Ken Segall:

Recently, Apple hired Tor Myhren as VP of Marketing Communications. He comes from Grey, where he was the global chief creative officer and president of the NY office.

To borrow some new Star Wars terminology, he’s a big deal in advertising.

On the surface, Tor’s hiring is what it is. But if you look a bit deeper, there are all sorts of juicy implications.

To better appreciate, one must first understand how Apple’s marketing has worked in the past, Steve Jobs-style.

I’ve been following this behind the scenes story for a few years now. The most interesting aspect of this, besides the fact that a world-class ad agency guy would go “behind the wall” to work internally is Segall’s statement that Myhren will be reporting directly to Cook and not Schiller. We’ll see the fruits of this hire inside six months.

A solid walkthrough of your options, worth reading now (while you still know your password), then tucking away for later (when you forget your password).

This was fun to play with.

Rene Ritchie walks through a variety of iOS security settings, shedding light on the recommended balance between security and convenience. Definitely worth reading.

Brian Krebs, the name behind Krebs on Security, on his PayPal account getting hacked on Christmas Eve:

On Christmas Eve morning, I received an email from PayPal stating that an email address had been added to my account. I immediately logged into my account from a pristine computer, changed the password, switched my email address back to to the primary contact address, and deleted the rogue email account.

I then called PayPal and asked how the perpetrator had gotten in, and was there anything else they could do to prevent this from happening again? The customer service person at PayPal said the attacker had simply logged in with my username and password, and that I had done everything I could in response to the attack. The representative assured me they would monitor the account for suspicious activity, and that I should rest easy.

Twenty minutes later I was outside exercising in the unseasonably warm weather when I stopped briefly to check email again: Sure enough, the very same rogue email address had been added back to my account. But by the time I got back home to a computer, my email address had been removed and my password had been changed. So much for PayPal’s supposed “monitoring;” the company couldn’t even spot the same fraudulent email address when it was added a second time.

And:

I asked the PayPal supervisor why the company couldn’t simply verify my identity by sending a text message to my phone, or a special signal to a PayPal mobile app? After all, PayPal has had the same mobile number of mine on file for years (the attacker also deleted that number from my profile as well). The supervisor explained that the company didn’t have any mobile authentication technologies, and that in order to regain access to the funds in my account I had to send the company a photocopied or scanned copy of my driver’s license.

Nevermind that it was PayPal’s lack of any modern authentication methods that led to this mess. Also, let’s forget for the moment that there are a half-dozen services online that let customers create fake but realistic looking scans of all types of documents, including utility bills, passports, driver’s licenses, bank statements, etc. This is the ultimate and most sophisticated customer authentication system that PayPal has: Send us a copy of your driver’s license.

The way I read this, your PayPal account is eminently hackable, PayPal does not offer the kind of two factor authentication that allows you to require a text to your device, or the ability to limit transactions to specific blessed devices.

If you use PayPal, read the whole post. Know your risks.

[H/T John Kordyback]

Update 2: Here is a statement given to us tonight by PayPal:

“The safety and security of our customers’ accounts, data and money is PayPal’s highest priority. Due to our privacy policies that protect our customers, PayPal does not publicly disclose details about our customers’ accounts or their specific cases. However, it appears that our standard procedures were not followed in this case. While the funds remained secure, we are sorry that this unacceptable situation arose and we are reviewing the matter in order to prevent it from happening again.”

UPDATE: For folks who point out PayPal’s ability to send you a text with a one-time password, Krebs replies in this comment:

I had two-step authentication (PayPal security key fob) enabled, and the attacker got past that. I don’t know if PayPal simply didn’t require it when the password was reset, but the point is that two-factor is kind of useless when someone can just call in and reset your password verbally by answering a couple of out-of-wallet questions.

The vulnerability here is one of social engineering. Seems to me, PayPal needs to make a policy change.

From Ford’s press release:

Ford is expanding its SYNC® connectivity system, adding Apple CarPlay, Android Auto™, 4G LTE and several new AppLink™ apps to help millions of consumers stay connected behind the wheel and even when they are away from their cars.

And:

Starting this year, owners of SYNC 3-equipped vehicles will have more choice in how they access their smartphones in the car. iPhone users can activate Apple CarPlay, and Android users can activate Android Auto, two interfaces built specifically for those types of smartphones.

In addition, new SYNC Connect technology powered by 4G LTE gives owners the ability to remotely access features of their car. Owners can program a remote start, unlock doors, check fuel level or locate a parked vehicle via their smartphone.

In North America, Ford is making Apple CarPlay and Android Auto available on all 2017 vehicles equipped with SYNC 3, starting with the all-new Ford Escape. Owners of 2016 vehicles equipped with SYNC 3 will have an opportunity to upgrade later in the year.

It’s not clear if there is an upgrade path for pre-2016 models.

Last week, Apple added a new section to its web site, appropriate to the new year, entitled Start Something New. This campaign is a revamped version of a similarly named campaign they ran a year ago.

If you get the chance, visit the site on your Mac (see TRIGGER WARNING below). In OS X, the site tracks your mouse movement to navigate a large array of artwork, using acceleration triggered by your mouse speed. Click one of the images to go to a sub-site custom built for that image.

TRIGGER WARNING: If you are susceptible to motion issues, stick to the iOS version of the site. Someone at Apple should look into this ASAP. [H/T Kirk McElhearn and Craig Grannell]

CNN put together a gallery of photos of Steve Jobs with celebrities, foreign leaders, and fans. Even after all this time, it was rough watching his vitality slip away in those last few pictures.

As a reminder, tonight at 9p ET, you can watch Steve Jobs: The Man in the Machine on CNN.

Thanks to Carbon Copy Cloner for sponsoring The Loop this week. What’s your plan when your Mac’s hard drive dies? Plan ahead and get back to work in minutes with a Carbon Copy Cloner bootable backup. CCC—the app that saves your bacon.

Jim’s Note: I’ve used this app for many years. I trust and love it.

CNN:

Oscar winner Alex Gibney’s feature-length Jobs documentary, Steve Jobs: The Man in the Machine, debuts this Sunday on CNN at 9pm ET.

Because of his previous work, I was looking forward to this documentary from Gibney. Sadly, in my opinion, this wasn’t nearly as good as his earlier films.

This is a pretty cool hack: A real Instructables project, built using modern components.

Here’s a high-res image of the watch and another showing the side with the floppy drive/disk (a repackaged micro-SD card).

Here’s a link to a fantastic interview with the creator (the interview starts at about 16:50 in).

It’s worth scrolling down on the main Apple II Watch Instructables page to read the comments. At one point, Woz jumps in.

Finally, below is a short video (too short, really) that shows the Apple II Watch in action.

Apple may offer higher-than-16/44 and/or lossless music downloads at some point, but it would be neither a scam nor an indicator that they believe in audiophile pseudoscience — it would simply be a response to strong demand from a very profitable market. And as long as Apple’s not serving their demands, they risk losing them to competing ecosystems.

Agreed. Also, If people care about the quality of their music, they should also invest in quality headphones. I use Ear Monitors from Future Sonics.

One thing I’ve learned over the years is preparing a session for your mix is very important. It lays out a clear foundation for what you want to do and puts everything in its proper place. You don’t have to follow these tips exactly, but rather use them, and others, to come up with your own plan.

This spring, with the iPhone 6 selling like hotcakes and the stock trading above $124, Ahmad raised his target (to $85) but not his rating. “We sense,” he wrote, “that the company is over-earning, over-loved and, in our view, the stock should be ‘over-and-out’ soon.”

I truly hate seeing people lose their job, but I am glad to see that there are consequences for analysts that don’t seem to know what they’re talking about.

In court papers filed on Wednesday, Apple Inc (AAPL.O) said Samsung Electronics Co Ltd (005930.KS) owes nearly $180 million in supplemental damages and interest.

These further damages relate to five Samsung devices that infringed Apple’s patents and were sold after a 2012 jury verdict finding Samsung liable in the dispute.

Good. Those thieves should pay every penny.

What’s your plan when your Mac’s hard drive dies? Plan ahead and get back to work in minutes with a Carbon Copy Cloner bootable backup. CCC—the app that saves your bacon.

Jim’s Note: I’ve used this app for many years. I trust and love it.

Thanks to Hullo for sponsoring The Loop this week. A buckwheat pillow is kind of like a beanbag for your head. The hull fill provides unique support that’s superior to soft traditional pillow types. Hullo’s features include:

• Quality construction & organic materials.
• Breathable fill that provides cool comfort all night long. No more flipping to the cool side in the middle of the night!
• American-made craftsmanship.
• Free shipping.
• 60-night money-back guarantee.

Drop what you’re doing—go and check out Hullo. Try it for 60 nights. If it’s not your favorite pillow, send it back to us for a refund.

Mental Floss:

In 1917, Bostonians reacted to an unprecedented tragedy in Halifax with an outpouring of support and resources. Nearly a century later, Nova Scotians haven’t forgotten.

On December 6, 1917, a French ship named the Mont-Blanc was passing through Halifax Harbor, making its way from New York to France. The ship was carrying a staggering load of munitions: 2300 tons of pyric acid, 35 tons of benzene, and 200 tons of dynamite. If you think this sounds like an accident waiting to happen, you’re absolutely right. At 8:45 a.m., the Mont-Blanc collided with a Norwegian cargo ship called the Imo. At first, the French ship simply caught fire, inspiring thousands of people to gather into the harbor to watch.

Then, at 9:04 a.m., it exploded—and the impact was devastating.

As a native Haligonian, We all know the story of this tragedy but few outside the region know of the amazing kindness of the people of Boston. I’ve always wanted to go to the Boston Commons Christmas Tree Lighting Ceremony to pay my respects the people of that great city.

Digg:

In America, not many people know much about Boxing Day, besides that it’s the day after Christmas1. In the United Kingdom — and many former colonies of England — Boxing Day, December 26, is a national holiday, yet its origins are still highly debated. Here’s what we know.

For me as a kid in Nova Scotia, Christmas Day was for family and visiting them. Boxing Day was the day you went to friends’ homes.

David Goldman, writing for CNN:

60 years ago, a local Sears (SHLD) store in Colorado Springs ran a dial Santa ad. Except the number was a misprint. Instead of listing the number for Sears’ Santa hotline, it posted the number for the Continental Air Defense Command center.

On Christmas Eve 1955, Colonel Harry Shoup began receiving calls from kids asking to speak with Santa Claus. Shoup worked at the operations department for the air defense center, now known as NORAD, so the call must have come as a bit of a surprise.

Instead of telling the kids that they dialed the wrong number, Shoup said that he wasn’t Santa Claus but he could track him on radar. All night, Shoup and his team fielded calls, giving kids details about Santa’s location as he and his reindeer flew through the sky to deliver gifts to children.

A tradition was born.

UPDATE: Or, if you prefer, you can go with this version [H/T Tuxbeej]

This has been around a while, but seems appropriate for this time of year.

Type in your address, watch the snow fall on your house. An odd perspective, since the view is from inside your house but the view is from the front of your house, but pretty cool nonetheless.

Pete Souza:

Throughout the year, I post photographs of my White House work on a regular basis to my Instagram, @PeteSouza. Many followers have inquired about whether a certain photograph is taken with an iPhone or DSLR (digital single lens reflex camera). In choosing the photographs for my year on Instagram, I decided to select only iPhone photographs that were captured in the square format on an iPhone. For many purists, the square format was the original inspiration for Instagram. And I certainly admire those that continue to post only square photos taken with a smart phone.

I love these iPhone shots because it shows that, in the right lighting conditions, the iPhone can take shots every bit as good as a professional’s DSLR. It’s not the camera that is important. It’s the photographer and their view of the world.

Macstories:

Screenshot apps tend to fall into one of two categories: managers and editors. On iOS, screenshot management apps dominate, likely because until Apple added a ‘Screenshots’ album to the Photos app with iOS 9, there was no good way to separate screenshots from snapshots of family and friends. On the Mac there are fewer apps, but their feature sets tend to be deeper.

This article casts a broad net to provide an overview of the top screenshot apps on iOS and Mac and help you find the apps that meet your specific needs.

This is a wonderful ridiculously long list of a number of screenshot methods and apps. You’re sure to find one that does just what you need.

Petapixel:

If you’re a Mac user and are annoyed that OS X automatically launches Apple Photos every time you connect a device or insert a memory card, there’s good news for you: you can disable the program from launching for all devices with a single command.

I find this change by Apple really annoying in particular because, every time you format your memory card (which I do often), OS X/Photos (an app I’m never going to use but can’t delete – thanks Apple!), forgets and treats it like a new device. So being able to kill this activity using a Terminal command is a Godsend.

From The Beatles’ official site:

LISTEN TO THEIR MUSIC THE MINUTE CHRISTMAS EVE ARRIVES.

On December 24 at 12:01am local time — here, there and everywhere — The Beatles’ music is available for streaming worldwide via the following nine services:

Apple Music | Deezer | Google Play | Microsoft Groove | Amazon Prime | Rhapsody | Spotify | Slacker | Tidal

The Beatles streaming will be LIVE at 00:01 AM YOUR TIME and you can track its progress around the world, from east to west, on the globe here at thebeatles.com.

HAPPY CRIMBLE, WITH LOVE FROM US TO YOU.

By my calculations, that should be tonight (the evening of December 23rd), starting just after midnight, your local time. Which means the streaming has started for some of you.

Here’s the link to the Apple Music Beatles stream.. In my neck of the woods, the link currently takes you to The Beatles’ iTunes page.

Happy Crimble, everyone.

Universal Audio are simply the best audio plug-ins on the market. They remain true to the analog versions, while giving you the flexibility to make the best music possible. This is all I use.

NSNorth is more than a tech-talk focussed event. It is designed to inspire you to learn something new amongst an encouraging and aspiration-driven group of friends.

I’ve heard great things about this conference. It takes place April 28-30, 2016.

Drum Werks IX is a powerful collection of slow and mid-tempo rock drum loops. A hard rocking addition to Beta Monkey’s versatile Drum Werks line of drum loops and samples, Drum Werks IX offers nearly 600 acoustic drum loops and samples in comprehensive Groove Sets™, from moody 60 BPM vibes through power rock stomping at 90 BPM.

I love Beta Monkey drum loops. They are played by real drummers and recorded in a studio, so your songs sound like your played with a real drummer—because they are. I’ve been buying loops from Beta Monkey for years.

This is kind of cool. You come across a video you want to watch and you bookmark it to Zinc using a Safari extension. You can then bring it up on your Apple TV or other device to watch it later.