June 2019: Web browsers, continued

Web browsers continued as the meeting topic at the June 18, 2019 Strait Macintosh User Group meeting. In a change from the past, the meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA.

While President Sabrina Davis and others set up the room for the meeting, Vice President Lawrence Charters hosted a Q&A (Question and Answer) session. The overarching rule: the question had to be about Apple devices, and the question had to be something that could be asked and answered in three minutes or less.


Q: I have a new iPhone, and am having trouble moving photos from my old phone to my Mac to my new phone.

A: Once upon a time, you used iPhotos or iTunes or some combination of the two to move photos. Today, by far the best solution is to use iCloud. Every Apple ID account offers 5 gigabytes of space in iCloud for photos, messages, email, and documents. This is not enough for most people, so buy some more space (it is inexpensive, and you can do that through the iClouds pane in macOS System Preferences or through Settings > Apple ID (click on your name at the top) > iCloud > Manage Storage in iOS). This will allow you to move photos around between your iPhone, iPad, and Mac seamlessly, as long as you have an Internet connection.

Q: What do you think of the new Mac [introduced at the June World Wide Developers Conference].

A: The new Mac Pro coming out in Fall 2019 will have a minimum of 8 Xeon W core processors, 32 gigabytes of memory, and 256 gigabytes of solid state disk (SSD) storage. If this is too little, you can configure it with up to 28 Xeon W core processors, 1.5 terabytes of memory, and 4 terabytes of SSD storage. It will start at around $6000, The accompanying Apple Pro Display XDR for the machine (optional) will cost $5000 or $6000, not including the $1000 stand. One person mentioned that it justified getting a bumper sticker that said, “My other car is a Mac.” Highly configurable, very powerful, and not intended for the average user.

Q: I have not upgraded since Sierra; and am reluctant to upgrade. How vulnerable am I to security issues?

A: macOS Mojave, the current operating system, is faster and more secure on your existing hardware. It is like getting a rebuilt engine for an old car, for free, with new tires, airbags and seat belts. You may have to upgrade some software, but you gain a currently supported, secure operating system, much more capable of protecting your computer and your data.

Every time Apple patches their software, they release notes on what was patched and why. Hackers use these notes to discover and exploit weaknesses in machines that have not been patched so: upgrade your system, and stay current. Don’t delay.

Q: Do I need Flash?

A: Flash is a security vulnerability and Mojave tries to keep you from using this; it is not installed by default. Adobe stopped development of Flash in 2017, and will completely abandon it in 2020. If you use something that requires Flash, stop using it. Find an alternative.

Q: My computer is warning me that an application is not optimized for my system. What does that mean?

A: macOS is warning you that the application is not a 32-bit native application, and will not work with future versions of macOS. Apple, and Microsoft with Windows, is pushing 64-bit operating systems and applications as the standard, for security reasons. (iOS has been 64-bit only since iOS 11.) The next version of macOS, macOS Catalina, will not run 32-bit applications.

While some companies, chiefly game companies, have sent out messages warning users that their software will stop running if using macOS Catalina, the real problem is that the game companies aren’t upgrading to their software. If you really think life will end without some obsolete software package, buy a used Mac, put the game or other application on it, and don’t let that machine ever touch the Internet.

Think of that warning message as: “I am a piece of obsolete software on your computer. I’m making your computer vulnerable.”

Note that the move to 64-bit-only is not unique to macOS; iOS moved to 64-bit-only several years ago, and Windows 10 is now moving to 64-bit-only. Intego has a nice blog entry on why 64-bit is better.

Fire Fox, Chrome, Safari, Edge popular Web browsers; 2B androids in use but may not have working browser, 70-80 malicious software per device; iOS does not have malicious software because can upgrade devices; 1 Android (Pixel) gets Google updates but not many devices; may see warnings that an app not optimized for new OS; game manufactures warn if upgrade to OS Catalina games may not work anymore; 64bit processors since 2003/4; can move more data at one time so more efficient, better memory management; 32bit vulnerable to hacker code but 64bit makes memory not used as reserved so hackers cannot exploit; a 32bit OS is less secure; the programs will not run; if run without Internet can use older machines with older OS

Officers, equipment and funds

President Sabrina Davis gave a brief overview of some changes in Strait Macintosh User Group, starting with: equipment and funs.

Sabrina was elected President in October 2018, with Lawrence Charters elected Vice President. They presided over the December 2018 meeting, and had planned out a meeting for February 2019, which was canceled due to a major snow storm.

Sometime in March 2019, some former members discussed, via an email exchange, dissolving the group. As far as we know, none of these individuals attended the October or December meetings, or had standing as officers, but they decided Strait Macintosh User Group was no longer functioning, and gave the treasury (roughly $2,800) and all equipment to Shipley Center, in Sequim. They did this without the President or Vice President calling a meeting, or a vote of the membership attending a meeting. Shipley informed us the funds and equipment are not recoverable.

The June 2019 meeting was moved to the Library because, without funds, we could not pay the room rental at the previous location. One limitation: we can’t book a room more than three months in advance, and can’t guarantee a date. We also do not have control over the old web site or forum, so created this new site, https://straitmac.wordpress.com. For a list of the current officers, see https://straitmac.wordpress.com/contact/.

Restarting SMUG

Our membership list is three years old, and needs to be updated. If you receive a message from us, and don’t want to, please just use the contact page to request we stop. We will be sending out notices to our mailing list of meetings and any other interesting events, and a volunteer will also post announcements on NextDoor.

We will be hosting monthly meetings for a while, to regain momentum. The next meeting will be the third Tuesday in July, July 16, 2019, at 7 p.m., at at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. We can only reserve a room at the library a few months in advance; we can’t have a standing meeting for the entire year.

Several people were asked what do we do for money, since the treasury is empty. If we wish to have a custom domain for this website (straitmac.org or something that does not include “wordpress.com” in the name), and get rid of the advertising, we need $130-150 per year. If we wish to use another meeting space, and have a projector for presentations, we need considerably more. We will talk about options at future meetings.

Presentation: web browsers, continued

If it seems that much of the talk about web browsers involves security, there is a good reason: it does involve security.

The major current web browsers, in order, are Safari (on a billion and a half iOS devices, plus Macs), Chrome (on iOS devices, Android devices, Macs, and Windows), Firefox (on Macs, Windows, Linux, Android, and iOS devices), Microsoft Edge (on Windows and, now in beta, on Macs), and Internet Explorer (completely abandoned by Microsoft, but still used on almost a billion compromised machines).

HTTPS Everywhere, a free browser extension for Chrome (but not Safari) puts up a giant warning screen when you attempt to visit an insecure website.

Almost all Mac and iOS compromises involve something download over the web, so it is important to keep all your iOS and Mac devices running the current operating system and a current browser. If your device is too old to support a current operating system, don’t connect it to the Internet.

Your day-to-day account on your Mac should be a non-admin account. Why? An admin account can accidentally authorize a piece of malware to be installed by simply clicking an “OK” box in your browser. Non-admin accounts cannot install software and, therefore, are far more secure from accidental compromise.

The big reason over a billion Windows machines are infected with malware: they are running obsolete versions of Windows, and the user account is an admin account. In the U.S., the government is as guilty as this as anyone else; the U.S. Navy, for example, is still in the process of retiring thousands of machines running Windows XP and Windows 7, instead of the current Windows 10.

If you think you, the “average user,” are not vulnerable — you most definitely are a target, and are vulnerable. Thieves are attacking not only adults and teens, but even taking out credit and home loans in the names of one year olds, confident that it will be a decade or more before the child learns their credit has been ruined. Even if they scam you out of only a couple hundred dollars, this is still a tempting target for thieves, as they can attack hundreds or thousand of accounts a day.

Visiting straitmac.org with Safari is flagged as “Not secure.”

To protect yourself, avoid unencrypted sites. The old Strait Macintosh User Group Site, straitmac.org, is unencrypted. If you visit with Safari, Chrome or Microsoft Edge for Mac (now in beta), the location bar will flag the site as “Not Secure” because it does not have a valid security certificate. The SMUG Forum is also not encrypted, which means that user names and passwords entered on the site are sent in clear text and can be intercepted and exploited. This is, by the way, why you should use unique passwords for every account, as otherwise, all a hacker has to do is compromise one site and they can use that password on any and every site that you’ve reused that password.

Visiting straitmac.org with Chrome is flagged as “Not secure.”

To keep track of all the unique passwords, use a password vault, such as 1Password. The iPhone and the Mac versions of 1Password sync, allowing you to use 1Password on your iPhone when away from Mac. 1Password can do more than store passwords; you can also use it to store credit cards, your license plate number your VIN (Vehicle Identification Number), or anything else that is associated with you as an individual and is difficult to remember.

Someone asked if 1Password was different from Keychain, Apple’s built-in technology for storing and syncing passwords. The short answer is that they accomplish the same goals, but Keychain tends to confuse most users, whereas most users have no trouble at all properly using 1Password. Take Control Books, by the way, has electronic books on how to use 1Password, specifically, and how to manage Your Passwords, generally.

Visiting straitmac.org with Microsoft Edge for Macintosh (beta) is flagged as “Not Secure.”

straitmac.wordpress.com– shows a lock; secure site; has valid certificate from a 3rd party; has been audited; Browsers recognize this as a legitimate site; the machine has a valid certificate for the site so can encrypt the information exchanged; Chrome shows green icon if very secure e.g., banks; 

Safari, Chrome, and Firefox were briefly demonstrated, with brought up two interesting questions:

Why would you need more than one browser? The answer is: there are sites that might not work with Safari that will work with Chrome, or Firefox. Since the browsers are free, there is no “cost” to having all three. Another important consideration: Apple tends to update Safari, on the Mac and in iOS, with new operating system releases; Chrome checks to see if it needs to be updated every time it launches, and doesn’t bother to even ask you about updates. Firefox is somewhat in the middle; it checks every time, but asks you before updating.

The second question: is it possible for a site to be secure with one browser and not secure with another? The literal answer is: no. A properly secure site should be secure with all browsers, and if it is insecure with any browser it should be considered insecure with all. However, it is possible for a site to be secure and not work properly with a given browser. Again, this is a good reason to have Safari, Chrome and Firefox.

July meeting, third Tuesday, July 16, 7 p.m.

The July meeting topic will be an open-ended Q&A (Question and Answer) meeting. There are simple rules: the question must be about an Apple product, or something that runs on an Apple product, and the answer must be something that can be reasonably handled in a three to five minute answer. Questions do not need to be answered by a SMUG officer; if you know the answer to a question, feel free to chime right in.