CVE-2016-0777/CVE-2016-0778 affects all OpenSSH clients since 5.4 up to, and including, 7.1. This means that the Apple provided SSH of the following OS X releases is vulnerable:
OS X 10.7 (Lion): OpenSSH_5.6p1, OpenSSL 0.9.8za 5 Jun 2014
OS X 10.8 (Mountain Lion): OpenSSH_5.9p1, OpenSSL 0.9.8zc 15 Oct 2014
OS X 10.9 (Mavericks): OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
OS X 10.10 (Yosemite): OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
OX X 10.11 (El Capitan): OpenSSH_6.9p1, LibreSSL 2.1.7
You can easily check if you’re running an Apple provided, vulnerable version of OpenSSH by issuing the following command in a terminal. This checks the Apple provided OpenSSH binary!
On OS X Yosemite you’ll get an output like this.
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
Beware that you might not be using the Apple provided ssh(1) but a self-compiled one, like from fink, MacPorts or Homebrew for your client connections. This applies to all OS X Versions, even ancient ones on PowerPC.
To check which ssh(1) your shell is using use:
I use the MacPorts provided SSH package which gives me this output:
ssh is /opt/local/bin/ssh
Until an update for a patched package is provided, I get this version string.
OpenSSH_7.1p1, OpenSSL 1.0.2e 3 Dec 2015
There is now an updated package which also includes the +hpn variant which will give you this version string.
OpenSSH_7.1p2, OpenSSL 1.0.2e 3 Dec 2015
Changing all your ssh_config files is still recommended, even if you have an updated OpenSSH package on your system since the Apple provided OpenSSH may not get an update for a long time or even at all.
To make sure your system is fully patched you have to apply the fixes to all ssh_config files used by all your ssh(1) binaries.
Apple OS X 10.7 - 10.10: /etc/ssh_config
Apple OS X 10.11: /etc/ssh/ssh_config
HomeBrew: Not sure if this one is correct!/usr/local/etc/ssh/ssh_config
These are the default locations used by the package managers, your path may differ if you’ve used a different $prefix for installation.
To find out which config file your ssh(1) binary is using, try this command, provided by @teilweise
strings $(which ssh) | grep ssh_config
To fix ssh(1) clients add these two lines to all ssh_config files with your favourite text editor under the general Host * section, or you might miss some hosts.
# Fixing CVE-2016-0777
Yes, one is a comment, but in a year or two you’ll be happy to know why you put that parameter there.
The UseRoaming parameter is undocumented and considered experimental. It’s quite astonishing that it is on by default. We’ll see if there are more of these undocumented parameters lurking in OpenSSH.
If you absolutely cannot change the system wide ssh_config file, since that requires root permissions, you must add this to your ~/.ssh/config under the global Host setting.
# Fixing CVE-2016-0777
If you do not already have a ~/.ssh/config file, just create one and make yourself familiar with man 5 ssh_config. You won’t regret that!
If you have connected to a malicious SSH server with one of the vulnerable versions you probably have lost private key material.
It’s recommended that you regenerate all SSH keys on your clients. This is a good opportunity to move away from older RSA keys to the newer Ed25519 keys, provided your endpoints already support that. (Available since SSH 6.5)
The path of ssh_config changed with OS X 10.11 (El Capitan). Thanks to @chrisridd for pointing me to it.
Update 2 (2016-01-14 20:16):
An updated OpenSSH Package to 7.1p2 is available from MacPorts. You still must apply the fix to the Apple provided SSH.
If you’re using the openssh +hpn variant, you still need to wait for a patch or switch to the vanilla openssh package in the meantime.
This vulnerability allows a downgrade of encrypted SSL and TLS connections to insecure ciphers that can be broken to eavesdrop on your communication. This does not only affect web browsers but all applications on all versions of OS X and iOS.
At this time there is no software update available from Apple that fixes this vulnerability.
Apple has provided security Updates:
* iOS 8.2
* Security Update 2015-02 for
* OS X 10.8.5 Mountain Lion
* OS X 10.9.5 Mavericks
* OS X 10.10.2 Yosemite
All older releases of iOS and OS X will remain vulnerable forever.
You can learn more about the technical details and vulnerable websites as well as test any web browser by visiting https://freakattack.com/
Status of Web Browsers on OS X
Exploitable (Do not use these Browsers)
Safari (all versions available)
Opera Next BETA 26.0.1656.8
All applications that use Apple’s “SecureTransport” for SSL/TLS connections which is pretty much everything you run on OS X including Mail, iTunes, App Store, Calendar, Address Book, etc.
This applies to all versions of iOS and Apps. Testing was done on iOS 8.1.3 with all apps on the current version available in the iOS App Store.
This vulnerability affects all apps on iOS that do not specifically take counter measures!
Built in browsers and web views in any app
1Password integrated Browser
Seems to be OK
Refrain from using exploitable browsers until Apple has released a Security-Update that fixes the vulnerability. Keep all 3rd party browsers updated.
Contact your sysadmins and service providers to make sure other servers like mail, jabber, calendar, contacts, etc. have been patched as well!
If you have any other browsers tested, please contact me so I can add the details. Using Twitter is fine as well!
Check your installed version with openssl version -a. OpenSSL 0.9.8 is not vulnerable. OpenSSL 1.0.2 betas and later branches may not have received a patch yet, be careful if you need to use these versions. (1.1, etc.) On Linux (for example Debian or Ubuntu) be sure to check the distribution for backports! You can get a hint if you’re facing a backport by looking at the build date. Anything newer than 2014-04-07 is a good candidate.
Sample output on OS X with MacPorts OpenSSL 1.0.1g:
If you get an output of TLS server extension "heartbeat" (id=15), len=1 your server is likely affected.
Keep in mind that these test tools aren’t mature yet (obviously) and may report false positives or false negatives.
The use of forward secrecy ciphers seems to mitigate this mostly. Specific TLS sessions still may be affected if the session key has been leaked at that time. All recorded non-forward-secrecy traffic can be decrypted in retrospect.
You can check if any binary on OS X dynamically links against libssl
otool -L file
If you get a line about libssl you then need to check which specific version that OpenSSL library uses with the strings command as shown. If you do not get any libssl info but you know that a binary makes use of TLS/SSL then you need to check for statically linked libraries. Some binaries give you that info by passing --version | -v | -V as the only argument.
If you can recompile that binary update OpenSSL and link against that. If you don’t have the sourcecode to that software contact the vendor. If that is not possible as well, stop using that software now.
Then rebuild all the binaries on your machine that link against OpenSSL. Restart all services that use those binaries. When in doubt do a full restart.
Now the really fun part starts.
Generate new keys for als SSL/TLS secured services. You may want to use this “opportunity” to upgrade your key length. Changing keys is necessary independently of your certificate authority in use. This also applies if you use self-signed certificates as the private keys themselves may be compromised.
Get new certificates for all the new keys and revoke the old certificates.
For secondary vulnerabilities see http://heartbleed.com/ and act accordingly. Yes, this likely means changing a lot of passwords (again), deleting cookies, invalidating OAuth tokens, etc.
MacPorts already has an updated openssl package thanks to maintainer Markus W. Weißmann (mww).
port upgrade openssl
port selfupdate #yes again
Check that your OpenSSL library is the correct one:
Sichere Kommunikation für Unernehmen bedeutet heutzutage Einsatz von starker Verschlüsselung. Das klingt kompliziert und es wird leider sehr viel falsch gemacht dabei. Wie sie die richtigen Technologien einsetzen gab es in meinem Talk zu sehen.
Es gibt die Slides meines Talks als PDF zum Runterladen. (SHA256: ee364b95b649b3fa6f92a6ca785a5ed744205fe5f34c8e6d9fbf90c17ce058f2)
Update 2014-03-13 Video
Die Video Aufzeichnung meines Talks „Sichere Kommunikation im Unternehmen“ ist nun verfügbar. (23'47")
Einzelpersonen können bei einer der vielen CryptoParty Veranstaltungen die korrekte Anwendung von Verschlüsselungstools einfach erlernen. In Wien findet dieses Event jeweils am letzten Montag eines Monats statt.
Der IT-Administration sei die Lektüre des Whitepapers Applied Crypto Hardening empfohlen. Der Guide gibt konkrete Anleitungen zur Umsetzung von sicheren Konfigurationen für viele Serverdienste. Das österreichische Projekt rund um Aaron Kaplan vom CERT vereinfacht mit dem openSource Projekt die Implementation starker Verschlüsselung ganz enorm.
Diese Tests können von jeder Person, also auch von Ihren Kunden und Konkurrenten, vorgenommen werden. Alle Server die aus dem Internet erreichbar sind können getestet werden. Das trifft auf die meisten Server zu. Die Testergebnisse sind sehr leicht verständlich geben aber Fachkräften genug Detailinformation zur Fehlerkorrektur.
Sollten ein Server dort nicht mindestens ein „A“ als Bewertung bekommen besteht Handlungsbedarf. Alle Bewertungen die schlechter als ein „B“ sind deuten auf gravierende Sicherheitslücken in der Verschlüsselung hin.
OWASP Austria hat gute Richtlinien um ihre Webapplikationen auf Sicherheitslücken zu testen. Als Beispiel eine Demonstration von Cross Site Scripting. Falls die Lücke inzwischen behoben wurde gibt es auch einen Screenshot zur Dokumentation.)
Auphonic is an absolutely great web service to post process just about any audio file you want to throw at it. It audiomagically improves recordings of spoken word and is very popular with podcasters for a reason. The service likes to get some support by donations via flattr, bitcoin, money transfer, credit card or even the evil PayPal. Auphonic is free to use and they’ll shut up and take your money if you want to support them.
To import your source files and to export processed audio, Auphonic supports many external services it can interact with.
I like to use SFTP which is using SSH as transport including authentication and encrypted data transfers.
I wanted to use SmartOS as the server plaform. SmartOS is a hypervisor based on the Illumos project forked from OpenSolaris. You might wonder why I’m not doing this on OS X Server as you’d rightfully would expect from me. Chrooting SSH on OS X is quite a pain and SmartOS also uses ZFS which is not a filesystem available on OS X Mavericks at the time of this writing. (I consider MacZFS deprecated, OpenZFS not yet production ready and ZEVO is abandoned as well as incompatible with Mavericks.)
Preparing a zone
To begin, we’ll start with a fresh SmartOS zone. I went with the current base64 image. 10GB of storage looks ok to me and 128MB RAM seems plenty. zlogin to the fresh zone and update the package manager as usual.
We’ll be using a separate user and group for auphonic to access the SFTP server, so let’s create those first.
Of course the new user needs a home directory where the audio files shall be stored.
Then we add the user and also assign it to the group we created a moment ago.
Of course every user needs a good and long passphrase.
Let’s prepare the user’s home directory for SFTP chrooted access, which means we need it to be owned by root or sshd will refuse logins. Of course the auphonic user also needs access to the files which means it would need either be owned by or have group write permissions for auphonic. These requirements conflict each other which we need to solve by adding an ACL.
The preinstalled SunSSH does not support chrooting so we will use OpenSSH for the SFTP server. The OpenSSH package does have support for SMF, so we can comfortably enable, disable and restart the service with svcadm(1M).
pkgin install openssh
Before we can actually start and use OpenSSH we need to configure it and generate SSH host keys. Edit /opt/local/etc/ssh/sshd_config with your preferred $EDITOR. These are the things I configured:
Any port above 1024 and other than 22 should be fine. You don’t want to have a public internet facing SSH server running on port 22. This is not a security measure, it only keeps your logs cleaner.
We’re changing the sftp server to the interal one. Find the line that says
Subsystem sftp /opt/local/libexec/sftp-server
and change it to
Subsystem sftp internal-sftp
Since we will use a separate, chrooted user and group for the SFTP server we specify minimum privileges for that group as they don’t need to use a remote shell or otherwise convenient SSH magic. Changing the root directory to ~/ prevents the user from accessing anything else on the server outside their home.
Match Group auphonic
Allowing root login and AgentForwarding is neither necessary nor recommended, so let’s turn that off by setting
Auphonic’s server will, for the forseable future, connect from one static IPv4 as Georg Holzmann confirmed. They cannot support IPv6 yet, which sadly is quite common in Austria. So we can restrict SSH logins to the IPv4 of Auphonic, the local LAN and other netblocks you expect your users to connect from.
# auphonic.com,LAN ,Other external
Match Address 220.127.116.11,10.123.0.0/16,203.0.113.0/24
Generating host keys
OpenSSH doesn’t automatically generate host keys for us like you’re probably used to. So we need to generate our own keys. I will use RSA here and I prefer them to be rather long.
After successful creation you’ll be presented with a shiny new fingerprint which you should make a note of as well as the key’s random art image.
Now that OpenSSH is installed, configured and secured we can finally turn off SunSSH and enable OpenSSH.
svcadm disable ssh
svcadm enable openssh
You can read the log output of sshd with tail -f $(svcs -L openssh) which should give you similar log output to this.
[ Feb 13 01:22:45 Executing start method ("/opt/local/lib/svc/method/sshd start"). ]
[ Feb 13 01:22:45 Method "start" exited with status 0. ]
From the command line we can now test the sftp connection. Keep in mind that you have to specify the non-standard port and also need to originate from an IPv4 address that is allowed to connect as configured above.
$ sftp -o "Port 44938" email@example.com
Upon first connect you’ll be asked to confirm the host’s fingerprint which you remember from the step before.
Once you’re connected you can verify that chrooting works fine by entering pwd at the sftp prompt and then trying to cd / and pwd again. There shouldn’t be any difference. You can try uploading a file now if you like.
To be sure that you actually cannot get a shell from there try to ssh into the host which should end something like this.
$ ssh -p 44938 firstname.lastname@example.org
This service allows sftp connections only.
Great, your OpenSSH server now allows sftp but no ssh logins authenticated by key or interactive password.
Configuring Auphonic external service
Login to your Auphonic account to create a new SFTP service then select “services” then “SFTP”. You’ll be presented with this form to complete.
We’ll simply be filling out the fields. The display name is just what you’ll see as a source in your production so name it anything you like. The server hostname is the DNS name or IP number where Auphonic can contact your server. The port number is prepopulated with the standard ssh/sftp port 22 which we’ll change to 44938. The directory will simply be / since we’re chrooting anyway and / simply refers to the auphonic user’s home directory in this case. The username is of course auphonic and we’ll leave the password empty. When done it should resemble this screenshot.
Befor you hit save, klick on the “Use public key authentication” text. You’ll be presented with the public key that Auphonic will use to connect to your SFTP server. Copy the whole text in that box, we need to add that to the authorized_keys on the server before we can save this service.
Back in the SmartOS zone, edit ~auphonic/.ssh/authorized_keys. In case the directory ~/.ssh doesn’t exist yet, you need to mkdir it. Paste the Auphonoc public key into the file and at the end of the line add a space and then yourAuphonicUsername @auphonic.com. That way you will know which public key belongs to whom should you have several public keys in there. This will happen if you use this server for multiple Auphonic accounts, each of which will give you a separate public key to use. You can also authenticate your users that way where you also should add a comment at the end so you know which key belongs to which user in case you need to revoke access at some time in the future.
Once you’re done adding the Auphonic public key and have saved the authorized_keys file you can hit save on the Auphonic website to add your external service. Auphonic will test the connection and balk at you in case something goes wrong. Only properly working server connections can be added. Configuring your firewall and probably necessary port forwardings are out of the scope of this article and are left as an exercise to you.
Configuring an SFTP client application
You’ll likely use a graphical application to upload source files, unless you’re like me and use sftp from the command line. Many people rightfully like to use Cyberduck. Setting up your connection there looks like this:
You can use password authentication here if you like, but it would be better to use public key authentication here as well. Don’t forget that you have to add that public key to the ~/.ssh/authorized_keys file as well. Just like you did with the Auphonic public key.
That’s it, you’re done with your shiny SFTP media source for Auhonic. Have fun with your audio productions! If you found a bug in my guide, please contact me so I can fix them.
Geschätzte Zeit die zum Lesen benötigt wird: 0'45" und 3'25" Video
Why is this in german?
This is my errata to an article in the austrian newspaper „Die Presse“ which is in german. To accomodate the audience of said newspaper these errata are in german language as well. If you want to know what the article is about you can try the automatic translation via Google translate and maybe see my errata in an automated Google translation as well, provided Google fixes their site to use https links as well. (It doesn’t at the time of this writing. 2013-06-24 13:35 CEST)
This is the second part of the Apple “iWatch” article and covers the technical aspects of such a possible product. Read the first part if you’re interested in the pure speculation and design side of this fictious product.
Picture: Running out of space (Pebble, Jawbone UP, Nike Fuelband)
Thanks to Aaron Parecki on Flickr, Creative Commons Attribution
A core feature of a personal device would be it’s ability to communicate with other devices. For example another quite personal device like a mobile phone. Bluetooth 4 low energy would be a suitable standard for such communication in many ways.
It was developed as an extension to the existing Bluetooth 4 specification for ultra low energy consumption. You wouldn’t want to have your devices' batteries drained all the time, would you? Some Bluetooth 4 LE devices can operate for months on a coin cell. This low consumption also is a benefit for companion devices and their respective power sources.
This technology is not suited for continuous data transfers like streaming audio to your headphones. It’s made for short burts to transfer small amounts of data. Like those taking place when sending a push message from your iPhone to be displayed on your personal device, for example an iMessage, location reminder or weather notification. Of course this would also work well for sensor data acquired by the device to be transferred to a phone or computer.
Another key aspect when displaying personal and possibly private data on a device is a secure communications channel. Bluetooth 4 LE allows for secure authentication between devices adhering to the ISO/IEC 15408 Common Criteria standard. So your private message should not end up being displayed on another person’s device.
Lastly Apple’s product palette already had support for this standard for quite a while. Particularly in the iPhone 4S and later models, the iPad since generation 3 (the larger form factor iPad with retina display) as well as the popular iPad mini. Cocoa, Apple’s collection of programming frameworks, also has support for CoreBluetooth with proximity information and profiles for many device classes including human input devices like keyboards and trackpads as well as medical devices and proximity sensing.
A device you’re wearing all the time will be a great source of body function data. Provided it is connected to your body as much time as possible. Most of the current sport armbands are just an accellerometer/gyroscope and a tiny bit of storage to save sensor data for a few days and a battery. The nike fuel armband is an exception as it also has an LED display, allowing it to show the time. (Just like a watch.) Similarly the Fitbit One which is clipped to your belt instead of worn on your wrist. Other products like the Jawbone UP do not have a display at all. It is basically just sensors, a battery and a connector.
Following the current trend of the quantified self such a device would be the ideal bodily data source. Of course motion tracking only would not be enough to be interesting to users. If that device is to be carried at all times on your body, you certainly want more sensors checking your body. You could have it measure heart frequency, blood pressure, skin conductivity (recoginzing if you’re sweating), blood glucose levels, etc. Many more things probably are possible to measure that way nowadays. Thus making the device not only interesting to those interested in aiding their fitness routine, but also helping those with diseases to improve their recovery or at least ease their chronic symptoms.
You don’t want to take off your personal wearable device every night just to recharge it. This would make sensors less useful and also reduce the amount of body data captured. Times where it isn’t connected to your body need to be minimized. Current iDevices and even MacBook Air models show that the better part of their weight and volume is the battery. This would be true for a wearable device as well.
This poses another challenge which is recharging said battery. All the currently available prodocts require you to take them off to recharge. Most devices will last for a few days. According to Martin Pittenauer the Pebble does get about 6 days of battery life. Not really a comfortable time span for a wearable device even though most of us have gotten accustomed to charging our smart phone every night. One solution to this problem could be inductive charging as well as intel’s resonance charging technology. Inductive charging is used in electrical tooth brushes for example and can be considered common these days. Resonance charging is a newer technology allowing to distribute power over a greater distance. This would be ideal to recharge your personal device while still wearing it. For example with a small bedside charger that you could just leave plugged in there.
Users of the Pebble immediately notice that getting notifications is fine. But if you receive an email, that you just want to delete, you can’t do that. This clearly is a limitation of the device. Users certainly expect a wearable device to be able to fully interact with their smart phone or tablet device. It might as well be suitable as a remote control for a set-top media box. The black AppleTV has support for Bluetooth keyboards since firmware 5.2. This would pave the way for a wearable device being used as a remote control for your big screen.
The 5th generations of the iPod nano had a (two finger) touch enabled display with the current 6th generation is even capable of multi-touch. Certainly the preferred and expected way of user interaction.
Surely not enough space to provide a keyboard, but more than enough to provide a few custom buttons. Preprogrammed interaction to delete an email, reply to an iMessage with a premade message, pickup a call or anything your own app may need. Playback controls for your iPod sound like an obvious use case.
A small, thin and light wearable device can’t have a lot of processing power. It doesn’t need to actually if it can outsource expensive processing to the phone in your pocket. In fact, it would not really need a lot of CPU power. Apple has gained enough experience with ARM processors and embedded systems. Their iPod nano and Shuffle models show that they can sucessfully manufacture powerful systems with modest energy drain.
Picture: ARM CPU used on the Raspberry Pi
Pepi Zawodsky (author)
A processor like the Samsung manufactured ARM 11 type CPU ARM1176JZF-S used in the Raspberry Pi would already have way too much processing power and memory. Something like in the 6th generation iPod nano would be more than sufficient and conserve power. But even that CPU might be too powerful for the needs of a wearable device. Something on the lines of an ARM Cortex M3 seems much more suited and is also the processor used in the Pebble Smartwatch.
A certain chique is exepected from all things Apple. The Jawbone UP and the Pebble, while being nice products, not really meet user’s expectations from Cupertino when it comes to industrial design. Their material is plastics and rubber which are more cost effective than more noble materials like an aluminum-unibody casing would be. On the other hand they serve a quite necessary purpose which is being water resistant or even water proof. A not to be neglected property of a wearable device. Spilled Piña Coladas over your arm or got caught in the rain? Your device should be able to cope with that easily. It is likely Apple’s Patent 20120055767 comes in handy for that which talks about the use of coatings to make electronic devices water resistant. Just like Apple Patent: 20130074305 which coves special manufacturing and welding processes for very flat enclosures.
This article is pure speculation. I neither have any sources inside Apple, Apples manufacturing partners or Apple’s supply chain nor do I consume the same drugs as stock market analysts do to gain their “insights”. I’m just collecting the rumours that are out on the interwebs and try to see if mixing and matching them creates anything interesting.
Due to the growing extent on the technical part of this rumored device I’ve decided to split this article into two parts so you can already enjoy my speculation while I’m still working on the tech aspects.
To be honest, I really have a hard time understanding the hype behind the Pebble. Their Kickstarter Campaign gained over 10 million $ in backers for a wristwatch with an e-paper display that can connect to a smartphone via bluetooth. But 68,929 backers can hardly be wrong, can they? So there certainly seems to be a market for a “smart” wristwatch.
What are people using a wristwatch for today? Certainly the functionality to display a more or less linear time is not of the utmost importance anymore. There are clocks everywhere, on your smartphone, on your computer screen, at trainstations, airports, etc. Realtime clocks are everywhere these days, so just to read the time you don’t need a wristwatch anymore.
Another use case for a beautiful device charming your forearm is jewelry. So the wristwatch you carry is used as a status symbol or affiliation with a certain group, like the local yachting club or golf resort. Devices by companies like TAG Heuer or ROLEX, while being prescision instruments, are sold as lifestyle and prestige objects, their ability to display the time and date are secondary to being a status symbol.
Wrist watches are also used to show the love for technology. An example for this would be the Junghans Mega Series. They’ve got a DCF77 receiver which means it can set itself to the correct time.
Being solar powered means it never runs out of batteries. Likewise the SEIKO Astron which extends the functionality of the Junhans Mega series with a GPS receiver allowing it to set the correct timezone automatically. This creates it’s very own problem since time zones change ridiculously often so this watch would need a way to update time zone information as well. These are devices that are likely worn for the affection to the technology shown off and to some extent for their industrial design as trappings.
The Pebble watch falls into this technology geeky niche, and is rather not worn just because of its appearance. Certainly not for the materials used, since it’s made from plain plastic with some models sporting a paint job.
Understanding the Apple way
Apple does not simply make another product for an existing market. Apple has different ways of entering a market. One way is to essentially create the market from scratch like they did with the iPad. Of course there have been tablet-computer like devices before the iPad, but this class of devices didn’t have a relevant market volume.
Another way for Apple to enter a market is to sidestep into an existing ecosystem like the mobile handset makers had to notice in 2007 when the iPhone was introduced. This was achieved by totally rethinking the existing range of devices. Back then the iPhone was totally different from almost every other mobile phone because Apple did not think of designing a new “phone” but a “communications device”. The term “communications device” is key to the approach Apple is taking. Designing a new “phone” would already constrain thinking about a future device. Jonathan Ive (Senior Vice President, Apple Design) did talk about freeing your thinking from constraints when designing new products.
Apple has the ability to tickle early adopters of geeky gadgets, just like the Pebble watch does. Though a ficticious device would have a more appealing industrial design and choice of material.
Regarding market segment Apple has always chosen a top-down approach. They start at a high-price with a very focused product, then iterating over the functionality as customers respond with their desire. Though Apple doesn’t necessarily regard their customer’s wishes as relevant for product evolution.
But in the end, for something this complicated, it’s really hard to design products by focus groups. A lot of times, people don’t know what they want until you show it to them.
— Steve Jobs in Business Week, May 12, 1998
Approaching a new product
I’m certain that Apple would not even be starting to design “a wristwatch” for the reasons lined out. Honestly having no clue about the wristwatch market I still consider it to be sufficiently saturated with existing products and brands covering just about any timey-wimey fetish imaginable.
Apple also would not only want to appeal to traditional buyers of status symbols or the geeky gadget afficionadi but create a device that would be of interest to a much broader audience.
Thanks and credits
These thoughts mostly came up during a prolonged talk with my dear friend Christian who does excellent Apple support work in the Graz/Styria area. We irregularly waffle and rant about all things Apple releated
Do you know what’s on your storage devices? Well, of course you know, everything is there. Your whole life these days is stored on harddrives and USB thumbdrives or some kind of server. But what exactly is everything when your significant other or a user asks you if that precious file that supposedly was on the harddrive that just died actually was really there in the first place? This is where a tree comes in handy.
Meet tree(1) a handy utility that lists contents of directories in a tree-like format. For example the downloads directory of this site looks like this when listed by tree(1).
Now you get the idea why this can be quite helpful in determining the contents of a folder.
How about a nice list of your Podcasts in iTunes? Here we make use of the -N flag to output diacritic characters like the german umlauts (äöüÄÖÜ), instead of octal escaping them. The OS X Terminal as well as iTerm are well UTF-8 capable.
$ tree -N ~/Music/iTunes/iTunes\ Media/Podcasts
├── Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_
│ ├── 01 CHAT001 Woher kommen eigentlich diese Cocoaheads und was machen die so_ 1.m4a
│ ├── 02 CHAT002 AirPort Express, Xcode 4.0.2, Git Achievements, Pow.m4a
│ ├── 03 CHAT003 iOS 4.3.3 & Jailbreak, IRC, CodingKitchen Wien, BarCamp Graz, Mobile CouchBase, SuperPin, What License_, Git CheatSheet 1.m4a
│ ├── 27 CHW027_ D-Scrum_ Modernes IT-Projektmanagement auch für Freelancer und KMUs 1.m4v
│ └── CHAT000 Hallo Welt 1.m4a
├── Hot Cocoa
│ ├── Hot Cocoa 3_ The Coin Flipper.m4v
│ ├── Hot Cocoa 4_ CoreData - Part I.mp4
│ ├── Hot Cocoa 5_ Core Data - Part II.mp4
│ └── Hot Cocoa 6_ Intro to iPhone Programming.mp4
├── Learn By The Drop Videos
│ └── Creating An RSS Feed Using Views.m4v
├── Mac Power Users
│ ├── Screencast_ OmniFocus Ninja Tricks (Part 2 of 3).m4v
│ └── Screencast_ OmniFocus Ninja Tricks (Part 3 of 3).mov
├── MacBreak Dev
│ ├── Checking Applications with Instruments.mov
│ ├── Data Structures within Core Data.mov
│ ├── How Properties and Core Data work together.mov
│ └── What is DTrace_.mov
├── Unknown Podcast
│ ├── 9) Cathy Shive on Design.mp3
│ ├── Chatting with Sofa.m4a
│ ├── Indie Support with Kirby Turner.mp3
│ ├── Jiva Devoe.mp3
│ └── NSBrief_11_Appsterdam.m4a
└── iOS Programmierung (iPad, iPhone, Xcode, objective-c) ├── Die ToDoList (Podcast 004).mp4
├── Macoun 2012 UICollectionView (Podcast 036).mp4
└── iOS-Hybrid bzw. iOS-UniversalApp (Podcast 003).mp4
7 directories, 24 files
A trip down the memory lane for those who have seen the old BBS days with an Acoustic coupler or analog modem. Back in those days, and even in the early days of the internet many FTP servers had an index file for you to download locally. Search functions did not exists and connection speeds were slow, so you just downloaded a full file tree and searched through that one locally. Such a listing can be created with tree(1) as well.
$ tree -Nifh ~/Music/iTunes/iTunes\ Media/Podcasts
[ 238] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_
[2.0M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/01 CHAT001 Woher kommen eigentlich diese Cocoaheads und was machen die so_ 1.m4a
[1.4M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/02 CHAT002 AirPort Express, Xcode 4.0.2, Git Achievements, Pow.m4a
[2.1M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/03 CHAT003 iOS 4.3.3 & Jailbreak, IRC, CodingKitchen Wien, BarCamp Graz, Mobile CouchBase, SuperPin, What License_, Git CheatSheet 1.m4a
[457M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/27 CHW027_ D-Scrum_ Modernes IT-Projektmanagement auch für Freelancer und KMUs 1.m4v
[ 75K] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/CHAT000 Hallo Welt 1.m4a
[ 204] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa
[ 98M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 3_ The Coin Flipper.m4v
[ 25M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 4_ CoreData - Part I.mp4
[ 20M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 5_ Core Data - Part II.mp4
[ 32M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 6_ Intro to iPhone Programming.mp4
[ 102] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Learn By The Drop Videos
[ 19M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Learn By The Drop Videos/Creating An RSS Feed Using Views.m4v
[ 136] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Mac Power Users
[146M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Mac Power Users/Screencast_ OmniFocus Ninja Tricks (Part 2 of 3).m4v
[158M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Mac Power Users/Screencast_ OmniFocus Ninja Tricks (Part 3 of 3).mov
[ 204] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev
[ 39M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/Checking Applications with Instruments.mov
[ 41M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/Data Structures within Core Data.mov
[ 64M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/How Properties and Core Data work together.mov
[ 57M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/What is DTrace_.mov
[ 238] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast
[ 18M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/9) Cathy Shive on Design.mp3
[ 27M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/Chatting with Sofa.m4a
[ 47M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/Indie Support with Kirby Turner.mp3
[ 49M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/Jiva Devoe.mp3
[ 50M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/NSBrief_11_Appsterdam.m4a
[ 170] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)[153M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)/Die ToDoList (Podcast 004).mp4
[262M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)/Macoun 2012 UICollectionView (Podcast 036).mp4
[ 97M] /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)/iOS-Hybrid bzw. iOS-UniversalApp (Podcast 003).mp4
7 directories, 24 files
I’ve included -h in this example to also give me a human readable size information in addition to the full (unescaped, unquoted) path to each file. There are flags to adapt the output to your liking.
With a rather large fileserver, like for a small office, that tree file can grow substantially. My tests have shown that a (probably non-typical) 1TB office server sharepoint with 369910 directories and 1285341 files took up 346MB which boiled down to just 17MB when compressed with gzip(1). So this is quite well suited for archiving over time.
The last example I want to show you is a nice file listing for a webserver. So here is this server’s download directory index as somewhat nice HTML created with tree(1).
I’m regularly thinking about optimising my workflows in the hope to increase my prodctivity. (Or at least to make procrastination more effective.) I don’t want to spend a lot of time hunting for an App I regularly use. Some apps I want to have available immediately, even though I don’t use them often.
This is what my homescreen looked back in spring of 2011 on my iPhone 4 running iOS 4.3.x.
It was arranged to carry most of the apps I used regulary back then. I just empirically put there what I felt belonged there.
Fast forward to Spring 2013.
Quite a lot has changed since then. I’ve upgraded from an iPhone 4 to a 4S and iTunes tells me that there are 509 way too many Apps on my pocket computer. Of course iOS 6 happened and many of the apps have received substantial updates. The background, surprising to myself as well, is still the same. So this is what greets me at the moment.
So, what Apps do we see here, what do I use them for and why did I keep them in this precious space?
iCabMobile (Universal) In my opinion the best web browser available for iOS. (Includes an AdBlocker for example which you do not need here since I don’t put any ads on my website. How nice.)
/GSM - See below
Lift An attempt at Quantified Self and to force myself to build a few new habits. You’re welcome to cheer at my efforts to help my motivation. I’m MacLemon on Lift.
Simplenote All my note taking goes in here. I sync to my Mac with the simplenote.com Webservice. On the Mac this is complemented by the excellent nvALT.
Maps (Standard iOS App)
Saver Super simple capturing of my expenses and a little budget info. Helps me keep track of my spending.
Light The omnipresent flashlight app. As simple as it is, it comes in handy every now and then.
Wann Gives me the next public transport arrivals in my vicinity. This is actually a beta version by subzero for testing the data in Vienna/Austria. Sadly this cannot yet be released since the Wiener Linien do not release their schedule and realtime data as OpenData.
Camera (Standard iOS App)
Camera+ A quite good camera app that allows a lot more settings than Apple’s stock app. I’m currently testing ProCamera which is likely to become my main photo taking app in the future.
ProCamera Currently my main photo taking app. I do take a lot of too many pictures and I want a camera app to support me in doing that.
Instacast 3 I’m a total Podcast addict, therefor I don’t get by with Apple’s iPod or Podcast apps for my listening needs. Instacast 3 does the job of managing my subscriptions exceptionally well and also does support triple speed playback.
Not really a good name for that folder, I totally agree. Why are those Apps tucked away anyway? Because I really don’t make that many calls. In fact I hate phonecalls more than email.
Phone (Standard iOS App)
Messages (Standard iOS App)
Prowl Mostly for push messages from a multitude of servers.
CloseBy Shows all my contacts on a map. Not sure if I’ll keep that one since it’s temporarily in here for testing.
I agree that many things are awry here and this is why I’ve decided to do something about it and analyze my actual app usage to get a better feeling for what should be on my 0th home screen.
Over the next few weeks I’ll be collecting my daily app usage to determine which apps I use on a daily basis and which are less often in use. With that gained statistics I hope to gain enough insight to rearrange my homescreen in a more efficient way. Stay tuned!