Joining AgileBits

/

Just a quick note to share some news. Today I joined AgileBits, makers of the amazing 1Password, as part of their customer support team. techēse isn’t going anywhere, but I felt it necessary to disclaim where my paycheck now comes from since I have written about 1Password a number of times, and will continue to do so when appropriate.

I have also made a disclaimer note in the Colophon for future reference.

AT&T Knows How to Treat Its Customers

/

AT&T responds to the outcry of the Internet over limiting FaceTime over cellular to only its new Mobile Share plans:

…in another knee jerk reaction, some groups have rushed to judgment and claimed that AT&T’s plans will violate the FCC’s net neutrality rules. Those arguments are wrong.

Oh yes, your customers are just having yet another knee-jerk reaction. That’s a good way to start out.

Further:

To be clear, customers will continue to be able to use FaceTime over Wi-Fi irrespective of the data plan they choose. We are broadening our customers’ ability to use the preloaded version of FaceTime but limiting it in this manner to our newly developed AT&T Mobile Share data plans out of an overriding concern for the impact this expansion may have on our network and the overall customer experience.

Translation: We have invested literally nothing in making our network better, and even though we’ve done our best to cripple our network, FaceTime would finish the job. Please use Wi-Fi.

Twitterrific Rises

/

Gedeon Maheux for The Iconfactory, responding to Twitter’s new guidelines for third-party developers:

For the past several months, we’ve been working on a major update to Twitterrific that we’re very excited about. There were concerns that this new version might end up on the cutting room floor prior to Twitter’s announcement, but after reviewing the new restrictions and speaking with the team at Twitter, we’re pleased to report that our development plans remain unchanged.

We’re re-doubling our efforts to bring you an all-new version of Twitterrific: one that complies with Twitter’s new guidelines and makes reading and posting to Twitter even easier and more fun.

I have been using Twitterrific since my first day on Twitter. I’ve tried other clients at times, such as Tweetie and Tweetbot, but I’ve always come back to Twitterrific.

For me, the reasons I have always preferred Twitterrific are its ease of use, unified timeline, unified feel across Mac & iOS, and chiefly, its beauty.

I can’t wait to see the next take on the first and best Twitter client I’ve known.

Also, let’s not forget how important third-party clients have been to Twitter, and how many things Twitterrific did first.

That'll Be a Nickle and Dime, Please

/

Seth Weintraub for 9to5Mac a couple days ago:

We just got the word directly from AT&T that Facetime over 3G and 4G would only be available on AT&T for those who choose to go with its new “Mobile Share” plans. If you have an individual plan or family plan, you will not be able to purchase or use FaceTime over 3G/4G at any price. Pre-paid? Nope.

[…]

AT&T noted that you could still use FaceTime over Wi-Fi with an AT&T iPhone. *Slow Clap*.

Sprint & Verizon? Not hindering FaceTime over Cellular.

Both times I have bought an iPhone (iPhone 3G and iPhone 4, in 2008 and 2010, respectively), AT&T was the only carrier in the US. I very likely would not have chosen them if there had been options.

I am ready to be done with AT&T’s sparse coverage, slow rollout of 3G (let alone 4G LTE), and extreme nickle-and-dimeyness.

For extra credit, go read Jim Dalrymple’s interpretation of AT&T’s PR.

¶ A Terrifying, Nightmarish Lesson on Security

/

Over the past three decades, more and more of our lives have transitioned from analog to digital. First, paper and typewriters yielded to word processors. Next, music went from albums, to cassettes, to CDs, to files on an iPod. Then our photos went from film to JPGs.

It used to be, in the analog, the only ways you’d really lose something is if your home were hit by a natural disaster, or you were burgled.

Not anymore. Mat Honan found this out the hard way. He was hacked. Hard.

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password (see update) and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

[…]

I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.

This is horrifying. A nightmare. As I read Mat’s post this weekend, I could feel a sense of dread creeping on me. I knew I had vulnerabilities to some of my accounts, where I had traded some security for convenience. It’s no excuse. I’m a faithful user of 1Password on all my devices. I have no excuse for not having great passwords.

Except, in this case, not even the strongest password would have helped. The hacker didn’t even try to figure out the password. They had a back door.

From Mat’s follow-up piece on Wired (emphasis mine):

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

[…]

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file.

If you lost your wallet, let’s say it contained your driver’s license, your credit card, and a business card with your iCloud email address. That is all someone would need to destroy your digital life.

Thankfully, Apple and Amazon have, for now, closed the loophole while they tighten security.

Here’s the thing: what happened to Mat has been going on for a while. These loopholes have existed for quite a while. Mat was just the first person to get hit that had a significant audience.

Unfortunately, that’s usually how these things are discovered.

I’d love to see Apple take Marco Arment’s advice on how to make password resets a better:

And ideally, before resetting a password by phone, they’d send a forced “Find My”-style push alert to all registered devices on the account saying something like, “Apple Customer Service has received a request to reset your iCloud password. Please call 1-800-WHATEVER within 24 hours if this is unauthorized.”

Then make the person call back the next day. If you forget your password and the answers to your security questions, it’s not unreasonable to expect a bit of inconvenience.

Marco is right. If you forget how to access your account, a little inconvenience of waiting a day to get back in is okay.

I am largely sympathetic to Mat. What he went through sucks. But I can’t get past his one blunder. He didn’t have a backup of his Mac.

How does a technology writer not keep backups? Heck, he uses a Mac. OS X has had backup built-in for 5 years. Here’s a free tip, folks: go learn about Time Machine and then use it.

For even better backup practices, go read Shawn Blanc’s backup tips.

Macworld’s Dan Moren & Lex Friedman have some security tips, as well.

As for me, I’ve disabled Find My Mac on iCloud. The Find service is more practical for devices like the iPhone and iPad, but the idea of someone being able to remote wipe my Mac gives me the willies. I keep backups, but the whole idea just doesn’t sit right with me right now. Anything on my iPhone or iPad already exists on my Mac, so I’m not worried about those devices ever being wiped.

I’ve lost some trust in Apple and Amazon. It was ridiculous how easy Amazon let someone into the account.

And Apple? Well, they deservedly bear the brunt of mistrust. Why? Because they have been asking us to trust them more and more over the years.

I created an Apple ID for the iTunes Store in 2003. Back then, it was only for music. But over the years, it has grown to house music, movies, apps, and now my email, contacts, calendars, notes, reminders, my location, and the keys to wipe my devices.

I’ve realized many of us have a lot of our eggs in one basket. A basket we trust not to tip over.

My advice? Use the basket, but don’t trust it entirely. Keep backups. Use really good passwords (and go buy 1Password for all your devices). And, since 1Password can help you fill in credit card info on a site in a couple clicks, consider not storing credit card info on the web.

Find Your Greatness

/

I’m not one who likes to post many links to videos, much less two in a row, but this one is good, and — dare I say? — better than the Bond trailer in the previous post.

Nike has launched a new ad (I think it may even be an ad campaign) entitled Find Your Greatness. Now, most fitness ads show someone who is already in shape. As someone who is overweight and has been working years to change that, those ads don’t do a great deal to inspire me. This ad does.

This ad focuses on someone who is overweight, striving to better himself. This is the kind of inspiration needed for so many of us.

Good work, Nike. Keep it up.

Neat App: CheatSheet

/

I love keyboard shortcuts. When learning a new app, the first thing I do is sift through its menus and absorb as many of the shortcuts listed as possible.

CheatSheet is a cool app on the Mac App Store that does one thing and does it very well. Once installed, it runs in the background (no dock or menu bar icon), and will pop up an overlay if you hold the Command key down for a moment. This overlay will show you all the keyboard shortcuts for an app at once. You can then either finish the shortcut or use your trackpad to select a command. Releasing the command key will dismiss the overlay.

You can also adjust the length of the delay for CheatSheet or quit the app from the gear icon on the overlay.

This is a great app for Mac keyboard ninjas learning a new app or for the fledgling keyboard padawan.

CheatSheet is free, so you really don’t have an excuse to not get it.

Instapaper is the Free App of the Week at Starbucks

/

More Instapaper news from The Verge today:

For the next week, Instapaper for iOS is available for free as a part of Starbucks’ “Free App of the Week” campaign. To get your free copy of the app (which normally costs $4.99), you have to physically go to a Starbucks shop and get a promo card, then enter the code into iTunes.

If you don’t have Instapaper already, shame on you. Now get over to Starbucks this week and get it. Or skip the burned coffee and buy it on the App Store.