Get the most out of Mojave!

Learn what's new in macOS 10.14 Mojave and how to put its numerous
great features to use with Take Control of Mojave by Scholle McFarland.

Task Apps to Consider

(updated June 20, 2018)

When I first outlined the book, I planned an entire chapter talking about productivity applications so you would be able to pick one out of a menu. But then it turned out that I had plenty of other things to say, Joe Kissell (head honcho at Take Control) didn’t want the book to be 500 pages, and the easiest thing to cut was a chapter of which most of you would only need a few paragraphs.

Even so, a menu is useful, because the apps I mention in the book aren’t necessarily right for you. Here are some other good ones. Note that a listing here does not necessarily mean it’s recommended; read the description before trying it out. But everything here is best-in-class for at least one feature, and if that’s the key thing you’re looking for, maybe you’ll overlook any drawbacks.

Remember: web apps are usually compatible with both Windows and Mac, and sometimes with mobile devices—it’s always better when a web app developer ships a native app for mobile platforms, though. If an entry says “Mac, Windows, web,” that means that there are native apps for those platforms in addition to a web app.

Asana

Platform: web
Complexity: high, but with an attractive interface that hides it well
Best for: teams, including very large ones

Asana is way too large for me to be able to give it an effective review, so I’ll just say that I’ve included it because I’ve repeatedly heard it mentioned as having traction in large companies. Most of the other team tools I’m mentioning are primarily for smaller ones; this one, you can apparently throw an army into. Fastest way to acquaint yourself: check out their tour, where they apparently agree with my large-team assessment, as a sample project is “Mission to the Moon.”

Monday

Platform: web
Complexity: simple to medium
Best for: teams

Monday (formerly called “dapulse,” and yes, that’s the capitalization they used) is a team management app that values simplicity and visualization over an extensive feature set. The website doesn’t try to describe much about it (and neither will I), as it’s much faster to watch this one-minute video demonstrating how it works. Reviews of the software are mixed: either so fawning I suspect a paid placement or noting showstopping drawbacks while still giving it a middling rating. (No recurring tasks? Really?)

I haven’t tested this software, primarily because I would have preferred they invested in actually describing their software with words rather than the rock music soundtrack of the video—for example, while a review said they have mobile apps available, Monday doesn’t believe that’s worth mentioning on their own website. Very annoying for anyone trying to, I don’t know, evaluate the software.

Also, in the five minutes I’ve been writing this paragraph, the Monday.com browser page has flipped into an ad asking me to give them my email address three times, and minor annoyances like that are not a good idea when I’m deciding whether to spend time kicking the tires. They’re here because there’s one thing notably in their favor: if you like simple Gantt charting, the video seems to indicate they’ve nailed it.

Outlook and OneNote

Platform: Multiple, but really, it’s mainly Windows
Complexity: Depends
Best for: individuals

I’ve never heard of anyone seeking out Outlook; it’s more the app that people end up using because everyone else in their office does. I hear there are Microsoft Office gurus who can make these apps turn on a dime and give you eight cents change—and I believe it, because for a long time Microsoft Entourage (now Outlook for Mac) was one of the best tools available. I’m just not in a Microsoft environment enough to know how well it works—and the reason I said its complexity “depends” is because you have to get to know a bunch of Office apps pretty well in order to really make use of Outlook’s integrations.

That all said, I’ve seen several people saying that Outlook plus OneNote is a fantastically powerful toolset. If you’re spending all your time in Office apps already, maybe you already have the tools you need.

Remember the Milk

Platform: Mac, Windows, iOS, Android, web, others
Complexity: simple to medium
Best for: individuals

Remember the Milk makes the cut because: 1) its attention to additional platforms—you can also get the app for Linux, Blackberry 10, and Kindle Fire tablets, and 2) it seemingly integrates with nearly everything else you might use, including Google apps, Outlook, Evernote, Alexa, Siri, Twitter, IFTTT automation, and email. Rapid task capture and metadata-on-the-fly (such as repeats, tags, and priorities) seem to be a strong suit; less so complex projects and organizational needs.

A top contender as a great app to use in addition to your task app, as you can use it to pull data from nearly everywhere and see it on nearly everything; it could also be a decent task app if your structuring isn’t too complex, and you’re willing to give up some management features.

Salesforce

Platform: web with mobile apps
Complexity: I’ve been trying to learn it for three years and can still barely use it
Best for: teams the size of, say, Google

If you want to see why I was so effusive in the book about Daylite, the CRM software for Mac, just give Salesforce a spin. I’ve been working with CRM and productivity software for over two decades, I’ve spent three years trying to learn Salesforce (I’m on the board of a nonprofit that uses it), and every time I use the site it takes me 15 minutes to do the simplest things.

Apparently, the way most people use Salesforce is either with out-of-the-box solutions (which apparently, no one has ever bolted onto what I’ve tried to use), or with bespoke custom applications created by very expensive consultants. As I understand it, there’s almost nothing Salesforce can’t do, if you have a deep enough checkbook. But the problem with Salesforce is mainly that I don’t understand it—and I’m usually really good at understanding software.

TaskPaper

Platform: Mac, but see below
Complexity: simple to medium
Best for: individuals

TaskPaper is a Mac app with an important wrinkle: all of its data is written to plain text files in an attractive way, which you can then open and edit on anything else. When you view these files in TaskPaper, you get various bells and whistles (such as collating your Due list into one place), but when you’re looking at the same files elsewhere you can get similar functionality with a text search. Toss your files into Dropbox or another cloud service, and boom, instant everywhere. Edit these files in a way that TaskPaper understands, and when you re-open them in the app you’ll get the bells and whistles.

The drawback to this method is that you have to learn the “language” of how to format what you write so TaskPaper can understand it; programmers and techie people will understand this instantly, but it’s a bit fiddly for the general public. Check out their videos to see if it’s your cup of tea.

Note: TaskPaper doesn’t have much complexity baked in, but because you can come up with whatever text tagging you can imagine, and spread out your data over as many text files as you like, it’s possible to build a great deal of complexity—provided you’re the kind of person who can memorize the text formatting you have to invent to create it.

TickTick

Platform: Mac, Windows, iOS, Android, web, and others
Complexity: simple interface covering better-than-medium complexity
Best for: individuals or teams

TickTick didn’t come to my attention until late in the book’s production (I heard about it on the Back to Work podcast), but my initial impression is solid enough that I might promote it to a top app in the next edition of the book.

It looks like a simple Reminders-style app, but has tons of features beneath the hood at a reasonable price. Notably: team delegation, tracking of each person’s activities on a task, deeply nested tasks, multiple alarms per task, a monthly calendar and timeline view for your due dates, widgets for mobile devices, smart lists generated from rules, and intelligent parsing of both spoken words and text for rapid task entry. There’s even a white noise feature on mobile apps, so you can drown out distracting noises while working.

Tinderbox

Platform: Mac
Complexity: insanely high
Best for: individuals

Tinderbox isn’t so much a task management app as it is the kind of tool you’d use to organize all of your research if you wanted to write the Encyclopedia Britannica. For that kind of thing, it’s simply ridiculously powerful, and as such, could also be used to do ridiculously complex planning. But based on its home page, I can’t tell if it understands the concept of a repeating task out of the box—although I’m fairly certain you can build a data structure for that.

I’ve kicked the tires on a few trials over the years, and it’s the kind of software I’d love to use—if you’re the type who wants to full-text search every website you read 14 years ago when you don’t have an Internet connection, like I am, this is for you. But at $250 it’s also ridiculously expensive; I’ve never used it longer than a free trial. Mentioned primarily because for what it can do, I don’t know of any other software that does it as well.

Todoist

Platform: Mac, Windows, iOS, Android, web, and others
Complexity: simple with a few extras
Best for: individuals

Todoist is below my threshold for “complex enough to satisfy most of my readers,” but gets listed here because it’s mentioned very often in glowing terms by people discussing productivity in my podcast feed. It’s a multiplatform simple task manager featuring rapid data capture and natural language parsing; its flashiest feature is a graphic visualizer that shows you how productive you’ve been.


Want more? All the Links to Take Control of Your Productivity Web Content

Posted by Jeff Porten (Permalink)

Cross-Platforming Mac and Windows

(updated June 20, 2018)

If you have two different computers (most commonly, a Mac at home and Windows at work), there are a few ways to handle this. None of them are thrilling.

  • Cross-platform apps: The seemingly obvious solution is to pick an app that can live in both places. There are problems with this: first, there are very few app options here, and you’re much more likely to fit yourself to the software than the reverse. Second, if your data lives on your company’s hardware, they legally own it, and can review it (or demand passwords) at any time.

  • Web apps: Usually preferable to native applications (in this situation only). Your data lives in the cloud, so no one at work can get to your database. But it has the same lack-of-options downside: web apps are less complex than native applications (usually; Salesforce is a major exception).

  • Run Windows on your Mac: There are several ways to run Windows software on your Mac. This actually works really well. The issue is, spoiler alert, Mac apps are just better across the board: more choices, better design. The how-to for this is a book on its own (and unfortunately, Take Control’s book about it is out of print), but here are the software names to Google to get you started: Boot Camp, Parallels Desktop, VMware Fusion, VirtualBox.

  • Run Mac on your PC, sort of: You can’t run Mac apps on a PC, but you can share the screen of your Mac at home. You see the screen on your Windows monitor, anything you type or mouse gets sent home, your Mac does the work and sends back the screen. It’s not perfect—there’s a little lag, and sometimes everything pauses for a few seconds if the Internet connection slows down. The main problem, though, is that you need to leave your Mac running at home to use it, and some tech wizardry is necessary to set up your home router. Get started here: how to share the screen on your Mac, and software you’ll need on Windows.

I think most people will be served best by a task app that runs on mobile hardware that they own. Run your task app on a tablet, and you can prop it up side-by-side with either computer, using pointers to make any organization use do on all three perfectly manageable.


Want more? All the Links to Take Control of Your Productivity Web Content

Posted by Jeff Porten (Permalink)

Joe Kissell Takes Control of Apple Mail in iOS 11 and High Sierra

It’s been a while since the previous edition of Take Control of Apple Mail was published, so I had a lot to catch up on in my interview with Chuck Joiner on MacVoices. I’m not exactly a green rage monster this time, but there are a number of things about Mail I’m…less than happy about. If you feel the same way, I hope you find this interview therapeutic.

Posted by Joe Kissell (Permalink)

What You Need to Know About the EFAIL Vulnerability

Note: Please see the end of this article for updates.

Just hours before the scheduled release of Take Control of Apple Mail, Fourth Edition, my Twitter feed started blowing up with Urgent! Breathless! Warnings! about a newly discovered vulnerability that affects email messages encrypted with S/MIME or OpenPGP, about which I have a whole chapter in my book (“Sign and Encrypt Messages”). And my first thought was, oh, great, my book needs revising before it’s even out. I’ve now examined the original report that prompted the warnings and have a better understanding of the situation, which I’d like to share with you here, and which I plan to update as new facts emerge. Let me start with this, however:

The sky is not falling.

Yes, there is a problem, but (a) the odds that you will encounter it, even if you regularly use email encryption—and most people don’t—are incredibly small; (b) there are easy temporary workarounds; and (c) it is being fixed even as I type these words.

Let’s go over the details.

The Problem

A team of European researchers found a vulnerability that they’ve dubbed EFAIL. That site summarizes the issue; their complete technical paper (PDF) is here. The very short version of the problem is that there is a technique that an attacker could potentially use to cause your email client to send the decrypted contents of an encrypted message to outside parties. This technique exploits a combination of weaknesses in two encryption standards, design flaws in certain modern email clients (Apple Mail among them, on both macOS and iOS), and less-than-ideal default settings. It works only when you receive and open a message that contains a hidden copy of encrypted email you’ve already sent or received—meaning you are almost certainly being targeted directly. And it affects both of the most common encryption methods—S/MIME (built into most email clients) and OpenPGP (used by GnuPG and other software).

In order for this exploit to work, the attacker must already have encrypted messages sent to or from you. (There are numerous ways these could be obtained, but all of them require the extra, and sometimes quite challenging, step of first hacking into your email in some way.) Once that’s done, the attacker takes the encrypted contents of one or more of these messages and hides it in a new, specially crafted, encrypted message sent to one of the original senders or recipients (and, presumably, made to look as though it comes from a trusted source). When the victim opens this message, their email client decrypts it and sends the attacker the plaintext contents of the encrypted message(s) hidden within it. So, this doesn’t give the attacker the ability to freely read all your encrypted email, only those specific messages sent to you or the other party in the email transaction in this sneaky way.

Why You Probably Don’t Have to Worry

EFAIL almost certainly won’t affect you, even if you take no action. Here’s why:

  • Very few people encrypt their email anyway. If you’re not using S/MIME or OpenPGP—and believe me, you’d know it if you were—there’s just nothing to see here.

  • I have seen no evidence, or even hints, that this exploit is being used, or has ever been used, in the wild. As far as I know, only the researchers who discovered the technique have actually tried it. (Obviously, that could change in hours or days, but it’s not like the bad guys have been actively using this already.) And remember, even if or when it does get out into the wild, an attacker can’t use this on you without first obtaining the existing encrypted email messages from your account that they want the contents of. That’s a nontrivial extra step.

  • The companies that make the affected email clients and third-party software are working on fixes right now. For example, the team that makes GPGTools has already tweeted that a mitigation is imminent, in GPGTools 2018.2, and that there’s an easy workaround in the meantime (about which, read on). And if Apple doesn’t address this in macOS 10.3.5 and iOS 11.4 within days, I’ll be shocked. (In other words: the vulnerability will likely be eliminated before anyone has time to exploit it.)

As the EFAIL researchers point out, although the developers of apps like Apple Mail, Thunderbird, and GPGTools can and should fix a variety of vulnerabilities, a complete and permanent fix requires changes to the S/MIME and OpenPGP standards, which will take longer. Even so, I fully expect the problem to resolve itself before it has any meaningful real-world effect.

What You Can Do Now

Long story short, flipping one switch is probably adequate.

macOS
If you are using Apple Mail on a Mac, and are actively using S/MIME or OpenPGP, the quickest and easiest way to immunize yourself against the most likely forms of this attack is simply to uncheck one box:

  1. Go to Mail > Preferences > Viewing.
  2. Uncheck “Load remote content in messages.”
  3. Close the Preferences window.

(I already had this unchecked in my copy of Mail, and have long recommended that other people do so too, because loading images from HTML messages is often used for tracking, and although some of this tracking is entirely benign, I prefer a little more privacy than the default.)

The Electronic Frontier Foundation (EFF) recommends going further—removing the GPGMail plugin (if you use it) to prevent Mail from decrypting messages automatically at all. But I agree with the GPGTools developers that this step is entirely unnecessary.

iOS
On an iOS device, do this:

  1. Go to Settings > Mail.
  2. Turn “Load Remote Images” off.

And that’s it.

A Few Last Remarks

In the paper that kicked off this whole crisis, the researchers included tables detailing which of the tested clients, on various platforms, are vulnerable to each of several variations on this attack. Interestingly, Canary Mail for iOS, an OpenPGP client I mention in my book, is not vulnerable. (The researchers didn’t test the Mac version, but I assume it’s also safe.) So, if you rely on OpenPGP-encrypted email on a Mac or iOS device, switching (even temporarily) to this client might be something to consider.

Finally, and I’ve said this many times in many books, keep your software up to date. All these fixes that developers are working on do you no good if you don’t install them. So please, keep up with system updates and security fixes for macOS and iOS, and make sure your third-party apps are also up to date.

If any significant new developments arise, I’ll update this article accordingly.

Update 2 (June 9, 2018): On June 4, GPG Suite from GPGTools was updated to version 2018.02, with mitigations for EFAIL. Apple also says that macOS 10.13.5 (released on June 1) addresses S/MIME vulnerabilities, although testing by the GPGTools developers indicates that Mail remains vulnerable to some EFAIL-related exploits.

Update 1 (May 31, 2018): Contrary to my expectations, neither Apple nor GPGTools has yet delivered an update to address this problem. I still expect fixes soon, but they didn’t happen as soon as they should have. In addition, one researcher has published a proof of concept exploit that could theoretically put your email at risk even if you disable the loading of remote images as described above. (And in any case, I should note that any mitigations you undertake on your own devices won’t help if your correspondents’ devices are compromised.) Even so, I have yet to hear of any real-world attacks involving the EFAIL vulnerability, and I still believe the sky is not falling. But I sure wish the security folks at Apple and elsewhere would kick their bug-fixing into high gear.

Posted by Joe Kissell (Permalink)

Apple Watch updated; Apple Watch book, not so much

In the nearly three years since the Apple Watch was introduced, we’ve seen four hardware iterations, four operating system releases, and millions of orders, making it a fairly mature product by modern tech standards.

During that time, we’ve also seen four releases of Apple Watch: A Take Control Crash Course, including the first version we published before the watch was even released. And now…well, we think four is a pretty good number, for now. Sales of the book aren’t enough to justify updating the manuscript to account for the changes in Apple Watch Series 3 and watchOS 4.

That turns out to be a pretty good opportunity for you and/or dozens of your Apple Watch-owning friends, because we’ve put together a great deal. Looking over the current version, easily 95% of the information is still relevant and helpful to anyone with an Apple Watch. Want to install apps, customize watch faces and complications, get driving or walking directions, or send messages? It’s all there.

So here’s the deal: you can now buy the (slightly outdated) book for just $5—half of its original price!

Here’s an overview of what’s changed in the Apple Watch that isn’t specifically in the book:

  • The Apple Watch now runs watchOS 4, which represents more of a focus on fitness activities and technologies used in Apple’s ecosystem. watchOS 4 runs on all versions of Apple Watch, even the original “Series 0” hardware.

  • The Dock, which comes up when you press the side button, now displays apps as a layer of cards representing the most recent apps you’ve used. In the Watch app on the iPhone (in My Watch > Dock), you can change that to display Favorites, and put the apps in the order you prefer.

  • The app screen is, by default, the same blobby collection of circular app icons, but now there’s an alternative. Force-touch the app screen and choose List View to see the apps as a scrolling list.

  • Apple introduced a few new watch faces in watchOS 4. The Siri face is named because it has a prominent Siri button you can tap (if you’d prefer to invoke the assistant with a tap instead of pressing the digital crown or raising the watch and saying, “Hey Siri”). It also features informative cards that display things such as Apple News items, calendar events, and reminders. Also new is a Kaleidoscope face that takes photos and mirrors them into geometric patterns. And I also confess an affinity for the dozens of fun, animated Toy Story-themed faces.

  • The Apple Watch Series 3 includes a model with built-in cellular networking, which means the iPhone doesn’t need to be connected to the watch to use wireless features such as messaging, phone calls, or streaming music playback. Prices to enable the cellular feature vary among wireless providers, but in most cases it’s an extra monthly fee.

  • The Apple Watch Series 3 models also include an altimeter, a faster processor, more internal memory, and Bluetooth 4.2 wireless networking.

  • watchOS 4 adds the capability to stream music with an Apple Music subscription, versus syncing music tracks to the device separately. It also supports sending and receiving money via Apple Pay’s peer-to-peer payment feature.

  • The fitness features in watchOS 4 include more types of workouts, as well as compatibility with several gym equipment models to sync more detailed real-time workout data as you’re exercising.

  • Apple incorporated more coaching prompts and reminders to the activity features, providing nudges throughout the day if, for example, your exercise ring isn’t as far along at some point compared to the same time on other days. It sounds like a nagging feature, but in my experience, Apple has found a good balance between motivation and exasperation.

These are mostly refinements for what was already in the Apple Watch experience since the last release of Apple Watch: A Take Control Crash Course. If you’re looking for a great guide that covers all of the other foundational topics about the watch, take advantage of our new pricing for the book at just $5.

Posted by Jeff Carlson (Permalink)

What Happened to Read Me First: A Take Control Crash Course?

Thanks for your interest in my ebook, Read Me First: A Take Control Crash Course! Written in 2014, this title was available for free from the Take Control website until midway through 2017, when it was withdrawn because the screenshots were dated and the information wasn’t always accurate for new versions of macOS.

When I wrote this ebook, I was editor-in-chief of the Take Control series, and I wrote it largely so we didn’t have to repeat certain topics in other Take Control titles. Of these, the three biggies were figuring out what version of macOS or iOS you were running, launching the System Preferences app on the Mac, and understanding directory paths. Keep reading below for tips on these three tasks.

The 49-page ebook did cover a few other topics, and if you’re running 10.9 Mavericks, 10.10 Yosemite, or 10.11 El Capitan and really want a copy of the PDF, feel free to ask at support@tidbits.com. Some time after this title lived out its useful life, I used it as the starting point for another ebook, Take Control of Mac Basics. Weighing in at about three times the page count, Take Control of Mac Basics costs $15 and covers even more of the fundamentals of using a Mac while sharing oodles of tips for improving your everyday Mac experience.

Finding Your System Version

To complete this simple task on the Mac, move the pointer to the upper-left corner of the screen and click the Apple icon. Choose About This Mac from the menu. A window appears. Text in this window tells you the operating system version. Where, exactly, that text appears depends on which version. Look carefully and you’ll find it.

What about iOS? In iOS, open the Settings app and tap General. Then, tap About. Look on the About screen for the Version line, which will provide the version of iOS.

Launching System Preferences

Imagine this. You want to change the background image on your Mac’s Desktop. You search in Google for instructions and find an article that promises to tell you what to do. But, it tells you to open System Preferences. Okay, fine… but where is System Preferences? For that matter, what is System Preferences?

First, it’s an app that provides a home for “preference panes,” most of which come from Apple and let you configure various aspects of your Mac experience. Other preference panes are installed by third-party apps.

To open System Preferences, click the Apple icon at the upper-left corner of the Mac screen. Then, choose System Preferences. That’s the most obvious and reliable method, but there are lots of other methods, such as clicking its gear icon in the Dock, pressing Command-Space to invoke Spotlight, and then typing “sys,” and even clicking the round Siri icon on the menu bar and saying “open System Preferences” (assuming you’re running macOS 10.12 Sierra or later and have Siri enabled).

Understanding Paths

Any file or folder on a Mac can be found by navigating from a known starting point—usually the main level of a drive, through any intervening folders, to the item. Instead of writing out all that navigation with a lot of “Open this, then open that,” we use a path.

For example, if I want to tell someone where to find their Photos Library, I could say “open your home folder. Then open your Pictures folder. That’s where you’ll find a file called Photos Library.photoslibrary.” That’s a lot to write out and boring to read. So, instead, I could use a path and say, “You’ll find your Photos Library at /Users/homeFolder/Pictures/Photos Library.photoslibrary.”

A Tilde ~ in a Path

Paths like the one above that tell you to go to a spot inside the home folder can be awkward, since the writer can’t know the name of your home folder. Fortunately, there’s a shortcut. To indicate more gracefully that a path includes the user’s home folder, a writer might begin the path with a tilde character, like this: ~/Pictures/Photos Library.photoslibrary.

Typing or Pasting a Path

Instead of following a path by clicking from folder to folder in the Finder, you might wish to type the path—or copy and paste it. Pasting is handy when you want to follow a complex path that you see in an ebook or on the Web—you can copy the path using the Edit > Copy command and then paste it with Edit > Paste. Typing a path can also be a useful way to view a folder that is normally hidden. For example, if the instructions for some Unix task tell you to look in /var/log, this is your only method of navigating there—unless you want to work on the command line.

To follow a path by typing or pasting it, follow these steps:

  1. In the Finder, choose Go > Go to Folder.
  2. Enter the path by typing or pasting it, if you’ve already copied it.
  3. Click the Go button.

A Finder window opens, showing the folder whose path you entered.

Posted by Tonya Engst (Permalink)

Try This Quick Tip for Making Your Pointer Easier to See

Yesterday was the first webinar for Take Control of Mac Basics, and I had fun sharing my actual Mac screen with viewers as I demonstrated some of my favorite Mac features. One viewer commented, however, that he had trouble seeing the mouse pointer. “Drat!” I thought, “I’m sure there’s a way to enlarge the pointer, and I wish I’d thought of that before starting the webinar.” Sure enough, its easy to make this change: go to System Preferences > Accessibility > Display, and drag the Cursor Size slider as desired. Saturday’s show will feature the pointer at nearly the largest size! (To access the webinars, make sure you have version 1.1 of the ebook and look in the chapter “The Mac Basics Webinar.”)

Posted by Tonya Engst (Permalink)

Joe Discusses the New Editions of His “Mac Fitness” Books

I joined Chuck Joiner on MacVoices (audio and video) to discuss the new editions of Take Control of Backing Up Your Mac, Take Control of Maintaining Your Mac, Take Control of Troubleshooting Your Mac, and Take Control of Speeding Up Your Mac—including their transition from Joe On Tech books back to the Take Control world:

MacVoices #17227: Joe Kissell Releases Four Take Control Titles Updated for High Sierra

Posted by Joe Kissell (Permalink)

What’s Basic about Using the Mac?

You can now watch MacVoices #17219, “Tonya Engst Takes Control of Mac Basics.” In this video podcast, author Tonya Engst and MacVoices host Chuck Joiner consider what Mac features are basic enough to fit into the 140-page Take Control of Mac Basics ebook. Tonya also shares several interesting tips, and describes what happened behind the scenes as she created her book.

Posted by Joe Kissell (Permalink)

How To Deal with a KRACK Attack

You may have seen the news about KRACK, a Wi-Fi exploit that can allow a determined invader to sniff traffic on your network encrypted with the latest and greatest WPA2 protection and decipher some or all of it. There’s a reason to be concerned: it affects every Wi-Fi radio ever made that uses WPA2, which is all of them since about 2003. However, in practice, someone has to be close to your network and use cracking software that doesn’t yet exist: the researcher who discovered the set of flaws exercised responsible disclosure, and thus malicious parties still have to figure out how to take advantage of these defects.

The flaws largely exist on the client side, so operating system and firmware updates on computers, phone, tablets, gaming devices, smarthome switches, and other equipment will take care of the problem. Base stations will be updated, too, preventing misuse of any device (even an unpatched piece of equipment) on updated networks.

What do you need to do? Apple already has updates in the latest betas for all its operating systems that will prevent these attacks from being used. iOS 10 and earlier users who can’t update or don’t want to will be in an awkward position, however, because their devices will remain vulnerable on networks that have unpatched or non-upgradable access points. Read more about this in my article at TidBITS, “Wi-Fi Security Flaw Not As Bad As It’s KRACKed Up To Be.”

Posted by Glenn Fleishman (Permalink)