Maccast 2015.06.24 - Show #530
V Opening
V Opening Music
* Music is Say Anything by Manda and the Marbles
V Sponsor: Smile
V PDFpen Pro 7
* PDFpenPro is the advanced version of PDFpen, the ultimate all-purpose PDF editor from Smile.
V It does everything that PDFpen does:
* Add signatures
* Edit text and images
* Perform OCR on scanned documents
* Export in Microsoft Word format.
V Only PDFpenPro can:
* Create an interactive PDF form
* Build a table of contents
* Set document permissions
* Convert websites to multi-page PDFs.
* The new PDFpenPro 7 adds easy editing of OCR text from scanned documents as well as export in Microsoft Excel, Microsoft PowerPoint, and PDF archive formats.
* r 7 can sync your PDFs with PDFpen for iPad & iPhone via iCloud Drive
* PDFpenPro 7 requires Yosemite.
* Visit to download the free demo of PDFpenPro 7 today.
V News
V Apple Music will pay artists during free trial period
* And many artists likely have Taylor Swift, and other big name artists who spoke out, to thank for it.
V Swift wrote and open "love letter" to Apple Music on her blog
* And in hours Eddie Cue responded on Twitter: "#AppleMusic will pay artist for streaming, even during customer’s free trial period"
V Apple won’t have ad support during the free trail so all those payouts will be "out of pocket" now.
* And they will not be as much as artists will get from "paid" subscriber streams
V Apple was asked what the payout rate to rights holders would be during the trial period and Apple declined to comment.
* According to the The New York Times who is citing music executive sources, the payout rate will be 0.2 cents for each song streamed, which is reportedly comparable to rates paid by other service who offer a free tier streaming option.
* A smaller amount will also be paid for songwriting rights, but that is supposedly still in negotiation.
* Typically the "trial period" payout rate is about half the standard rate, so most are guessing Apple will pay 35.75 percent
V Thing is ALL artists know that streaming revenues suck compared to those of album sales
* Apple fought streaming for years, but didn’t win.
* Spotify claimed in 2014 that Swift’s label received 2 million in steaming payout globally. The label claimed they got just under $500,000 domestically.
V Rights holders (labels, mostly unless you’re a self published artists/band) get approx $0.006 to $0.0084 per stream)
* Free tier is ad supported and represents 75% of Spotify’s membership
* Payments are based on total revenue generated by Spotify/an artists streams and then 70% goes to the music rights holders.
* Swifts 1989 album grossed approx. 12 million in gross sales in it’s first week.
V None of this takes into account the possible benefits of streaming’s "discovery" potential leading to sales.
* But even if I discover new music I like, if I can stream as much as I want and not buy it, why would I?
V Another point not being clearly made is that the ~70 percent payout goes to "rights" holders and not directly to artists in most cases, so articles that say artist get "70%" are not technically correct.
* Apple does not control that side of the deal, that is negotiated in the artists contact with the labels and outside Apple’s control.
V The cat’s out of the bag and it’s not going back in
* Artists hated iTunes with it’s pay per track model, remember
* Times change you have to adapt to your market.
V Had a Twitter exchange with someone before Apple changed course who said, "when are we getting an all you can eat £9.99 subscription to the app store?"
* It was an argument that streaming deals are a bad thing, but I thought in many ways it proved the opposite
* Software sales did change drastically when the "App Stores" became a thing.
* Just like Moving from Album sales to per track sales, dev had to move from selling software at "boxed copy" pricing to a lower price point, it sucked, but they are adapting.
* And if you consider Microsoft and Adobe’s new models, how far off are we from an "App Store" subscribe and consume model for software?
V There’s a still LOT of money to be made
* In a Billboard piece, Tracy Maddux is the CEO of CD Baby, laid out some calculations
V There are 500 million iPhones and 300 million iPods already in service
* this is a bit off as it’s the number of devices Apple has sold as of June, 2014
* Doesn’t account for out of service devices or iPads
V If just 5% of potential customers stay on for an iTunes Music subscription at $9.99/mo that will generate 4.8 Billion in gross revenue.
* Spotify’s 2014 gross revenue was estimated at 1.2 Billion
* So even if Tracy’s numbers are off by half Apple Music could generate double the revenue of Spotify
* Apple will still pay it’s partners a slightly higher then industry average rate. (71.5% in US and about 73% outside the US).
* Bonus is exposure and possible the tools Apple will provide for connecting with fans, possibly providing a marketing opportunity to boost better live show and merch revenue.
V Reversing course already is paying off
* Apple Music has signed two major indie music rights holders Beggars Group and Merlin Network, which represent over 20,000 indie labels and distributors, reports Billboard.
* Apple Music has also been endorsed by independent music advocate group Worldwide Independent Network (WIN)
V Apple Vans confirmed for Maps
* Remember all those funky Apple vans being spotted in places like Atlanta, Chicago, Dallas, Los Angeles, Phoenix, San Francisco and many other areas?
* Apple has finally admitted they are for gathering mapping data.
* And the vans are collecting images, among other data.
* Apple does flat out say they will bring "street view" to Apple Maps, but do say, "we will blur faces and license plates on collected images prior to publication".
* Apple has a support article that even details which cities the vans will be in and when
* Images of vans with Apple branding on the sides have now also begun to surface online.
* It’s believed that Apple is working to bring more and more of their making data in house to reduce relying on third parties.
* Over the past few years Apple have acquired numerous companies and technologies focused on cartography.
* There’s also speculation that Apple is taking photos of businesses, storefronts and other points of interest, to possibly replace the data from Yelp and other third parties.
V We’ve also seen a hint of Apple’s indoor mapping efforts.
* At WWDC the talked about making transit stations underground so they can direct you to the best entrance and better estimate the time of arrival when providing walking directions.
V Apple Watch APIs good. Devs want more.
V I personally can’t wait for native 3rd party apps.
* The current apps stink.
* Get the 'FOD' (flower of death) constantly.
V Dev get access to:
* Speaker, mic, digital crown, heart rate sensor, taptic engine
* No direct Bluetooth access, that still needs to proxy via the Phone.
V The kind of access though is limited
* Digital crown can be used for scrolling/zooming, etc. but not for custom controls in the app. Something that might be great for games.
* No buttons in Glances
V Some are still hoping for a device that could do more autonomously, but that would need new hardware and battery could be an issue.
* Really to work like an iPhone it would need Cellular, Wi-Fi, and GPS capability.
* Also, for fitness application a wider range of sensors.
V Still there are some great things coming with Watch OS 2 bringing some autonomy and lots of features
* Connect to known Wi-Fi networks independently
* 3rd party complications and "push" complications (think sports scores that live update)
* Time Travel, not sure how useful. Seeing upcoming weather or calendar events in places is good.
* Night Stand mode, new watch faces.
V Rumors of a FaceTime/selfie camera in next Apple Watch
* Also a new wi-fi chip that would enable some tracking using wi-fi hotspot triangulation.
* They are targeting similar battery life
* More models, mostly in the range between the stainless steel watch at $1,099 and the $10,000 gold Edition.
* At the moment sources say Apple is looking to launch a v2 Apple Watch sometime in 2016.
V XARA, do we need to worry?
* Indiana University released details of four security vulnerabilities they discovered in Mac OS X and iOS. They are labeling the attacks, "cross-app resource attacks" (XARA).
* As always iMore has done the BEST job of laying everything out. So go there to learn everything, but I’ll summarize.
* All these attacks basically rely on a piece of malicious software being installed on your Mac or iOS device and then presenting itself as another app to the system. In doing so it tricks the system and and then potentially intercept secure information (man-in-the-middle)
* On OS X, XARA targets the Keychain database where credentials are stored and exchanged; WebSockets, a communication channel between apps and associated services; and Bundle IDs, which uniquely identify sandboxed apps, and can be used to target data containers.
* On iOS, XARA targets URL schemes, which are used to move people and data between apps.
* Exposure in iOS seems more limited because it doesn’t implement all same potential attack points as OS X.
V The trouble is that the researchers were able to get apps with the exploits into both that Mac and iOS app stores.
* They aren’t there now, as far as I know, so not likely you’ll download them by mistake.
V Breaking down the four attacks in layman terms
* I will be totally oversimplifying thing here, so read the iMore article if you want all the gory details
V Malicious OS X Keychain entries
* Apps only have access to read and write their Keychain entries.
* Issue is a flaw in OS X’s ACLs (access control lists), A malicious app can delete a keychain entry, insert itself as the entry for another app, then start collecting new entries.
* The legit app and malicious app from that point forward are both registered to and sharing the same keychain item.
V WebSockets
* Used for communication between your browser and other apps in OS X
* This is what 1Password’s browser extension uses to communicate with the 1Password Mini helper app (a security measure so a Web extension isn’t having direct access to your App data)
* The issue in this attack is that any app can connect to an arbitrary WebSocket port, assuming that port is available. So if the if the malicious app can connect to the port that 1Password Mini uses before it does, bingo.
* The key here is that you’d have to install and have running the malicious software before running the App that has legitimate claim to that WebSocket port.
* The malicious App would also have to know which port the app it’s targeting plane to use.
* If you use 1Password a good protection (but not complete) is to make sure you check “Always Keep 1Password Mini Running” in Preferences > General and keep using the 1Password browser extension (it has security check in place that could warn you if it suspects somethings wrong).
V Bundle IDs, sandboxes
* Sandboxing limits an app’s access to it’s own data. In OS X this is done via the apps unique Bundle ID which is used to create and control access to the apps data directory.
* The flaw that enable the exploit here is not the App’s bundle ID, but the IDs of helper apps that might be in the Application package. These can again be spoofed.
* The trouble is that if the OS sees a container directory already exist when trying to register a helper bundle it assumes it was already set up and just registered itself to the container.
* So running a malicious app that contains a helper bundle targeting a specific apps bundle ID can gain access to the target apps storage container and anything in it.
* Evernote was an example target in this type of attack.
V URL scheme hijacking
* This is the only XARA exploit that impacts iOS
* It involves registering custom URL schemes that when seen by the OS tell the app to respond. ' yelp://' or ' fb://'
V Trouble is you can also have multiple apps register for the same URL scheme
* On iOS, the last application that registers the URL is the one that gets called; on OS X, the first application to register for the URL is the one that gets called.
* So you see the problem. If I install a malicious app on iOS and it registers the ' yelp://' scheme. It will be the app that’s called first, not Yelp.
* Sensitive data should never be passed through URL schemes, but unfortunately many apps do just that.
* Sign-on is a big one. They will often pass oauth (sign-on) or other sensitive tokens.
* If the malicious app responds first it can capture these tokens and those can be used to log into your accounts.
* Worse the malicious app could then pass along the request to the site and the call back response to the initiating app, so you think nothing is wrong. You login just worked.
V Apple has been working with the researchers for the past six month and have made attempts to patch the holes, but couldn’t finish in time
* Hopefully now that it’s public more folks in the security community can look at it an offer help to Apple.
* Apple has already implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store.
* They are also still working to fix and address the other issues outlined by the researchers.
* Your best protection for now is really the same as it always should be: don't download software from developers you don't know and trust.
V Apple Watch sales and margins
V Reporting on the latest data from Slice Intelligence Reuters says they have calculated that Apple has likely sold 2.79 million Apple Watches since April.
* How Slice is determining this figure has been called into question by Gruber and others, but it’s still clear Apple is set to have a large slice of the Smartwatch market.
* They also determined that about 17 percent of customers also purchased a band or additional bands to go with their Watch.
V IHS estimates the 38mm fluoroelastomer band costs Apple just $2.05 to make.
* Tim Cook has said publicly that the cost estimates you hear about are wildly inaccurate.
* Leave out design, development, manufacturing, tool, spinning up production, machining, labor, packaging, shipping, marketing, etc.
* Still with a retail price of $50 USD there’s a healthy profit margin in there, but that’s how the market works.
V The good news is that it’s all good for Apple’s bottom line.
* In all of 2014 companies shipped a total of 6.8 million smartwatches according to numbers from Smartwatch group
* That’s 1.2 million for Samsung, 700,000 for Pebble, 600,000 for FitBit (Charge), and 500,000 for Lenovo/Motorola
* The average sales price was $189 USD. Apple’s lowest price watch is $349 USD, almost double that.
V Still Apple Watch sales will be a small part of Apple’s figures next time they have a results call
* They won’t even break out watch figures, they fall in a "other" category with Apple TV, headphones, accessories, and iPods.
V Reason likely is that even though Apple will probably be selling the most successful Smartwatch on the market it’s numbers will only be a tiny part of their sales when compared to a juggernaut like the iPhone or iPads
* Morgan Stanley is predicting June quarter iPhone sales of around 53 million units.
V 27-inch iMac hard drive replacement program
* If you own a 27-inch iMacs with 3-terabyte hard drives sold between December 2012 and September 2013, you might be eligible for a replacement hard drive.
* Apple has determined that a very small number of 3TB hard drives used in 27-inch iMac systems, may fail under certain conditions
V They set up a page on their support site where you can check your serial number to see if your machine is eligible.
* You’ll need your serial number which can be found under The Apple Menu and by choosing 'About this Mac'
V If your machine is impacted then:
* Back up your drive with Time Machine, cloning software, or other backup software.
* Set up a Genius Bar appointment, call and Apple Authorized repair center, or contact Apple Care to arrange service.
* If you already had your drive replaced you are eligible for a refund so contact Apple.
* The hard drive replacement program expires December 19, 2015 or three years after the date of sale
V Feedback, commentary, opinions
V Better passwords with
* A few shows back I talked a bit about generating secure passwords
* I also got feedback about a great site which also happened to belong to my friend Bart, so rather than me tell you about it and why I figured we’d talk to Bart.
* Play conversation with Bart.
V What I’m excited about from WWDC
* We didn’t get a chance to talk about WWDC and I’m sure you’re fully aware of most of the announcements and new features by now.
* Here’s what I’m most excited about
V Performance and stability a key focus
* Let the snow fall
V Proactive Siri
* This was something I had discussed in the run up to the release of iOS 8
V A Siri that is smarter about me, where I am, what I do, and when I do it.
* What apple collectively calls "Intelligence"
V know what I’m looking at and act on it
* Just hope, "Directions to my next appointment" will work in iOS 9
* She already will supposedly warn me if there are traffic delays and I have not left yet.
V Privacy was said to be an issue, but Apple is doing EXACTLY what I pointed out they could do. They can use the info that’s local to the phone, they don’t have to go to the cloud.
* A great example is when I get an incoming call Siri has an index of phone numbers from emails and can use that data to try an suggest who might be calling even if they aren’t in my contacts.
* My email was searched locally, but never sent up to Apple servers for processing.
* Give Siri and accent! Your language and Siri's voice will be split into two distinct preferences in iOS 9
V More data in Spotlight search
* Developers will be able to expose content from their apps to the "iOS 9 Search index".
* "Deep link" to data inside an App from Spotlight without lunching the app
V Slide Over, Split View, and Keyboard enhancements
* Finally the iPad is coming into it’s own.
* Apple has elegant new ways to manage multitasking that still make sense for the tablet.
* The keyboard selecting gestures should help a lot with selections which are totally broken inter current form.
V Apple Pay in the UK
* Finally, maybe? Apple says July with 70 percent of banks supported.
* 250,000 locations including the Underground.
* Currently in the UK there is a £20 limit on contactless payments (the limit is soon to rise to £30 in the fall. Rumors that retailers may have the option to remove or raise this limits for Apple Pay transactions
V Looks like removal of the limit is up to the merchant and seem to require a new kind of terminal that has support the Consumer Device Cardholder Verification Method (CDCVM)
* If enabled and up to date, shift fraud liability from the merchant and credit card companies to the card issuing banks.
* CDCVM is NOT supported over PIN Debit networks (for example, for Durbin).
* In the UK, these terminals would not be widely in place at launch and so it’s looking like Apple Pay will be subject to the current £20 limit on contactless payments at least until the fall and until retailers can roll out new payment terminals.
V News
* I’m tentatively excited about this.
* Apple has tried with Newsstand, RSS in Safari, etc and it’s not been good.
* I think News will be successful if content providers build feeds using the News tools Apple is providing
V More Android support
V Apple Music coming to Android in the Fall
* Though they don’t get the free features
V Apple’s 'Move to iOS' to help switchers
* Transfer contacts, message history, photos and video, Web bookmarks, mail accounts, calendars and even wallpapers.
* DRM’d content, unfortunately, will need to be re-purchased.
* Also will analyze the free apps and rebuild the catalog with the iOS versions, if available.
* For paid apps it will add those to an iOS wishlist
V Natural language Spotlight
* "Show me all my Pismo Beach vacation photos from last year".
* Apple tapping metadata in better and more creative ways.
* Same search in built in apps
V Native Watch apps
* Let’s face it, current watch apps are a stop gap and a poor on at that.
V Honorable mentions
* OS X El Capitan Window management. Side by side view.
* iPad PIP video
* Transit support in Maps.
* Keys show show lowercase when not in shift or caps lock mode
* Control which devices ring and get messages for Continuity.
* Passbook renamed Wallet and gets support for store credit cards and loyalty cards
* Metal in OS X, native UI and animations in Metal (performance and battery)
V What’d they miss?
* Little mention of HomeKit or Apple TV
* So what are you most excited about?
V How will Apple Music work?
V At WWDC Jimmy Iovine outlined the three pillars for Apple Music
* A Revolutionary Music Service
* A 24/7 Global Radio Station
* Connecting Fans with Artists
* It seemed amazing, but we didn’t get a ton of answers about how things would work.
V Will be here in just a few days, June 30th in 100 countries, so what can we expect?
* June 30, you can access Apple Music on your iPhone, iPad, iPod touch, Mac, and PC.
* On Android and Apple TV in the Fall.
* Also pairs with Apple Watch.
V Pricing is $9.99/mo or $14.99/mo for family (up to 6 members) and there is that 3 month free trial.
* Family accounts are independent with your own Music, playlists, etc.
V Free for anyone
* Radio Stations, including the new Beats 1
* Radio will have curated stations and the ability to create your own. Free versions are ad supported and limit to 6 skips per hour. (Paid don’t have those limits or ads)
V Steaming service
V Entire Apple Music catalog, you iTunes purchased music, and ripped CDs in your iTunes Library.
* Apple Music Library is "tens of millions" of songs, but not the entire iTunes Store Library.
V Does seem to supersede iTunes Match, though Apple claims iTunes Match is an independent but complementary service?
* Maybe if you stick with just the Free Apple Music features?
* Apple Music might not allow you to re-download and keep music tracks that are "matched" from your library.
* Build a profile of your music tastes and make recommendations.
* Uses a mix of algorithms and human curation.
V Streams will be at 256kbps, I assume AAC
* Some have commented this is below the 320kbps of some other streaming services, but those use MP3. AAC can achieve a higher quality at a lower bit rate. Most won’t tell the difference and it’s better for bandwidth.
* You can download tracks and playlists ahead of time for offline listening.
V Beats 1 Radio
* And other stations
* Seems like iTunes Radio is now rolled in and combined with Apple Music Radio
* You can listen to Apple’s pre-set stations or create your own based on Artist, Song, Album, Genre, etc.
V Connect
* Follow and connect with your favorite artists
* Any Artist can claim their Apple Music Profile and post content
* Video, audio, text, images, etc.
* Fans can comment on posts and artists can respond.
* Artists can post to Apple Music Connect and have it cross post to Twitter, Facebook, etc.
V Migrating from Beats
* If you’re on an Apple Device you’ll be promoted on the 30th to migrate. Android and Windows Phone subscribers will migrate when the service becomes available on those platforms.
* All of the albums you’ve saved and playlists you’ve created will sync over to Apple Music
* You can also keep your Beats username and move it to Apple Music
V Using External SSD as boot volume
* Play comment from Dan
* My guess is this would work fine just based on the numbers, but going internal will have better performance.
* Looks like external SSDs have random read/write times in the 150-200 Mbps range, but they are also pricey, especially with a TB interface
* $300.00 for a LaCie 256GB. $379.00 for the ElGato 256GB
* You could possibly do USB 3.0, $240GB USB 3.0 SSD from OWC is $149.75, but in real-world testing, the sustained speed of a USB 3.0 external drive tops out at around 110MBps
V Looks like you can get really good internal ~250GB SSDs on Amazon for around $100. An Apple authorized resell can install that for probably around $150-200 including parts and labor.
* You’ll get way better performance, no cable mess, and better resale value on your iMac when you upgrade to a new one.
* If you are brave enough to do it yourself you can get all the tools you need and the how to on iFixit and save even more.
V Enable scroll gestures in the Dock
* iMore found a cool hidden feature in the OS X Yosemite dock, that’s great if you use a Magic Mouse, trackpad or Magic Trackpad
V By entering this command into the Terminal you can make it so that swiping up on a dock icon will display all the windows that are currently open for that app.
* Use one finger to swipe up if you’re using a Magic Mouse, two-fingers if it’s a trackpad
V To enable
* Open Terminal.
* Type defaults write scroll-to-open -bool TRUE; killall Dock, then hit return.
* Close Terminal.
V To disable
* Open Terminal.
* Type defaults write scroll-to-open -bool FALSE; killall Dock, then hit return.
* Close Terminal.
V Routing FaceTime Audio Calls
* Play question from Kenny
* I really only have a work around.
V Possibly use the Accessibility option on the iPhone?
* Settings > General > Accessibility
V Under the 'Interaction' setting you have 'Call Audio Routing'
* "Call audio routing determines where sudo will be heard during a phone call or FaceTime audio"
* Choices are 'Automatic', 'Speaker', or 'Headset'
* This might only work if you have your headset paired with the iPhone instead of the computer, but since the call is actually routed via your iPhone I think it could work OK.
V You can still pick up the call on the Mac and then transfer it to the phone.
* Tap the green bar on the top of the iPhone screen to transfer the call to your iPhone
V Thing of the Moment: Audio-Technica ATH-M40x
* Audio-Technica ATH-M40x Professional Studio Monitor Headphones
* $99.00 on Amazon
* Closed over the ear studio monitoring headphones
* The only ones at this price point I could find that offered a replaceable cord
* Really comfortable and sound great.
V Closing
V Podcast Marketplace
V Thanks to my sponsors
* Smile
V Gazelle
* Gazelle. The fast and simple way to sell your used gadgets! Find out what your used iPhone, iPad and other Apple products are worth at
* helps you learn and keep-up-to-date with your software, pick up brand-new skills, or explore new hobbies with their easy to follow video tutorials.
* Get a free trial by going to
V Supporters
* Bandwidth for the Maccast provided by CacheFly at
* Advertising is handled by Backbeat Media at
V Keep emails coming. Audio comments.
V 281-622-4269 or 281-Mac-I-Am-9
* MacCast Forum
* Follow me on Twitter
* Checkout the page on Facebook