MacRumors Giveaway: Win a Canvas Smart Desk for iPad Pro From iSkelter
For this week’s giveaway, we’ve teamed up with iSkelter to offer MacRumors readers a chance to win one of four Canvas Smart Desks we’re giving away for Apple’s newest tablet, the iPad Pro. For those of you unfamiliar with iSkelter, it’s a company that hand makes wood desks, lap desks, stands, and other accessories for Apple products.
We’ve featured their products in the past, including the SlatePro Tech Desk, which is custom designed with built-in docks and cutouts to accommodate Apple devices. iSkelter’s newest product is a set of lap desks for the iPad Pro, the Canvas Creator and the Canvas Pro.
Both the Canvas Creator and the Canvas Pro have a felt-lined cutout that’s sized to the iPad Pro, but it will accommodate smaller devices. I have one of these on-hand and it’s usable with the iPad Pro and earlier iPads, but not the Retina MacBook Pro. Placed flat, the iPad Pro fits neatly into the Canvas Smart Desks, laying flat for sketching with the Apple Pencil, reading, or playing games.
Its sizing also accommodates the Apple Smart Keyboard, providing a stable, comfortable surface for typing when sitting on the couch or for watching videos with the iPad Pro propped up using the keyboard’s cover. For video watching, there’s also a cutout at the back of the Canvas where the iPad Pro can be positioned upright.
This cutout also accommodates other devices like an iPhone 6s or an iPad Air 2, so it’s a handy way to be able to do work on the iPad Pro while watching videos or browsing the web on a secondary iPad or iPhone, which is my preferred use case. I’ve been using it on the couch while watching television — I can draw or browse the web while still keeping an eye on Twitter and Slack on my iPhone.
Though made of wood, the Canvas is light weight, but given its large size, it’s not compact or particularly portable. It’s best for home use rather than travel. Along with the cutout for an additional device, there’s a slot specifically for the Apple Pencil on the Canvas Creator. On the Canvas Pro, there’s a cutout for an additional iPad, another cutout for an iPhone, and a space that can hold a cup or other accessory.
The extra space on the Canvas Pro is the main difference between the two lap desks – it’s a good bit larger than the Canvas Creator. iSkelter is selling its Canvas Smart Desks for $68 on its website, but four MacRumors readers can win one through our giveaway, with the option to choose either the smaller Canvas Creator with Apple Pencil cutout or the larger Canvas Pro with extra flat space.
To enter to win, use the Rafflecopter widget below and enter an email address. Email addresses will be used solely for contact purposes to reach the winner and send the prize.
You can earn additional entries by subscribing to our weekly newsletter, subscribing to our YouTube channel, following us on Twitter, or visiting the MacRumors Facebook page. Due to the complexities of international laws regarding giveaways, only U.S. residents who are 18 years of age or older are eligible to enter.
a Rafflecopter giveawayhttps://widget-prime.rafflecopter.com/launch.jsThe contest will run from today (December 18) at 10:00 a.m. Pacific Time through 10:00 a.m. Pacific Time on December 25. The winners will be chosen randomly on December 25 and will be contacted by email. The winners have 48 hours to respond and provide a shipping address before new winners are chosen. The prizes will be shipped to the winners for free.
Discuss this article in our forums
How to Use the App Store on Apple TV
The fourth-generation Apple TV has a lot of new features, one of them being the addition of the Apple TV App Store. On the surface, the App Store on Apple TV seems similar to that of the iOS or OS X version. There are, however, some aspects of the tvOS App Store that are are a little different and might need some explaining.
For example, some apps, like Lumino City, are available on iOS and Apple TV, while others such as Beat Sports are only available on Apple TV, and can therefore be a little harder to find. Apple has gradually been adding features such as categories to the Apple TV App Store, so things are definitely still a work in progress. We’ve got a few tips on how to navigate the App Store, and maybe even discover new apps worth downloading.
App Discovery
Probably the most frustrating aspect of the Apple TV App Store is finding cool new content. Since the Apple TV’s debuted, Apple has added Top Charts and Categories, which have greatly improved our ability to discover content.
Top Charts shows the top 50 – 75 (or so) paid, free, and grossing apps. Currently there is no way to filter the lists by category. However, with more content being added daily, it is likely that Apple will at some point add category filter options so we can search for, say, Top Paid Games or Top Free Entertainment apps.
When you visit the Categories section, you’ll be able to select from a few major classifications, like Games, Education, Entertainment, Sports, and more. Within a category, you’ll see a list of spotlighted apps, like “What to Play” or “What to Watch,” plus a few more lists. The category sections are somewhat limited right now.
One glaring omission from Apple’s app discovery mechanic is the “Customers Also Bought” section. Hopefully, Apple will implement this in a future update, when more content becomes available.
Facebook accuses bug hunter of unethical behavior
A security researcher who uncovered a major Instagram hole has gotten into a tiff with Facebook and opened up a can of worms about the boundaries of “bug bounty” programs. Wesley Wineberg is a well-known bug hunter, having received $24,000 from Microsoft for stopping a nasty Outlook worm. He then turned to Instagram (via Facebook’s bug bounty program), after receiving a tip about a potential vulnerability on an exposed Amazon server. After confirming the bug, he decided to dig a bit deeper, and that’s where things went wrong.
Wineberg eventually struck gold via a hole that could allow hackers to run code remotely, and submitted a ticket to the bug bounty team. Probing further, he managed to crack some weak employee passwords, including “changeme” and “instagram,” and submitted another report. Using that info, he obtained a key that allowed him to access server files.
To demonstrate the extent of the vulnerability, he downloaded several “buckets” of non-user data from Instagram’s Amazon servers. The data, he discovered, gave him access to source code and secret authentication codes — the so-called keys to the kingdom. “To say that I had gained access to basically all of Instagram’s secret key material would probably be a fair statement,” he said in a blog post. Furthermore, he told Forbes he had access to the servers for over a month before the bug was patched. “My concern is that someone else has gained access to [the data]. What are the chances someone else has found this?”
To say that I had gained access to basically all of Instagram’s secret key material would probably be a fair statement
Having paid Wineberg $2,500 for discovering the earlier bug, Facebook was far from grateful for the escalation, however. It declined to pay him for the later bug submissions, saying he had violated the terms of its bug bounty program. In a Facebook post, CSO Alex Stamos wrote that, “intentional exfiltration of data is not authorized by our bug bounty program, is not useful in understanding and addressing the core issue, and was not ethical behavior by Wes.” (Facebook added that “this bug has been fixed, the affected keys have been rotated, and we have no evidence that Wes or anybody else accessed any user data.”)
Stamos went on to accuse Wineberg of being ungrateful for the initial reward, expressed surprise that he planned to write about it, and most severely, contacted his employer, Synack. “It was reasonable to believe that Wes was operating on behalf Synack … [because] he has interacted with us using a synack.com email address and he has written blog posts that are used by Synack for marketing purposes,” Stamos said. (Wineberg says all his correspondence with Facebook was via his personal email until after Facebook contacted Synack.)
We couldn’t allow Wes to set a precedent that anybody can exfiltrate unnecessary amounts of data and call it a part of legitimate bug research.
According to Stamos’ article, he told Synack’s CEO that “we couldn’t allow Wes to set a precedent that anybody can exfiltrate unnecessary amounts of data and call it a part of legitimate bug research, and that I wanted to keep this out of the hands of the lawyers on both sides.” He added that he didn’t threaten legal action or ask for Wineberg to be fired, but “I did say that Wes’s behavior reflected poorly on him and Synack.”
For his part, Wineberg said that he was acting on his own behalf and that Synack, which employs him on a contract-only basis, had approved his private bug bounty work. He believed that Facebook’s terms-of-service for its white hat bounty program didn’t specifically exclude his actions, and that some companies, like Tumblr, are more likely to pay for bugs if researchers dig deeper to show “impact.” On the other hand, Microsoft, for one, doesn’t want companies to move beyond the basic proof-of-concept, but spells that out clearly in its rules.
In his blog, Wineberg provided a transcript of his email conversations with Facebook, which differ from Facebook’s account — he asked for permission to write about the bugs and didn’t complain about the payout, for instance. He added that “without contacting me at all, Facebook had gone directly for my employer … if the company was not as understanding of security research, I could have easily lost my job over this.” While he agreed that Facebook didn’t threaten legal action directly, he called Facebook’s mention of lawyers “intimidation.”
Facebook CSO Alex Stamos at Web Summit
Facebook’s Stamos — who has a sterling reputation as a pioneer in the security community — says he’s “proud that we run one of the most successful bug bounty programs” and that Facebook has paid out over $4.3 million so far. According to Forbes, he previously tweeted that “I will never spend budget on a security vendor who threatens researchers.” He admitted that “I don’t think we triaged the reports on this issue quickly enough,” and said “we will also look at making our policies more explicit and will be working to make sure we are clearer about what we consider ethical behavior.”
Many Reddit commenters said that Wineberg overstepped his bounds, since weak employee passwords are not code bugs and a lack of clear rules doesn’t give researchers carte blanche to hack sites. Furthermore, many security researchers believe that actually dumping data, even if it’s not sensitive user data, is a huge no-no.
However, others think that Wineberg was right to highlight the potential severity of the hole and that Stamos’ response was overly harsh. AVG security specialist Tony Anscombe told Engadget that his company also runs a bug bounty program with similar rules to Facebook. “If somebody came to us and said, ‘I found something outside the scope of [your rules],’ would we get upset? As long as they’ve done it in a responsible fashion, by disclosing it to us and not publishing the vulnerability, then of course we would talk to them. And I’d like to think we’d be friendly with them.” He added that the bounty programs are there for a reason. “They’re there to protect end-users.”
Via: Forbes
Source: Wesley Wineberg, Alex Stamos (Facebook)
The best pico projector
By Chris Heinonen
This post was done in partnership with The Wirecutter, a buyer’s guide to the best technology. Read the full article here.
After 45 hours of research and hands-on testing with five models, we found the best pico projector is the AAXA P300. It’s bright enough for both dark rooms and those with some light, and it’s easier to position for a large image than its competitors. Plus, it has better contrast ratios, more inputs than other models, and an optional battery for use on the go. Other models might be more portable, but they won’t be as useful as the AAXA P300.
Who this is for
The AAXA P300 is small, making it easy to display content on a wall anywhere.
If you need to be able to show something to a group of people—or to host an impromptu movie night inside—a pico projector makes displaying content on a wall, anywhere, easy. If you own a pico projector but it isn’t bright enough or isn’t battery-powered, upgrading to our pick makes sense. If you have a projector but it’s too large to easily carry around, one of our alternate picks might make the most sense. Overall, a pico projector won’t replace a TV or a full-size projector, but it will work well for occasional use.
How we tested
Our tested models (clockwise from upper left): Brookstone Pocket Projector, LG PH300, Asus S1, AAXA P300, and ZTE Spro 2.
We evaluated each projector in the test group both objectively and subjectively. We took objective measurements using SpectraCal’s CalMAN software with a DVDO AVLab TPG test-pattern generator, an i1Pro 2 spectrophotometer, and a Klein K10-A colorimeter. Subjectively, we watched Blu-ray content and presentations (the latter using a MacBook as the source). We also tested with lights on and lights off, as a pico projector is more likely to be used with the lights on than a traditional projector.
Using an HDMI splitter, we could view the same content on two projectors side by side, an arrangement that allowed us to notice differences in brightness, color, image size, and overall quality more easily. When possible we made the image size the same, although with variable throw distances—and no zoom to make up for this fact—such an adjustment was often impossible due to space issues.
Our pick
The AAXA P300 is very bright with a good selection of inputs, and it can sit closer to the wall than other models.
With both movies and presentations, the AAXA P300 pico projector stood out from the competition, providing a very bright image from a short throw distance. It has the inputs you need, plus a speaker, a tripod mount, and a remote control, and an optional battery is available.
The AAXA P300 was the brightest of the projectors we tested. The manufacturer claims 400 lumens, but in our testing we measured 240 lumens (it’s common for the claimed brightness and the measured result to be different). This was still bright enough for us to project a 50-inch image with the lights on or off and have no trouble seeing it.
Contrast ratios determine how much pop an image has and are the detail your eye picks up on the most. The AAXA P300 has a very decent 813:1 contrast ratio, a figure almost four times higher than that of the LG PH300—combined with the bright image, the impressive contrast ratio helps the AAXA model truly stand apart from the other projectors in our test group. Plus, the AAXA P300 had one of the shortest throw distances of the projectors we tested, and unlike most pico projectors, it includes a remote.
Runner-up
The LG PH300 isn’t as bright as the AAXA P300, and it offers a worse contrast ratio, but it has more accurate colors, an integrated TV tuner, and longer battery life.
If you want a quieter pick or better color, the LG PH300 is the way to go. We measured it at 151 lumens, so it isn’t as bright as the AAXA model, and it has a longer throw distance, so the AAXA’s image will be notably larger from the same distance: From 5 feet away, the LG gives you only a 42-inch image while the AAXA produces a 58-inch image from the same location. However, the LG’s image is more accurate, with a neutral gray and colors that aren’t as saturated.
An ultraportable pick
The ASUS S1 is incredibly small and portable.
If you need the absolute smallest pico projector to carry around for business, the ASUS S1 is a good choice. It packs only 90 lumens, but it is much smaller than the AAXA or the LG, and it comes with a carrying case that shields it from damage while it’s sitting in your bag. Plus, its built-in battery can deliver up to three hours of use. It has a very similar throw ratio to that of the AAXA, so it produces a similarly large image from the same distance, but that image is not nearly as bright: In our tests, though it projected a 62-inch image from 5 feet away, the result was noticeably washed out, and text was somewhat difficult to read. The ASUS model is small enough for you to carry it around in your bag all the time without noticing it too much—something we can’t say about the AAXA or the LG—but you’ll want to use it with the lights at least dimmed due to its lower light output.
Wrapping up
After 45 hours of research and hands-on testing, we found the AAXA P300 is the best pico projector for most people. It’s bright enough for both dark rooms and those with some light, it’s easier to position for a large image than competitors, and it offers a better contrast ratio. If you want a quieter unit with better color (but less brightness), the LG PH300 is our runner-up. If you need a portable pick for business travel, the ASUS S1 is the way to go.
This guide may have been updated by The Wirecutter. To see the current recommendation, please go here.
Microsoft delays Windows 10 Mobile upgrade for older Lumias
If you’ve been itching to try Windows 10 Mobile on your Windows Phone 8.1 device, we’ve got some bad news. Microsoft says older Lumias won’t be upgraded until “early 2016,” which is a slight delay from the “December” timeline it had offered before. For the time being, that means the only way to try the new OS is to buy the Lumia 950 or the 950 XL, the former of which received a lukewarm review from our own Chris Velazco.
Microsoft hasn’t explained the reasons behind the postponement, although we suspect it’s to give its new software some much-needed polish. While testing the Lumia 950, we noticed a number of bugs and performance hiccups that could and should be ironed out. Windows 10 is an important play for Microsoft — it’s now or never if the company wants to gain some mobile market share — and the first step is to get longtime Windows Phone users on side. That first impression is going to count.
In a statement to ZDNet, a Microsoft spokesperson said:
“This November we introduced Windows 10 to phones including brand new features such as Continuum and Universal Windows Apps with the introduction of the Lumia 950 and 950 XL. The Windows 10 Mobile upgrade will begin rolling out early next year to select existing Windows 8 and 8.1 phones.”
It’s also unclear exactly which devices will be eligible for the upgrade next year. Microsoft has confirmed that handsets will need at least 8GB of internal storage, but that’s about it. The launch and support for older hardware has been a far cry from the desktop version of Windows 10, which is an indication perhaps of where Microsoft’s priorities lie.
Source: ZDNet
Humans are smart because we sleep weird
A new study claims to have learned one of the reasons that humans were able to rapidly evolve beyond rival primates, and it’s all down to our weird sleeping patterns. Researchers at Duke University, as reported by the New York Times, believe that our seven-hours-of-straight-shut-eye sleep cycle is something of an aberration. By comparison, chimpanzees enjoy 11.5 hours of rest, but our shorter run enabled us to get a much deeper, more dream-filled snooze. Humans, it seems, have above-average quantities of REM sleep, enabling us to slice valuable hours off the amount of time we’re laid up.
The study claims that one of the causes for this process was humans descent from the trees to laying on the floor. The contention being that you can relax a lot more if you’re not subconsciously worrying about rolling in the middle of the night and landing several feet further down. The team discovered this by watching apes sleep at the Indianapolis Zoo using night-vision cameras to track how much REM sleep orangutans got.
Instead of fussing over finding the strongest tree branch for the night, humans slept on the floor for far shorter, but higher-quality periods of time. This enabled them to have periods of extra time — several more hours each day — that could be dedicated to brain-developing activities. As the Times says, the study raises a few extra questions, since other mammals have higher periods of REM sleep than humans, like the platypus. Maybe it won’t be long before we’re all cowering at fear at a group of super-smart platypuses that have worked out that they should be beating us into second place.
Via: NYT
Source: Duke University, Evolutionary Anthropology
Budget bill heads to President Obama’s desk with CISA intact
Earlier today, the US House of Representatives passed a 2,000-page omnibus budget bill that contains the entirety of the controversial Cybersecurity Information Sharing Act. Just moments ago, the Senate passed it too. Now the bill is on its way to President Barack Obama’s desk, where he has the option to veto it… except he almost certainly won’t. The gargantuan document lays out a $1.15 trillion spending plan that has received solid (if not unanimous) support from both sides of the aisle and should prevent a government shutdown like the one we saw in 2013. But at what cost?
In a nutshell, CISA was meant to allow companies to share information on cyber attacks — including data from private citizens — with other companies and the Department of Homeland Security. Once DHS had all the pertinent details, they could be passed along to the FBI and NSA for further investigation and, potentially, legal action. The thing is, critics saw the bill as way for government agencies to more easily keep tabs on Americans without their knowledge. CISA was derided by privacy advocates and tech titans alike, with companies like Amazon, Apple, Dropbox, Google, Facebook and Symantec (to name just a few) issued statements against an earlier version of the bill.
By sticking CISA into such a huge omnibus bill, there’s basically no way it won’t become law. And if anything, the version of CISA that was quietly slipped into this budget plays with privacy even faster and looser than the original. For one, a previously held prohibition against sharing information with the NSA has been removed, meaning America’s best surveillance agency can receive pertinent data without it being handled by Homeland Security first. More importantly, the provision that required personal information to be scrubbed from cybersecurity reports also seems to have gone missing, leaving that task up to the discretion of which ever agency gets their hands on it. While the federal government has been trying to toughen its stance on cybersecurity in the wake of massive hacks on the Office of Personnel Management and Sony, we wound up with an even more effete version of a questionable plan that will soon become law.
Source: The Hill
Take a VR tour of the White House’s Christmas splendor
Think your Christmas decorations are impressive this year? Think again. Google has released a 360-degree video of the White House today which shows off some of its most impressive Christmas trees and ornaments. The tour winds through a number of lavish rooms and corridors, including the East Colonnade, the East Garden Room and the White House Library, as well as the Vermeil Room and the China Room. It only lasts for five minutes, but during that time you can look around or simply kick back and listen to the narrator explain every bauble and tinsel-covered branch.
The experience was captured using one of Google’s Jump rigs, which consists of 16 camera modules in a circular formation. The contraption was co-designed by GoPro, and costs a steep $15,000 — although for that price, you also get access to Google’s “assembler” software, which stitches together the different video feeds into one seamless 360-degree video.
You can take the White House tour by popping your Android phone into a Google Cardboard, or by simply playing the video on YouTube and panning around with your iPhone or iPad. Google says it’s also made a Google Expedition version so that teachers can guide Cardboard-equipped groups around the building, highlighting points of interest along the way.
[Image Credit: AP Photo/Carolyn Kaster]
Bernie Sanders’ campaign punished for accessing Clinton data
Bernie Sanders‘ National Data Director has been fired amid accusations from the Democratic National Committee that he viewed confidential voter information collected by the Hillary Clinton campaign. The DNC maintains a master list of likely Democratic voters and rents this out to campaigns, which then add their own, confidential data. Firewalls are in place to protect campaigns from viewing rival information, though the Sanders staff says a glitch on Wednesday allowed it to access Clinton’s data. Sanders Campaign Manager Jeff Weaver blamed the DNC’s software vendor, NGP VAN, for allowing the breach, The Washington Post reports.
Security of customers’ data is our top priority. On Wednesday, voter file users experienced a brief, isolated issue. (1/2)
— NGP VAN (@NGPVAN) December 18, 2015
The Sanders campaign held a live press conference about the breach on Friday morning. Weaver argued against the DNC’s decision to block its access to the master list, calling it “sabotage.” He said the campaign will be in federal court later on Friday if it isn’t re-granted access to the data. Weaver called for an independent audit of the DNC’s actions in this case.
“We are running a clean campaign,” Weaver said.
In a blog post, NGP VAN described the Wednesday incident as follows:
“On Wednesday morning, there was a release of VAN code. Unfortunately, it contained a bug. For a brief window, the voter data that is always searchable across campaigns in VoteBuilder included client scores it should not have, on a specific part of the VAN system. So for voters that a user already had access to, that user was able to search by and view (but not export or save or act on) some attributes that came from another campaign.”
NGP VAN determined that only the Sanders campaign had potentially accessed confidential data. The DNC suspended Sanders’ access to the master list, pending an investigation.
Sanders’ National Data Director Josh Uretsky took responsibility for accessing Clinton’s information and was promptly fired, though he says his intentions were exploratory, not predatory.
“We knew there was a security breach in the data, and we were just trying to understand it and what was happening,” Uretsky told CNN on Friday. He continued, “We investigated it for a short period of time to see the scope of the Sanders campaign’s exposure and then the breach was shut down presumably by the vendor. We did not gain any material benefit.”
Uretsky said he was testing the breach, seeing how deep it went and if Sanders’ confidential data were similarly accessible by outside parties. He was about to call the DNC to tell them about the incident, but the DNC called him first, he said.
“This wasn’t the first time we identified a bad breach,” Uretsky told CNN. The Sanders campaign reported a similar breach in October.
Campaign Manager Weaver echoed that sentiment to The Washington Post, saying, “Sadly, the DNC is relying on an incompetent vendor who on more than one occasion has dropped the firewall between the various Democratic candidates’ data.”
DNC spokesman Luis Miranda responded with a statement to The Washington Post.
“The DNC places a high priority on maintaining the security of our system and protecting the data on it,” Miranda said. “We are working with our campaigns and the vendor to have full clarity on the extent of the breach, ensure that this isolated incident does not happen again, and to enable our campaigns to continue engaging voters on the issues that matter most to them and their families.”
[Image credit: Flickr/Phil Roeder]
Via: Reuters
Source: Washington Post
Target working on its own mobile payment system, report says
Initial reports are saying that Target is looking at developing its own mobile payment system similar to that of Android Pay and Samsung Pay. More and more companies are wanting to take tap into the success of these payment systems, with LG and JPMorgan Chase looking at making their own individual mobile payments systems as well.
The report from Reuters says:
“The fourth-largest U.S. retailer has not committed to launch the product, which would allow customers to pay for goods using an app on their mobile phones. The mobile wallet could launch as early as next year, but it is too early to predict, two of the sources said.”
Walmart recently launched its own mobile payment system, which could be encouraging Target to offer their own in order to stay competitive. There’s no telling how Target’s mobile payment system will work at this point, but there’ll no doubt be integration with the retailer’s Red credit and debit cards.
While the Reuters report says Target could launch its mobile wallet app as early as next year, the publication cites sources saying that it hasn’t been tested at any retail locations yet.
source: Reuters
Come comment on this article: Target working on its own mobile payment system, report says
AIVAnet 