KB Exclusive | Hammerhead Jacket Case for Just 1¢!!!

It’s finally here! iOS 8 has landed and with it comes the much anticipated support of extensions.

Android users are all too familiar with widgets, and extensions in iOS provide the same functionality albeit in a different manner. Extensions are elements that you can use to customize your experience using iOS and your device. For example you can add custom weather apps in Notification Center, share with Pintrest or similar social websites from the share menu, clip from the web with many note taking apps, and perhaps the most anticipated feature: custom keyboards. 

Android users have been able to enjoy a plethora of good an not-so-good keyboards for a while, but one innovative style of “swiping” between letters on the keyboard has become so popular as to cause custom keyboards to be one of the most requested features in iOS. Now iOS users have access to a plethora of keyboards, from the aforementioned swipe style, to improved word prediction, to silly images and emojiis.

These extensions also integrate with the hardware of new devices. With iOS 8 Apple introduced HealthKit, a developer tool which measures and stores health metrics from sensors in the phone, and yes, the upcoming Apple Watch. A new generation of health apps will be able to use HealthKit to track your data and give you dynamic, personalized feedback.

Other apps, such as “*LastPass*”:https://itunes.apple.com/us/app/lastpass-for-premium-customers/id324613447?mt=8&at=11lb7k and “*1Password,*”:https://itunes.apple.com/us/app/1password-password-manager/id568903335?mt=8&at=11lb7k utilize the new extension capabilities to autofill passwords and other forms in Safari in iOS, just like on OS X devices. But their integration doesn’t end there. You can also set your master password to be filled via Touch ID, essentially making your fingerprint your master password, thus vastly increasing the speed of filling in usernames and forms securely.

These examples are just the tip of the iceberg when it comes to the use of extensions. With iOS 8 developers have been given the keys to the kingdom, so to speak, when it comes to iOS and we are going to be seeing a huge wave of app integration in the future. The adoption rate of using these features is incredibly high and only growing. While iOS 8 may not appear too different from iOS 7 on the surface, extensions and under the hood enhancements make this one of the most important releases of this mobile operating system. You just may not notice until you start exploring all the amazing new apps.

Mike D. here (“this Mike D.”:http://blog.smalldog.com/authors/michaelduplessis NOT this Mike D. OR this Mike D.) writing the conclusion to this week’s Kibbles. I travel all over Vermont to give lessons and provide tech support to our customers so I spend a LOT of time in my car. Sometimes, especially in the dead of winter, this is not my favorite part of the job. This time of year, and especially this week with our temperatures in the 60s and abundant sunshine, it is a different story and I feel very lucky to be able to see so many beautiful places. The photo above was taken this week on my drive over the Lincoln Gap. If you are one of our readers at a distance, I hope that you have had or will have the chance to come to Vermont in the fall to see the show!

Thank you for reading this issue of Kibbles & Bytes!

Your Kibbles & Bytes team,

Hapy, Mike, and Don (in absentia)

By default, OS 10.7 (Lion) through 10.9 (Mavericks) detects and uses your device to decide whether or not to show scroll bars in on-screen windows. I prefer to have them always appear, so if you’d also like to constantly see them in any window that’s scrollable, here’s how you do it:

* Go to *System Preferences*
* Open *General*
* Select *”Always”* under *”Show scroll bars”*

No more scroll bar hide and seek!

??editor’s note: This classic Mac Treat was originally written by former Small Dog Marketing Director and *HUGE* Oriole’s fan Kali Hilke. She is at Camden Yards today rooting her team on. Since the Red Sox just missed the playoffs (ha!)…go O’s!??

_Hello friends,_

This is Hapy, filling in for Don this week who is out in Cupertino meeting with some of the Apple bigwigs to plan for the next quarter. It is definitely peak foliage here in Vermont, which means lots of tourists, lots of road construction, and the sounds, smells, and sights of autumn! There is one particular sound of autumn which I love the most, and that is the crack of a maple baseball bat on a ball, as the Major League Baseball teams enter the playoffs. My favorite team, the San Francisco Giants are back in the thick of it this year, hunting for their third World Series victory in five years. If you find the regular season baseball to be a bit of a slow game, the tension which builds with every pitch and every swing of the bat in the playoffs turns the game into something completely different. The Giants are facing off against a tough Washington Nationals team tonight in game 1 of their series. In honor of the black and orange colors of the Giants and the Orioles, I am giving away the Hammerhead Jacket Case for the iPhone 5 in orange only for just a penny this week.

“*See this AMAZING deal here!*”:http://www.smalldog.com/wag900001588/kibbles-and-bytes-exclusive-orange-jacket-case-for-a-penny

We have a fantastic set of articles for you this week covering the Shellshock vulnerability, a solution for disappearing scroll bars, extensions in iOS 8, and a special offer for new Consulting clients.

Thanks for reading and being a Small Dog supporter, and GO GIANTS!

OS X is a descendant of a long lineage of UNIX operating systems, from which it inherits its incredible stability and enhanced security. However, the past two weeks have uncovered numerous bugs in a core piece of software relied on by many UNIX operating systems, OS X included: bash (Bourne-again shell). It turns out that these bugs have been very long standing and can be exploited in numerous ways to provide unchecked access to a computer (in some cases remotely) with an afflicted version of bash installed. Due to the surprise and scope of this vulnerability, many have dubbed it “Shellshock”, in reference to the combat fatigue experienced by soldiers, but it’s really not a fair comparison to the effects of war.

A “shell” is a program that interprets and acts on textual commands either entered directly by a user at a terminal (or using a virtual terminal like the Terminal app found in /Applications/Utilities on OS X) or from a file containing one or more commands to be run automatically (sort of like a player piano, if that’s even a useful analogy anymore.) Bash is a very common shell program and is the default on many UNIX operating systems, including OS X (as of Mac OS X 10.3 Panther). If you’ve ever opened up the Terminal app and run a command in the last decade, you’ve used bash.

I personally write a fair number of scripts in the bash language to automate various processes on my computers and servers, primarily because it so ubiquitous. It may be partly because I’m a bit of a masochist, but–as a server admin–I also find it helps me perform tasks more efficiently when working in Terminal since it is the default. Needless to say I immediately started investigating the bugs, the attacks, and testing OS X workstations and servers.

Fortunately, without very specific custom configuration, OS X is not vulnerable to remote attacks through the afflicted version of bash, as echoed in the following statement from Apple (“given to Jim Dalrymple of The Loop”:http://www.loopinsight.com/2014/09/26/apples-statement-on-the-unix-bash-vulnerability/):

bq.”The vast majority of OS X users are not at risk to recently reported bash vulnerabilities. […] With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.”

None of the OS X 10.6 Snow Leopard through OS X 10.9 Mavericks systems I tested were vulnerable to remote attacks, however, all versions were susceptible to local attacks. The bugs are such that malicious commands can be inserted into “environment variables” (just what they sound like, data that exists in the environment in which individual shell scripts are run and therefore can be accessed by many scripts) and will be automatically executed upon any bash command or script being run. Not good. Since there are multiple bugs, there are different ways to test for each, but I find running the “‘bashcheck'”:https://github.com/hannob/bashcheck script to be very convenient way to test for all of them at once.

The bash developers and community have worked feverishly to investigate and fix these bugs. Apple has released “OS X bash Update 1.0” which includes fixes for the initial pair of bugs, but it unfortunately does not address subsequent bugs. As a further inconvenience, Apple does not provide this update via Software Update or the App Store, so you must download & install the appropriate update for your version of OS X:

“OS X bash Update 1.0 – OS X Lion”:http://support.apple.com/kb/DL1767 (10.7)
“OS X bash Update 1.0 – OS X Mountain Lion”:http://support.apple.com/kb/DL1768 (10.8)
“OS X bash Update 1.0 – OS X Mavericks”:http://support.apple.com/kb/DL1769 (10.9)

For those of you running Mac OS X 10.4 Tiger through 10.6 Snow Leopard on much older Macs, the developers of “TenFourFox”:http://www.floodgap.com/software/tenfourfox/ (an open-source version of the Firefox web browser specifically for older PPC & Intel Macs), provide “a download along with detailed instructions to install a version of bash that fixes all the known vulnerabilities at this time”:http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html. It does require command line experience, so is not for the faint of heart. The updated version provided by the TenFourFox team can also be used on OS X 10.7 Lion through 10.9 Mavericks and actually installs the very latest 4.3.x version of bash as opposed to the older 3.2.x version that Apple includes by default (and provided the partial fix for). This newer version of bash also has some benefits that programmers might enjoy, but it comes at the risk of possibly being downgraded by a future OS X update from Apple.

If you never use the Terminal app, I’d suggest you at least apply the appropriate version of “OS X bash Update 1.0” and any future updates that Apple might release to fix the additional vulnerabilities. For those of you who use Terminal with any frequency, you’ll want to proceed with caution and weigh the pros & cons of relying on Apple’s partial update or manually updating to the latest version of bash for your particular use.