Month: September 2013

[Frank from the Chaos Computer Club on their workaround for Apple’s TouchID system][1]:

> The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.

As I said that other day, [who cares][2]. The CCC is making this out like there is *no* security with TouchID, which is a falsehood. In fact there’s a lot *more* security even with this vulnerability.

Let’s walk through a few facts:

– The CCC hack requires a near perfect, smudge free, finger print to be photographed at a very high resolution, cleaned up digitally and printed at a very high resolution. Once all of that is accomplished then you can unlock a phone. Yeah, not exactly something that can be done quickly.
– $10 says I could remote wipe my iPhone before you could replicate my fingerprint and unlock it.
– With TouchID a user has very little reason *not* to create strong and complex passcodes and Apple ID passwords for their information. Meaning you are increasing the non-you aspects of your security. And because iOS 7 requires your passcode upon restarting the iPhone, I could easily accomplish wiping my phone before you could accomplish your task of beating TouchID. ((Assuming you don’t carry a portable faraday cage. There does exist the possibility that you have my fingerprint already replicated when you swipe my device, I’ll take my chances on you being able to do that.))

So yes, TouchID isn’t perfect, but we had a reasonable expectation to assume this may be the case. However, the other items that Apple has implemented makes TouchID a pretty secure system. Because while you could beat my fingerprint under ideal conditions, I could likely wipe my iPhone under shitty conditions before you beat my fingerprint.

[1]: http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid
[2]: https://brooksreview.net/2013/09/touchy-id/

I personally believe that Touch ID, and future systems like it, are going to prove just as important to smartphones as multi-touch has proven. It’s something that seems so logical, so magical that when you use it, as [Jony Ive says][1]:

> True simplicity is, well, you just keep on going and going until you get to the point where you go, ‘Yeah, well, of course.’ Where there’s no rational alternative.

Touch ID is one of those “Yeah, well, of course” things. So naturally I have been wondering about the future of Touch ID. Right now Touch ID can only bypass your device passcode (which you can now make complex without hating your life) and it can unlock your Apple ID password for iTunes and App Store purchases (which should also be a complex password). These are very useful scenarios, but I’d really like to be able to do things like unlock 1Password (again, a complex password).

I think it is a safe assumption to assume that Apple has thought about how nice this would be too, but they aren’t yet allowing third-party access to whatever system Touch ID works off of, so why? I have to believe that Apple could allow access in a very secure manner, so why not?

My guess is that Apple knows that Touch ID is a system that makes a lot of people, to say the least, *uncomfortable*. And until such time that Touch ID becomes comfortable, Apple won’t run the risk of letting any third-party developers do anything to potentially delay, or dissuade, the comfort and trust that Apple is asking from its users.

Assuming then that Apple can securely allow developers access to Touch ID, I have to believe that they want to, and eventually will, allow developers usage of Touch ID. The timing will just come down to waiting for the point to come when users not only want and trust Touch ID, but refuse to go back to the pre-Touch ID days.

I can’t wait for that day.

[1]: http://www.usatoday.com/story/tech/2013/09/19/apple-jony-ive-craig-federighi/2834575/

[A nice report from Bloomberg’s Linda Sandler on LinkedIn’s incredibly shady practices](http://www.bloomberg.com/news/2013-09-20/linkedin-customers-say-company-hacked-their-e-mail-address-books.html). The report stems from a lawsuit filed against LinkedIn alleging (very generally) two things:

+ That LinkedIn sent emails asking people to connect with users without user permission.
+ More seriously, that LinkedIn hacked (in someway) into external email addresses of their users and scraped all email addresses to send the above reference emails to people.

Of course, they are trying to make this more of a class action lawsuit than anything else. While the hacking aspect would certainly be damaging, its the first claim that is — I feel — potentially far more interesting. If you read the Bloomberg report you can see LinkedIn’s defense: that they don’t do anything without the permission of the user.

The issue in the case I think will come down to what “permission from the user” really is.

The argument LinkedIn would make is that the user didn’t uncheck this, or agreed to that, in the terms of service, or any other obscure place. The user would argue they had a reasonable expectation to not have to dig for that information to turn off privacy violating features and that they didn’t know, or couldn’t be reasonably expected to, find these settings — probably showing how often the locations change and items mysteriously turn back on as supporting evidence.

The decision by a potential jury on this could be far reaching in the tech industry. The best outcome for users would be for LinkedIn to get hit with huge punitive damages which sends a clear message to other companies that these settings must be clear, easy to access, and explicit. I don’t generally like lawsuits, but this is something I can get behind.

[Dustin Curtis remarking on the space grey iPhone 5s][1]:

> The outer part of the new home button is exactly the same size as the Phone and passcode keypad number circles in iOS 7, which are in turn also identical in size to the holes in the back of the new iPhone 5c rubber case.

He noticed a lot more things too, which to me speaks worlds to having “one” man in charge of all design. Consistency of design is very important, and though few would notice this sizing, we all unconsciously notice these things. It makes a difference, just not a directly quantifiable one.

Curtis, again:

> “Slide to unlock” on the lock screen no longer makes sense when you’re using a fingerprint to unlock.

I do find that odd. Obviously you can still unlock your iPhone with a passcode ((Make it a complex one though now that you have Touch ID.)) when you have Touch ID turned on, but it seems odd to see “slide to unlock”.

If you are using Touch ID and you do attempt to slide to unlock you are only slowing down the process of unlocking your iPhone. I assume the reasoning behind this staying in place is to maintain a sense of familiarity for users, but I fully expect this to change at some future point.

[1]: http://dcurt.is/5s

[In his review of OmniFocus 2 for iPhone, Don Southard concludes][1]:

> I think the Omni Group did an excellent job improving on an already great product while keeping it relevant on an entirely new operating system. OmniFocus 2 is being released as new app for all customers but is still highly recommended.

While I fully realize I am now biased on the matter of todo list apps, I do want to weigh in on OmniFocus 2 because it is a tool I still use daily.

I don’t like OmniFocus 2 for iPhone very much right now, but I do like it better than the version it replaces. Don’t get me wrong, if you are Ben Brooks, I highly recommend OmniFocus to you.

Allow me to explain.

OmniFocus for iPhone has never been (well OmniFocus in general) a world class app when it comes to design. The functionality is amazing, but the aesthetics leave a lot to be desired. It looks as though this was the complaint the OmniGroup looked to address in this update (and I am very glad they did). So to judge OmniFocus 2 for iPhone we need to not look at the features, but we need to look at the design.

There are some really odd design choices in this app.

For one: why display the days of the week under the forecast heading on the main screen, if tapping those days doesn’t jump you into the forecast view for those days? This seems like a wasted power-user opportunity to me.

Also, why wouldn’t you show the individual perspectives as tappable items under the perspectives heading — instead leaving an awkward spacing before the bottom of the screen is reached? UPDATE: Turns out you can do this, apologies. Still, not very discoverable.

All this brings me to my last complaint. In the forecast view, the plus button at the top right-ish area of the screen: was this an afterthought? I hope so because it could not look more out of place. The alignment looks off, it cramps the top bar and it looks out of place. I get the function of the button, but I think this is an instance where removing that “feature” and saying you add all tasks with the inbox add button at the bottom, would be a better move.

I am glad I bought the update, and recommend you pick it up if you use OmniFocus, but the design feels a bit rushed and not fully fleshed out. That’s just not something I expected from an app of this caliber. Perhaps that expectation is too high, but as an everyday OmniFocus user I hoped for something that felt (for lack of a better term) more well thought out.

That said, this is certainly a step in the right direction, perhaps I was just hoping for a leap.

[1]: http://www.macstories.net/reviews/omnifocus-2-for-iphone-background-sync-and-a-bold-redesign/

[Glenn Fleishman on changes to ‘Find my iPhone’][1]:

> So even if you wipe your iPhone remotely, you don’t have to worry about anyone else ever being able to use it again. If it’s later recovered, you can easily restore from your most recent backup, entering your Apple ID and password when prompted.

Read his entire post, some really great security changes for iPhone users. It seems pretty clear to me that Apple is serious about helping users secure their devices (at least from non-NSA types — I can’t speak to what they are doing on the NSA front).

[1]: http://tidbits.com/article/14113

#### The Good
1. The lock screen is fucking gorgeous — I don’t care what anyone says.
2. Control center negates the need for any flashlight apps and generally makes me a very happy man.
3. The Today view in notification center is near perfection and eerily accurate. It’s the best way to keep your day on track and I hope developers (like [todo list apps][1]) are able to tie into that in the future.
4. Auto-update is fantastic.
5. You can set any IMAP account to archive emails instead of delete them. *Praise be…*
6. In Settings, under Phone, you can set a list of blocked numbers. I put all the phone numbers of my exes in there — I recommend you do the same because it is glorious.
7. Don’t be fooled, the Calendar app is a winner. I don’t care what anyone says.

#### The Not Good

1. “Designers” still won’t shut up about the icons and typography.
2. You still can’t get rid of Newsstand.
3. Despite #1 on this list, the Camera app icon is horrid.
4. Apple made it harder to manage playlists. When you wanted to add new songs to a playlist you used to be able to click `Edit > +` and you would see a list of all your songs, but then you could tab to your Playlists to add songs from another playlist. For some asinine reason this has been removed. I hate whoever made this call.
5. You can now swipe to unlock from anywhere on the lock screen — meaning not just in the “slider area”. This annoys me to no end because it feels imprecise.

Carry on.

[1]: http://beginapp.co

[Justin Williams][1]:

> If Path or App.net can show verifiable success in their respective ventures it will likely lead to other services copy-catting the idea of charging their users for the service they are offering. I can certainly think of worse things to copy.

While I can’t bring myself to trust Path (what is this of Dave Morin using a day *and* night phone?), I can certainly get behind this notion of copying paid services.

I think the key to offering a paid service is to be paid from day one. Path is going the opposite route and that never seems to work in the long run.

If people know they need to pay from day one then the standard has been set. If the service then offers free later on (with reduced whatever) that service stands a much better chance of converting free users to paid users because the service has never been devalued by being free in the consumer mind.

[1]: http://carpeaqua.com/2013/09/17/the-path-of-opportunity/

This morning Contrast launched [Perfect Weather for iPhone][1]. A weather app — oh — I must take a look at it. Perfect Weather is $2.99 — so it is looking right at me and daring me to install it — blue icon and all.

##### Background Time

First a little bit about the current state of my weather apps. On my home screen for the past few months have been two weather apps: Dark Sky, and Apple’s iOS 7 weather app. I like the iOS weather app, but I hate one thing about it: no precipitation percentages for future days. This really irks me, but for some reason I just like that app so I keep using it.

##### Back to the App At Hand

Enter Perfect Weather. When David Barnard emailed me about the app he noted that *this* was the perfect weather app for him. (Honestly, at this point how could I not write about this app?)

I am happy to say that Perfect Weather quickly displaced the Apple weather app on my phone. Here’s what I like about Perfect Weather:

– The precipitation forecast is right there with no extra taps for today and the rest of the week. This is immensely helpful for me.
– The app is highly glanceable, with a lot of in-depth data buried just a tug and swipe away. ((That sounds dirty, I know, but you gotta love that phrasing.))
– The icon. Yes, that blue square. *I* like it.

Ok, now on to the part you wanted to read. Here’s what I don’t like:

– I am not a fan of the fold out animation when you pull down on the gripper. It doesn’t feel like the right animation.
– The light weight of the fonts makes the smaller temps, and specifically the low temps, hard to read.
– Lastly, when you are using your current location as the location for the weather data, Perfect Weather gives you little indication of what location it thinks you are at. And yes, the radar map helps, but that’s not a great indicator. I personally would like to see a zip code or something to indicate that the app is accurate on this front.

##### Overall

I like Perfect Weather. It’s going to stick on my home screen for a while so I can put it through it’s paces. Even though my time with the app has been limited, I think it is the best weather app on my iPhone. (Please note: Nothing can touch Dark Sky, but it’s a specific app for a specific use, not a general weather app like Perfect Weather.)

[1]: http://contrast.co/perfect-weather/

[Brian Roemmele on Quora][1]:

> To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (example full battery drain) or hasn’t been unlocked for 48 hours. This is a genius feature that is meant to set a time limit for criminals if try to find a way to circumvent the fingerprint scanner.

This makes Touch ID just about the most secure method out there. Additionally it would seem to make it near impossible for police to compel you to unlock your phone. All you have to do is power it off, or have your lawyer buy you 48 hours, and then you can see the passcode which is legally much harder to be forced to hand over. Neither should be too hard.

The more I read about this Touch ID system the more I love it.

[1]: http://www.quora.com/Apple-Secure-Enclave/What-is-Apple%E2%80%99s-new-Secure-Enclave-and-why-is-it-important

[Joseph Menn for Reuters][1]:

> Despite emphatic predictions of waning business prospects, some of the big Internet companies that the former National Security Agency contractor showed to be closely involved in gathering data on people overseas – such as Google Inc. and Facebook Inc. – say privately that they have felt little if any impact on their businesses.
> Insiders at companies that offer remote computing services known as cloud computing, including Amazon and Microsoft Corp, also say they are seeing no fallout.

The argument is that because there has been no measurable business impact that people were wrong to predict bad things for US companies. Menn has effectively jumped the gun here. There’s a few things to understand about “businesses”:

1. They are incredibly slow to move. Even when IT has been given the directive to “get us off these NSA services” it could take a year or more to do so. IT has to test and try out many services, look into migration, send reports to management, management has to decide on if the cost is worth it, think about it more, ask IT a question that takes a month for IT to get back to management on because the current email server just shit itself… You get the point. Things don’t happen fast in this world — they still use BlackBerries at some companies after all.
2. There are very few, if any, better solutions to existing tools. It’s hard to replace Google Apps, Amazon cloud computing, or whatever Microsoft sells people. It really is. Think about it like this: if you are an all Windows company, how long would it *actually* take to switch to Macs everywhere? That would be a massive undertaking, and there is already a (hopefully) viable solution to switch too. Now imagine instead of Windows to Mac, you are going Windows to Linux — that’s closer to what we are talking about. It is a massive undertaking for most companies.
3. For the great majority of companies that use U.S. companies the privacy impact of the NSA and GCHQ programs are not *yet* of great concern because so far the only bad thing to happen is some bad PR for the NSA. Until there is a real privacy breach, until Snowden or another leaker posts actual data the NSA is storing from a big company — until then there is likely no user demand for companies to change. It’s likely that most privacy conscious companies are looking into other solutions so that *when* push comes to shove they can move quickly.

So yes, there is a huge potential risk of lost business globally for these U.S. service providers, but it won’t happen immediately. This will be a slow change — not an overnight action. That is where the danger really is, because when change is slow, sometimes you don’t realize you needed to react at all.

[1]: http://www.reuters.com/article/2013/09/15/us-usa-security-snowden-tech-analysis-idUSBRE98E08S20130915

I really hate shopping for undergarments of any sort — be it socks, boxers, or undershirts — it’s all a gamble that rarely pays off. It seems to me that the market is pretty well set by one factor: price. You either pay $19 an item, or you pay $19 for a *pack* of that item.

The thing is, it’s really fucking hard to find out if any of these items are good before you buy them. I don’t mind splurging and buying a set of undershirts at $19 a pop if I know two things:

1. They are going to be great.
2. They are going to last at least two years.

I’d buy ten and call it a day. The problem is, unlike gadgets, no one really talks about this stuff — well no one that I know. I’ve bought some undershirts that I have seen recommended on sites here and there, typically they are over priced and shitty — a clear indication to me that they were compensated for talking about the products.

For the past three and a half years I have been wearing v-neck, white, undershirts. Prior to that I went with crew neck — I was uneducated, clearly. I have yet to find a really great v-neck undershirt, but that doesn’t mean I can’t share with you what I *have* found thus far. Please keep in mind that this isn’t me wearing these shirts once, and reviewing them. No I have worn each brand of these shirts (and still wear most of them) for over 6 months each. During the tests these shirts have been washed and dried countless times — I am speaking about them then on the level of what they will be like after the “new” wears off.

## Ribbed Tee

We start our adventure with the oh-so-popular [ribbed-tee brand of v-neck undershirts][1]. These are the shirts that look like what is commonly called, in the U.S. at least, a “wife-beater”. They hug your body, and are ribbed (amazing right?).

I hate these shirts, so let’s list out why:

– They are pricey, at $20. UPDATE: Sorry it was $20 for a two pack, or $10 each.
– They fall apart. I bought three and within 3 months two had hems that came apart. That’s a 66.667% failure rate. ((Science!))
– They are too short. I am 6′-3″ and most of that is in my torso. I need Large-Talls in almost everything — but most undershirts still work because they are typically made to be long. These shirts are so short I can’t even tuck them in. I don’t have much of a gut, but there is no way in hell I would be caught wearing just this shirt.
– The sleeve holes are too tight. You know, they give your armpits wedgies.

That’s the bad, and it’s pretty bad. The good though:

– I like the ribbed nature because they cling to your body well and let your dress shirt flow a little better.
– They hold their shape incredibly well (when they don’t come unstitched).
– They stay nice and bright white.

Overall: don’t buy these.

## UnderArmor

When I found out [UnderArmor made undershirts I was stoked][2]. I thought they would be great, but `meh` is what I found. Here’s what I don’t like about these:

– They are really pricey — $25 each.
– They always seem to get that static cling crap going on.
– They gray up. By that I mean they are no longer white, see this picture for a comparison. Yuck.
– Because of the type of fabric, and this is a big issue, they tend to allow your shirt to come untucked a lot easier. I can’t stand how my shirt seems to glide in and out of my pants when I wear these undershirts. They must be made for that super hip guy that wears v-neck undershirts but never tucks anything in (that’s a thing, right?).

What I like about these shirts:

– They hold their shape really well.
– They feel like angels wrapped on my body.
– I assume they are some kind of armor that protects me from things.

Overall: save your money.

##### Now Things Get Stupid

The above two brands are really easy to talk about, they have very clear versions that I can point you to. But the next shirts I am about to talk about, are, um, probably ones that are going to be harder to find the exact version of for one, and easily mistaken for other ones. I point this out, as yet another example of how much these undershirt makers hate their customers. I’M LOOKING AT YOU JORDAN.

## Jockey, Blue Labeled…

[These are easily the best shirts][3] of the lot.

What I like:

– They held their shape well.
– They stayed very white over the course of a 6 month test.
– The v is not too deep, or too shallow.

What I didn’t like:

– Too short.
– Minimal wrinkling of the cuffs, particularly around the waist band section.

Overall: good buy if you are not freakishly tall.

## Hanes with Red Labels…

[These may be the worst of the lot][4]. I bought these in a store, so who knows what specific model they are/were, the link here is my best guess. There’s nothing I liked, instead here are the issues I found:

– Too short.
– Too boxy.
– An amorphous blob holds its shape better.
– Discolored after only a few months.
– Lots more.

These shirts suck a lot.

Overall: I’d rather use Windows… 3.1.1

##### Tall

OK, so my main complaint with most of these shirts is that they are far too short for me. It never once occurred to me that Tall sizes were made in undershirts, but (no shit) they are. Man I feel dumb. I have ordered a [couple][5] of [tall][6] versions and will report back after I have had a few months to test them.

### Final Thoughts

If you can buy standard clothes off the rack, your best bet (that I have tried) is the Jockey’s that I mentioned above. For reference, here is an awe inspiring shot of the shirts so you can see color change in a side by side comparison.

[1]: http://ribbedtee.com/store/product/classic-fit-white-v-neck-undershirt/
[2]: http://www.underarmour.com/shop/us/en/mens-the-original-ua-fitted-vneck-undershirt/pid1230361-100
[3]: http://www.amazon.com/exec/obidos/ASIN/B002ZMOZAC/ref=nosim&tag=brooksreview-20
[4]: http://www.amazon.com/exec/obidos/ASIN/B00ACIFB90/ref=nosim&tag=brooksreview-20
[5]: http://www.amazon.com/exec/obidos/ASIN/B007IRM1NM/ref=nosim&tag=brooksreview-20
[6]: http://www.amazon.com/exec/obidos/ASIN/B00CEH0MSM/ref=nosim&tag=brooksreview-20