Archive for August 19, 2016

Friday, August 19, 2016

YouTube’s Road to HTTPS

YouTube (via Hacker News):

Today we added YouTube to Google’s HTTPS transparency report. We’re proud to announce that in the last two years, we steadily rolled out encryption using HTTPS to 97 percent of YouTube’s traffic.


We found that HTTPS improved quality of experience on most clients: by ensuring content integrity, we virtually eliminated many types of streaming errors.


97 percent is pretty good, but why isn’t YouTube at 100 percent? In short, some devices do not fully support modern HTTPS. Over time, to keep YouTube users as safe as possible, we will gradually phase out insecure connections.

How to Tell If Your App Is Handling Colors Correctly

Gus Mueller:

Here’s how to check if your image editor of choice does the right thing when making and saving images. Create a new document, set the color profile to sRGB, fill it with 100% red, and see what Digital Color Meter tells you. If it says the RGB values are 234,51,35 (or thereabouts) then you’re in good shape. If it says 255,0,0 then you’re going to eventually be in a world of hurt, because it’s not correctly handling color profiles.

Siri Command Reference

Juli Clover:

Users looking to get the most out of Siri may want to check out, a new website that launched in July. features a comprehensive list of many of the different Siri commands that are available, giving iOS and Mac users a quick way to discover all of the different things Siri can do.

OmniFocus Now Supports End-to-End Encryption

Derek Reiff:

But, with our latest updates today (OmniFocus 2.6 for Mac and OmniFocus 2.15 for iOS), your data will be completely encrypted before it leaves your device so that it’s encrypted on the server itself. We’re using your sync password to generate a key that encrypts everything as it leaves your device. All encryption and decryption happens locally, so your data is always encrypted end-to-end and our server never has access to your encryption key.


To make this level of encryption work—and for other features down the road—we needed to make some adjustments to our database format.

The releases of OmniFocus out today will periodically check to see if all of your devices are using the latest version. Once they are, you’ll be prompted to migrate to the new database format.

The migration went very smoothly. In fact, they made it so easy that there’s little indication that encryption is being used. The local files remain unencrypted, and you’re not asked to enter a new password. Here are the release notes and the open-source OmniFileStore.

The guiding principle of today’s updates is that the only things which should ever have access to your OmniFocus tasks are devices you own and control: your phone, your Mac, your tablet.

There are a few other things worth remembering: no one at Omni will have the ability to look at or restore your data.

Presumably you are not protected from nefarious modifications to the server, though, as the password for syncing and logging into their site is the same one that secures the encryption key.

Previously: Proposed Client-side Encryption in OmniFocus.

Update (2016-08-19): Ken Case:

Our next update will let people set a separate encryption password from their sync password.