jones_supa (887896) writes Apple has released the OS X Bash Update 1.0 for OS X Mavericks, Mountain Lion, and Lion, a patch that fixes the "Shellshock" bug in the Bash shell. Bash, which is the default shell for many Linux-based operating systems, has been updated two times to fix the bug, and many Linux distributions have already issued updates to their users. When installed on an OS X Mavericks system, the patch upgrades the Bash shell from version 3.2.51 to version 3.2.53. The update requires the OS X 10.9.5, 10.8.5, or 10.7.5 updates to be installed on the system first. An Apple representative told Ars Technica that OS X Yosemite, the upcoming version of OS X, will receive the patch later.
Nerval's Lobster writes Apple touts the Swift programming language as easy to use, thanks in large part to features such as Interface Builder, a visual designer provided in Xcode that allows a developer to visually design storyboards. In theory, this simplifies the process of designing both screens and the connections between screens, as it needs no code and offers an easy-to-read visual map of an app's navigation. But is Swift really so easy (or at least as easy as anything else in a developer's workflow)? This new walkthrough of Interface Builder (via Dice) shows that it's indeed simple to build an app with these custom tools... so long as the app itself is simple. Development novices who were hoping that Apple had created a way to build complex apps with a limited amount of actual coding might have to spend a bit more time learning the basics before embarking on the big project of their dreams.
First time accepted submitter chasm22 writes EU Regulators are apparently set to accuse Apple and the Irish government of entering into several sweetheart deals that left Apple with lower taxes than what it legally owed. If the ruling is upheld, Apple could owe billions in back taxes. Interestingly, it seems that the Irish government would actually get the extra money and suffer little for its part in the scheme.
An anonymous reader writes: Over the past several days, we've been hearing reports about some amount of users noticing that their brand new iPhone 6 Plus is bending in their pockets. The pictures and videos shown so far have kicked off an investigation, and Consumer Reports has done one of the more scientific tests so far. They found that the iPhone 6 Plus takes 90 pounds of pressure before it permanently deforms. The normal iPhone 6 took even less: 70 lbs. They tested other phones as well: HTC One (M8): 70 lbs, LG G3: 130 lbs, iPhone 5: 130 lbs, Samsung Galaxy Note 3: 150 lbs. The Verge also did a report on how Apple torture-tests its devices before shipping them. Apple's standard is about 55 lbs of pressure, though it does so thousands of times before looking for bends. One analysis suggests that Apple's testing procedure only puts pressure on the middle of the phone, which doesn't sufficiently evaluate the weakened area where holes have been created for volume buttons. Consumer Reports' test presses on the middle of the device as well.
An anonymous reader writes "Open source operating systems vulnerable to the Shellshock bug have already pushed two patches to fix the vulnerability, but Apple has yet to issue one for Mac OS X. Ars Technica speculates that licensing issues may be giving Apple pause: "[T]he current [bash] version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms....Apple executives may feel they have to have their own developers make modifications to the bash code."" It's also worth noting that there are still flaws with the patches issued so far. Meanwhile, Fedora Magazine has published an easy-to-follow description of how Shellshock actually works. The Free Software Foundation has also issued a statement about Shellshock.
CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.
An anonymous reader writes The FBI is concerned about moves by Apple and Google to include encryption on smartphones. "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the contents," FBI Director James Comey told reporters. "What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law." From the article: "Comey cited child-kidnapping and terrorism cases as two examples of situations where quick access by authorities to information on cellphones can save lives. Comey did not cite specific past cases that would have been more difficult for the FBI to investigate under the new policies, which only involve physical access to a suspect's or victim's phone when the owner is unable or unwilling to unlock it for authorities."
The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.
blottsie writes Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher. In a March 26 email, security researcher Ibrahim Balic tells an Apple official that he's successfully bypassed a security feature designed to prevent "brute-force" attacks. Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account.
alphadogg writes Within hours of releasing an iOS 8 update to address assorted bugs in the new iPhone and iPad operating system Apple has been forced to pull the patch, which itself was causing iPhone 6 and 6 Plus users grief. Reports filled Apple support forums that the iOS 8 update was cutting off users' cell service and making Touch ID inoperable. The Wall Street Journal received this statement from Apple: "We have received reports of an issue with the iOS 8.0.1 update. We are actively investigating these reports and will provide information as quickly as we can. In the meantime we have pulled back the iOS 8.0.1 update."
MojoKid writes: Apple's iPhone 6 Plus weighs six ounces, and it's a scant 7.1mm thick. As an added bonus, according to a number of users, it has a hidden feature — it bends! And no, we don't mean it bends in a "Hey, what an awesome feature!" sort of way. More like a "Hey, the entire phone is near to snapping" kind of way. What's even more troubling is that many of the users who are reporting bent devices also claim that they were carrying it in front pockets or in a normal fashion as opposed to sitting on it directly. Either some of the iPhone 6 Plus hardware is defective (the vastly preferable option) or it's because the tests run by other venues are putting different kinds of stress on the chassis. It's not clear what the story is. Hopefully Apple will clarify it soon.
electronic convict writes: A year ago, security researcher Marc Rogers demonstrated how to spoof the TouchID sensor in the iPhone 5S using some Elmer's glue and glycerol — oh, and a high resolution camera and a laser printer. Has TouchID security improved at all on the iPhone 6? Not really, Rogers reports in his latest post, in which he again hacks the iPhone 6's TouchID sensors using the same method as before. "Fake fingerprints created using my previous technique were able to readily fool both devices [the 6 and the 5S]," he reports. Rogers, however, says there's no reason to panic, as the attack requires substantial skill, patience and a good clear fingerprint. As he writes: "We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats."
ourlovecanlastforeve writes: While reviewing a recent comparison of the Nexus 5 and the iPhone 6, OSNews staffer Thom Holwerda raises some relevant points regarding the importance of specs on newer smartphones. He observes that the iPhone 6, which is brand new, and the Nexus 5 launch apps at about the same speed. Yes, they're completely different platforms and yes, it's true it's probably not even a legitimate comparison, but it does raise a point: Most people who use smartphones on a daily basis use them for pretty basic things such as checking email, casual web browsing, navigation and reminders. Those who use their phones to their maximum capacity for things like gaming are a staunch minority. Do smartphone specs even matter for the average smartphone user anymore? After everyone releases the biggest phone people can reasonably hold in their hand with a processor and GPU that can move images on the display as optimally as possible, how many other moons are there to shoot for?
An anonymous reader writes Apple has announced that it sold over 10 million new iPhone 6 and iPhone 6 Plus models, just three days after the launch on September 19. From the article: "Chief Executive Tim Cook said the company could have sold even more iPhone 6 and iPhone 6 Plus models if supplies had been available. Analysts had estimated first-weekend sales of up to 10 million iPhones, after Apple booked record pre-orders of 4 million on Sept. 12, the day pre-orders opened."
Nerval's Lobster writes Placing your iPhone in the microwave will destroy the phone, and possibly the microwave. While that might seem obvious to some people, others have fallen for the "Wave" hoax making its way around online. The fake advertisement insists that the new iOS 8 allows users to charge their iPhones by placing them in a "household microwave for a minute and a half." Microwave energy will not charge your smartphone. To the contrary, it will scorch the device and render it inoperable. If you nuke your smartphone and subsequently complain about it online, people will probably make fun of you. (If you want a full list of things not to place in a microwave, no matter how pretty the flames, check this out.)
kyjellyfish writes I've been using iOS 8 for several days and aside from a few gimmicks and add-ons that attempt to achieve parity with Android, my experience has been overwhelmingly unsatisfactory. My chief complaint is that the vast majority of my apps are slow to boot and noticeably sluggish in operation. I want to point out that all of these apps have been "upgraded" specifically for iOS 8 compatibility. Previous operating system upgrades have been relatively seamless, so I'm asking whether other slashdotters have experienced this degraded performance.
HughPickens.com writes Medium reports that although many startups want to design something that mimics the fit and finish of an Apple product, it's a good way to go out of business. "What happened when Apple wanted to CNC machine a million MacBook bodies a year? They bought 10k CNC machines to do it. How about when they wanted to laser drill holes in MacBook Pros for the sleep light but only one company made a machine that could drill those 20 m holes in aluminum? It bought the company that made the machines and took all the inventory. And that time when they needed batteries to fit into a tiny machined housing but no manufacturer was willing to make batteries so thin? Apple made their own battery cells. From scratch." Other things that Apple often does that can cause problems for a startup include white plastic (which is the most difficult color to mold), CNC machining at scale (too expensive), Laser drilled holes (far more difficult than it may seem), molded plastic packaging (recycled cardboard is your friend), and 4-color, double-walled, matte boxes + HD foam inserts (It's not unusual for them to cost upwards of $12/unit at scale. And then they get thrown away.). "If you see a feature on an Apple device you want to copy, try to find it on another company's product. If you do, it's probably okay to design into your product. Otherwise, lower your expectations. I assure you it'll be better for your startup."
Lucas123 writes When the iPhone 5 was launched two years ago, the base $199 (with wireless plan) model came with 16GB of flash memory. Fast forward to this week when the iPhone 6 was launched with the same capacity. Now consider that the cost of 16GB of NAND flash has dropped by more than 13% over the past two years. So why would Apple increase capacity on its $299 model iPhone 6 to 64GB (eliminating the 32GB model), but but keep the 16GB in the $199 model? The answer may lie in the fact that the 16GB iPhone is, and has been, by far the best selling model. IHS analyst Fang Zhang believes Apple is using that to push users to its iCloud storage service. Others believe restricting storage capacity allows Apple to afford the new features, like NFC and biometrics.
Squiff writes U2 and Apple are apparently collaborating on a new, "interactive format for music," due to launch in "about 18 months." (A direct interview is available at Time, but paywalled.) Bono said the new tech "can't be pirated" and will re-imagine the role of album artwork. Marco Arment has some suitably skeptical commentary: "Full albums are as interesting to most people today as magazines. Single songs and single articles killed their respective larger containers. ... This alleged new format will cost a fortune to produce: people have to take the photos, design the interactions, build the animations, and make the deals with Apple. Bono’s talking point about helping smaller bands is ridiculous ... There's nothing Apple or Bono can do to make people care enough about glorified liner notes. People care about music and convenience, period. As for “music that can’t be pirated”, I ask again, what decade is this? That ship has not only sailed long ago, but has circled the world hundreds of times, sunk, been dragged up, turned into a tourist attraction, went out of business, and been gutted and retrofitted as a more profitable oil tanker."
jfruh writes Despite being largely manufactured in China, iPhones are still too expensive for most Chinese to afford — new ones, anyway. That's why thousands come to a bustling marketplace in Shenzen that specializes in older grey-market iPhones. Many of them are damaged phones that have been refurbished by enterprising merchants. From the story: "Reselling iPhones can be a lucrative business. The Shenzen mall, called Open World Communication City, is based in the Huaqiangbei district, which attracts buyers from around the world who come here to shop for cheap devices and components. But some of the business is shady. Earlier this year, a person who claimed to have worked at the mall posted pictures online showing how dealers can refurbish an iPhone 5 to make it look like an 5s."