and providing tons of support over the years, allowing it reach out into the future that Apple only imagined.

I look forward to the full 25th anniversary with my Newton. After all, what’s a couple more years?

iPad Pro — What’s a Computer? (Video) ¬

2016-08-02

I’m sure Apple was hard at work making this commercial well before Michael Gartenberg’s piece for iMore which I linked to a little over a week ago, but it does seem to start addressing the issue he raised as to why more people aren’t buying the iPad Pro to use as a computer. The ad starts off:

“Just when you think you know what a computer is…”

Apple’s The new iPad Pro introduction video from back in March shows the iPad being used as a computer, but mostly rattles off the new features, leaving that point until the very end:

“The new iPad Pro gives everyone the ability to do amazing things. Things you thought you could only do on a PC and things you’ve never done before. It’s where we believe personal computing is going.”

This new ad tries to hit that point home a little more directly. It still feels more like an ad for the Smart Keyboard and Apple Pencil, to me, but they’re a part of the solution and it’s a step in the right direction.

[Via Rene Ritchie.]

Farewell Kagi ¬

2016-08-02

Long time payment processor Kagi in their announcement of the closure of their company on 2016-07-31:

For the past ten years Kagi has been struggling to recover from financial losses due to a supplier fraud situation. We have reduced the debt but the recovery has failed and forced us to close.

We are sorry we failed you.

It’s sad to see the failure of a company that helped support so many individuals and small businesses over the years. They helped many early Mac and Newton shareware developers get off the ground and prosper, some of which are still around today. Sadly, their popularity was waning due to increased competition from newer payment options such as PayPal, Stripe, and others.

[Via MacRumors.com]

Security Experts Have Cloned All Seven TSA Master Keys ¬

2016-07-29

John Biggs, writing for TechCrunch:

The TSA, as you’ll remember, offers a set of screener-friendly locks. These locks use one of seven master keys that only the TSA can use — until 2014. In an article in The Washington Post, a reporter included a shot of all seven keys on a desk. It wasn’t long before nearly all the keys were made available for 3D printing and, last week, security researchers released the final key.

The interesting aspect of the release of the final key is how they did it. One of the hackers, Johnny Xmas, said:

“This was done by legally procuring actual locks, comparing the inner workings, and finding the common denominator. It’s a great metaphor for how weak encryption mechanisms are broken — gather enough data, find the pattern, then just ‘math’ out a universal key (or set of keys),”

Frustratingly, the TSA cares little for consumer’s belongings:

“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security. These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime.”

Introducing "Free Agents" ¬

2016-07-29

Jason Snell introducing the new Free Agents podcast he’s co-hosting:

For a long time Mac Power Users co-host David Sparks and I would meet when I was visiting southern California and we’d talk about how our jobs were grinding us down. Then all of a sudden, he and I were both out on our own and grappling with any number of issues involving being independent workers after 20 years of working in a traditional job.

[…]

If you’re interested in hearing us talk about the issues around being an independent worker, check it out. The show will be short and appear fortnightly, and we’re hoping to do two short topic-based episodes followed by an interview with an independent working person.

Naturally, this subject matter is now near and dear to me. The first episode was a good, solid, quick listen.

New attack bypasses HTTPS protection on Macs, Windows, and Linux ¬

2016-07-29

Dan Goodin writing for Ars Technica regarding a web browser proxy protocol issue that can expose full URLs of webpages you’re browsing, even over HTTPS:

The attack can be carried out by operators of just about any type of network, including public Wi-Fi networks, which arguably are the places where Web surfers need HTTPS the most. It works by abusing a feature known as WPAD (short for Web Proxy Autodisovery) in a way that exposes certain browser requests to attacker-controlled code. The attacker then gets to see the entire URL of every site the target visits. The exploit works against virtually all browsers and operating systems. It will be demonstrated for the first time at next week’s Black Hat security conference in Las Vegas in a talk titled Crippling HTTPS with Unholy PAC.

[…]

With the exception of the full URL, all other HTTPs traffic remains unaffected by the attack. Still, in some cases, disclosure of the URL can prove fatal for security. The OpenID standard, for instance, uses URLs to authenticate users to the sites and services that support it. Another example is document sharing services, such as those offered by Google and Dropbox, that work by sending a user a security token that’s included in the URL. Many password-reset mechanisms similarly rely on URL-based security tokens. Attackers who obtain such URLs in any of these cases are often able to gain full access to a target’s account or data.

Good to be aware of and yet another reason to be especially careful when using public WiFi. Fortunately, web browsers could mitigate this:

Still, browsers can largely work around the vulnerability by following the lead of Microsoft’s Edge and Internet Explorer 11 browsers, which invoke the FindProxyForUrl function with URLs that are truncated to host names only, as opposed to full URLs, which may contain authentication tokens or credentials.

Santa: A binary Whitelisting/Blacklisting System for Mac OS X ¬

2016-07-28

While developed internally by Google, Santa is not their Santa Tracker:

Santa is a binary whitelisting/blacklisting system for macOS. It consists of a kernel extension that monitors for executions, a userland daemon that makes execution decisions based on the contents of a SQLite database, a GUI agent that notifies the user in case of a block decision and a command-line utility for managing the system and synchronizing the database with a server.

[…]

Santa is written with the intention of helping protect users from themselves. People often download malware and trust it, giving the malware credentials, or allowing unknown software to exfiltrate more data about your system. As a centrally managed component, Santa can help stop the spread of malware among a larger fleet of machines. Additionally, Santa can aid in analyzing what is running in your fleet.

While it’s not 1.0 yet, this is definitely a project for macOS (née OS X) administrators to watch.

Managed Preferences (MCX) was deprecated way back in OS X 10.8 Mountain Lion, though it still works in OS X 10.11 El Capitan, and is the only other way I’m familiar with for blacklisting or whitelisting apps on OS X. MCX settings can even be applied using Profiles via your favorite deployment method (mcxToProfile is a handy tool for that). Unfortunately, I’ve found it to be very problematic and unreliable in practice (often needing to resort to whitelisting entire folders, which is not particularly secure), so this is a very welcome addition to the macOS management toolset. The ability to monitor binary usage across clients is another huge benefit.