CloudPull 2.8

CloudPull 2.8 is now available. The focus of this modest update is compatibility with and support for El Capitan (OS X 10.11).

These are the changes:

  • CloudPull is now compiled using Xcode 7 against the OS X 10.11 (El Capitan) SDK.
  • When exporting or restoring a Google Drive file, CloudPull now sets the creation date and modification date of the file to that of the Google Drive item.
  • When saving a backup file that has a long file name, CloudPull now truncates the base name to 200 characters. Previous versions truncated the base name to 32 characters.
  • CloudPull now uses Apple's JSON parsing library instead of a third party JSON parsing library.
  • CloudPull now uses a newer version of the MailCore IMAP library for backing up Gmail.
  • When moving backups, CloudPull no longer cycles through backup files if the “Lock Backup Files” setting is off.
  • The web site is now served exclusively via HTTPS. All links in the app have been updated accordingly.
  • Some troubleshooting aids have been added to the Help menu.

CloudPull 2.8 Public Beta adds support for El Capitan

A public beta version of CloudPull 2.8 is now available. The primary goal of this update is to add support for OS X El Capitan. This update includes the following changes:

  • The update adds fixes to the Activity Window to avoid display bugs under OS X El Capitan.
  • The app now includes configuration changes required to communicate with Google APIs under App Transport Security in El Capitan.
  • The app is now compiled with Xcode 7 against the OS X 10.11 SDK.
  • When saving backup files that have long file names, CloudPull now truncates the base name to 200 characters. In previous versions it truncated the base name to 32 characters.

You can download this beta version here. There are some display quirks when this version is run under Mavericks (OS X 10.9). I recommend not running this beta version unless you are running Yosemite (OS X 10.10) or an El Capitan (OS X 10.11) beta release.

CloudPull 2.7.4 addresses an important security issue

CloudPull 2.7.4 is now available with these improvements:

  • In response to recent news of an OS X keychain vulnerability:
    • When adding or updating Google account credentials, CloudPull first deletes any pre-existing entries that might exist for that account in the keychain and then adds a new keychain entry. It never updates existing keychain entries.
    • The first time this version of CloudPull is run, it will delete its Google account credentials from the keychain and then add them again.
  • Fixed a bug displaying items that have an indeterminate last modified date.

In short, the keychain vulnerability referenced above is this:

  • Developer of Malicious App knows that Good App creates certain keychain items.
  • Before Good App is ever installed or running, Malicious App creates a keychain item with the expected service name and account name. Malicious App is code signed in such a way that its keychain items are available to both itself and to Good App.
  • Good App runs, and updates the keychain item with account credentials.
  • Malicious App now has access to these account credentials.

This is a significant vulnerability in the OS X keychain that I hope Apple addresses very soon. In the meantime, this improvement will help protect the secrecy of the credentials CloudPull uses to access your Google accounts. CloudPull does not store your account password at all, but it does use the keychain to store OAuth tokens that grant it access to your accounts.

For customers running CloudPull on Lion or Mountain Lion, the keychain improvements are also available in a version 2.5.7 update.

Marcato 1.2

Marcato 1.2 is now available in the App Store. This update adds these improvements:

  • Marcato browsers now support a full screen mode. As you scroll down a web page, the navigation bar and toolbar will slide away.
  • Marcato now supports a URL scheme. You can open a browser using the URL com.goldenhillsoftware.marcato:///browsers/[browser name], replacing [browser name] with the name of your browser.
  • The About screen now includes a Documentation area and an Acknowledgements area.
  • Marcato now allows the Initial URL and the Included Hosts settings for browsers created from templates to be modified by the user.

Marcato: Site-specific browsers for your iPhone

I am very excited to announce the release of Marcato. Marcato allows you to create site-specific browsers on your iPhone. Marcato maintains separate cookies, local storage, and cache for each browser. The browsers live within the Marcato app.

I created Marcato because I wanted a way to isolate my web browsing activity for certain sites. I use Facebook, but I prefer not to run the Facebook iPhone app and I prefer not to have my other web browsing activity tied to my Facebook account. I also try to avoid logging in to sensitive accounts from my primary browser, in order to avoid any potential cross-site request forgery attacks. I have been using Fluid on the Mac for years, and I wanted something similar for iOS.

You can buy Marcato in the App Store now for $4.99 (USD). If you would like to learn more about the app, please visit its product page and check out this video.