iPhone Atlas - Ted Landau - Five “under-the-hood” things you should know about App Store apps
1. Where are iPhone apps actually stored on a Mac ...
2. I opened the Mobile Applications folder. All the files there end in .ipa. What’s with that?
Consider ipa an abbreviation for “iPhone application.” ... use the shareware program Pacifist. Specifically:
1. Make a copy of the app that you want to check (say Koi Pond.ipa).
2. Change the name of the copied file to Koi Pond.ipa.pkg.
3. Click “Use .pkg” when the dialog appears asking what you want to do.
4. Open Koi Pond.ipa.pkg in Pacifist.
...
1. Via Pacifist, navigate to Payload > KoiPond.app >Info.plist. Extract this file.
2. Open the file using Property List Editor (or any other utility you have for opening .plist files).
From here, you can confirm the version number (CFBundleVersion) of the app. This should be the same number you’ll find in the Version item of the Summary tab, if you select Get Info for an app in iTunes.
Also in the .plist file, note the line that reads UIStatusBarHidden Boolean Yes...
3. There are several copies of some apps in the Mobile Applications folder (with names like Koi Pond.ipa, Koi Pond 1.ipa, Koi Pond 2.ipa etc.) What gives with that?
First the good news: If you’ve updated to iTunes 8, this should no longer happen.
Prior to iTunes 8, these duplicates accumulated each time you updated to a newer version of an app (or even redownloaded the same version). All downloads were retained, even though only the latest copy was used.
... If you still have duplicates hanging around, drag them to the Trash and delete them. You only need to retain the copy with the most recent modification date. If there is any doubt as to which copy to keep, go to Applications in iTunes and select Show in Finder from any app’s contextual menu. This will take you to the Mobile Applications folder with the active copy highlighted. That’s the one you want to keep.
Although they are usually harmless, these duplicates can occasionally cause problems...
4. Can I run apps on my iPhone that other people have purchased?
No and Yes. The system for apps works the same way as for music and video purchased from the iTunes Store. By default, App Store apps can only be run on iPhones and iPod touches synced to the computer used to purchase the software. However, a user can authorize up to 5 computers to have access to their iTunes Store purchases. Thus, to use an app purchased by a friend...
Friday, September 19, 2008
App store innards - handy knowledge for basic maintenance
Excellent review, includes a few that are new to me. Read the entire article for the full story, I'll be checking for leftover app versions in my iTunes app folder.
Thursday, September 18, 2008
Password twilight: bad from Gmail, not so bad from OpenID.
Bad news, then not-so-bad news, in the twilight of the password.
From Google, another scary installment in their online safety series:
And, of course we know about Google's brilliant mafia-funded password reset approach.
I was on the verge of having nightmares about losing control of my Google account, but their "reassuring" message is giving me night terrors instead.
On the bright side, there's optional two factor identification for my myOpenID account.
The big difference from Hailstorm/Passport is it's not controlled by Microsoft, Apple, Amazon, IBM or your cellphone company. All kinds of places can, and do, offer OpenID services -- including my many Blogger blogs.
Of course these services are only as good as the associated security, and Google hasn't been wining any prizes for their security measures.
Even MyOpenID is vulnerable, like anyone else, to password theft. It's a "one factor identification" service -- a "what I know" factor. If I add CallVerifID though it's a "two factor" service -- "what I know" and "what I have". A thief would have to steal both.
So what happens if I lose my phone?
Well, that's kind of where the good news ends:
Still, it's a measure of progress.
What I think I need is some combination of two factor identification and a digital certificate stored on secured machines. Then if I lose the phone I could at least fix things from a secure machine with a digital certificate (eg. home computer, not a laptop) stored on an encrypted disk image.
I think it might be possible to do that with MyOpenID; I'm going to give it a try. The combination of digital cert access from secured machines with two factor phone id when in other locations is interesting. I do want to be able to secure the cert on an encrypted disk image, I'll have to research how to do that, I'd prefer not to encrypt my entire user account directory (the default OS X approach). The cert can be revoked, so if I knew the machine had been stolen I could revoke the cert. [ps. The digital cert is browser specific, not user account specific. So if you use more than one browser you need a cert for each one on the user account.]
Now if only Google would enroll itself in a remedial security training program. At least they could use some loose change to pay Schneier for a consultation ...
PS. It looks like I can create MyOpenIDs for my domains, such as faughnan.com or faughnanlagace.com. That could help with securing Emily and the children's accounts.
Update: Too bad! myOpenID missed the brass ring.
If you active the two factor identification, you still need the cell phone call even when signing in with the digital certificate. So there's no good fallback if you lose cell phone access. Arghh!! They should have had two different two factor identification schemes:
Oh well, maybe they'll read this blog and fix it.
Update 3/8/09: Sign. OpenID.com never did get a clue. BTW, more the horror of losing Gmail account access.
From Google, another scary installment in their online safety series:
When it comes to Gmail specifically, there are a couple of things that might cause account-related interruptions in access: a lost or forgotten password, unusual activity that triggers the safety measures designed to keep accounts from being compromised, or, in the worst case, someone has stolen your login info and changed it...The $%!%!#$% verification code for my Gmail account?!! The account I opened the month they launched? Did they even do verification codes back then? What's the chance I could find that now? At least I know it's not in my Gmail respository?
... we don't ask for much personal information when you sign up for Gmail, which can sometimes make it difficult to prove ownership of an account and trigger the recovery process.
Still, there are some simple steps you can take to ensure that your account stays in your hands, and to greatly improve the chances of regaining access if you have any problems...
- Always keep the verification number you get when you sign up for Gmail. When you sign up for Gmail, we'll ask you for a secondary email address and then email a verification number to that account. This number is the best way to prove ownership of your account, so be sure to hang on to it.
- If you aren't able to access your account, try resetting your password. As mentioned above, most of the support requests we get turn out to be lost or forgotten passwords, rather than something more serious. Resetting your password usually gets the job done.
- If resetting your password doesn't work, try our account-recovery process. We recently launched an account-recovery form in our help center that can drastically reduce the amount of time it takes to verify ownership of an account and restore access. If you have the information necessary to prove ownership -- such as the verification code for the account -- this new process can help our support team restore access within a matter of hours.
And, of course we know about Google's brilliant mafia-funded password reset approach.
I was on the verge of having nightmares about losing control of my Google account, but their "reassuring" message is giving me night terrors instead.
On the bright side, there's optional two factor identification for my myOpenID account.
About CallVerifIDThe basics of OpenID are pretty simple. From a user perspective it's like the old Microsoft Hailstorm/Passport scheme -- a single un/pw sign-on. So when I use my OpenID to sign on to a web service, I'm redirected to enter my password into the myOpenID site then return to my true destination. I can stay authenticated with myOpenID provider, then I don't have to keep entering my password as I move from site to site.
... CallVerifID™ provides the most convenient and cost-effective strong security measure available for OpenID users. An individual can enable CallVerifID™ within seconds to add an additional authentication factor.
* Easy two-factor authentication for myOpenID
* Instantly receive a call when signing into myOpenID. Simply answer and press # to authenticate.
* No extra phone capabilities or text messages. Use any phone.
The big difference from Hailstorm/Passport is it's not controlled by Microsoft, Apple, Amazon, IBM or your cellphone company. All kinds of places can, and do, offer OpenID services -- including my many Blogger blogs.
Of course these services are only as good as the associated security, and Google hasn't been wining any prizes for their security measures.
Even MyOpenID is vulnerable, like anyone else, to password theft. It's a "one factor identification" service -- a "what I know" factor. If I add CallVerifID though it's a "two factor" service -- "what I know" and "what I have". A thief would have to steal both.
So what happens if I lose my phone?
Well, that's kind of where the good news ends:
What happens if I lose my phone?Ooookkkkaaayy. What do they mean by "strongly established"? There's no detail on what that is, it sure sounds vulnerable to social engineering.An alternate number can be set up by calling the support staff, once your identity is strongly established.
What happens if I lose cell phone coverage in a certain area?Call the support staff from any phone to request a one time bypass. Once your identity is strongly established, they can allow you to authenticate one time without receiving a PhoneFactor call. They can also change your account to point to an alternate phone number, such as a land line.
Still, it's a measure of progress.
What I think I need is some combination of two factor identification and a digital certificate stored on secured machines. Then if I lose the phone I could at least fix things from a secure machine with a digital certificate (eg. home computer, not a laptop) stored on an encrypted disk image.
I think it might be possible to do that with MyOpenID; I'm going to give it a try. The combination of digital cert access from secured machines with two factor phone id when in other locations is interesting. I do want to be able to secure the cert on an encrypted disk image, I'll have to research how to do that, I'd prefer not to encrypt my entire user account directory (the default OS X approach). The cert can be revoked, so if I knew the machine had been stolen I could revoke the cert. [ps. The digital cert is browser specific, not user account specific. So if you use more than one browser you need a cert for each one on the user account.]
Now if only Google would enroll itself in a remedial security training program. At least they could use some loose change to pay Schneier for a consultation ...
PS. It looks like I can create MyOpenIDs for my domains, such as faughnan.com or faughnanlagace.com. That could help with securing Emily and the children's accounts.
Update: Too bad! myOpenID missed the brass ring.
If you active the two factor identification, you still need the cell phone call even when signing in with the digital certificate. So there's no good fallback if you lose cell phone access. Arghh!! They should have had two different two factor identification schemes:
- password + digital cert (secure browser)
- password + phone ID
Oh well, maybe they'll read this blog and fix it.
Update 3/8/09: Sign. OpenID.com never did get a clue. BTW, more the horror of losing Gmail account access.
iPhone - layers of integrated functionality
It's easy to make a list of what my iPhone can't do. No cut, copy paste -- which I miss all the time. No cross-application search (I can imagine why not, but I sure miss it). No tethering - yet. No standard sync infrastructure, so every vendor has to roll their own.
I'll omit "no tasks, no notes sync" because I love Appigo's solutions and they wouldn't exist if Apple had done these things.
What gets missed is how much deep and integrated functionality there is ...
It's the deep integration though that really impresses me. Very elegant, very, I must admit, Apple.
Update: Oops. Looks like a minor iPhone glitch led me to think pushing the wake/sleep button when on a call would lock the screen. In truth it's supposed to disconnect the call. I do wish there was a way to lock the screen during calls. I switch to another app to avoid pressing keys that will interrupt the call.
I'll omit "no tasks, no notes sync" because I love Appigo's solutions and they wouldn't exist if Apple had done these things.
What gets missed is how much deep and integrated functionality there is ...
Gordon's Tech: iPhone notes you won't read elsewhereAnd, of course, there's the App Store, which gets more amazing every day.
... The silver on/off button has context dependent behavior. In standard mode it locks the phone and turns off the display. When a call comes in one push silences the ring, two sends it directly to voice mail.When you're on a call, one push locks the phone, preventing errant touches from messing up your call. (I lost a lot of calls until I learned this.)
... When you search for a business on the Map and select a pin, you get a pop-up with an arrow. Touch the arrow to see the contact. What's not obvious at that point is that if you scroll down, you can add this to your address book (you cannot, however, specify to which group). I do this all the time. The form of contact that's created is very complete, including a map link.
It's the deep integration though that really impresses me. Very elegant, very, I must admit, Apple.
Update: Oops. Looks like a minor iPhone glitch led me to think pushing the wake/sleep button when on a call would lock the screen. In truth it's supposed to disconnect the call. I do wish there was a way to lock the screen during calls. I switch to another app to avoid pressing keys that will interrupt the call.
Wednesday, September 17, 2008
Clarifi iPhone case - must buy now ... cannot resist ...
This is just painfully brilliant ...
Evernote will do offline OCR of scanned and uploaded images. I assume they do something special for business cards especially if you pay for their enhanced service. I assume an OCR app for the iPhone is on the way ...
Griffin Technology: ClarifiI cannot resist. It's not on sale yet, but now I'm glad I haven't found a case I really like.... Slide the Clarifi lens into place over the built-in lens of your iPhone.... ... With Clarifi's lens, your iPhone can image an entire business card with astounding clarity.... you can move in to 4 inches for crisp detail and great pictures.
And, of course, Clarifi is also a super-protective case, constructed of durable polycarbonate, with cutaways for access to power switch, headphone jack, volume controls, and dock connector. For use with Apple Universal Dock wells, Clarifi features Griffin's trademark EasyDock™ design: the bottom third of the case slides down and off to fit in standard dock wells.
Evernote will do offline OCR of scanned and uploaded images. I assume they do something special for business cards especially if you pay for their enhanced service. I assume an OCR app for the iPhone is on the way ...
The Devil's Due: Qwest has been good
I've had a few nasty things to say about Sprint and AT&T.
So I was surprised when I recently realized that I've gotten quite good service from Qwest. It's been a year since I switched ISPs ...
Weird.
So I was surprised when I recently realized that I've gotten quite good service from Qwest. It's been a year since I switched ISPs ...
Gordon's Tech: I switch to Qwest DSL PlatinumMy DSL works, speed seems adequate, I pay my bills. Qwest doesn't even spy on me. They don't even spam me.
... The tech person was, again, very good. She promptly gave me my Qwest un/pw and, for what it's worth, my MSN un/pw (guess I need a mail forwarder there [1]).
So far it's been fine. I'll update with this post as I learn how well it works, and, most of all, learn how much it will really cost....
Weird.
Tuesday, September 16, 2008
Simple iPhone web app directory
iPhone Web Apps. A very simple list that renders well on the iPhone, from pure-mac.com. I had no idea Amazon had a web app interface.
Air Sharing: turn your iPhone into a file and web server
I have my copy:
Comes with a file viewer which did a fine job rendering a word doc.
This is a bit insane. Today I bought an HP41C emulator, got Air Sharing for free, and got a free upgrade to Apple's Remote app.
Ever since I found a fix for the "unknown error" on update bug the App Store has been my candy store. I'm already forgetting the suffering of switching from Palm to the iPhone...
Avatron Software: "Air Sharing's regular price is US$6.99. But don't miss this special introductory offer: For the first two weeks, Avatron Software will be giving Air Sharing away for FREE!"So now my iPhone is a file server and and a web server. If you knew my IP address I suppose I could run my old web site off it.
Comes with a file viewer which did a fine job rendering a word doc.
This is a bit insane. Today I bought an HP41C emulator, got Air Sharing for free, and got a free upgrade to Apple's Remote app.
Ever since I found a fix for the "unknown error" on update bug the App Store has been my candy store. I'm already forgetting the suffering of switching from Palm to the iPhone...
Subscribe to:
Posts (Atom)