Meeting Notes

April 18, 2016 Meeting Notes

posted May 2, 2016, 3:08 PM by Robert Brown

SVMUG Notes 

April 18, 2016

News and Events


60 Minutes Phone Hacking Story

Note that there were three vectors i) fake hotel network, and ii) downloading a file (via text), plus one ‘Bluetooth Driveby’

proficient hackers demonstrated hacks.

man in the middle using fraudulently WiFi hotspot

Defense: environmental awareness, and use a VPN.

“Apple ID due to expire….” - Text Phishing attempt

throw away such messages — it is a fraud.

Apple Fixes Bug That Allowed Access to Contacts & More

0Day Flash Flaw Used for Ransomware (Windows) But….

Apple Says ‘Most Effective Security Organization in World’

Windows?  Uninstall QuickTime

Do NOT Pick Up USB Sticks…. DANGER!

ARRIS SURFboard Cable Modems Need Updating


FBI Drops San Bernardino Case Against Apple

Bryan will cover this in his presentation tonight.

‘Grey Hats’ Help FBI Crack San Bernardino Phone

No Useful Info on San Bernardino Shooter’s iPhone 5c

Apple Quotes FBI in Boston iPhone Case

DOJ Continues Appeal of NY iPhone Case

No Obama Support for US Senators Feinstein & Burr Anti-encryption Bill 

empower judges to force companies to assist law enforcement

Bloomberg on Background to FBI v Apple

Paris Terrorists Used Burner Phones

Microsoft Sues US Gov’t 

over orders to reveal customer’s emails and a gag order on those orders

Apple & FBI Testify to Congress - Again

General News:

Bill Campbell Passes On

WWDC Dates, Lottery Announced 

Enterprise Employees Choose Apple

Apple Grows Share of Worldwide PC Market


Stock Down on Supply Chain ‘Concerns’


Next iPhone May be Glass

Apple Doing More Original TV?

New MacBook on the Way?


Office 2011 for Mac - Security Update

iOS 9.3.1 - Fixes Link Issue with 9.3

Presentation — Bryan Chaffin

FBI versus Apple and The People

1990’s - crypto wars, our intelligence agencies try to prevent encryption technology from being exported.

— so the foreign tech companies developed their own.

— now twenty years later, we are making a similar mistake.

is there a way to let only the good guys to snoop? Reason dictates that is not possible. If keys exist, everyone can look for those keys.

Also, if you give the government the ability to spy secretly on anyone anytime, how long until they get around to spying on you?

Open Source — GnuCash

Questions and Answers

1. Preview has a memory leak when dealing with PDF files. Recently I had to do a lot of work with PDF, and lost 40 GB of disk space. How do I recover this space. 

We think it should be a cache file management problem. Also Preview may be saving versions of files, but that should be visible. Maybe virtual memory files are eating disk space. Perhaps a disk optimization program might find the missing space. Use the console to check for recurring errors. Perhaps the logs are increasing without limit. 

2. Booting up MacBook Pro, it seems to always use a WiFi connection rather than an ethernet connection, even though the ethernet is plugged in and ready. 

In Mac System Preferences -> Network Settings, you can enable several different connections simultaneously. The priority by which each will be used is set by the order in the list of connections in the network settings control panel. If you wish ethernet to have the highest priority, simply drag the ethernet item to the top of the list. 

By the way, the same is true for setting the priority of WiFi connections, should more than one WiFi “hotspot” be available in a given environment. Simply drag the item for the most preferred hotspot to the top of the list that is found under Network -> Advanced settings.

March 21, 2016 Meeting Notes

posted Apr 18, 2016, 2:38 PM by Robert Brown



Ads Spreading Malware/Ransomware

(Flash, Java, Silverlight)

Use AdBlockers as a Defense?

Reason to Stay Up to Date

First Mac Ransomware (Near Miss)

    No actual damage done for three reasons:

1) the malware was designed to stay dormant for 72 hours (presumably to make it harder to figure out where it came from)

2) Transmission, the vendor, responded promptly with clear and accurate messages to users, and, with an updated version of Transmission that removed the malware. (Bad Version only there for 36 to 48 hours)

3) Apple responded quickly by revoking the developer cert used to sign the malware, and adding the malware itself to XProtect. Revoking the cert stopped the malicious installer from passing gatekeeper, and adding the malware itself to XProtect prevents it from running, even on systems that installed the malware before the dev cert was fixed.

The end result of all this is that it seems like none of the few thousand people who contracted this malware lost any data. So – in real terms this was not actually a major disaster, it was however a near miss!

from Bart Busschots on

AceDeceiver - Only for PCs in China

Update Flash, You Use it

Mac Users Targeted by Misspelled Domains

Good News - iCloud Hacker Guilty



Supreme Court Agrees to Hear Samsung v Apple

Supreme Court Declines to Hear Apple re iBook Case

FBI Gets Nasty - Threatens Source Code

FBI Could Crack the Phone…. Here’s how

UN Human Rights Commissioner Supports Apple

FBI ‘Facts’ - Not so Much…

Dormant Cyber Pathogen

Another Former CIA Director Sides with Apple

Richard Clarke (Former Counter Terrorism, etc.) Sides with Apple

Apple’s Legal Argument Looks Good…. Harvard Law Prof.

Senator Lindsay Graham Switches Sides

Proposed Legislation from Feinstein

Tim Cook Time Mag Interview

NOW FBI Says ‘Never Mind’

(John Oliver on Encryption, FBI, etc.)


General News:

Apple Hires Amazon Exec as Security ‘Chief’

Apple Moves to Google for Cloud Services

Apple & Google Face European Parliament 

‘News’ App Now Open to all publishers

93% of Apple Facilities on Renewable Energy

iPhone SE

iPad Pro 9.7”

iPad Air II Now Starts @ $399

Apple Watch Gets Lower Price & New Bands

Meet Liam



iOS  9.3 - must have for security

OS X 10.11.4 - 

iTunes 12.3.3 - 

Watch OS 2.2

TVOS 9.2

Xcode 7.3


Quicken 2016

Marcus Aiu and Jeff Parker from Quicken presenting.


sneak preview - right now have a per month budget. New: budget over a full year. Currently, this is “alpha” code.

New: direct connect bill pay. 

Buy: and the Mac App Store.

and vote for new features.

Raffle: a copy

Q and A

1. Limit the number of emails that are displayed in the recent emails of the iPhone.

Limit the downloading of emails to the iPhone. Try creating folders for different categories of mail, using the tools on the server. 

2. When you click on a purchased TV program, can you set the preferences to show only the most recent episodes, rather than the whole list of episodes? Otherwise you do a lot of right swiping to find the desired episode. 

We are not sure

The download buffering estimate seems wrong. 

This is because of the way Apple TV attempts to estimate, based on the first few bytes, and the byte rate average.

3. When I add events to my Gmail calendar, the events show up in my iPhone calendar, but not vice versa. Can I fix this to work both ways?

On the iPhone, under calendar settings, set default calendar to Google. 

The iPhone fetches data from multiple calendars, but creates events in only one calendar.

4. How do I delete a recovery disk (recovery partition). 

Normally, you only see the Mac partitions — the recovery partitions are only shown if you use an “option” boot. 

Frankly, you should not delete the recovery partition. It is necessary.

5. Is there a way to prevent iCloud from opening upon startup? I have an ATT cell phone modem, called “ATT All Access”. I am shown two successive iCloud sign-in windows, which takes forever to connect. 

November 16, 2015 Meeting Notes

posted Nov 17, 2015, 8:29 AM by Robert Brown

SVMUG November 16, 2015



Malware attacks KeePass - OS Password Manager

Ransomware Threatens to ‘Publish’ Your Data

1Password Metadata Leak 1

1Password Metadata ‘Leak’ 2 - Response

Still More on 1Password Metadata (Scroll down to ‘Security Lite)

Apple Phishing Scam

Apple Removes Malware Instagram App from iOS Store


Updates iOS, Watch OS, and OS X

Apple TV 4 Available

Apple tvOS 9.01

iPad Pro is Available (Robert has one!!)


Apple Wins Dismissal of ‘Bag Search’ Lawsuit

Apple goes to Supreme Court over iBooks


Apple Reports Financial Results

Analysts React (Mostly good)

Apple Capex $15 billion in 2016

General News: 

Steve Jobs Movie Pulled - Poor Box Office Results

Mac App Store Has Certificate Problems

Apple San Jose Campus??

iPad Pro Goes on Sale

Australian Apple Store Racial Profiling Gets an Apology, & More

Tim Cook on Climate Change, Equal Rights, etc.

Amazon Removes Apple TV & Chromecast from its Store

Apple Launches Clean Energy Programs in China  Greenpeace Likes It


Apple to Launch Person to Person Apple Pay?



Swift Programming for the non-programmer

What is a programmer?

Flexibility, ease of use, portability, and speed

languages before Swift: problems and solutions

What is Swift? How is it different?

Programmers create instructions intended to cause a computer to do some work.

Users are just programmers who believe anything you tell them.

stored instructions: program, playlist, bookmark, app, Macro, script, shortcut, … html, document…

Programmers care about flexibility, ease of use, portability, and speed.

The Facebook web interface makes it very easy to share a post on Facebook,

but you can’t use it to write a program to solve a math problem.

Using Assembly language you can write a program to do anything,

such as posting to Facebook,

but it takes much much more work then using Facebook.

Trade-off: ease of use versus flexibility

Portability is also a concern. Where can I run the program?

Facebook runs everywhere (via web browser).

But assembly language is very specific to the platform.

Speed is also important: how fast is a program after I write it.

— Find the Middle Ground —

Flexible enough yet easy enough

portable enough yet fast enough. 

Control Flow: specify the order of execution of program statements

Spaghetti code: a program where the control flow is hard to follow.

With spaghetti code, different parts of your code can be meshed with each other,

so that changing one piece might break some other piece, especially in unexpected ways.

Excel Macros are flexible but not easy to use — makes spaghetti code inevitable.

Furthermore, it is not portable (works only in Excel), and not particularly fast.

solution: C

— create anything

— easy to create simple elegant code

— portable - everything has a C compiler.

— Speed - very fast

[Sidenote: a compiler takes readable code, e.g. English, and converts it into machine code (or “byte code”).

“The nice thing about C is that you can do everything. The bad thing about C is that you must do everything.”

Solution: object oriented programming: objects encapsulate data with the code that operates on that data.

— code becomes a loose collection of objects.

— the objects are replaceable without great modifications to the rest of the code.

— objects encapsulate code

“Objective-C”, “C++”

Objective-C is a strict superset of C.

— perhaps not quite as easy as plain C

— it was designed to portable, but really only used for Apple devices

— fast, but not as fast as pure C

Apple’s Goals for Swift

- safe

- modern

- fast

- interactive

- open source


- No “silent consent” for unexpected conditions

- Better memory protection

- No selectors.

If Objective-C encounters an unexpected condition, e.g. null pointer, it does nothing, generates no exceptions, no errors.

Swift will deliberately crash the program. This prevents problems later. 

Memory Protection: C can wander around in memory, changing stuff that should not be changed.

Swift will enforce array bounds, rigorously check for overflow, and uses no pointers by default.

In C, C++, or Objective-C, it is easy to accidentally modify memory.

Swift does not support selectors. This allows for the creation of private code that other objects are not allowed to call.

Modern: “when Swift was release, everyone said it was just like their favorite language”

— modern nice syntax

— Swift source code is usually shorter than Objective-C source code.

Fast: significantly faster then Objective-C.

Interactive: not a feature of the language, but of the creation tools (Xcode).

— playgrounds execute code automatically.

— — see the results instantly

— — can use Apple frameworks

— — can use image and sound files

— — no need to embed code in complex programs, to see the results.

Open Source: at WWDC 2015, Apple announced that Swift would be made open source by the end of the year.

— it is not the end of the year, yet.



1. Best Swift book for novices is the Apple Swift book. (Currently version 2.1 in iBooks.)

2. How to speed up file sharing between two Macs?

— Use WiFi for the connection.

— AirDrop is also very quick.

3. I am getting restarts in Yosemite. Is this a bad sign? No problems are found in diagnostics. “Your Mac restarted because of a problem.”

— possibly the HD is starting to fail.

— use Disk Utility to read the SMART data on the drive.

— Google kernel restarts - there is an Apple Support Document.

— try EtreCheck

4. How do I view an email in ‘source text’ without opening it?

— you have to open it.

— in the mail list, force touch the mail item or use the menu “view” -> “message” -> “raw”

5. Suggestions of where to start learning programming?

— pick something simple, write it.

— then move on to more complex things.

6. I can calibrate my monitor using the Apple tool. What can I use?

— Use Spyder Pro, X-Rite Pro, etc.

7. New iPhone 6+ — try to transfer my SIM card, but AT&T says I need a new SIM card for new features. What are these features?

— only AT&T knows — ask them at the retail store.

— it might be the WiFi calling, and HQ calling.

October 19, 2015 Meeting Notes

posted Nov 16, 2015, 2:09 PM by Robert Brown

SVMUG October 19, 2015 



YiSpecter Malware - for iOS

    distributed by enterprise administration, not via iOS App Store

Apple Removes ‘Continue Button’ (iOS9)

    Enterprise administration can get around this.

Flash - of course - Advice on Flash

Apple Removes Apps that Could Spy


    Safari 9m iOS 9.02
    iWork for iOS & El Capitan 
    Apple Ordered to Pay U of Wisconsin


Apple to Report Earnings Oct. 27, Call @ 2PM

General News:

Figuring Costs on New iPhones

Gary Allen, Founder of IFO Passes On

Apple Initiates Help for Apple Music via Twitter

El Capitan problems with Office ‘Apple’s Fault’

Apple Launches Program for MacBooks with Screen Issues

IBM Likes Using Macs Photo from the Past

‘ChipGate’ - Much ado about Nothing 1

‘ChipGate’ - Much ado about Nothing 2

Steve Jobs Movie

Economist Review of Steve Jobs Movie

‘Old News’ - Ron Johnson and a Startup

Harry Potter Books on iBooks


1. Is there a browser that will reflow text when you zoom in on a page?

This is, today, mostly related to the coding of the web site: is it “responsive”.

Try using landscape mode to help.

2. I have some old Adobe Type Fonts. Is anyone interested in these?

Contact Gary.

3. System Report: storage tab displays a lot of device images in “/tmp” with BSD names.

Perhaps you have some old disk images still mounted? Use Disk Utility to locate the offending items, and eject these.

4. What is the safest way to dispose of SysQuest or Bern. disks, with sensitive information?

Drill a physical hole through the disk. 


Apple Car

Rumor: Steve Jobs wanted to make a car — he was in to cars.

Tim Cook: a car is the ultimate mobile device.

Software has become more important than mechanics.

Apple is the best software company on the planet.

(Apple has NOT become Microsoft, because Apple doesn’t suck.)

Google may beat Apple with having a ready-to-go car.

But it will not be as “pretty” as Apple’s. Or “neat” as Apple’s.

(Before Google, Larry Page has been thinking about

self-driving cars since the early 1990’s.)

Apple has special experience in power conservation.

The Apple car will a luxury item, maybe at $70,000.


August 17 & July 20, 2015 Meeting

posted Jul 21, 2015, 9:18 AM by Robert Brown   [ updated Nov 16, 2015, 2:13 PM by Robert Brown ]

August 17, 2015


Silly season: DefCon and Black Hat conferences

Thunderstrike 2 

An attack using Thunderbolt cable chips as a infection vector.

However, it is a low impact.

Screen shot of a scammer attempt 


— this ransomware that targets naive Windows users.

— completely bogus

Screen shot of Apple Fixing bad stuff

“Installer” will damage your computer. You should eject…

— this is a real warning, generated by the Apple malware scanner.

— pay attention if this pops up on your computer.

Zero Day Privilege Escalation Bug in OS X Yosemite (patched)

has been patched in 10.10.5

Cyber Flashing & How to Stop It

A woman on the London subway opened her phone

and saw a genitalia image (a human flasher). The

vector was AirDrop, so it was a naive user enabled


Update Firefox for Security Zero Day

Be sure to update. 

New Vulnerabilities Still Exist….

Don’t run Flash unless you have to.

And just today, an Italian research found a theoretical 

vulnerability. He notified Apple, but then one hour later,

released the details to the public. Normally, such a

researcher would wait for the company to respond.

This was very bad on his part.


Firmware Update for Latest MBP

10.10.5 - Very important - contains lots of security fixes

iOS 8.4.1 - also lots of security fixes


EU Finds No Music Collusion

Apple Wins One Against Samsung


Apple Earnings - Overview

— beat estimates in revenue and eps,

    but not for iPhone unit shipments.

Analysts Reactions on Earnings

Apple Spends on R&D

A Postive Analyst on Apple

Apple #15 on Global 500

General News: 

Apple to Have Visitor Center at New Campus

50% off Selected TCO Books for MUG Members

Apple Pulls Nest Thermostats from Stores

Apple Music Streamed for Free by T-Mobile

Apple Expands Office Space

Apple Expands… ?


Apple Car - Yes?

Self-Driving Car - Maybe not?

Apple Event Sept 9?


Presentation - Home Automation

by John Rich, author and journalist and photographer,

Download this presentation from

Automate your home and vehicle using smartphone or tablet, with technology that is available today.

Your iPhone and/or iPad can become a powerful remote control for many other devices and appliances.

Control Lights

Door Locks & Doorbell


Home Security 

Television & Stereo

Vehicle Navigation (GPS)

Car Maintenance

Infotainment System

Hands-Free Cell Phone


Open Source

Q and A

1. Thunderbird email app - accidentally closed inbox viewer. How do I get it back?  

— we will investigate

2. When I expand Finder column widths, it does not persist when I open new Finder windows. 

— hold the option key when dragging the column borders.

3. Apple ID - cell texts go arbitrarily to either Messages or email. How do we set this?

— Messages will try to use the relay of “Messages to Messages”, but if you are offline, it will use a secondary method, e.g. email, cell SMS.

4. I need help loading 10.5 onto a G4 Powerbook.

— 866 MHz CPU and 512 MB RAM is required.

5. When I copied a file, the file size was different on the copy. Why?

— Maybe block sizes are different. Maybe the metadata was changed. Maybe the copy is more efficiently de-segmented.



July 20, 2015


Flash - Zero Day vulnerabilities and Controversy

Back story of Hacking Team Hack


Apple Boots Monster after Beats lawsuit

Apple Requests Legal Fee Reimbursement from Patent Troll


Earnings for FY Q3 Tomorrow

Analysts weigh in - One Sample

China Market goes down - People Worry, Then Stop Worrying

General News: 

Apple Upgrades AppleCare for Bateries

Apple Gets ‘Good Marks’ from EFF

Apple Watch Satisfaction - a Debate

Taylor Swift and Apple Music I

Taylor Swift and Apple Music II

Apple Releases Public Betas of OS X & iOS9

IDC Guesses Lots of Macs Sold

Apple Hires Auto Exec

Quirky News:  

New Software for Apple IIgs


Apple likely to up iTunes Match

Apple ‘Over the Top’ TV Service?


New iPods

Microsoft Updates Office for Mac

OS X 10.10.4

iTunes 12.2  NOTE: NEW TCO BOOK OUT, See Discount code on Agenda 




Apple Music - Jeff Gamet, Managing Editor of MacObserver

Apple Music is part radio station, part streaming music, part music storage, and part musician social network. That’s a lot for for a single new online music service, and depending on how you use Apple Music, it can be a little confusing. Jeff will show us the new features that Apple Music gives us and point out what’s changed from iTunes Radio and iTunes Match. We’ll also find out which devices support listening to Apple Music.

Via Skype and the MacObserver Web Site.

Catch Jeff’s weekly podcasts.

What is Apple Music, as compared to iTunes, iTunes Radio, iTunes Match?

Three components

1. Beats One — Apple’s own Internet radio station

much like a traditional radio station, 

with DJ’s, music, interviews, call in requests, etc.

“old school radio station”

Zane Low is the station manager.

Beats One focuses on Pop Music.

Maybe in the future, there will be a Beats Two, Beats Three,

and so forth for separate genres of music.

2. Apple Radio — this is iTunes Radio retooled. 

This is a genre selectable streaming service.

A computer algorithm put together the stream 

for iTunes Radio, and made odd choices at times.

However, human curators put together the streams 

for Apple Radio. The ideal is to hear a mix of songs

that you already know with news songs that you do not.

3. “For You” music collections — hand curated recommendations.


iTunes Match vs. Music in the Cloud

iTunes Match — takes your purchased library and puts it in the 

cloud so that it is available from the Cloud on any of your devices.

The purchased library includes CD’s that you have ripped into your

library. The artist royalty was paid out of your original purchase price.

Apple Music in the Cloud — you can listen on demand to any item

in the catalog of iTunes, and the artist is paid a per-play fee.

This is a subscription service. 


Apple chooses the music curators very carefully, 

looking for expertise in the given genre. 


DRM - Digital Rights Management — Apple Music allows you to download music for per-play-fee listening, under your monthly subscription. So it has copy protection. This means that should you end your subscription, any downloaded songs still present on your hard drive will be unplayable.

If you have a given item in your purchased library, you will play the non-DRM file. If you do not have the item in your purchased library, you will download and play the DRM file.


Without Apple Music Subscription, you get these services:

listen to any music you've purchased, ripped, or uploaded to your device. 

(If you pay $24.99/year for iTunes Match, you'll be able to listen to any music 

you've uploaded to iCloud, regardless of whether it's on your device or not.) 

listen to Beats 1 radio, view and follow an artist's Connect stream,

listen to ad-supported Apple Music radio stations 

(which replaces the current iTunes Radio interface)

—though you'll only have limited song skips available.

With Apple Music Subscription, you get these additional services:

  • unlimited skips for Apple Music radio stations
  • the ability to like, comment, play, and save Connect content
  • unlimited listening to the entire Apple Music catalog
  • the ability to add Apple Music songs to your library and listen offline
  • your entire purchased and ripped library, uploaded to iCloud
  • access to Apple Music's hand-curated recommendations and playlists
  • ==================

Apple Connect — a social network for artists to interact with fans 

(but not for fans to interact with artists).

It is the modern version of “liner notes”.

  • ==================

Jeff believes that Apple Music is aware of your connection method, e.g. LTE versus WiFi, and will appropriately choose the best bitrate for the given connection. So you LTE data plan will not be overwhelmed. 


Open Source

The CrossWire Bible Society is an organization with the purpose to sponsor and provide a place for engineers and others to come and collaborate on free, open-source projects aimed at furthering the Kingdom of our God. We are also a resource pool to other Bible societies and Christian organizations that can't afford-- or don't feel it's their place-- to maintain a quality programming staff in house. We provide them with a number of tools that assist them with reaching their domain with Christ.

The heart of most projects here at CrossWire use a common technology called The SWORD Project.

  • A cross-platform textual publishing and research engine with bindings for most modern programming languages.
  • A huge and rapidly growing electronic library of Bibles, commentaries, devotional and general books, maps and much more, in many different languages.
  • A community where volunteers and developers can meet and assist each other in creating great Bible software.
  • A place where publishers will find tools to easily make available their works on a vast array of devices and operating systems.

Pocket Sword

— a Bible reading and study app for iDevices

— by CrossWire Bible Society

It is more than just Bible study. It provides for language studies,

learning foreign languages, learning grammar of your language.

Runs on desktops (Linux, Windows, Mac), and on smartphones.

There is a Java version as well.

Eloquent (formerly known as MacSword) brings the power and versatility of The SWORD Project to users of OS X, along with a beautiful Aqua interface.

PocketSword is a SWORD frontend for the iPhone and iPod Touch. It requires OS 3.0 or later and is now available in the AppStore

Xiphos (formerly known as GnomeSword), runs on Linux, Windows (Windows 2000 upwards), Solaris and all BSDs. Xiphos is a mature programme with all relevant features. Unique for Xiphos is its fully integrated and versatile ability to create your own commentaries, journals, and other content. Xiphos is translated into (currently) 11 languages, including Hebrew, Farsi, and German. 

March 16, 2015 Meeting Notes

posted Mar 16, 2015, 9:35 PM by Robert Brown   [ updated Mar 16, 2015, 9:44 PM ]



Google Safe Browsing System Updated 

CIA attempts at breaking Apple Security 

Discussion:  “does not seem to have been deployed”

Update Flash (yes, again)

FREAK Vulnerability Did Affect Windows

Windows Update Cautions - Sequence is Crucial this time

More (Update) on Superfish - Government Certificates not an issue AFAIK, Superfish is an issue

“… it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours.” 

Brian Krebs on Apple Pay (Bank/Credit Card) Scams

— stolen credit cards are used by thieves on their own Apple Pay 

— not really an Apple Pay problem


Apple Updates for FREAK Vulnerability & More (Note, this is iOS, Mac OS & Apple TV)

General News:

Apple Announcement:  MacBook  Watch Research Kit

And, more Research Kit  HBO on Apple TV

Apple Annual Shareholders Meeting - Tweets from Fortune  Article from Apple Insider

Tim:  Tell us how/where we can do better

Steve Jobs Video from Next Days

Petition for Dropbox NOT to Drop Support for 10.4 & 10.5 (Tiger & Leopard)

Apple Invited to Join Dow Jones Average

Mail List Issues - AOL, Yahoo, etc.

iTunes ‘Outage’ 3/11/15 (US & Europe)

Presentation by Scott Jenson of Google — Open Source

The Internet of Things 

Smart Devices

Withings scale, Nest thermostat, …

Previously at Frog Designs.

You do not want separate apps for each smart device.

How about URL’s instead?

The growth of smart devices will be exponential, and getting more apps is not going to scale with that growth.

Furthermore, apps are being drown in the number of App releases.

40% of apps on the Apple store have NEVER been downloaded!

The goal is to get the controls of smart devices to scale like the web scaled.

The smart device sends a bluetooth code to bring up its web page. It is a discovery service for the devices in your immediate environment.

It has to be decentralized. 

Discover - Rank - Interact

It is not a Google product — it is a web product.

Bluetooth LE sends out an advertising packet, once each second.

The packet is a URL, e.g. “” from a coke machine.

A phone comes by and checks what is nearby, e.g. the coke machine.

These physical devices create the physical web.

Bus stops, vending machines, restaurants, groceries, home controls, etc.

But it only shows you things when you ask to be shown.

Users can opt-in to letting the system gather anon. data.

Your past behavior will be used to rank the most interesting things for you.

It is like QR codes, only broadcast over Bluetooth LE.

The web site, e.g., can send instructions to a vending machine, that you have paid with ApplePay, and you want a Diet Coke.

simple web: smart device sends you a link to the web 

triangular web: the web server tells the smart device what you want.

direct connect: your phone talks to the web server, and also to the smart device.

The project is on Github, with more than 3400 developers watching, participating.

physical web is available on the Apple iOS store.


1. Odd email problem with Apple Mail on my computer, Mavericks.

Outbox items are not being sent.

This might be a known problem with Gmail, where the SMTP server keeps dropping off the list.

Maybe check the Taking Control of Apple Mail book.

Some big providers, e.g. Comcast, are not letting mail work except on their network.

2. My old printer is not working under Yosemite. It is a Canon. 

Apple Support may be able to help — call the support number.

Try generic printer driver.

Keep checking the Canon site for new driver downloads.

3. When I use Siri to initiate a phone call over a bluetooth headset, it drops the headset just as the call starts.

Check your preferences, and make sure you preference is to use the headset for phone calls.

4. QEMU - running Windows programs on Mac.

Anyone using.

5. Best practices for Time Machine backup: 

external drive direct connect is the best, using Thunderbolt.

WiFi network drives allow multiple machine backups.

6. Under Yosemite, can I have an app start up automatically?

    Yes -- under Users account, set up in login items. 

    and also by using contextual menu on a Dock icon.

7.  How do I uninstall MacKeeper?

    Go to for instructions.

    Also try "App Delete" or "App Zapper".

    Do not trust the MacKeeper provided uninstaller.

February 23, 2015 Meeting Notes

posted Mar 12, 2015, 9:24 AM by Robert Brown




  • Yosemite to 10.10.2 
  • iOS to 8.1.3 
  • iTunes to 12.1 
  • Apple TV update 

General News: 




  • Apple Investing in European Data Centers 
  • Apple Building CA Solar Farm 
  • Tim Cook speaks at Cybersecurity Summit 
  • Pilots use iPads to crash land a plane after navigation system failure  


  • Apple Results, Awesome:  First Link, Second Link 
  • Tim Cook Speaks at Goldman Sachs Conference 
  • Goldman ups Apple Price Target to $145 
  • Apple Includes Minority Banks in Bond offering 


Presentation Highlights

    Pages by Michael Cohen

    Author of Take Control of Pages

    Why was Pages rewritten by Apple?

    — because the market is now been led by iDevices as opposed to desktops or laptops.

    — Apple wishes to have continuity of appearance and operation between iOS and Mac OS X.

Part of the cross compatibility is that Pages will recognize when a given device does not have a font which is used in a document, make the appropriate substitution, but without changing the original font assignment.

Alas, we lost newspaper style column flows, mail merge, and other utilities. 

So many people are complaining that “Pages was dumbed down”, but this is unfair. Pages remains a sophisticated document authoring tool. The new Pages is not stupid.


1. Bluetooth keypad (LMP) is not communicating with my Mac. The connection was lost suddenly. The battery is fine. It will not pair with the computer.

— try leaving the battery out for more than 24 hours, to clear out residue data in the memory. 

— in the Mac, tell it to forget the given bluetooth device, and discover it fresh.

2. If I have 5 GB in Dropbox, when I install Dropbox on my iOS device, will it take up 5 GB? Can I selectively sync only certain folders of the Dropbox?

— yes, you can choose, on each device individually, which folders will be sync’ed.

— we will investigate.

SVMUG meeting January 26, 2015

posted Jan 26, 2015, 9:28 PM by Robert Brown

NEWS January 26, 2015



Google’s Project Zero publicizes zero-day vulnerabilities - Mac OSX

Update for Critical Security ‘Pushed’


Logic Pro

Dropbox stopping support 10.5 & Older

General News:

BBC Panorama Show Accuses Apple re Workers

Apple Responds to BBC Critical Show on Apple in China

Apple Quality ‘Conversation’

Linkbait or Reality? 

Apple buys online music analytics company

Market Share update - Apple does well

Apple Pay doing well

Apple Reports Compensation for Execs

Retail Stores Opening in China

Mac mini Gets 2TB option back

iPhone Withdrawal Harms Performance

After CES Analyst Speculates on Apple TV & Robots

iOS 8 Adoption Nears 70%

Spaceship Campus Progressing

Info re BackBlaze Hard Drive Stats


Analysts make guesses re Apple Q1 results 

Apple Earnings Results, Conf Call tomorrow 1/27


Monster Sues Apple’s Beats

Apple and Ericsson Fight over Patents

Apple Wins iTunes Antitrust Case & Jobs Testimony rRemains Confidential


Apple launching Stylus w/larger iPad?

Apple’s chips ready for Low-end laptops

More on ARM chips in Macs



FEB 23, 2015


Dave Peck on VPN software and use.

What is CloaK?

Keeps you safe when you are connected to WiFi networks in the wild.

It is a easy to use VPN.

Three freelancing software developers put it together.

They wanted to make a VPN that was Mac-like and Mac-friendly

Why should you care?

Unprotected WiFi can be dangerous.

For example, Firesheep is a FireFox plug-in that allows snooping of communications on a WiFi network. 

It would even automatically log in to Facebook as some one else when a log-in was detected on the network.

Cloak provides value where HTTPS is not in use.

Cloak prevents passive snooping. 

What is a VPN?

virtual private network

Every byte will be encrypted before it is sent from the local client.

A special VPN server receives the encrypted data, unwraps it,

and forwards it alone.

How is this different from TOR?

How does it affect workplace snooping?

What about other platforms?

We love our Apple devices, which is why when we first built Cloak we built it for Macs, iPhones, and iPads. But we haven't forgotten Android, Windows, and Windows Phone — and perhaps someday in the future, we'll have more to say about them!

How many Cloak accounts do I need?

One! You can use one Cloak account with as many devices (Macs, iPhones, iPads, etc.) as you like.

(We only ask that you keep it to one account per person.)

Do you support Yosemite?

Of course. We're all about Apple.

Do you support iOS 8?

You betcha.

Try for free for 30 days.

$9.99 per month for unlimited service.

$2.99 for 5 GB per month.

Given how much of our daily life and business is conducted online, the question isn’t really if you can afford to sign up for Cloak — it’s if you can afford not to.

Dan Moren, Macworld

SSL is pretty much broken - so people should be using TLS.

POODLE was an attack that caused a client browser to downgrade from SSL to TLS.

 The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.

It used to be believed that TLS v1.0 was marginally more secure than SSL v3.0, its predecessor.  However, SSL v3.0 is getting very old and recent developments, such as the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it).  Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications. If that was not enough … POODLE certainly was.  In fact, as a result of POODLE, SSL v3 is being disabled on web sites all over the world and for many other services as well.

SSL v3.0 is effectively “dead” as a useful security protocol.  Places that still allow its use for web hosting as placing their “secure web sites” at risk; Organizations that allow SSL v3 use to persist for other protocols (e.g. IMAP) should take steps to remove that support at the soonest software update maintenance window.

Subsequent versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0.  For example, the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods.

Cloak includes “Overcload”, which makes sure that when you change networks, no communication is made until the security has been established.

Cloak provides security for the immediate network, but not for the global network — The NSA can still get you.

Open Source Corner

Font Awesome

Treat icons on a web page like styled text.

The iconic font and CSS toolkit

Font Awesome gives you scalable vector icons that can instantly be customized 

— size, color, drop shadow, and anything that can be done with the power of CSS.

Free, as in Speech

Font Awesome is completely free for commercial use. Check out the license.

 One Font, 519 Icons

In a single collection, Font Awesome is a pictographic language of web-related actions.

Q & A

1. Got a new MacBook Pro. Having trouble connecting Firewire 400 drives via an adapter. Does not work with USB either. The drive is a 5.25 with its own power supply. The drive works fine with older computers under Firewire 400.

We suspect the adapter is not good, but as USB is not working, something deeper might be going on. 

Perhaps the bridge chips in the cables?

2. Any experiences with upgrading from Mavericks to Yosemite?

Most experiences seem to be good.

Read “Taking Control of Upgrading to Yosemite”

3. How to use AirDrop on a Mac?

4. Does iPhoto work on Yosemite?

Yes. But bear in mind the Photos will replace iPhoto and Aperture.

5. Demo Handoff.

6.  Recurring directory corruption on internal hard disk.

Very intricate problem — we can only recommend AppleCare. Something is actively damaging your disk — perhaps a third party hardware, like one of the external drives. 

SVMUG meeting December 15, 2014

posted Jan 26, 2015, 7:13 PM by Robert Brown

svmug December 15, 2014

Our annual solstice pot luck holiday goodies meeting.

WireLurker - lesson: do not install unsigned applications.

MSFT Office for Mac, and IE as well

Adobe Flash has another problem - please do updates.

Sony is threatening to sue reporters who pass along stolen information.

United Air Lines has purchased iPhone 6+ for flight attendees.

An "antique" market has developed for first generation iPhones and classic iPods.

iOS 8.1.2 has been released

-- a member reports that the update 'bricked' some iPhones, apparently older models.

Reminder: January and February 2015 meetings will be on the fourth Monday of each month. Jan. 26 and Feb 23

eBook price fixing case was ruled in favor of Apple, but is now in appeal. It could go to the Supreme Court.


Presentation: 1Password 

Canadian company, 

Why password managers are important

Do you use the same password for more than one site?

It is a common mistake. The problem is that if some one gets your password from one site, they will have it for your other sites as well.

You need to use unique passwords for each site.

But will need help to generate the passwords, and help to remember the passwords.

That is the purpose of password managers.

1Password: AES 256 bit encryption, convenient and simple

-- with browser integration

Create a strong password for the master password, but it needs to be memorable.

Recommendation: use four random words: "correct horse battery staple"

supported browsers: safari chome firefox opera

Look at the blog, for apps that love 1Password

BAckup data using the 1Password emergency kit.

Use the security audit to find duplicate passwords, weak passwords, old passwords.

Use the Watchtower to fetch information on which web sites have been hacked.

SVMUG Meeting November 17, 2014

posted Jan 26, 2015, 7:11 PM by Robert Brown

• Apple Gives New Contract to Samsung for Chip Manufacturing 

November 17, 2014

The Korea Times reports that Apple has given a new contract to Samsung, whereby Samsung will manufacture 80% of iPhone and iPad chips, staring in the year 2016.

This past year, Apple had switched to chips made by the Taiwan Semiconductor Manufacturing Company (TSMC), leaving Samsung only a small fraction of this business. The effect on Samsung was devastating - profits fell significantly. 

Why was the new deal signed? Speculation is that TSMC was not able to meet the specifications and chip yield required by Apple. 

However, Samsung's own smartphone business continues to suffer, but not because of Apple. Samsung's market is low cost smartphones, where the competition is Xiaomi and Lenovo. Both of these companies are able to undercut Samsung pricing for smartphones. 


Apple OS Updates

Mac OS X 10.10.10

iOS 8.1.1

improves WiFi connectivity 


 Apple roundup: iPhone 6 supplies, UnionPay, Samsung/TSMC • 5:27 PM

Eric Jhonsa, SA News Editor

BMO's Keith Bachman reports seeing improved U.S. iPhone 6 (NASDAQ:AAPL) supplies. "Whereas the iPhone 6 Plus was very hard to find a few weeks ago, supply has improved ... Whereas Apple stores were sold out of virtually all iPhone 6 models a few weeks ago, retail stores now appear to have almost half of the iPhone 6 models across the various carriers available for walk-in."

Bachman does note there's still "virtually no available stock of iPhone 6 at carrier partner stores, such as AT&T and Verizon." However, online wait times at carrier stores have fallen in half to ~10 days.

Apple's U.S. site typically shows wait times of 7-10 days for the iPhone 6, and 3-4 weeks for the 6 Plus. In October, there were multiple reports stating Apple is boosting 6 Plus production.

Apple has added UnionPay, China's dominant payment-processor, as an App Store payment option. UnionPay credit/debit card holders will be able to link their cards with their Apple IDs, something Internet software/services chief Eddy Cue calls "one of the most requested features from [Apple's] customers in China." Quartz notes the agreement could pave the way for an Apple Pay deal.

The Korea Times reports Samsung (OTC:SSNLF) will supply 80% of Apple's A-series app processors starting in 2016, thanks to a new agreement.

While TSMC (NYSE:TSM) is manufacturing Apple's 20nm A8 processors, Samsung has been expected to supply a large portion (if not all) of Apple's A9 processors, leveraging a 14nm FinFET (3D transistor) process it's developing with Globalfoundries.


Intel launches $495 bracelet, continues battling Nvidia in HPC market • 7:07 PM

Eric Jhonsa, SA News Editor

Intel (NASDAQ:INTC) has officially launched its MICA smart bracelet (previous). The device is priced at $495, and aimed at women. It features a 1.6" OLED display, and delivers texts, e-mails, and Facebook/Google notifications over AT&T's 3G network. Two years of free data is bundled.

Much like Qualcomm wth its Toq smartwatch, it doesn't look as if Intel's goal is to challenge Apple and Samsung's wearables, but to provide a proof-of-concept for OEMs looking to create similar hardware running on Intel processors. Intel began shipping its low-power Quark CPUs this year, and has also developed Atom CPUs meant for embedded devices.

Meanwhile, Intel has shared more details Knights Landing, an upcoming 14nm product for its Xeon Phi co-processor line (used in HPC/supercomputer systems), and added Knights Hill, a successor product that will use a 10nm process, to its roadmap.

Knights Landing, which succeeds the current Knights Corner in 2H15, is said to deliver a 3x improvement in single-thread performance. It includes up to 16GB of memory, can work either as a co-processor or a standalone processor, and relies on a new interconnect fabric (called Omni-Path) that Intel promises will deliver better performance and require fewer switches than the widely-used InfiniBand - that makes it a potential challenge for Mellanox (NASDAQ:MLNX).

The product takes aim at Nvidia's (NASDAQ:NVDA) leading position in the HPC co-processor market. Today, Nvidia unveiled the Tesla K80, a high-end HPC co-processor said to deliver 8.7 teraflops of single-precision throughput (74% above the prior-gen K40). The K80 sells for $5,000, and contains two of Nvidia's new (28nm) GK210 GPUs.


Apple Pay's 3-Week Report Card Shows A Promising Start

Nov. 17, 2014 7:26 PM ET  |  3 comments  |  About: Apple Inc. (AAPL)

By Aman Jain

Apple Pay is garnering decent number of users on a per store basis, but without NFC-enabled smartphones, the growth will be limited for now.

Apple (NASDAQ:AAPL) Pay service has witnessed a decent start, with Whole Foods (NASDAQ:WFM) telling The New York Times it received 150,000 transactions in the three weeks following the launch of the service. Though the number is not extraordinary, it is substantial for a single store to garner such numbers from a brand new service with limited device support.

Apple Pay making inroads

Other merchants have not yet released their statistics, but are indicating that the numbers are decent. According to the report, Walgreens' (NYSE:WAG) mobile payments increased two-fold and McDonald's (NYSE:MCD) is receiving half of its mobile payments through Apple Pay now.

Apple Pay was released on October 20th as a part of the iOS 8.1 update, and since then, the service has been in swing, with McDonald's and Walgreens seeing the most number of Apple Pay payments. At McDonald's 14,000 U.S. locations, 50% of all tap-to-pay transactions were done with Apple Pay. Walgreens, with its 8,000 drugstores, says the number of mobile payments has doubled since Apple Pay was enabled.

Some merchants are seeing little-to-no change with the release of the payment service from Apple. Toys "R" Us said that there has not been any notable surge in its mobile payment numbers, and cash and credit options are still more popular than Apple Pay.

Rival services noticing surge

The success of Apple Pay cannot be ensured just yet, and much depends on the additional hardware support and cooperative retailers. The payment service from the iPhone maker is not showing startling numbers, but it is encouraging greater use of other tap-to-pay services such as Google (NASDAQ:GOOG) (NASDAQ:GOOGL) and Softcard, as both the services noted that they have seen a surge in usage over the past few weeks.

The NY Times report noted that a lot of service usage depends on the strength of the Apple brand and the easy-to-use features of pay service. Apple Pay service needs the NFC feature, but a substantial part of the population in the United States does not have NFC-enabled mobile, which makes it difficult to garner a whole lot more NFC payments. However, with a growing number of customers buying the iPhone 6, companies are now ready to offer the payment feature.


Perma Cookies

HTTP header, X-UIDH, is injected into your requests to an web site.

The web site can use server side processing to identify you via this header.

When you are using a connection via an ISP account Hotspot or home modem, your identity can be associated with your requests by attaching the X-UIDH header. This is done in route by the ISP — you have no control over this from your client computer. 

At the destination web site, this X-UIDH value can be read. The destination server can send the value back to the ISP, to query for the associated user information. This will typically be for a fee paid to the ISP by the site owners or by a third party “Ad Exchange”.  The site owners or any third party they work with can track what you look at, for how long, and how frequently.

Because the same X-UIDH value is attached to your requests for all web sites, the data can be consolidated to build a full profile of your web usage.

This only works if you are connected via your ISP account, not if, for example, you are using a public WiFi at your local library. It also only works for unencrypted connections, but most consumer oriented sites are only encrypted for the purpose of monetary transactions or sometimes for delivery of protected content.

You can choose to use public connections, but that is inconvenient, and in some cases, risky. You try a proxy service, but that is not easy.

The Perma Cookie technique is known to have been used only by AT&T and Verizon. AT&T has indicated that while it ran a test of Perma Cookies, it is not using such at the time of this report. Verizon seems to be actively using Perma Cookies. 


State Department hacked on Sunday. It is said that only unclassified email and documents were compromised.


1-10 of 29