Apple Revamps Security in OS X Lion | threatpost

Short, plain-English article explaining the security upgrades in Lion. As we speak, Apple developers are building new versions of their apps to support sandboxing.

“OS X has always had this goofy ASLR implementation where the randomized the libraries but not anything else, and you could still play the games and reuse code as long as there was one thing that wasnt randomized,” said Charlie Miller, principal research consultant at Accuvant, who does a lot of OS X security research. “In Lion it seems like everything is randomized and no code is loaded at a predictable address. They made it much harder to exploit things. You probably need two bugs now, one for code execution and one for information disclosure.”

via Apple Revamps Security in OS X Lion | threatpost.

Making Desktop Webapps in Lion

“By the sainted mustache of Charles Foster Kane! Is it ever hot out there! I should write an app that keeps my city’s Current Weather data from Weather Underground within easy view at all times!”

“Holy rosemary vinaigrette! Today promises to be a huge day of news for Apple! I need to keep an eye on the news from Macworld.com all day today! But there’s no such app for that particular function, dagnabbit!”

“Jumping prophets of Newton Lower Falls! I’m getting far too much work done today! If I don’t find a way to distract myself, I’ll set unreasonably-high expectations of how much work I’ll be expected to accomplish on a Friday! If only there was a way to keep the Adorable Baby Polar Bears Live Webcam on my screen at all times!”

If you’re running Snow Leopard, you’re doomed to a dull life of unmet expectations. At best, you’re at the mercy of third-party developers and their infernal expectation to actually be paid for the apps they write.

In Lion? It’s DIY all the way. Automator — that singularly-awesome utility and infrastructure for automating damned-near any task — has a new feature that allows you to open any webpage inside a popup window. It’s so easy to use and it’s so goddamned useful that I’m amazed it’s not being promoted.

Here’s the incredibly complicated procedure for building an app that keeps a webpage open in a floating window:

1) Launch Automator.

2) Create a new App. (Or a Workflow. But an App will be cooler because you can have it in the Launchpad and start it up with a single click.)

3) Find and drag the “Get Specified URLs” action into your workflow. Just type the name into the search box until Automator finds it for you.

4) Paste in the URL of the site you want to view.

5) Find and drag the “Website Popup” action into the workflow. Choose a size for the window.

6) Save. Done.

Your workflow will look like this:

And when you run the app, it’ll put up a popup window that looks like this:

It’s a real app. It’ll stick around and float above your other windows until you dismiss it. You can move it into other Spaces and do pretty much whatever you want with it.

Did you notice the Really Clever Thing the “Website Popup” does? You can specify the size of the popup window and you can also choose how the app will identify itself to the website. In this example, the “User Agent” has been set to “iPhone.” Which means that Macworld.com thought this app was an iPhone web browser, and it automatically delivered the compact edition of the site.

It’s a little like the “Web Clippings” feature of Dashboard. Except this isn’t Dashboard, so there’s actually a chance in hell that you’ll ever use this thing.

The less-snarky thing to say is that this tool integrates into your mainstream Mac workspace far better, and its definable User Agent setting means that you can get it to work with the far more useful mobile editions of your most useful sites. It’s particularly keen for webcams. A friend recently set up a webcam for his pet birds. As a Dashboard Web Clipping, I’d have to carefully adjust the clip size and then I’d have to be in Dashboard to actually use it. I also couldn’t share this with other people. As an Automator app, it’s two quick steps, it runs alongside my other apps, and any time my friend wants to share the webcam with someone, he can just email them the app.

I think the Automator team at Apple has two mandates. The first one, of course, is to give every Mac user more power and control over how they do things, to save everybody time, and to restore the sort of volksprogramming experience that the Mac community lost when Apple terminated HyperCard.

But the self-appointed mandate is to keep emphasizing the truly cool things that you can do with this utility. With each new OS release, there comes at least one new Automator action that I play with for a while and then think “I can’t believe I built something that does this in that little amount of time!

Edited:

“Is it possible to ask the user for a URL first?” asks @Thomas. That’s a nifty idea: instead of locking the app to just open Macworld.com, you could make a general-purpose “Open this URL as an iPhone webapp” utility.

And yes, of course, it’s easy-peasy. Instead of hard-coding the URL into the “Get Specified URLs” action, just add an action that asks for text input from the user and then feed that into an action that extracts a URL from any given text. That’ll dump the URL into the next function and Bob’s yer uncle. Viz:

The app will present the user with a standard dialog and then it’ll open the URL.

It’s yet another testament to how deep Automator goes. You rarely get tripped up by the problem “All of the basic functions are there but alas, there’s one critical element missing so no, you can’t do that.” And later on, it’s always easy to adapt or extend a workflow to accommodate a new idea or a change in needs.

Edited again:

A Trusted Advisor on Automator informs me of a cool Automator shortcut: if you drag a URL proxy (from your browser’s address bar) into the editing window Automator automatically builds you a “Get Specified URLs” action, using that URL.

One More Thing…remember “Back To The Mac”?

Oh, and one more thing:

(This wouldn’t be a column about a Steve Jobs keynote if there weren’t One More Thing, yes?)

Let’s not forget that Apple’s whole message during their last (and first) Mac OS X 10.7 demo was “Back To The Mac.” A stated goal for the future of the Mac is to take some of the technologies they developed for the iPad and some of what they’ve learned from a year’s worth of apps and users and bring them into Mac OS.

Many worry that this means that Apple will do away with MacOS entirely. Naw, it means that they think “my computer wakes from sleep in less than a second” and “multitouch gestures enhance the vocabulary of a GUI” are good things to keep in mind when figuring out the Mac’s next step.

Another lesson Apple could have learned from iOS is that “syncing data” is less powerful and handy a concept than “your data is just there.” After more than a year with my iPad I can state that I rarely put data on the thing via iTunes. It’s always a process where I decide “I want to use that file I was working on this morning with my Mac” and after a brief detour through Dropbox, bango, I’ve got that file I was working on this morning with my Mac.

So when I say that I suspect that Apple’s overall plan for iCloud is to make the device irrelevant, I’m not saying “It doesn’t matter if you have a phone or a tablet: all of your desktop files will be available to you.” I mean that your desktop and your notebook will be no different from anything else. It’ll just be another device that can access and articulate your data in a manner that makes sense for that specific kind of device.

I wouldn’t be surprised if Apple minimizes MacOS’ whole file system in some near release. Not 10.7, of course. But it’s becoming more and more clear that most of the accepted rules for desktop operating systems are now…well, off the desktop. Even such quaint 1980’s concepts as “windows where you drill through directories filled with files.”

Keynote Day

I have a little travel ritual. The night before a trip, when I’m pulling clothes out of the dryer and rounding up cables and chargers and finishing up the writing I need to do before I go and pulling together the files I need so I can continue to write once I’m there and trying to decide which camera to bring and nervously eyeing the clock and wondering if I have time to clean the kitchen and also losing my optimism that this will finally be the trip in which I actually get a reasonable night’s of sleep before I have to haul ass for the airport, I repeat the following phrase:

“My life would be sooooo much simpler right now if I weren’t leaving tomorrow.”

I spend a few moments fantasizing about that parallel world in which I’m spending this same evening getting a little work done, watching a little TV, doing the dishes, and then sleeping for six to eight hours.

Then I’m snapped back to reality.

You can tell that I’m not in San Francisco right now. One, I didn’t start this post with “Greetings from San Francisco, where I’m holed up for a few days to attend the keynote that kicks off Apple’s Worldwide Developers Conference. Secondly, I seem to be clear-headed and rational and I actually have time to blog this morning.

Mind you, I’m resenting my clear-headed, rational thinking. That’s what led to my staying home. If I can line up someone to cover my travel expenses, or if I get a vibe about the event early enough that I can book an affordable flight, or if I think that I’ll miss out on a lot of the story by staying home and following the liveblogs, then whoosh! Off I go. That’s why I’m a regular at these events.

But this time:

  1. No such luck;
  2. Apple didn’t even announce any kind of WWDC keynote until less than a week ahead of time…and while I could be pretty sure that they’d do a keynote, I could only be “pretty sure” that it’d be open to the media, which added up to “book a flight and book enough nights in a hotel to cover any likely keynote day, based on your hope that there’ll be something you can attend”;
  3. I’m 95% sure there won’t be a hardware announcement today (so: no chance to get early hands-on impressions of some new thing) and Apple can give me a briefing over the phone.

In the end, I flipped ahead to the end of the book and saw myself shuffling out of the keynote hall at Moscone West and thinking “I could have stayed home, read three liveblogs simultaneously, phoned some sources in San Francisco, and written the exact same column I’m about to write in the next two hours.

“Only I’d be writing it on the brand-new 11″ MacBook Air that I paid for with the money I otherwise would have spent on airfare and two nights of meals, hotel, and transportation.”

No, I didn’t buy an Air. But that’s the principle. The other thing is that I’m up to my neck in work on the new book and the water’s rising. Plus, it’s E3 week and Microsoft will be delivering their own Interesting Keynote, which I’ll need to write about. It’s a terrible week for me to take off and close my office.

Just because I’ve decided not to fly out for WWDC doesn’t mean I don’t think Apple will show off anything important, o’course. This will clearly be Apple’s biggest announcement since they showed off the original iPad.

Though from what I know and what I suppose, I’d probably rank it closer to Apple’s original iPhone keynote. Today, Apple’s showing off MacOS 10.7, iOS 5, and iCloud, a new service that glues everything together. Overall it feels less like “we’re coming out with the next version of an existing thing” and more like “Here’s how we’re defining the direction of the company for the next five years.”

I’ve dabbled with and abandoned a couple of different columns about what iCloud will be. I think the only smart call is to wait and see. The more I hear about iCloud the more certain I am that any comparisons to Dropbox, or to Amazon or Google’s cloud music services, will seem laughably clumsy when Apple turns over all of its cards. “The glue that holds everything together” will sum it all up, methinks.

Cloud music will be its most visible and most easily demonstrated feature but in reality, I think iCloud means that a new Apple service will manage all of the information you deal with on a regular basis and make sure that anything you need can be projected into any device you’re using.

The strongest clue in this direction came last Tuesday, I think. Apple released new iPhone and iPod Touch editions of Pages and Keynote. Previously, they were only available for the Mac and the iPad, where (frankly) they make clear sense. Are you terribly likely to want to write a 1000 words on your iPhone? Or build or even edit a presentation on that tiny screen?

(Though, yes, the idea of flying somewhere to give a presentation and boarding the plane with just your iPhone and a VGA adapter in your pocket has a definite Bell Labs “The Miraculous World Of 2000” filmstrip quality about it.)

Beyond that? I’m hoping that iOS 5 incorporates better systems for app switching and alerts. I want to see better voice control.

Last week, I ended a column on Windows 8 with a warning directed at Google’s Android team. “When a new version of Microsoft Windows hands you your ass in the category of user-interface clarity and simplicity,” I said, “It’s time to sit down and seriously think about the choices you’ve made in life.”

I now say the same things to Apple. Android’s voice commands are insanely good. You want to go to the nearest Outback Steak House? You hold down the Search button and say “Navigate to the Outback Steak House.” It finds the nearest one and off you go. Speech-to-text dictation is also quite solid. You wouldn’t want to dictate a whole email with it, but it’s perfectly serviceable for text messages.

Notifications aren’t perfect in Android, but they’re better than what we’ve got in iOS. Tap the menubar and a list slides down. There it is: everything that any piece of code has recently wanted to tell you. Did that podcast finish downloading? Yup: your podcaster left you a note. Cool. I had a hunch that there was a way to improve upon iOS’ “I’ll block the screen with a dialog box that has to be dismissed by the user” approach.

I also think it’s time for iOS to have some sort of high-level mechanism for interapp communication. There are ways for one app to pass information to another, but usually it requires a lot of coordination between the developers of those two apps. TextExpander, for example, isn’t terribly useful as-is. It expands keyboard shortcuts into large blocks of text, which is lovely, but you then have to cut the text from the TE app’s pasteboard and then switch to the destination app and then paste it in.

TextExpander works natively inside many third-party apps without any need for cutting and pasting…but only because the TE code is baked right in. I’d love for Apple to come up with some kind of a mechanism where an app can “receive” the functions or information of another app without having to incorporate its code directly. I’d love it if my car GPS app could pass the text “Next turn: right onto Exit 29 in 23.8 miles” to a big, friendly music player app, which could then discreetly display it in a tile.

Well, we’ll know soon enough. The keynote kicks off at 10 AM Pacific. I’ll be sitting here, twitchily eyeing three liveblog windows at the same time, and then I’ll be joining a special edition of MacBreak.

But yes, I’m well-rested and I’ll be in a comfortable chair with a cold beverage nearby. I can’t get that at the Moscone Center. And you know what I did last night? I baked goddamn blueberry muffins, that’s what I did.

So far, I’m certain that I made the right choice. I’m on my sofa and I’ve breakfasted on a fresh muffin. We’ll see if this good feeling lasts through the afternoon. Suffice to say that if Steve Jobs pulls an Oprah and leaps around the stage shouting “YOU get a MacOS tablet! And YOU get a MacOS tablet! And YOU get a MacOS tablet!!!!” while Apple Store workers file out from backstage and into the aisles bearing heaping trays of devices…I shall be disappointed.

I will probably have another couple of muffins. It won’t make me feel much better, but hey, they’re really good muffins.

Today’s piece of self-directed wisdom…

Highlights and Lowlights

I’ve been spending the week reminding myself that writing books is different from writing shorter pieces.

You have to spend a long time feeling like you’re down in the galley pulling, pulling, pulling on a set of oars before you start to feel like you’re finally up on deck, lightly adjusting a rudder with one hand.

I did a search of my Flickr stream for photos with the tag “boats” but it didn’t turn up anything that really fit with this post. So here’s a photo I shot the other day in the Boston Public Library. It’s kind of pretty, and it’ll help to dress up what is otherwise a short and bland blog post.

Though…hmm. I bet that Louis St. Gaudens had to keep hammering at that thing for weeks and months before it started to look like a lion. I should probably keep that in mind.

Plaster model of Louis Saint Gaudens lion statue, side view

New MacBooks, new interface, new OS

Whoof…this is working out to be a hell of a week for Apple news. I was expecting them to release the 2011 MacBooks yesterday, and I was certainly expecting them to include a new combination data/display port that they developed with Intel.

I wasn’t expecting the first developer preview of the next edition of MacOS. It’s terrific news in and of itself: it means that the OS is well on track, and the new elements I’ve seen are pretty exciting.

But my curiosity about next week’s iPad event has been kicked up a few notches. Wednesday would have been the perfect opportunity to quickly walk the media and analysts through some more of Mac OS X 10.7’s new features. As soon as they made the preview available to developers, everybody was going to start writing about it. Apple didn’t have to release the developer preview yesterday. They could easily have done it on the same day as the iPad event.

So it’s…interesting…that Apple passed on this opportunity to walk the press and analysts through their first exposure to 10.7. It would have been a piece of cake to slip a 15-minute Lion highlight reel into Wednesday’s presentation.

One possible explanation: this iPad news is going to be a lot bigger than we’ve supposed.

Another possible explanation: Apple just wants to make sure that the focus is 100% on the iPad news, whatever it is.

(Shrug.)

The new MacBook arrived in my office this morning and I’ve just had a briefing with a few Apple folks. Here are some bullets from my notes, incorporating both Apple’s pitch and their answers to my questions.

MacBooks

  • The new Sandy Bridge CPUs have integrated GPUs. Part of the whole point of this architecture is to put as much as possible on the chip. Yes, reducing the physical distance between sections of the system results in increased speeds; I remind you that the speed of light remains a constant. The machine also has a conventional outboard Radeon graphics accelerator. Whenever a GPU-intensive app (like Aperture, Photoshop, games) is launched, the MacBook switches to the Radeon, system-wide.
  • Why bother with two GPUs? So that the MacBook can choose between “optimal power consumption” and “optimum graphics performance” on the fly.
  • The new iSight HD chat camera shoots 720p video in widescreen format.
  • The cited battery life of the new MacBooks is lower than their predecessors (7 hours). This is actually due to a new testing protocol that Apple feels is more accurate. The automated test mimics real user behavior by visiting websites, playing Flash content, etc. Apple claims that 2010 MacBooks benchmark a little below the 2011 models using the new battery test.

Thunderbolt

  • Thunderbolt isn’t controlled by proprietary licensing, as the iPod/iPad dock connector is. Any manufacturer can make any kind of Thunderbolt cable or device they wish. They just need to buy Intel’s controller chip. So if (for example) someone wanted to take advantage of the 10 watts on that port and manufacture a Thunderbolt to USB cable that could fast-charge an iPad or iPhone, they could go right ahead and do that.
  • Is it suitable for mobile devices? Like…I dunno…phones and tablets? No comment. But vis a vis its implementation in the MacBooks, Apple is pleased with Thunderbolt’s power management features.
  • These MacBooks can’t boot off a drive attached to the Thunderbolt port. Not today. Target Disk Mode will work, however.
  • Thunderbolt incorporates two independent and bidirectional channels. The theoretical max speed is 10 Gbps, but if Apple wanted to get cute with the numbers they could claim that its absolute theoretical max throughput is 40 (as in: a 10 gig transaction up and a 10 gig transaction down on each of the two channels).
  • Data and display interfaces are on separate channels. A big data transaction shouldn’t interfere with the performance of your display.
  • The data interface is essentially PCI. So engineering a FireWire to Thunderbolt connector would be more similar to “wiring up a cable” than “designing a bridge controller.”

Mac OS Lion Developer Preview

  • iOS-style multitouch is all over the place. In Preview, for instance, you can turn pages by dragging, just like in iBooks. The familiar “double-tap to zoom” behavior in the iOS version of Safari is in the desktop edition. Etc.
  • Autosave and Versions are now integrated at the OS level. If an app want to support a “Time Machine”-style rewind of a document to the state it was in a week ago, Lion provides all of the machinery for that.
  • “Resume” lets you suspend apps the way you do in iOS. Rather than an app relaunching and re-opening the windows you had open the last time you ran it, Lion simply freezes the app in its current state and then restores it.
  • An existing app that has a fullscreen mode can support Lion’s new Fullscreen feature by hooking into the new infrastructure. They won’t necessarily need to write a new Lion-ey fullscreen mode.
  • The Lion version of FileVault allows for a (yes, iOS-style) “remote wipe” of user data: Lion just burns the only copy of the key that it needs to decrypt the user’s directory.

The Lion discussion had a consistent theme: there are a lot of iPad concepts that translate nicely to the desktop. Silly people have mused on that idea and imagined that Mac OS X would inevitably turn into a tablet-style, multitouch OS, if it even continued to exist at all. But when Apple talks about bringing iOS features to the desktop, they’re just referring to features that make the iPad slightly more awesome, like remote-nuking a stolen computer, and being able to close an app without having to spend five minutes closing all of its windows and saving its data.

Many of these features have nothing to do with multitouch…though yes, absolutely, you can expect to grope your Lion a lot more than you pawed your Leopard.

I remind you that all of the above are just notes copied down from what Apple said. I haven’t researched my review yet…and it’ll be a number of months before we can understand the full scope of these statements. Overall, I’m pretty excited about Lion. It appears that the Mac OS is about to receive a sorely-needed shot in the arm. It’s always a good thing when I get a briefing and think “Man, I know exactly how I’d use that feature…” at several different points.

MacTech Conference in LA next week

Image of the HOLLYWOOD sign, clipped from their website navigation bar.

Ach, blogging about this has been on my to-do list for a while: I’m going to be keynoting next week’s MacTech conference, which takes place next week in LA from November 3 through the 5th. Details are right here on the MacTech site.

I like this idea: it’ll be a tech conference focused on Mac OS development and IT, and they’ve lined up a bunch of great speakers. They’re also offering on-site Apple Certification…if you sign up for the conference today, you’ll even get certified for free.

As you can guess, last week’s Mac OS Lion announcements has forced me to more or less jettison the talk I’d had in mind for the past few months and I’ve had to start all over again. But hey…easy come, easy go! And the big payoff for developers is that the timing is perfect. WWDC won’t be taking place until next summer and this is the first formal chance to get together and discuss all of the groundwork necessary for writing Mac OS 10.7 apps.

On a more personal note: If I don’t leave town with a development deal or at least a recurring speaking role on “The Big Bang Theory,” I’ll feel as though I hadn’t really tried. My one previous time in Los Angeles, it didn’t even occur to me to break into the business until my last day in town, and by then it was like 6 o’clock and all of the agencies near the airport had already closed. But this time for sure.