Oy with the POODLEs already!
Plus: The Return of Camera Roll, and the debut of Yosemite
SO THERE I was, in the midst of crafting one of my typically droll and yet diabolically clever headlines for this post, when the perfect title was dropped right into my lap. Well, right into my Inbox, to be precise. Long-time client and Gilmore Girls fan Regina just happened to send along a completely unrelated email with that very subject line, which–according to the unparalleled resources of the Urban Dictionary–“can be used to shut up a person that is talking non-stop about a certain subject.”
Given that the primary focus of this missive is POODLE, an acronym for the latest security exploit capable of bringing the Internet to its knees, I feel well within my rights to assert that this expression can also be used to “shut up an Internet that is afflicted non-stop with certain security vulnerabilities.” As in: “Heartbleed? iCloud celebrity hack? Shellshock? And now POODLE? Oy with the POODLEs already!”
Ah, if only a well-turned phrase would serve to dispose of these technological threats… So just what is POODLE? Like Heartbleed, it’s a vulnerability in the system that encrypts information sent between devices and/or across the Internet, so that data like passwords and credit card numbers are protected from prying eyes. The POODLE vulnerability exists specifically in the Secure Sockets Layer (SSL) 3.0 protocol, which was superseded by the newer and more secure TLS (Transport Layer Security) protocol a while back.
UNFORTUNATELY, a small percentage of Web sites–and other devices that encrypt data, like routers–still use SSL 3.0 instead of TLS, and most Web browsers are set to “fall back” to SSL when they talk to a server if they can’t find TLS running, so that they can still conduct an encrypted “discussion.” When that happens, the POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability in SSL can be exploited by a hacker, and the no-longer-secure data can be decrypted and accessed.
So what can we do about this? Fortunately, as of this past Monday it’s pretty simple. Just run Software Update from the Apple menu, and it will deliver Security Update 2014-005, which prevents your Mac from using SSL in Safari, even if a server is offering it to you.
Firefox is also safe as long as you’re using version 33.0 (go to “About Firefox” from the FireFox menu to check/update). Google Chrome is still vulnerable as of this writing, per my visit to the POODLE Test site just a moment ago. And for anyone using 10.7 “Lion,” 10.6.8 “Snow Leopard,” or older, Apple is not providing a patch ;-(
APPLE HAS, however, provided a few other goodies in the past week. Namely, the iOS 8.1 update which, due to, er, popular demand, brings back the Camera Roll album. Not only that, it brings back the My Photo Stream album as well, if only to vex and confuse those of us who still don’t quite understand why Photo Stream photos are different on all our devices, and why they sometimes go away but other times stay forever.
Since Photo Stream will soon be replaced by the iCloud Photo Library, now available to try in a beta (test) version, there’s no point dwelling on the nitty gritty details. Suffice to say that those of you now using iOS 8 should definitely upgrade to 8.1 ASAP, since it squashes a lot of other bugs as well.
Should any of you out there feel adventurous enough to try out the iCloud Photo Library, it can be activated in Settings–>Photos & Camera on your iDevice. I’ll be curious to hear your experiences with it, so please feel free to share them in the comments below. For me, so far so good but I have only a few dozen photos up there at this point.
APPLE HAS ALSO released “Yosemite,” aka OS X 10.10, and in the process eliminated “Mavericks” 10.9. So if you haven’t yet upgraded to 10.9, it’s no longer an option. But trust me, you weren’t missing anything. While Mavericks brought little more than tabbed Finder windows (and major printing/email issues for some), Yosemite offers Handoff and Continuity features for iDevice users, as well as some other nifty stuff, like the ability to annotate email attachments and to sign documents with your trackpad.
I touched on Handoff and Continuity a few posts back, but just to review, these features enable iDevice users to do things like start an email on your iPad and finish it up on your iMac, or take a call from your iPhone on your MacBook Air. In fact, you can even initiate a phone call from your Mac, as long as your iPhone is nearby. For my money, Handoff and Continuity have the potential to be the most valuable features to come along in a new OS since 2007, when Time Machine debuted way back in Mac OS X 10.5.
So should you upgrade to Yosemite now? Well… if you’re already using Mavericks 10.9, and your Mac has slowed down appreciably since upgrading, or if it has caused problems with your Apple Mail program (especially if you’re a GMail user), I would go for it.
FOR THOSE USING Mountain Lion 10.8 or who have had no issues with Mavericks, I would at least wait until Yosemite 10.10.1 shows up, which is typically within a month or two after the initial version release. So far I have not seen any of the horror stories that often accompany a brand-new system, but since your mileage may vary, discretion is probably the better part of valor here.
As with iCloud Photo Library, any early adopters of Yosemite are encouraged to share their experiences below.
