Correction on editing widgets on iOS (hint, unlock your iPhone). Kirschen Seah challenges us to write blog posts in honor of Ada Lovelace on Tuesday October 14th talking about a woman in the STEM field that you admire. Learn more at FindingAda.com. Sennheiser PMX 685I In-Ear Neckband Headphones are a winner at $50. How Facebook is ruining real life for me. In Chit Chat Across the Pond Bart gives us some really fun tips and tricks in Taming the Terminal Part 22 of n.
mp3 download
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday October 12, 2014 and this is show number 492.
I’m pretty darn excited about Lindsay getting married to a wonderful man named Nolan next Saturday. Why do you care about that though? Because that means you get a Bart-produced podcast next week! It doesn’t hurt my feelings at all how much you guys enjoy his shows and are glad to just get a break from me, it really doesn’t. We do need your help though, please send audio (and text) reviews to Bart so he doesn’t have to do so much work? You can email them to me at [email protected] or to Bart at [email protected] and of course there’s a link in the show notes directly to those email addresses in case you’re driving or afraid you’ll forget!
This week I had two appearances – I got to be on Daily Tech News Show again with Tom Merritt where we discussed the HP breakup at length. I created a blog post to highlight the episode so you don’t have to go digging around for it if you want to see it. I like how Tom’s shows are crisp and to the point, start on time and end on time.
I also had the pleasure of presenting to the Dallas Apple Corps on the subject of Digital Disaster – Life After Death. I didn’t fly to Dallas to do this, instead we did a Google Hangout on Air. It worked pretty well once we got the kinks worked out.
Interesting challenge in Hangout on Air. I can flip between video of me, video of a single application, or video of my entire desktop. If I flip to Keynote, and then go into slideshow mode, the audience for the Hangout see a black screen, not exactly ideal. I did a quick search of the Googles and found a post by Ronnie Bincer in Google Plus where he explained the workaround. He said to share the entire desktop and then go into slideshow mode in Keynote and the audience will be able to see the slideshow. Curious why it works but I was delighted to get that working.
The next challenge was that I like to see the audience because I love to be interrupted with questions. When Keynote kicks into slideshow, it makes the presentation full screen on one of my monitors and black on the other, which is SUPER helpful. Steve solved the problem by bringing me his Macbook Air with the event live (but muted) on screen. It worked really well. It’s a lot to juggle and remember to do so I’m telling you about it in case you ever need to do it, and I’m writing it down so I have a place to go look up the answer when I get lost the next time!
Edit Option for Widgets
Last week on the show, Rene Ritchie was telling me that I could add and modify widgets on my iPhone in iOS 8 by pulling down from the top of the screen and tapping on the Edit button. I told him I didn’t have an edit button, and even proved it to him by showing him my iPhone on our video chat. He was stumped and said he’d make it his top priority to find out why.
After we recorded, I decided to show Steve the problem and what do you know, I had an edit button. I was so glad that I had actually showed it to Rene so I had a witness that it was not there, but I was baffled why it showed up. Of course I tweeted about this mystery. Between my tweet and people hearing the show, Chris Morrison, Clive Hammett, Steve Mandala and Philip Richardson (and probably more) all wrote to me to tell me that I must have been on the Lock Screen the first time I tried to do it. Sure enough, I was able to replicate the behavior by locking and unlocking my screen. With the screen locked you do not get an edit button, Which makes perfect sense. Thanks to everyone who helped me solve this mystery!
Ada Lovelace from Kirschen
Tuesday October 14th – Ada Lovelace Day is an international celebration of the achievements of women in science, technology, engineering and maths (STEM). You’re encouraged to write a blog post about a woman or women in STEM whose achievements you admire. Help spread the word and learn more at FindingAda.com.
Blog Posts
Daily Tech News Show – Oct. 6, 2014
Digital Disaster – Life After Death – for Dallas Apple Corps
Great $50 Sports Headphones from Sennheiser
How Facebook is Ruining Real Life for Me
Clarify
Now that I’ve officially moved over to 1Password from LastPass I wanted to help others so I decided to make a Clarify tutorial on how to do it safely. One step of the migration bothered me. Step one is to export your most precious passwords to a text file…on your desktop unencrypted. Now I know you can delete it when you’re done, but if someone nefarious got hold of your Mac, it would be child’s play for a sophisticated hacker to get the data back. Not exactly what we’re looking for.
I had started making the tutorial and realized I needed a step before step 1 – to do as George from Tulsa taught us a long time ago, create an encrypted disk image using OSX’s built in Disk Utility. I had already used Clarify 2’s step numbering, so when I inserted a step ahead of step 1 all of the steps renumbered themselves perfectly. I wanted to make the tutorial is easier to follow. I used Clarify 2’s new feature that allows you to create sub steps. I was able to break the tutorial down into four major steps that made it seem much less daunting of a task to perform.
I’m not done with the tutorial yet, because Pat Putnam has discovered a slight inconsistency between how browsers handle saving files that I want to clear up before I publish. It will be easy to edit and modified the instructions after we figure this out, And then I can easily post the tutorial to the web.
If you haven’t upgraded to Clarify 2 yet, I think auto step numbering and substeps are two features that make it worth the money. Check out the free trial over at clarify-it.com and see for yourself.
Chit Chat Across the Pond – Time: 14:45
Security Light
Important Security Updates
- Apple patch Shell Shock on OS X (10.7, 10.8 & 10.9), but do not push the fix through software update, so if you want it, you have to install it manually – http://arstechnica.com/apple/2014/09/apple-patches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/
Important Security News
- US law enforcement lose their reason over iOS 8’s security improvements. There are a lot of very good articles explaining just how wrong-headed their responses are, but if you want to read just one, I recommend this one by Bruce Schneier: https://www.schneier.com/blog/archives/2014/10/iphone_encrypti_1.html
- EFF warn of malware being naively (kindest interpretation) being distributed and actively pushed at parents by US police departments – EFF say ComputerCOP is dangerous and puts users at greater risk online, and that the vendor has lied about endorsements from major federal agencies – https://www.eff.org/deeplinks/2014/09/computercop-dangerous-internet-safety-software-hundreds-police-agencies
- Apple’s iCloud 2FA went live on Friday – from now on many 3rd part apps will need app-specific passwords set if you have 2FA enabled – http://www.macobserver.com/tmo/article/apples-icloud-app-specific-password-requirement-starts-today (related – Apple’s 2FA FAQ: http://support.apple.com/kb/HT5570)
- Adobe Digital Editions e-reader found to be phoning home in plain text – Adobe have responded by outlining what they send back to their servers and why, and promised to add encryption to protect the data in transit –http://nakedsecurity.sophos.com/2014/10/09/adobe-will-update-e-reader-to-mop-up-clear-text-data-spillage/
- News of a new Apple virus ‘iWorm’ proves to be a storm in a teacup (that’s the nicest possible read, an alternative interpretation is that the world was played by a very media-savey AV vendor). There is basically no news here, just a mild curiosity in that the command and control mechanism was novel (using Reddit) – the ‘worm’ is actually just a trojan shipped in pirated software – http://www.macobserver.com/tmo/article/surprise-mac-iworm-spreads-through-pirated-apps (Apple have added it to XProtect – http://www.macobserver.com/tmo/article/apple-adds-iworm-to-xprotect-malware-definition-list-for-os-x)
- Another team of researchers release their findings on the so-called BadUSB bug, including proof of concept code. My suggestion, treat other people’s USB devices like you used to treat other people’s floppy disk – KEEP THEM OUT OF YOUR COMPUTER! – http://nakedsecurity.sophos.com/2014/10/06/badusb-now-with-do-it-yourself-instructions/
- A dangerous bug in iOS 7 highlights the importance of upgrading, and the dangers of staying behind – http://arstechnica.com/security/2014/09/cant-upgrade-to-ios-8-beware-bugs-in-the-system/
- Apple release iPhone Activation lock checker page – before you buy a second hand iPhone, CHECK IT HERE to be sure it’s not locked (presumably because it was stolen) – https://www.icloud.com/activationlock/
- Owners of older HP computers can expect to run into some issues should they need to restore their computers from the original media because HP accidentally signed malware, and now have to revoke one of their code signing certs – http://arstechnica.com/security/2014/10/hp-accidentally-signed-malware-will-revoke-certificate/
Noteable Breaches
- AT&T hit by insider breach, warning users to reset their passwords – http://nakedsecurity.sophos.com/2014/10/08/att-hit-by-insider-breach-change-your-passcode-it-warns/
- Dairy queen confirms breach in 395 stores – http://krebsonsecurity.com/2014/10/dairy-queen-confirms-breach-at-395-stores/
- JPMorgan Chase set new records for data breaches, losing personal data (but not passwords or social security numbers thank goodness) on 76 MILLION customers and 7 MILLION businesses – http://nakedsecurity.sophos.com/2014/10/03/jp-morgan-chase-confirms-breach-76-million-homes-and-7-million-businesses-affected/
Suggested Reading
- Facebook apologise for the negative effect their real-name policy had on the LGBT community, and promise to make it right – http://nakedsecurity.sophos.com/2014/10/03/facebook-apologizes-to-lgbt-community-over-real-name-policy-promises-change/
- The US FDA fail to lead, say that medical device security is Necessary, but optional (WTHuh???) – http://arstechnica.com/security/2014/10/fda-medical-device-cybersecurity-necessary-but-optional/
- Cloudflare give the world a nice wee present – free SSL for all! – http://arstechnica.com/information-technology/2014/09/cloudflare-gives-internet-a-present-free-no-hassle-universal-ssl/
- Windows gets it’s own command shell bug – not as serious as shell-shock, but a real concern on Windows file servers – http://thesecurityfactory.be/command-injection-windows.html
- Dubai police add facial recognition to Google Glass (why 2014 really is like 1984 in some places!) –http://nakedsecurity.sophos.com/2014/10/07/dubai-police-add-facial-recognition-to-google-glass/
- Researchers find that Apple’s MAC address randomisation leaves a lot to be desired (note there is no danger here, no vulnerability, just a lost opportunity to be MORE secure than other phones) – http://www.imore.com/closer-look-ios-8s-mac-randomization
- Good intentions do not necessarily lead to good laws – civil liberties advocates, book stores, and publishers band together to sue to stop poorly crafted anti-revengeporn laws in the US – http://nakedsecurity.sophos.com/2014/10/02/civil-liberties-advocates-bookstores-publishers-sue-to-stop-anti-revenge-porn-law/
- Facebook’s new Atlas ad platform will follow users around more of the web – http://nakedsecurity.sophos.com/2014/09/30/facebooks-new-atlas-ad-platform-will-follow-us-around-on-non-facebook-sites/
- Head of ‘StealthGenie’ mobile stalking app indicted for selling spyware – http://nakedsecurity.sophos.com/2014/10/01/head-of-stealthgenie-mobile-stalking-app-indicted-for-selling-spyware/
An important tip from TMO:
- set up your emergency medical ID on iOS 8 – it could save your life! – http://www.macobserver.com/tmo/article/ios-8-setting-up-your-medical-id
Main Topic – Taming the Terminal Part 22 of n – Time: 48:48
https://www.bartbusschots.ie/s/2014/10/10/taming-the-terminal-part-22-of-n-tips-tricks/
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.
You don’t really have to do the secure disk image for that. When you erase a file, you can Secure Erase it by using the “Secure Erase Trash” menu command. This causes the mac to overwrite the portion of the disk where the file was, making it beyond the reach of most criminals (I won’t say “impossible” since I don’t know what sort of tools/techniques that shadowy government agencies have)
Yes, leaving the file in an unencrypted state would make you vulnerable for the 2 minutes or however long you take in between exporting from LastPass and importing into 1Password. So if someone knocked you over the head with a crowbar and stole your computer as you were doing that procedure, your passwords would be lost. But even if you used a secure disk image, a thief could STILL knock you over the head while you were doing the LP->1P conversion, and he/she would still have your passwords, even with the secure disk image, unless the thief was stupid enough to shut your laptop lid or do something else to put the machine to sleep after nabbing it.