First, let me preface this by saying “behave accordingly” doesn’t mean “eschew the cloud.” Networked, connected computing can give us far too many benefits to abandon as a concept. However, as is often the case, new paradigms mean new risks and new ways of protecting yourself.

Now, read this terrifying article. The subject of the hack is a tech journalists who should have known better, and could have ameliorated the damage done with some very simple steps. That he did not have backups of his primary machine is, frankly, mind boggling — especially when it was the only place his digital photos of his newborn daughter were stored. (Really? On a Mac, with Time Machine as an option? WTF?)

If you’ve read the whole thing, either now or before, you know the drill:

• Bad guys got his Amazon, Apple, GMail, and Twitter accounts easily because all were connected.
• They were particularly savvy at exploiting what amounts to an inadvertent security hole that exists only because of complementary policies at Apple and Amazon.
• They locked and remotely wiped his phone and laptop.

They did all this because they wanted his Twitter handle, no shit. What they could have done, but did not, was extend their nefariousness to his financial life; after all, they had full control of his email.

Hey Chief Heathen, What Should I Do?

Lots.

1. First and foremost, if you use Gmail, enable two-factor authentication on your Gmail account. This sounds complicated, but it’s really not. Basically, after you configure it, you can’t log into your Gmail account from a random, other computer without ALSO having access to your phone, because Google will insist on texting you a security code you must provide as part of the login process from a non-trusted computer. This makes compromising your email WAY harder. (This may sound familiar if you bank with Chase; they do something similar. If your bank doesn’t, find another bank.)

2. If you use a Mac, do NOT use “Find my Mac” until Apple secures it better. (Two-factor would make a big difference here.) This is not to say a stolen-laptop service like Prey isn’t a good idea; they are. It’s just that Apple’s combination of approach and (lack of) security here is what allowed the bad guys to remotely wipe the victim’s machine. Oops.

3. DO NOT USE THE SAME LOGIN AND PASSWORD ON ANY TWO ACCOUNTS ANYWHERE. Yeah, I know this sounds onerous. Trust me. It’s important. Using a good password assistant program, and it’s much easier. The nice ones include browser plug-ins that will fill logins for you, so you don’t even have to remember passwords anymore. I like 1Password which, as a bonus, has a simple password generator built in. It costs money, but is well worth it.

4. Finally: Backups, backups, backups. I’ve talked about this before, and my methods are still the same: Time Machine, Super Duper, CrashPlan, and Dropbox. Yes, all four. Trust me. I know things.

No, not yet.

Apple is widely believe to be preparing the next iPhone (and let’s be clear; they won’t call it the iPhone 5 — expect it to be “the New iPhone” just like the 3rd iteration of the iPad was simply “the new iPad”) for release very soon. While they’re notoriously tricksy and secretive, we can divine at least a little information from past behavior and market realities.

Above all, Apple is certain to want at least one if not more than one new product in hand going into the holiday quarter.

Second, we can look at the release dates and “life spans” of the prior iPhone versions:

Third, we can pay attention, just a little, to the rumors circulating now about a September release date.

Many times when we try to read the tea leaves, we get conflicting information.

This is not one of those times:

• To get product in the channel for Christmas, Apple needs to release the phone in September.
• The past release cycles strongly suggest Apple prefers to have a model be top dog for about year — n.b. that the 4S release date was basically acknowledged as a delay, and that Apple’s intent was probably to release the 4S in the summer as well. The 4S’ release date? Just about a year ago.
• Finally, actual rumors are circulating that also say “September.”

So, your iPhone is messing up? Battery life sucks? Screen broken? Tough it out. Mrs Heathen’s battery doesn’t last a whole day anymore, and my home button only works about half the time. But neither of us are at all interested in buying a 4S within 60 days of its replacement, and neither should you be.

No, not Mountain Lion, though that’s kinda important, too. (Official Heathen rec: As with all major upgrades, wait 3-6 months.)

I mean the all-important question of “what virtualization platform to use?” Since the Mac platform migrated to Intel chips, it’s been possible to run Windows in a window at near-native speeds — I do it all day, even running SQL Server and IIS locally, with completely acceptable performance.

Now, your needs probably aren’t my needs, but few are the Mac folks who don’t have at least one Windows holdout program they can’t quite get rid of. (For my mom, it’s Quicken, for example.)

Up to now, the go-to options for non-techie types were VMWare Fusion, from a company that made its name on server-side virtualization in high-availability environments, and something called Parallels (no link; keep reading for why) from a company that just does Mac desktop virtualization. For me, that choice has always been pretty simple: Go with the guys who do this for a living on lots of levels. They know more.

Historically, Parallels has performed pretty well, too, and in some areas was actually better than Fusion (mostly graphics, which doesn’t matter to me). I generally gave no recommendation to folks beyond “pick whichever of these is on sale.”

That’s no longer true. Parallels, apparently, actively spams its users with in-app advertisements and sales pitches, and makes it very difficult to turn this off, even to the point of deleting messages on their support forums sharing the command line (!) required to do so.

Their statement on the subject is a cornucopia of weasel-words and bullshit:

We use in-product notifications to share several types of information with our customers. First, and most importantly, we share information about product updates which are generally related to compatibility with OS X, new features and product enhancements. Second, we occasionally share special offers from Parallels or other third party companies who provide special deals for our customers. Many of our customers rely on the information about product updates and appreciate the special deals for products that are of interest to them.

Individual notifications can be turned off by clicking the “don’t show this again” button. However, because customers need to receive important product information, there is not a mechanism for customers to completely disable notifications.

This, of course, is a lie; there IS a terminal command you can issue to disable it. That line is:

defaults write com.parallels.Parallels\ Desktop ProductPromo.ForcePromoOff -bool YES

Parallels isn’t shareware or freeware. It costs real money — typically about the same as Fusion, which is nearly a hundred bucks. It’s absolutely inexcusable that they’re insisting on this spamming behavior, and doubling down by (first) lying about the fact that it CAN be disabled and (second) trying to keep people from discovering this truth.

Do not buy Parallels. Send your dollars to VMWare. They’ve had plenty of time to address this; it’s clear this behavior is deliberate, and that they have no intentions of changing. Vote with your money.

(h/t: Fireball.)