Pixel Envy

Written by Nick Heer.

Archive for February, 2014

Explaining Apple’s SSL/TLS Bugfix

Adam Langley explains yesterday’s rather critical iOS 7.0.6 update:

Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.

Great explanation of a very worrying — and surprisingly subtle — bug. Since OS X and iOS share development these days, this bug also affects OS X 10.9; expect to see a patch for that soon.

Stephen Bax and the Voynich Manuscript

You may have seen reports that the famously unsolved Voynich Manuscript may be on the verge of being cracked. Nick Pelling, who writes the excellent Cipher Mysteries blog, vehemently disagrees:

For me, this isn’t even a matter for Ockham’s blessed Razor: to be even remotely workable, a hypothesis needs to have a single example of evidence that chimes with it in a way that can actually be seen to work. And on the above showing of evidence, what he has presented so far is not yet a workable hypothesis in any obvious way, sorry.

Burstly Reportedly Acquired By Apple

Ryan Lawler, reporting for TechCrunch:

Burstly, the makers of an in-app ad management platform called SkyRocket and the parent company of popular mobile app testing platform TestFlight, has been acquired, we’re hearing. Though we’re working to get more information on this now, including deal terms, our understanding is that Apple is the acquirer here.

TestFlight made a dead simple way of distributing apps to beta testers and teams. With any luck, this means Apple will develop a far better default solution.

Hypercard: Way Too Early

Fred Wilson:

I think Apple was on to something important from a UI and usability perspective thirty years ago when they started building Hypercard. It is now coming to life again on mobile and I think this will be the most interesting battle ground on mobile in the years to come.

I don’t know about card interfaces being “the most interesting battleground on mobile”, but Wilson is indeed right about Hypercard being far too ahead of its time. History is littered with examples of great ideas which came too soon; consider, for example, the Newton and Microsoft’s early attempts at tablets. The former was fatally hampered by a lack of a ubiquitous connection to the internet, while the latter lacked — among other things — compact, powerful, and cool-running silicon. That’s not to imply that adding a cell network to a Newton would make an iPhone, but these products, like Hypercard, were the culmination of innovative ideas and brilliant engineering, but which lacked elements critical to overwhelming success.

Having said that, Hypercard enjoyed an illustrious history in niche and unexpected markets. It wasn’t a failure by any means, but nor was it a mainstream success. It never achieved the level of adoption it deserved, however.

Don’t Knock Tax

Mariana Mazzucato, for Wired UK:

Even Henry Ford was told, by JP Morgan, that cars would only be “at the best a rich man’s toy”. Indeed, traditional cost-benefit analysis will stop innovation from the start: the probability of failure is just too high. But whereas Steve Jobs spoke in his 2005 Stanford commencement speech of the need for visionary innovators to stay “hungry and foolish”, few have admitted how much visionary foolishness has been riding on state-funded investments.

You didn’t build that.” Both sentiments are right, by the way.

Shawn Blanc’s 2014 Membership Drive

Shawn Blanc has been writing independently for three years now, and he’s able to do it because of a combination of sponsorship and paying members. This year, his membership drive is extra awesome:

This year I’m giving away something different. Over the last several months I have personally collected a stash of awesome items, and put them together to make seven unique gift boxes, each with its own theme.

I just signed up. If Blanc’s site is on your daily reading list (it’s on mine) and is worth $48 a year to you, you should consider signing up, too.

(Partially) Recovering From a Bizarre iTunes Error Turned Catastrophic

In order of priority of intent, this is a post for me to reflect, for this error to show up in Google, and then — somewhere in the distance — for you, dear reader. As selfish as that may be, parts of this may interest you.

Last night as I popped my iPhone into its dock to sync, iTunes returned an “unknown error”, with code 1723. These code-based errors are unhelpful as-is, but the explanation and fix is usually a Google search away. For this one, though, there’s almost nothing documented. According to this list, error 1723 signifies “errAEAccessorNotFound: Accessor proc matching wantClass and containerType or wildcards not found”, whatever that means.

It’s a particularly bad error to be undocumented, too: it results in a fatal error during syncing. While a backup will be created, no further synchronization will occur. And, so, I dedicated some time to fixing this problem — quite a lot of time, as it turns out.

I started with the usual, simple stuff: restarting both OS X and my iPhone, reinstalling iTunes, reinstalling iOS (using the upgrade method, not restore), changing USB cables as this guy suggests, and so forth. All of these methods failed. I checked the standard OS X Console and saw no errors. While Xcode, on the other hand, displayed a far more verbose console, I saw no obvious errors. However, in the interest of this problem being fixed, I captured a few of these logs and submitted them to Apple.1

It was time to pull out the big guns and restore the iPhone. Unfortunately, a restore to a backup restored the mysterious error, so a clean restore was necessary, and that’s when everything went wrong for one simple reason: I encrypt my iPhone backups.

Encrypting your backups is generally considered a smart move. Not only is it more secure than a standard backup, it also includes all of your WiFi passwords. And, in an ideal world, the fact that all of the data is locked down isn’t ever a problem. Except when it is.

The good news is that a clean restore did fix this perplexing error. The bad news is that any document which existed only on the iPhone — that is, any document which didn’t sync to a cloud service — was now locked in an encrypted state. Despite my Google prowess and the legal grey-area predilections of various Cyrillic-filled websites, I couldn’t find a tool which would reliably extract an encrypted iOS backup or, if the tool did exist, it was Windows-only.

But that’s until I stumbled across Andrew Neitsch’s fantastic post on Stack Overflow. It’s a step-by-step guide to using a super easy Python script to extract an encrypted backup. And it worked.

So, keeping in mind that this is more for me and those who will find this via Google, here’s what I learned:

  1. Encryption isn’t a bad thing, but be well aware of what can happen if something does go horribly wrong.
  2. Keep multiple backups of your backups. Before attempting a restore, back up your iOS device, and copy that backup folder (located in ~/Library/Application Support/MobileSync/Backups/long-UDID-string) to a thumb drive or something. Because iTunes uses the UDID for the “name” of the backup, this folder will be overwritten when that device reboots and backs up for the first time, so you may potentially lose a lot of data.
  3. iTunes syncing and iTunes errors are still a real shitter in the Apple user experience landscape.
  4. Even if you can recover your messages, voicemails, call log, and so forth, restoring these files to the iPhone is nearly impossible.
  5. While some people advocate deleting local copies of apps to save space, keeping them around significantly sped up the restore process. I would have spent far more time with this restore had I been required to re-download each app.

One final twist: Vesper and VSCOCam, for example, both keep local non-cloud-synced document databases. After restoring my phone and reinstalling these apps — remember: not from a backup — all of these documents were restored. I’m not sure whether this is something new in iTunes or iOS, but it was a very welcome surprise after an evening of frustration.


  1. Radar number 16106365 if you’re interested, Cupertino-area readers. ↩︎

WhatsApp: The Inside Story

A fascinating in-depth look at the founders and the genesis of WhatsApp from Wired’s David Rowan. This bit, in particular:

So have governments demanded that WhatsApp gives them access to its servers?

“There really is no key to give,” Koum says. The US National Security Agency, he insists, has no access to users’ messages. “People need to differentiate us from companies like Yahoo! and Facebook that collect your data and have it sitting on their servers. We want to know as little about our users as possible. We don’t know your name, your gender… We designed our system to be as anonymous as possible. We’re not advertisement-driven so we don’t need personal databases.”

In hindsight, this will either look like a mantra or definitive credo, or it will look foolish.

WhatsApp’s Opinion on Advertising

With today’s acquisition news, now seems as good a time as any to look back at founder Jan Koum’s views on advertising, circa June 2012:

At WhatsApp, our engineers spend all their time fixing bugs, adding new features and ironing out all the little intricacies in our task of bringing rich, affordable, reliable messaging to every phone in the world. That’s our product and that’s our passion. Your data isn’t even in the picture. We are simply not interested in any of it.

I’ll be surprised if that doesn’t change.

Apple Manager Mystique

Peter Burrows and Ian King, Bloomberg:

Apple Inc. is known for producing great products, like the iPod. Now Google Inc. with its acquisition of Nest Labs Inc. and its Apple alumni founder Tony Fadell, is hoping it produces great leaders who can replicate that success as well.

It’s a gamble that has proved disappointing for companies from Palm Inc. to J.C. Penney Co.

Burrows and King are, of course, referring to the hiring of Jon Rubinstein and Ron Johnson, respectively.

The premise of this article seems to be that hiring former Apple executives to run a division or a company isn’t the hole-in-one quick fix that it may seem, but Burrows and King don’t provide enough context as to why this is. Later in the article, they admit that there are former Apple employees who go on to great success:

Bertrand Serlet, who was Apple’s senior vice president of Mac software, co-founded a cloud-computing company called UpThere. Mike Matas, who worked as part of the original iPhone software design team, left to found Push Pop Press, which was acquired by Facebook Inc. Evan Doll, another member of that group, co-founded news-reading application company Flipboard in 2010.

There’s a key difference between the first group and this second one: Rubenstein and Johnson were brought on to try to fix companies that were already doing poorly.1 Fadell, on the other hand, belongs in the latter group of Apple employees who founded companies. None of the people in this category had the burden of trying to right a sinking ship, so they could get on with the job of making great products.


  1. The Rubenstein-led Palm produced the Pre, which was one hell of a great phone. Unfortunately, it wasn’t financially successful, but the UI ideas in WebOS continue to have an effect on mobile interface design. It was the Sunny Day Real Estate of operating systems. ↩︎

Samsung’s Updated Smartwatch Rumoured to Shun Android

Alistair Barr, USA Today:

The new version of Samsung’s Gear smartwatch will run on Tizen, not Google’s Android operating system, the latest attempt by the South Korean electronics giant to develop more of its own software and services, according to three people familiar with the situation.

Samsung will unveil the updated Gear watch, and a new HTML5 version of the Tizen operating system, at an event at the Mobile World Congress later this month in Barcelona, the people said.

While I’m intrigued by its forthcoming introduction, the Galaxy S5 rumours aren’t that interesting to me yet. But this? This is very interesting.

The Galaxy Gear probably hasn’t sold that well. I wouldn’t be surprised if it’s one of the top five best selling smartwatches or something, but I can’t even name five smartwatches; as a whole, the category isn’t really that hot yet. But this looks like Samsung is taking a cautionary shot at Google’s onerous and controlling OEM licensing agreement. It’s not a full-bore attack — there aren’t any rumours that the Galaxy S5 will be using Tizen — but it is a warning that Samsung isn’t loyal to Google. They’ll take their business elsewhere if they need to.

An Unexpected Botnet

David Smith implemented iOS 7’s background fetching in his Check the Weather app, with surprising results:

When enabled within your applications you are essentially building a massively distributed botnet. Each copy of your application will be periodically awoken and sent on a mission to seek and assimilate internet content with only the OS safeguards holding it back. As your app grows in popularity this can lead to some rather significant increases in activity.

Based on the data Smith shares, “rather significant” is a “rather significant” understatement. The world of background data fetching is a potentially expensive one.

Clearing Things Up

Dan Counsell of Realmac Software:

Our existing customers were understandably upset that we were no longer updating the old version of Clear, and that we wanted to charge them for an update. So after much deliberation we changed our plan: we updated the old version of Clear for iOS 7 and put it back on the store. Our sole aim was, and remains, wanting to do the right thing for users.

This comes after a previously confusing resolution to Realmac’s pricing of the iOS 7 version of their app versus the previous versions. I’m still surprised that there was a backlash against the iOS 7 update: the company worked hard to produce the app, and there are far more expensive todo apps which have dedicated iPhone-only versions (Things and OmniFocus, I’m looking at you). The two separate responses over the past several months has created an even greater mess.

Comcast and Us

Jean-Louis Gassée:

The wish list is long: TV à la carte instead of today’s stupid bundles, real cable competition vs. de facto local monopolies, metered Internet access in exchange for neutrality and lower prices for lighter usage, decent set-top boxes, 21st century cable modems, and, of course, lower prices.

These are all valid desires, but if there were just one thing that we could change about the carrier business, what would it be? What would really make a big, meaningful difference to our daily use of TV and the Internet?

In short, a landmark legal decision. One can hope.

Reporting From the Web’s Underbelly

Nicole Perlroth, New York Times:

In the last year, Eastern European cybercriminals have stolen Brian Krebs’s identity a half dozen times, brought down his website, included his name and some unpleasant epithets in their malware code, sent fecal matter and heroin to his doorstep, and called a SWAT team to his home just as his mother was arriving for dinner.

“I can’t imagine what my neighbors think of me,” he said dryly.

Along with Bruce Schneier and possibly Quinn Norton, Krebs is probably the best information security reporter around. While this profile isn’t outstandingly thorough — it’s in a general-audience newspaper, after all — it’s an interesting look at this underworld from Krebs’ perspective.

Office for iPad: It’s Alive

Mary Jo Foley, of ZDNet:

Office for iPad — which I’ve recently heard is codenamed “Miramar” — isn’t dead. In fact, it’s likely to make it to market ahead of Microsoft’s touch-first version of Office (codenamed “Gemini”) according to a couple of my sources.

Given iOS’ significant lead in enterprise, it’s about time Microsoft got a foothold in the office of the future. Then again, iOS and Android have both dominated that space without Office. I’d love to see the figures for Surfaces in enterprise for comparison, but it doesn’t appear that users are begging for PowerPoint.