Meeting Notes

November 16, 2015 Meeting Notes

posted Nov 17, 2015, 8:29 AM by Robert Brown

SVMUG November 16, 2015



Malware attacks KeePass - OS Password Manager

Ransomware Threatens to ‘Publish’ Your Data

1Password Metadata Leak 1

1Password Metadata ‘Leak’ 2 - Response

Still More on 1Password Metadata (Scroll down to ‘Security Lite)

Apple Phishing Scam

Apple Removes Malware Instagram App from iOS Store


Updates iOS, Watch OS, and OS X

Apple TV 4 Available

Apple tvOS 9.01

iPad Pro is Available (Robert has one!!)


Apple Wins Dismissal of ‘Bag Search’ Lawsuit

Apple goes to Supreme Court over iBooks


Apple Reports Financial Results

Analysts React (Mostly good)

Apple Capex $15 billion in 2016

General News: 

Steve Jobs Movie Pulled - Poor Box Office Results

Mac App Store Has Certificate Problems

Apple San Jose Campus??

iPad Pro Goes on Sale

Australian Apple Store Racial Profiling Gets an Apology, & More

Tim Cook on Climate Change, Equal Rights, etc.

Amazon Removes Apple TV & Chromecast from its Store

Apple Launches Clean Energy Programs in China  Greenpeace Likes It


Apple to Launch Person to Person Apple Pay?



Swift Programming for the non-programmer

What is a programmer?

Flexibility, ease of use, portability, and speed

languages before Swift: problems and solutions

What is Swift? How is it different?

Programmers create instructions intended to cause a computer to do some work.

Users are just programmers who believe anything you tell them.

stored instructions: program, playlist, bookmark, app, Macro, script, shortcut, … html, document…

Programmers care about flexibility, ease of use, portability, and speed.

The Facebook web interface makes it very easy to share a post on Facebook,

but you can’t use it to write a program to solve a math problem.

Using Assembly language you can write a program to do anything,

such as posting to Facebook,

but it takes much much more work then using Facebook.

Trade-off: ease of use versus flexibility

Portability is also a concern. Where can I run the program?

Facebook runs everywhere (via web browser).

But assembly language is very specific to the platform.

Speed is also important: how fast is a program after I write it.

— Find the Middle Ground —

Flexible enough yet easy enough

portable enough yet fast enough. 

Control Flow: specify the order of execution of program statements

Spaghetti code: a program where the control flow is hard to follow.

With spaghetti code, different parts of your code can be meshed with each other,

so that changing one piece might break some other piece, especially in unexpected ways.

Excel Macros are flexible but not easy to use — makes spaghetti code inevitable.

Furthermore, it is not portable (works only in Excel), and not particularly fast.

solution: C

— create anything

— easy to create simple elegant code

— portable - everything has a C compiler.

— Speed - very fast

[Sidenote: a compiler takes readable code, e.g. English, and converts it into machine code (or “byte code”).

“The nice thing about C is that you can do everything. The bad thing about C is that you must do everything.”

Solution: object oriented programming: objects encapsulate data with the code that operates on that data.

— code becomes a loose collection of objects.

— the objects are replaceable without great modifications to the rest of the code.

— objects encapsulate code

“Objective-C”, “C++”

Objective-C is a strict superset of C.

— perhaps not quite as easy as plain C

— it was designed to portable, but really only used for Apple devices

— fast, but not as fast as pure C

Apple’s Goals for Swift

- safe

- modern

- fast

- interactive

- open source


- No “silent consent” for unexpected conditions

- Better memory protection

- No selectors.

If Objective-C encounters an unexpected condition, e.g. null pointer, it does nothing, generates no exceptions, no errors.

Swift will deliberately crash the program. This prevents problems later. 

Memory Protection: C can wander around in memory, changing stuff that should not be changed.

Swift will enforce array bounds, rigorously check for overflow, and uses no pointers by default.

In C, C++, or Objective-C, it is easy to accidentally modify memory.

Swift does not support selectors. This allows for the creation of private code that other objects are not allowed to call.

Modern: “when Swift was release, everyone said it was just like their favorite language”

— modern nice syntax

— Swift source code is usually shorter than Objective-C source code.

Fast: significantly faster then Objective-C.

Interactive: not a feature of the language, but of the creation tools (Xcode).

— playgrounds execute code automatically.

— — see the results instantly

— — can use Apple frameworks

— — can use image and sound files

— — no need to embed code in complex programs, to see the results.

Open Source: at WWDC 2015, Apple announced that Swift would be made open source by the end of the year.

— it is not the end of the year, yet.



1. Best Swift book for novices is the Apple Swift book. (Currently version 2.1 in iBooks.)

2. How to speed up file sharing between two Macs?

— Use WiFi for the connection.

— AirDrop is also very quick.

3. I am getting restarts in Yosemite. Is this a bad sign? No problems are found in diagnostics. “Your Mac restarted because of a problem.”

— possibly the HD is starting to fail.

— use Disk Utility to read the SMART data on the drive.

— Google kernel restarts - there is an Apple Support Document.

— try EtreCheck

4. How do I view an email in ‘source text’ without opening it?

— you have to open it.

— in the mail list, force touch the mail item or use the menu “view” -> “message” -> “raw”

5. Suggestions of where to start learning programming?

— pick something simple, write it.

— then move on to more complex things.

6. I can calibrate my monitor using the Apple tool. What can I use?

— Use Spyder Pro, X-Rite Pro, etc.

7. New iPhone 6+ — try to transfer my SIM card, but AT&T says I need a new SIM card for new features. What are these features?

— only AT&T knows — ask them at the retail store.

— it might be the WiFi calling, and HQ calling.

October 19, 2015 Meeting Notes

posted Nov 16, 2015, 2:09 PM by Robert Brown

SVMUG October 19, 2015 



YiSpecter Malware - for iOS

    distributed by enterprise administration, not via iOS App Store

Apple Removes ‘Continue Button’ (iOS9)

    Enterprise administration can get around this.

Flash - of course - Advice on Flash

Apple Removes Apps that Could Spy


    Safari 9m iOS 9.02
    iWork for iOS & El Capitan 
    Apple Ordered to Pay U of Wisconsin


Apple to Report Earnings Oct. 27, Call @ 2PM

General News:

Figuring Costs on New iPhones

Gary Allen, Founder of IFO Passes On

Apple Initiates Help for Apple Music via Twitter

El Capitan problems with Office ‘Apple’s Fault’

Apple Launches Program for MacBooks with Screen Issues

IBM Likes Using Macs Photo from the Past

‘ChipGate’ - Much ado about Nothing 1

‘ChipGate’ - Much ado about Nothing 2

Steve Jobs Movie

Economist Review of Steve Jobs Movie

‘Old News’ - Ron Johnson and a Startup

Harry Potter Books on iBooks


1. Is there a browser that will reflow text when you zoom in on a page?

This is, today, mostly related to the coding of the web site: is it “responsive”.

Try using landscape mode to help.

2. I have some old Adobe Type Fonts. Is anyone interested in these?

Contact Gary.

3. System Report: storage tab displays a lot of device images in “/tmp” with BSD names.

Perhaps you have some old disk images still mounted? Use Disk Utility to locate the offending items, and eject these.

4. What is the safest way to dispose of SysQuest or Bern. disks, with sensitive information?

Drill a physical hole through the disk. 


Apple Car

Rumor: Steve Jobs wanted to make a car — he was in to cars.

Tim Cook: a car is the ultimate mobile device.

Software has become more important than mechanics.

Apple is the best software company on the planet.

(Apple has NOT become Microsoft, because Apple doesn’t suck.)

Google may beat Apple with having a ready-to-go car.

But it will not be as “pretty” as Apple’s. Or “neat” as Apple’s.

(Before Google, Larry Page has been thinking about

self-driving cars since the early 1990’s.)

Apple has special experience in power conservation.

The Apple car will a luxury item, maybe at $70,000.


August 17 & July 20, 2015 Meeting

posted Jul 21, 2015, 9:18 AM by Robert Brown   [ updated Nov 16, 2015, 2:13 PM by Robert Brown ]

August 17, 2015


Silly season: DefCon and Black Hat conferences

Thunderstrike 2 

An attack using Thunderbolt cable chips as a infection vector.

However, it is a low impact.

Screen shot of a scammer attempt 


— this ransomware that targets naive Windows users.

— completely bogus

Screen shot of Apple Fixing bad stuff

“Installer” will damage your computer. You should eject…

— this is a real warning, generated by the Apple malware scanner.

— pay attention if this pops up on your computer.

Zero Day Privilege Escalation Bug in OS X Yosemite (patched)

has been patched in 10.10.5

Cyber Flashing & How to Stop It

A woman on the London subway opened her phone

and saw a genitalia image (a human flasher). The

vector was AirDrop, so it was a naive user enabled


Update Firefox for Security Zero Day

Be sure to update. 

New Vulnerabilities Still Exist….

Don’t run Flash unless you have to.

And just today, an Italian research found a theoretical 

vulnerability. He notified Apple, but then one hour later,

released the details to the public. Normally, such a

researcher would wait for the company to respond.

This was very bad on his part.


Firmware Update for Latest MBP

10.10.5 - Very important - contains lots of security fixes

iOS 8.4.1 - also lots of security fixes


EU Finds No Music Collusion

Apple Wins One Against Samsung


Apple Earnings - Overview

— beat estimates in revenue and eps,

    but not for iPhone unit shipments.

Analysts Reactions on Earnings

Apple Spends on R&D

A Postive Analyst on Apple

Apple #15 on Global 500

General News: 

Apple to Have Visitor Center at New Campus

50% off Selected TCO Books for MUG Members

Apple Pulls Nest Thermostats from Stores

Apple Music Streamed for Free by T-Mobile

Apple Expands Office Space

Apple Expands… ?


Apple Car - Yes?

Self-Driving Car - Maybe not?

Apple Event Sept 9?


Presentation - Home Automation

by John Rich, author and journalist and photographer,

Download this presentation from

Automate your home and vehicle using smartphone or tablet, with technology that is available today.

Your iPhone and/or iPad can become a powerful remote control for many other devices and appliances.

Control Lights

Door Locks & Doorbell


Home Security 

Television & Stereo

Vehicle Navigation (GPS)

Car Maintenance

Infotainment System

Hands-Free Cell Phone


Open Source

Q and A

1. Thunderbird email app - accidentally closed inbox viewer. How do I get it back?  

— we will investigate

2. When I expand Finder column widths, it does not persist when I open new Finder windows. 

— hold the option key when dragging the column borders.

3. Apple ID - cell texts go arbitrarily to either Messages or email. How do we set this?

— Messages will try to use the relay of “Messages to Messages”, but if you are offline, it will use a secondary method, e.g. email, cell SMS.

4. I need help loading 10.5 onto a G4 Powerbook.

— 866 MHz CPU and 512 MB RAM is required.

5. When I copied a file, the file size was different on the copy. Why?

— Maybe block sizes are different. Maybe the metadata was changed. Maybe the copy is more efficiently de-segmented.



July 20, 2015


Flash - Zero Day vulnerabilities and Controversy

Back story of Hacking Team Hack


Apple Boots Monster after Beats lawsuit

Apple Requests Legal Fee Reimbursement from Patent Troll


Earnings for FY Q3 Tomorrow

Analysts weigh in - One Sample

China Market goes down - People Worry, Then Stop Worrying

General News: 

Apple Upgrades AppleCare for Bateries

Apple Gets ‘Good Marks’ from EFF

Apple Watch Satisfaction - a Debate

Taylor Swift and Apple Music I

Taylor Swift and Apple Music II

Apple Releases Public Betas of OS X & iOS9

IDC Guesses Lots of Macs Sold

Apple Hires Auto Exec

Quirky News:  

New Software for Apple IIgs


Apple likely to up iTunes Match

Apple ‘Over the Top’ TV Service?


New iPods

Microsoft Updates Office for Mac

OS X 10.10.4

iTunes 12.2  NOTE: NEW TCO BOOK OUT, See Discount code on Agenda 




Apple Music - Jeff Gamet, Managing Editor of MacObserver

Apple Music is part radio station, part streaming music, part music storage, and part musician social network. That’s a lot for for a single new online music service, and depending on how you use Apple Music, it can be a little confusing. Jeff will show us the new features that Apple Music gives us and point out what’s changed from iTunes Radio and iTunes Match. We’ll also find out which devices support listening to Apple Music.

Via Skype and the MacObserver Web Site.

Catch Jeff’s weekly podcasts.

What is Apple Music, as compared to iTunes, iTunes Radio, iTunes Match?

Three components

1. Beats One — Apple’s own Internet radio station

much like a traditional radio station, 

with DJ’s, music, interviews, call in requests, etc.

“old school radio station”

Zane Low is the station manager.

Beats One focuses on Pop Music.

Maybe in the future, there will be a Beats Two, Beats Three,

and so forth for separate genres of music.

2. Apple Radio — this is iTunes Radio retooled. 

This is a genre selectable streaming service.

A computer algorithm put together the stream 

for iTunes Radio, and made odd choices at times.

However, human curators put together the streams 

for Apple Radio. The ideal is to hear a mix of songs

that you already know with news songs that you do not.

3. “For You” music collections — hand curated recommendations.


iTunes Match vs. Music in the Cloud

iTunes Match — takes your purchased library and puts it in the 

cloud so that it is available from the Cloud on any of your devices.

The purchased library includes CD’s that you have ripped into your

library. The artist royalty was paid out of your original purchase price.

Apple Music in the Cloud — you can listen on demand to any item

in the catalog of iTunes, and the artist is paid a per-play fee.

This is a subscription service. 


Apple chooses the music curators very carefully, 

looking for expertise in the given genre. 


DRM - Digital Rights Management — Apple Music allows you to download music for per-play-fee listening, under your monthly subscription. So it has copy protection. This means that should you end your subscription, any downloaded songs still present on your hard drive will be unplayable.

If you have a given item in your purchased library, you will play the non-DRM file. If you do not have the item in your purchased library, you will download and play the DRM file.


Without Apple Music Subscription, you get these services:

listen to any music you've purchased, ripped, or uploaded to your device. 

(If you pay $24.99/year for iTunes Match, you'll be able to listen to any music 

you've uploaded to iCloud, regardless of whether it's on your device or not.) 

listen to Beats 1 radio, view and follow an artist's Connect stream,

listen to ad-supported Apple Music radio stations 

(which replaces the current iTunes Radio interface)

—though you'll only have limited song skips available.

With Apple Music Subscription, you get these additional services:

  • unlimited skips for Apple Music radio stations
  • the ability to like, comment, play, and save Connect content
  • unlimited listening to the entire Apple Music catalog
  • the ability to add Apple Music songs to your library and listen offline
  • your entire purchased and ripped library, uploaded to iCloud
  • access to Apple Music's hand-curated recommendations and playlists
  • ==================

Apple Connect — a social network for artists to interact with fans 

(but not for fans to interact with artists).

It is the modern version of “liner notes”.

  • ==================

Jeff believes that Apple Music is aware of your connection method, e.g. LTE versus WiFi, and will appropriately choose the best bitrate for the given connection. So you LTE data plan will not be overwhelmed. 


Open Source

The CrossWire Bible Society is an organization with the purpose to sponsor and provide a place for engineers and others to come and collaborate on free, open-source projects aimed at furthering the Kingdom of our God. We are also a resource pool to other Bible societies and Christian organizations that can't afford-- or don't feel it's their place-- to maintain a quality programming staff in house. We provide them with a number of tools that assist them with reaching their domain with Christ.

The heart of most projects here at CrossWire use a common technology called The SWORD Project.

  • A cross-platform textual publishing and research engine with bindings for most modern programming languages.
  • A huge and rapidly growing electronic library of Bibles, commentaries, devotional and general books, maps and much more, in many different languages.
  • A community where volunteers and developers can meet and assist each other in creating great Bible software.
  • A place where publishers will find tools to easily make available their works on a vast array of devices and operating systems.

Pocket Sword

— a Bible reading and study app for iDevices

— by CrossWire Bible Society

It is more than just Bible study. It provides for language studies,

learning foreign languages, learning grammar of your language.

Runs on desktops (Linux, Windows, Mac), and on smartphones.

There is a Java version as well.

Eloquent (formerly known as MacSword) brings the power and versatility of The SWORD Project to users of OS X, along with a beautiful Aqua interface.

PocketSword is a SWORD frontend for the iPhone and iPod Touch. It requires OS 3.0 or later and is now available in the AppStore

Xiphos (formerly known as GnomeSword), runs on Linux, Windows (Windows 2000 upwards), Solaris and all BSDs. Xiphos is a mature programme with all relevant features. Unique for Xiphos is its fully integrated and versatile ability to create your own commentaries, journals, and other content. Xiphos is translated into (currently) 11 languages, including Hebrew, Farsi, and German. 

March 16, 2015 Meeting Notes

posted Mar 16, 2015, 9:35 PM by Robert Brown   [ updated Mar 16, 2015, 9:44 PM ]



Google Safe Browsing System Updated 

CIA attempts at breaking Apple Security 

Discussion:  “does not seem to have been deployed”

Update Flash (yes, again)

FREAK Vulnerability Did Affect Windows

Windows Update Cautions - Sequence is Crucial this time

More (Update) on Superfish - Government Certificates not an issue AFAIK, Superfish is an issue

“… it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours.” 

Brian Krebs on Apple Pay (Bank/Credit Card) Scams

— stolen credit cards are used by thieves on their own Apple Pay 

— not really an Apple Pay problem


Apple Updates for FREAK Vulnerability & More (Note, this is iOS, Mac OS & Apple TV)

General News:

Apple Announcement:  MacBook  Watch Research Kit

And, more Research Kit  HBO on Apple TV

Apple Annual Shareholders Meeting - Tweets from Fortune  Article from Apple Insider

Tim:  Tell us how/where we can do better

Steve Jobs Video from Next Days

Petition for Dropbox NOT to Drop Support for 10.4 & 10.5 (Tiger & Leopard)

Apple Invited to Join Dow Jones Average

Mail List Issues - AOL, Yahoo, etc.

iTunes ‘Outage’ 3/11/15 (US & Europe)

Presentation by Scott Jenson of Google — Open Source

The Internet of Things 

Smart Devices

Withings scale, Nest thermostat, …

Previously at Frog Designs.

You do not want separate apps for each smart device.

How about URL’s instead?

The growth of smart devices will be exponential, and getting more apps is not going to scale with that growth.

Furthermore, apps are being drown in the number of App releases.

40% of apps on the Apple store have NEVER been downloaded!

The goal is to get the controls of smart devices to scale like the web scaled.

The smart device sends a bluetooth code to bring up its web page. It is a discovery service for the devices in your immediate environment.

It has to be decentralized. 

Discover - Rank - Interact

It is not a Google product — it is a web product.

Bluetooth LE sends out an advertising packet, once each second.

The packet is a URL, e.g. “” from a coke machine.

A phone comes by and checks what is nearby, e.g. the coke machine.

These physical devices create the physical web.

Bus stops, vending machines, restaurants, groceries, home controls, etc.

But it only shows you things when you ask to be shown.

Users can opt-in to letting the system gather anon. data.

Your past behavior will be used to rank the most interesting things for you.

It is like QR codes, only broadcast over Bluetooth LE.

The web site, e.g., can send instructions to a vending machine, that you have paid with ApplePay, and you want a Diet Coke.

simple web: smart device sends you a link to the web 

triangular web: the web server tells the smart device what you want.

direct connect: your phone talks to the web server, and also to the smart device.

The project is on Github, with more than 3400 developers watching, participating.

physical web is available on the Apple iOS store.


1. Odd email problem with Apple Mail on my computer, Mavericks.

Outbox items are not being sent.

This might be a known problem with Gmail, where the SMTP server keeps dropping off the list.

Maybe check the Taking Control of Apple Mail book.

Some big providers, e.g. Comcast, are not letting mail work except on their network.

2. My old printer is not working under Yosemite. It is a Canon. 

Apple Support may be able to help — call the support number.

Try generic printer driver.

Keep checking the Canon site for new driver downloads.

3. When I use Siri to initiate a phone call over a bluetooth headset, it drops the headset just as the call starts.

Check your preferences, and make sure you preference is to use the headset for phone calls.

4. QEMU - running Windows programs on Mac.

Anyone using.

5. Best practices for Time Machine backup: 

external drive direct connect is the best, using Thunderbolt.

WiFi network drives allow multiple machine backups.

6. Under Yosemite, can I have an app start up automatically?

    Yes -- under Users account, set up in login items. 

    and also by using contextual menu on a Dock icon.

7.  How do I uninstall MacKeeper?

    Go to for instructions.

    Also try "App Delete" or "App Zapper".

    Do not trust the MacKeeper provided uninstaller.

February 23, 2015 Meeting Notes

posted Mar 12, 2015, 9:24 AM by Robert Brown




  • Yosemite to 10.10.2 
  • iOS to 8.1.3 
  • iTunes to 12.1 
  • Apple TV update 

General News: 




  • Apple Investing in European Data Centers 
  • Apple Building CA Solar Farm 
  • Tim Cook speaks at Cybersecurity Summit 
  • Pilots use iPads to crash land a plane after navigation system failure  


  • Apple Results, Awesome:  First Link, Second Link 
  • Tim Cook Speaks at Goldman Sachs Conference 
  • Goldman ups Apple Price Target to $145 
  • Apple Includes Minority Banks in Bond offering 


Presentation Highlights

    Pages by Michael Cohen

    Author of Take Control of Pages

    Why was Pages rewritten by Apple?

    — because the market is now been led by iDevices as opposed to desktops or laptops.

    — Apple wishes to have continuity of appearance and operation between iOS and Mac OS X.

Part of the cross compatibility is that Pages will recognize when a given device does not have a font which is used in a document, make the appropriate substitution, but without changing the original font assignment.

Alas, we lost newspaper style column flows, mail merge, and other utilities. 

So many people are complaining that “Pages was dumbed down”, but this is unfair. Pages remains a sophisticated document authoring tool. The new Pages is not stupid.


1. Bluetooth keypad (LMP) is not communicating with my Mac. The connection was lost suddenly. The battery is fine. It will not pair with the computer.

— try leaving the battery out for more than 24 hours, to clear out residue data in the memory. 

— in the Mac, tell it to forget the given bluetooth device, and discover it fresh.

2. If I have 5 GB in Dropbox, when I install Dropbox on my iOS device, will it take up 5 GB? Can I selectively sync only certain folders of the Dropbox?

— yes, you can choose, on each device individually, which folders will be sync’ed.

— we will investigate.

SVMUG meeting January 26, 2015

posted Jan 26, 2015, 9:28 PM by Robert Brown

NEWS January 26, 2015



Google’s Project Zero publicizes zero-day vulnerabilities - Mac OSX

Update for Critical Security ‘Pushed’


Logic Pro

Dropbox stopping support 10.5 & Older

General News:

BBC Panorama Show Accuses Apple re Workers

Apple Responds to BBC Critical Show on Apple in China

Apple Quality ‘Conversation’

Linkbait or Reality? 

Apple buys online music analytics company

Market Share update - Apple does well

Apple Pay doing well

Apple Reports Compensation for Execs

Retail Stores Opening in China

Mac mini Gets 2TB option back

iPhone Withdrawal Harms Performance

After CES Analyst Speculates on Apple TV & Robots

iOS 8 Adoption Nears 70%

Spaceship Campus Progressing

Info re BackBlaze Hard Drive Stats


Analysts make guesses re Apple Q1 results 

Apple Earnings Results, Conf Call tomorrow 1/27


Monster Sues Apple’s Beats

Apple and Ericsson Fight over Patents

Apple Wins iTunes Antitrust Case & Jobs Testimony rRemains Confidential


Apple launching Stylus w/larger iPad?

Apple’s chips ready for Low-end laptops

More on ARM chips in Macs



FEB 23, 2015


Dave Peck on VPN software and use.

What is CloaK?

Keeps you safe when you are connected to WiFi networks in the wild.

It is a easy to use VPN.

Three freelancing software developers put it together.

They wanted to make a VPN that was Mac-like and Mac-friendly

Why should you care?

Unprotected WiFi can be dangerous.

For example, Firesheep is a FireFox plug-in that allows snooping of communications on a WiFi network. 

It would even automatically log in to Facebook as some one else when a log-in was detected on the network.

Cloak provides value where HTTPS is not in use.

Cloak prevents passive snooping. 

What is a VPN?

virtual private network

Every byte will be encrypted before it is sent from the local client.

A special VPN server receives the encrypted data, unwraps it,

and forwards it alone.

How is this different from TOR?

How does it affect workplace snooping?

What about other platforms?

We love our Apple devices, which is why when we first built Cloak we built it for Macs, iPhones, and iPads. But we haven't forgotten Android, Windows, and Windows Phone — and perhaps someday in the future, we'll have more to say about them!

How many Cloak accounts do I need?

One! You can use one Cloak account with as many devices (Macs, iPhones, iPads, etc.) as you like.

(We only ask that you keep it to one account per person.)

Do you support Yosemite?

Of course. We're all about Apple.

Do you support iOS 8?

You betcha.

Try for free for 30 days.

$9.99 per month for unlimited service.

$2.99 for 5 GB per month.

Given how much of our daily life and business is conducted online, the question isn’t really if you can afford to sign up for Cloak — it’s if you can afford not to.

Dan Moren, Macworld

SSL is pretty much broken - so people should be using TLS.

POODLE was an attack that caused a client browser to downgrade from SSL to TLS.

 The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.

It used to be believed that TLS v1.0 was marginally more secure than SSL v3.0, its predecessor.  However, SSL v3.0 is getting very old and recent developments, such as the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it).  Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications. If that was not enough … POODLE certainly was.  In fact, as a result of POODLE, SSL v3 is being disabled on web sites all over the world and for many other services as well.

SSL v3.0 is effectively “dead” as a useful security protocol.  Places that still allow its use for web hosting as placing their “secure web sites” at risk; Organizations that allow SSL v3 use to persist for other protocols (e.g. IMAP) should take steps to remove that support at the soonest software update maintenance window.

Subsequent versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0.  For example, the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods.

Cloak includes “Overcload”, which makes sure that when you change networks, no communication is made until the security has been established.

Cloak provides security for the immediate network, but not for the global network — The NSA can still get you.

Open Source Corner

Font Awesome

Treat icons on a web page like styled text.

The iconic font and CSS toolkit

Font Awesome gives you scalable vector icons that can instantly be customized 

— size, color, drop shadow, and anything that can be done with the power of CSS.

Free, as in Speech

Font Awesome is completely free for commercial use. Check out the license.

 One Font, 519 Icons

In a single collection, Font Awesome is a pictographic language of web-related actions.

Q & A

1. Got a new MacBook Pro. Having trouble connecting Firewire 400 drives via an adapter. Does not work with USB either. The drive is a 5.25 with its own power supply. The drive works fine with older computers under Firewire 400.

We suspect the adapter is not good, but as USB is not working, something deeper might be going on. 

Perhaps the bridge chips in the cables?

2. Any experiences with upgrading from Mavericks to Yosemite?

Most experiences seem to be good.

Read “Taking Control of Upgrading to Yosemite”

3. How to use AirDrop on a Mac?

4. Does iPhoto work on Yosemite?

Yes. But bear in mind the Photos will replace iPhoto and Aperture.

5. Demo Handoff.

6.  Recurring directory corruption on internal hard disk.

Very intricate problem — we can only recommend AppleCare. Something is actively damaging your disk — perhaps a third party hardware, like one of the external drives. 

SVMUG meeting December 15, 2014

posted Jan 26, 2015, 7:13 PM by Robert Brown

svmug December 15, 2014

Our annual solstice pot luck holiday goodies meeting.

WireLurker - lesson: do not install unsigned applications.

MSFT Office for Mac, and IE as well

Adobe Flash has another problem - please do updates.

Sony is threatening to sue reporters who pass along stolen information.

United Air Lines has purchased iPhone 6+ for flight attendees.

An "antique" market has developed for first generation iPhones and classic iPods.

iOS 8.1.2 has been released

-- a member reports that the update 'bricked' some iPhones, apparently older models.

Reminder: January and February 2015 meetings will be on the fourth Monday of each month. Jan. 26 and Feb 23

eBook price fixing case was ruled in favor of Apple, but is now in appeal. It could go to the Supreme Court.


Presentation: 1Password 

Canadian company, 

Why password managers are important

Do you use the same password for more than one site?

It is a common mistake. The problem is that if some one gets your password from one site, they will have it for your other sites as well.

You need to use unique passwords for each site.

But will need help to generate the passwords, and help to remember the passwords.

That is the purpose of password managers.

1Password: AES 256 bit encryption, convenient and simple

-- with browser integration

Create a strong password for the master password, but it needs to be memorable.

Recommendation: use four random words: "correct horse battery staple"

supported browsers: safari chome firefox opera

Look at the blog, for apps that love 1Password

BAckup data using the 1Password emergency kit.

Use the security audit to find duplicate passwords, weak passwords, old passwords.

Use the Watchtower to fetch information on which web sites have been hacked.

SVMUG Meeting November 17, 2014

posted Jan 26, 2015, 7:11 PM by Robert Brown

• Apple Gives New Contract to Samsung for Chip Manufacturing 

November 17, 2014

The Korea Times reports that Apple has given a new contract to Samsung, whereby Samsung will manufacture 80% of iPhone and iPad chips, staring in the year 2016.

This past year, Apple had switched to chips made by the Taiwan Semiconductor Manufacturing Company (TSMC), leaving Samsung only a small fraction of this business. The effect on Samsung was devastating - profits fell significantly. 

Why was the new deal signed? Speculation is that TSMC was not able to meet the specifications and chip yield required by Apple. 

However, Samsung's own smartphone business continues to suffer, but not because of Apple. Samsung's market is low cost smartphones, where the competition is Xiaomi and Lenovo. Both of these companies are able to undercut Samsung pricing for smartphones. 


Apple OS Updates

Mac OS X 10.10.10

iOS 8.1.1

improves WiFi connectivity 


 Apple roundup: iPhone 6 supplies, UnionPay, Samsung/TSMC • 5:27 PM

Eric Jhonsa, SA News Editor

BMO's Keith Bachman reports seeing improved U.S. iPhone 6 (NASDAQ:AAPL) supplies. "Whereas the iPhone 6 Plus was very hard to find a few weeks ago, supply has improved ... Whereas Apple stores were sold out of virtually all iPhone 6 models a few weeks ago, retail stores now appear to have almost half of the iPhone 6 models across the various carriers available for walk-in."

Bachman does note there's still "virtually no available stock of iPhone 6 at carrier partner stores, such as AT&T and Verizon." However, online wait times at carrier stores have fallen in half to ~10 days.

Apple's U.S. site typically shows wait times of 7-10 days for the iPhone 6, and 3-4 weeks for the 6 Plus. In October, there were multiple reports stating Apple is boosting 6 Plus production.

Apple has added UnionPay, China's dominant payment-processor, as an App Store payment option. UnionPay credit/debit card holders will be able to link their cards with their Apple IDs, something Internet software/services chief Eddy Cue calls "one of the most requested features from [Apple's] customers in China." Quartz notes the agreement could pave the way for an Apple Pay deal.

The Korea Times reports Samsung (OTC:SSNLF) will supply 80% of Apple's A-series app processors starting in 2016, thanks to a new agreement.

While TSMC (NYSE:TSM) is manufacturing Apple's 20nm A8 processors, Samsung has been expected to supply a large portion (if not all) of Apple's A9 processors, leveraging a 14nm FinFET (3D transistor) process it's developing with Globalfoundries.


Intel launches $495 bracelet, continues battling Nvidia in HPC market • 7:07 PM

Eric Jhonsa, SA News Editor

Intel (NASDAQ:INTC) has officially launched its MICA smart bracelet (previous). The device is priced at $495, and aimed at women. It features a 1.6" OLED display, and delivers texts, e-mails, and Facebook/Google notifications over AT&T's 3G network. Two years of free data is bundled.

Much like Qualcomm wth its Toq smartwatch, it doesn't look as if Intel's goal is to challenge Apple and Samsung's wearables, but to provide a proof-of-concept for OEMs looking to create similar hardware running on Intel processors. Intel began shipping its low-power Quark CPUs this year, and has also developed Atom CPUs meant for embedded devices.

Meanwhile, Intel has shared more details Knights Landing, an upcoming 14nm product for its Xeon Phi co-processor line (used in HPC/supercomputer systems), and added Knights Hill, a successor product that will use a 10nm process, to its roadmap.

Knights Landing, which succeeds the current Knights Corner in 2H15, is said to deliver a 3x improvement in single-thread performance. It includes up to 16GB of memory, can work either as a co-processor or a standalone processor, and relies on a new interconnect fabric (called Omni-Path) that Intel promises will deliver better performance and require fewer switches than the widely-used InfiniBand - that makes it a potential challenge for Mellanox (NASDAQ:MLNX).

The product takes aim at Nvidia's (NASDAQ:NVDA) leading position in the HPC co-processor market. Today, Nvidia unveiled the Tesla K80, a high-end HPC co-processor said to deliver 8.7 teraflops of single-precision throughput (74% above the prior-gen K40). The K80 sells for $5,000, and contains two of Nvidia's new (28nm) GK210 GPUs.


Apple Pay's 3-Week Report Card Shows A Promising Start

Nov. 17, 2014 7:26 PM ET  |  3 comments  |  About: Apple Inc. (AAPL)

By Aman Jain

Apple Pay is garnering decent number of users on a per store basis, but without NFC-enabled smartphones, the growth will be limited for now.

Apple (NASDAQ:AAPL) Pay service has witnessed a decent start, with Whole Foods (NASDAQ:WFM) telling The New York Times it received 150,000 transactions in the three weeks following the launch of the service. Though the number is not extraordinary, it is substantial for a single store to garner such numbers from a brand new service with limited device support.

Apple Pay making inroads

Other merchants have not yet released their statistics, but are indicating that the numbers are decent. According to the report, Walgreens' (NYSE:WAG) mobile payments increased two-fold and McDonald's (NYSE:MCD) is receiving half of its mobile payments through Apple Pay now.

Apple Pay was released on October 20th as a part of the iOS 8.1 update, and since then, the service has been in swing, with McDonald's and Walgreens seeing the most number of Apple Pay payments. At McDonald's 14,000 U.S. locations, 50% of all tap-to-pay transactions were done with Apple Pay. Walgreens, with its 8,000 drugstores, says the number of mobile payments has doubled since Apple Pay was enabled.

Some merchants are seeing little-to-no change with the release of the payment service from Apple. Toys "R" Us said that there has not been any notable surge in its mobile payment numbers, and cash and credit options are still more popular than Apple Pay.

Rival services noticing surge

The success of Apple Pay cannot be ensured just yet, and much depends on the additional hardware support and cooperative retailers. The payment service from the iPhone maker is not showing startling numbers, but it is encouraging greater use of other tap-to-pay services such as Google (NASDAQ:GOOG) (NASDAQ:GOOGL) and Softcard, as both the services noted that they have seen a surge in usage over the past few weeks.

The NY Times report noted that a lot of service usage depends on the strength of the Apple brand and the easy-to-use features of pay service. Apple Pay service needs the NFC feature, but a substantial part of the population in the United States does not have NFC-enabled mobile, which makes it difficult to garner a whole lot more NFC payments. However, with a growing number of customers buying the iPhone 6, companies are now ready to offer the payment feature.


Perma Cookies

HTTP header, X-UIDH, is injected into your requests to an web site.

The web site can use server side processing to identify you via this header.

When you are using a connection via an ISP account Hotspot or home modem, your identity can be associated with your requests by attaching the X-UIDH header. This is done in route by the ISP — you have no control over this from your client computer. 

At the destination web site, this X-UIDH value can be read. The destination server can send the value back to the ISP, to query for the associated user information. This will typically be for a fee paid to the ISP by the site owners or by a third party “Ad Exchange”.  The site owners or any third party they work with can track what you look at, for how long, and how frequently.

Because the same X-UIDH value is attached to your requests for all web sites, the data can be consolidated to build a full profile of your web usage.

This only works if you are connected via your ISP account, not if, for example, you are using a public WiFi at your local library. It also only works for unencrypted connections, but most consumer oriented sites are only encrypted for the purpose of monetary transactions or sometimes for delivery of protected content.

You can choose to use public connections, but that is inconvenient, and in some cases, risky. You try a proxy service, but that is not easy.

The Perma Cookie technique is known to have been used only by AT&T and Verizon. AT&T has indicated that while it ran a test of Perma Cookies, it is not using such at the time of this report. Verizon seems to be actively using Perma Cookies. 


State Department hacked on Sunday. It is said that only unclassified email and documents were compromised.


svmug December 15, 2014

posted Jan 26, 2015, 7:05 PM by Robert Brown

svmug December 15, 2014

Our annual solstice pot luck holiday goodies meeting.

WireLurker - lesson: do not install unsigned applications.

MSFT Office for Mac, and IE as well

Adobe Flash has another problem - please do updates.

Sony is threatening to sue reporters who pass along stolen information.

United Air Lines has purchased iPhone 6+ for flight attendees.

An "antique" market has developed for first generation iPhones and classic iPods.

iOS 8.1.2 has been released

-- a member reports that the update 'bricked' some iPhones, apparently older models.

Reminder: January and February 2015 meetings will be on the fourth Monday of each month. Jan. 26 and Feb 23

eBook price fixing case was ruled in favor of Apple, but is now in appeal. It could go to the Supreme Court.


Presentation: 1Password 

Canadian company, 

Why password managers are important

Do you use the same password for more than one site?

It is a common mistake. The problem is that if some one gets your password from one site, they will have it for your other sites as well.

You need to use unique passwords for each site.

But will need help to generate the passwords, and help to remember the passwords.

That is the purpose of password managers.

1Password: AES 256 bit encryption, convenient and simple

-- with browser integration

Create a strong password for the master password, but it needs to be memorable.

Recommendation: use four random words: "correct horse battery staple"

supported browsers: safari chome firefox opera

Look at the blog, for apps that love 1Password

BAckup data using the 1Password emergency kit.

Use the security audit to find duplicate passwords, weak passwords, old passwords.

Use the Watchtower to fetch information on which web sites have been hacked.

Meeting Notes June 16, 2014

posted Jul 14, 2014, 12:06 PM by Robert Brown

June 16, 2014


Lynda Gousha

News and Events

General News:

Angela Ahrendts begins heading Retail - Visits New Store Opening in Japan

Apple buys Beats

Beats Music Discount from Target

New Radio Stations on iTunes, ESPN & NPR

7/1 Stock Split Happened 6/9/14

China State Media States US Companies ‘cohort’ with NSA


AT&T Says customer data was accessed without authorization

Australia iPhone Hack

Russia Arrests Suspects of Australian Apple Device Hack


EU Investigating Apple, Starbucks & Fiat for Taxes

More Apple vs Samsung


EFI for MacBook Airs 2013/2014

Battery Issue for MacBook Airs Update

Mac OS X Server updatre


Prepaid & Month to Month iPhones in Apple Stores?

iWatches in October?

Apple Expects to Sell 3 - 5 Million iWatches per Month?

WWDC - Lots of enthusiasm!!!

Apple Streamed the Keynote

Easier Login

About the Enterprise

‘Last location’ to Find my iPhone

Amazon Prime members now have access to free music streaming and music downloads via the Amazon Music app.

AT&T customer data compromised -- perhaps an inside job, to sell old phones on the grey market. If you get an email from AT&T, check to make sure it is really from AT&T.

Australian iPhones hacked, with ransomware demands. Apple was itself not compromised -- it appears that a third party site was hacked, and if the victim used the same password from that site on his or her Apple ID, it gave the hackers access to the iPhone via iCloud. The hackers were arrested in Russia.

Updates: EFI for MacBook Air, also system updates for battery issues, and the Mac OS X server.

Rumors: prepaid and month-to-month iPhone plans to become available? iWatch coming in October? Apple expects to sell 3 -5 million iWatches per month? Samsung acquires Nuance? (Icahn owns 10% of Nuance)

BTW, Pebble is doing well, but the Samsung Watch is not. The Pebble is cross platform, the Samsung is not, and in fact the Samsung only works with certain models of Samsung smartphones.

A couple words about WWDC: seems to have more enthusiasm this year. The stock was kicked up. Developers were quite happy.

Featured Presentation

Dan Frakes on Apple’s 2014 World Wide Developers Conference

Going to talk shop about WWDC

Keynote: this is the one that people were most excited about, in memory. "

It felt very open, with many new tools.

The new extensions capability will allow apps like OnePassword to integrate with any other app.

"it was a buffet for developers"

70% of the developers were there for the first time. (Because of the lottery for seats.)

There was an alternative conference run for those who could not get in to WWDC. It was very well received.

Apple loosen the NDA, so that attendees could talk about the new releases.

Videos of the workshops are available for free, and more available for the $99 annual developer fee.

The iOS keyboard will provide predictive phrase completion.

Things like Text Expander will be available in iOS 8.

Continuity will pass documents across all of your devices.

Everything is going to work seamlessly.

iCloud is being completely revamped -- no more document silos! iCloud will be more like Dropbox. Developers are really excited about this.

iCloud will be open to Windows as well, as the iCloud Drive.

Developers will be allowed to make plugins for iCloud, for example integrating Dropbox into iCloud.

Yosemite will work on any machine that can work on Lion, forward.

(Do you remember OpenDoc?)

Swift program language: in the works for four years, really surprised everyone. Swift brings features for which developers had been asking.

New Photo Application: in the Cloud library of all of your photos -- accessed on any of your devices. 2 TB maximun at the moment.

Speculation: iPhoto and Aperture to merge.

iWorks? The previous update was intended to make Pages, Numbers, Keynote work the same (have parity) across all iOS and Mac. Some features had to be removed. These features and others may now be restored in forthcoming revisions.

Dashboard Widgets? It will off by default in Yosemite -- it will likely go away altogether in a year or two. But Notifications takes the place of widgets in a lot of functions.

Hardware? Still coming. Next Few Months. Really. Back to School. Christmas.

Developers are just sinking their teeth into the new capabilities -- give them some time to spread out. Also expect many new developers.






Text Expander and Keyboard Shortcuts are very similar. However text expander can do multiple lines, run scripts, provide selection menus.

Developers number one pipe dream is a new file system. ZFS?

A lot of bug fixes in Mavericks have been deferred to Yosemite. Mavericks was actually a minor update, compared to Yosemite.

Will AppleTV be the central hub for the HomeKit?

AirDrop to work between iOS and Mac OS X. Sorry, not backwards compatible.

Controverstial User Interfaces:

Some people hate transparent menubars

Some people hate changing the “green” button behavior


Open Source Corner


AppleJack is a script, intended for use in the “Single User Mode” of the Mac OS X. This script will perform several types of repairs on your system, automatically.

You can start a Mac into the single user mode by holding down the command-s keys immediately when powering on or restarting the computer.

In the single user mode, the computer will start up and run using just the generic Unix kernel software -- the Mac OS X is in effect not running at all. The operating system is pure Unix, and dangerous. You could really mess up.

By the way, the availability of the single user mode is why you will often read that if some one has physical access to your computer, they can do anything. Actually, not so much. For example, if you have wisely used File Vault, they would still need your password to read your files. More about that on some other day.

So, you are now in the terrifying pure Unix command environment. Why did you come here? Because your system needs help, and you are down to the Last Resort.

By running AppleJack, a sequence of repairs and optimizations will be performed on your system hard drive. AppleJack handles this sequence for you, acting like a Unix guru trying to fix your system.

It will repair the disk, repair the permissions, repair preferences files, and clear cache files which might be corrupted. When it has finished, it will restart your system.

AppleJack can be obtained from this link:

However, the page may load very slowly. You can also get AppleJack from MacFixIt and other troubleshooting sites.

The current version is 1.6. This version is compatible with Mac OS X Mevericks and with File Vault.

The AppleJack installer adds a script in the Unix user executables path:

The installer also adds documentation for AppleJack into your Library/Documentation folder.

You run AppleJack by issuing this command in the single user terminal:


Typically, you will choose to use the “auto pilot”. The script will execute the listed the tasks, and then restart the system.

I have run AppleJack on my laptop -- it simply ran without incident.


Questions and Answers

1. BBEdit can not close using the red button.

-- No one seems to be aware of this problem.

-- Try command-W, or the menus

2. Any favorite clipboard apps, e.g. for multiple clips

-- Collective

-- Launchbar

-- Clip Menu

-- Clipper

3. F9 does not show open windows in Mavericks

Is anyone using the function keys in Mavericks?

-- the function keys have been changed, actually starting back in Leopard.

-- you can designate some keys via the system keyboard preferences.

-- Mission Control actually takes the place of the old Expose.

4.  4 GB of RAM, should I upgrade to 8 GB or higher?

-- Higher!

-- No such thing as too much RAM.

5. My Canon Scanner keeps asking for network access.

-- could be looking for firmware updates

-- could have something to do with network mounted scanners.

6. When a window is small, the columns in a file browser or info display will slide (scroll) to the left as you click on things on the right. Can the columns be made to not slide automatically?

-- No.

Wrap Up

1-10 of 27