Archive for December 3, 2018

Monday, December 3, 2018 [Tweets] [Favorites]

On Switching From an iPad Pro and a MacBook to a Pixelbook

Fraser Speirs (tweet):

When Google Drive launched in 2012, we started making more use of it and Google Docs. In the six years since, we have really gone all-in on these apps. I was never a huge fan of web-based software but we started with one particular project where we cut so much time and effort out of the process that I couldn’t help but get interested.

[…]

Fast forward to 2018 and virtually all of the work I do at school is now in Google Docs. I don’t think I’ve created anything new outside Google Docs for a couple of years now.

[…]

My school runs on GSuite but we usually access it through iPads. What I have found, though, is that the GSuite iOS apps are not very good. They lack important (and sometimes basic) functionality found in the web version of GSuite and they take a long time to adopt iOS platform features.

[…]

The point, though, is that GSuite is so powerful and so much at the heart of everything I do at school that if you asked me to decide between giving up GSuite and giving up iPad, I’m afraid iPad has to go. It is for this reason that I have been vocally advocating that Apple make iOS Safari as close to a “desktop class” browser as it can be.

Zac Cichy:

Why does Apple get called out for how poorly G Suite works on iOS, and not Google for making sub-par iOS apps?

Foad Afshari:

It is oftentimes said to be Apple’s problem versus the users’ problem. What if I like to use iOS and G Suite? Why do I as a user have to suffer for it?

Keith Edwards:

Why does everyone accept that you can’t set default apps on iOS? Why am I given a worse experience for a premium product because I choose to use apps outside of apples services ecosystem and how it is legal to not provide an option to switch?

Interview With Ron Johnson

Without Fail (via Matt Henderson):

Twenty years ago, Steve Jobs had an idea: he wanted to build an Apple store. Something sleek and iconic and unlike anything else in retail. But he had no idea how to do it. So he called someone who might: retail genius Ron Johnson. Ron tells Alex the story of what it was like to work with Steve and help transform Apple into a household name. And Ron talks about life after Apple—which included a huge and humbling failure.

Ron Johnson is now CEO and Founder of Enjoy.

Great interview, but far too short.

Update (2018-12-06): Nick Heer:

One thing I thought about while listening to it is just how successful these stores are. To date, Apple has closed only two without a logical replacement. They are often packed with people, and Apple still has one of the best buying and support experiences in the consumer technology space. I still believe that there are elements of the store that have suffered, but they’re still leaps and bounds better than what you get anywhere else.

Why Excel for iOS Doesn’t Support VB Macros

TJ Luoma:

Finally watched that “I tried to edit a movie on the iPad Pro” and this video editing professional is amazing and amazed at what it can do.

Commenter: “Yeah but Excel on iOS can’t do macros…”

And I’m like “WELL, THEN COMPLAIN TO MICROSOFT.”

I think the hardware can handle it.

Erik Schwiebert:

VB macros on iOS are forbidden by Apple. Review guideline 2.5.2 says in part that apps may not “download, install, or execute code which introduces or changes features or functionality of the app”.

I thought maybe Google Sheets would get around this by running the macros on the server, but apparently not.

Previously: iPad Pro 2018, How to Game the App Store, Hasta La Vista, Visual Basic.

Root Certificates From Sennheiser Headphone Software

Hans-Joachim Knobloch and André Domnick (PDF)

We found that – caused by a critical implementation flaw – the secret signing key of one of the clandestine planted root certificates can be easily obtained by an attacker. This allows him or her to sign and issue technically trustworthy certificates. Users affected by this implementation bug can become victim of such a certificate forgery, allowing an attacker to send e.g. trustworthy signed software or acting as an authority authorised by Sennheiser.

[…]

According to Sennheiser, the browser must be able to access this local web socket through a trusted HTTPS connection in order to bypass cross origin resource sharing (CORS) restrictions implemented by relevant browsers. Hence, the HeadSetup SDK needs a locally trusted TLS server certificate issued to the localhost IP address (127.0.0.1) and the associated private key.

[…]

Despite its designation as CA certificate, the HeadSetup software employs it as the TLS server certificate for the local secure web socket. In order to turn it into a trusted credential, the HeadSetup installer pushes the certificate into the local machine trusted root certificate store of the Windows system on which it is installed.

Note that the HeadSetup installer must run with local administrator privileges. Once the installing user confirms the installation of the software there is no further system prompt warning about the addition of the certificate to the trusted root store and displaying the certificate’s fingerprint, like there would be if this root certificate were added manually.

Via Andrew Ayer:

Like Superfish, anyone can use this key, which is the same on all installations, to forge certificates and impersonate websites.