#535 TripMode to Control Data Usage, Apple Photos After the Honeymoon, Apple Watch is a Necessity, CableJive Dock Adapters, Latest Vulnerabilities, Intro to JSON

Yet again I delve into why my family chews up so much data when on travel and I take a first look at the $7 menubar app TripMode from tripmode.ch to limit and measure my data usage. I give you some thoughts about Apple Photos now that the honeymoon is over, and it’s not all happy happy joy joy. A lot of people say we don’t NEED smart watches but I had an example where the Apple Watch really saved me. Donald Burr goes crazy about two dock adapters from CableJive: Compact dock adapter and Dock adapter with 2 foot cord. In Chit Chat Across the Pond Bart takes us through all of the crazy security news from BlackHat and Defcon this week and tells us whether to light our hair on fire, and then he gives us a short and sweet explanation of what JSON is and what we might want to do with it. Here’s a link to Bart’s blog post.


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday August 9, 2015 and this is show number 535.

I think Allister did a fantastic job with the show last week, didn’t you? I especially loved his snarky little comment of, “if you’re waiting for Allison to talk about Apple Music you’ll be waiting for a long time”! Nick Riley did a great job on his review of Cheap Imposter, and what a great voice. I sure hope he does some more reviews for us. I really enjoyed the conversation with Myke about the evolution of his network. To be honest, I thought I’d just not been paying attention because I hadn’t heard of relay.fm till just a little while ago so it was a relief to hear that it only started a couple of years ago. I also realized that I’ve been on relay.fm because Clockwise is on that network.

The one thing I think about a lot is why the networks exist and what’s the benefit of being a member of them. I guess when they get established as a source for good shows, you get a halo effect across the shows. I know David Sparks said that the Mac Power Users podcast went up 10X in listeners when they joined 5×5. It’s also probably easier on the podcasters to not have to do all the mechanics behind the scenes to run the show. I know it’s good for advertising deals too. For me though, after working for 35 years for the man, I’m really happy to always be able to do whatever I want on my show. 10X the listeners would be cool, but I wouldn’t want to lose any freedom to talk about whatever I want. Hope you guys are cool with that.

It was so nice to have a week off thanks to Allister. I know I don’t have a day job any more but I do put a fair amount of effort into the show and it was delightful to feel no obligation at all for a full week. When I got home on Sunday I even washed all of the downstairs windows because I had the time. I’m back in the saddle and well rested so let’s dig in.

Blog Posts

Can TripMode Demystify My Massive Network Data Usage?

Apple Photos Now That the Honeymoon is Over

When Apple Watch IS a Necessity

Donald on CableJive Lightning Dock Adapters

The problem to be solved

  • I like docks
    • Direct audio connection, no chance of weird glitches/dropouts as you sometimes get with Bluetooth and WiFi
    • As Star Trek TNG taught us, we are after all “ugly giant bags of mostly water” – very good at absorbing radio signals
    • I also like to charge my phone while I play podcasts (and yes, music too)
  • But I also use a case
    • In my case it’s plastered with pictures of my favorite anime characters (who all happen to be cute girls, don’t judge)
    • But maybe you have a case with your favorite movie/TV stars on it, or a really cool art print or something, or you’re a klutz and/or work in hazardous environments, and need one of those armor cases (like LifeProof or Otterbox)
  • This is a problem, because in most cases, docks and cases just don’t work together
    • The case makes the phone not fit in the dock, because they’re engineered to too tight a tolerance

The solution – the CableJive Lightning Dock Adapters

  • Compact dock adapter, $18.95 on Amazon
  • Dock adapter with 2 foot cord, $25.95 on Amazon
  • Very simple really. It has a female Lightning connector on one end, and a male Lightning connector on the other.
  • It’s available in two versions, one that’s all in one integrated piece, and another where the two ends are separated by a 2 foot cable. (This is significant, you’ll see why in a bit.)
  • This is an officially licensed MFi product, meaning that it fully supports the Lightning protocols, including audio passthrough and charging, and you DON’T get the “this accessory is not made for iPhone” message!
  • he part that plugs into the phone is especially slender, which allows it to securely plug in even through a case

The Pros

  • It works perfectly! Lets me play music using a variety of docks (i’ve tried ones from JBL, Bose and Sony) and it charges my phone too (if the dock itself supports charging.)

The Cons

  • It may not necessarily fit your case
    • It will *probably* work, but there are literally thousands of case designs out there, and some of them may not be made to the same mechanical tolerances, so you never know
    • Suggest you buy from a place like Amazon that has a good return policy, just in case
  • It also may not necessarily work with your dock
    • In particular, if your dock is custom molded so that the iPhone fits right into it, the added height that the dock adapter adds will most likely result in your phone not fitting
    • This is why they make a version of the dock adapter with a little 2 ft cable between the two ends. True, it’s not as convenient or as pretty, but it will still allow you to use your phone with your dock
  • These cons aren’t specifically directed against the CableJive dock adapter in particular – there is no way to physically fit the circuitry needed to handle Lightning without taking up a little space

The verdict

  • These things work as advertised, and the price is really quite reasonable. If you’ve been looking for a way to use a dock while your phone is in a case, here it is

Be sure and check out otakunopodcast.com if you’re at all curious about Japanese animation (anime), comics (manga), food, travel, culture, etc.

Clarify

When I was doing my discovery on where all my data ran off to, I of course went over to my tutorials and looked up the checklist I did on this with Katie Floyd. I realized that the tutorial probably needed some dusting off so I opened up Evernote where all of my Clarify documents are dutifully stored. I was able to create new numbered sections to the tutorial to add in Photos along with my previous instructions about halting photostream on Aperture and iPhoto, add in some new services to disable and then republish my document to my blog. To be honest I had a few glitches in the process so it didn’t go as smoothly as it should have. I was able to find the help documentation online at clarify-it.com’s support pages, but I wasn’t able to save the document back to Evernote for some reason.

I’ve dropped a note over to [email protected] about the problem and I know that they will get back to me really quickly on a solution. In my experience, about 75-80% of the time it’s something dumb I did, and the rest of the time it’s something broken on their end. The good news is that they always find a resolution to my problems if they persist. I think it’s good if I tell you that the software isn’t perfect, because you would never believe me if I pretended otherwise, right? It’s awesome to have great software but EVERY application has problems from time to time so it’s important to know that the staff supporting the tool will get back to you quickly with real solutions. I get emails all the time from folks telling me how they got great support from the Clarify folks so it’s not JUST because I advertise for them!

If you’d like an easy way to create beautiful tutorials like my Checklist to Limit Data Use on Travel and get great support in using the tool, head on over to clarify-it.com and check out their free trial for Windows and Mac.

Chit Chat Across the Pond

Pre-amble:

Allison – remember to ask Bart if it isn’t already obvious:

in this article: http://www.msn.com/en-us/news/itinsider/a-massive-security-bug-lets-criminals-hack-iphones/ar-BBlrGOy?ocid=spartanntp they talk about an exploit for the iPhone but it seems to me that you would have to jail break the iPhone to side load an app in order to be vulnerable. Yes?

Bart’s Answer: This is just a silly re-hash of some stories from ages ago – this is Apple’s system for corporations to write their own apps being abused, and you will always know this is happening because you’ll need to accept a custom provisioning profile to make the app go – SAY NO!

Security Medium 1 – Stagefright

Nearly a billion Android devices can be taken over simply by sending them a maliciously crafted MMS message. The vulnerability exists in the code the processes the message on receipt, not the code that displays the messages, so you don’t even have to open the message to get owned – once your phone receives it, you’ve had it.

The bug is in an OS library called ‘stage fright’, hence the name of the bug.

Google have released a patch, but because there are two middle-men between Google and most Android users, many users will simply never get it, particularly those with older phones.

Some positive fallout form this is that Google and Samsung have announced they will start doing monthly security updates, but, that still leaves the carriers in the way, and helps no one who’s android phone is not from Samsung.

Some people may get patches, many won’t be able to. Bottom line – Android security is a complete and utter mess. When the design is as nutty as squirrel poo, you can’t fix it without starting over from scratch.

The only practical advice I can think of is to ask your carrier to disable MMS on your account so your phone cannot receive MMS messages.

Links:

Security Medium 2 – Thunderstrike Returns

Security researchers have released an updated variant of the Thunderstrike vulnerability that was released, and patched, earlier this year.

This new variant is a little more powerful in that it is conceivably possible to pull the exploit off remotely:

1) a remote attacker hacks a mac through an un-related security vulnerability OR tricks a user into installing malware (Thunderstrike 2 CANNOT get in un-aided)

2) once infected with malware, a victim then plugs in a specfic kind of thunderbolt devices (one with a so-called Options ROM), e.g. an Apple Ethernet adaptor, and the malware then infects that thunderbolt device.

3) the infected device is then plugged into another computer, and infects it

4) the newly infected computer infects all compatible thunderbolt devices plugged into it, and in theory the whole infection spreads like wild fire

There is no reason to set your hair on fire though:

1) you need to get malware onto your machine before it can be infected with this

2) the researchers disclosed it to Apple responsibly, so this is not in the wild (at least not as far as we know, and not yet)

The best practical advice for now is simply not to let strangers plug things into your Mac, and frankly, that’s ALWAYS good advice!!!

Links:

Security Medium 3 – OS X Zero-day (DYLD_PRINT_TO_FILE)

A privilege escalation bug has been found in OS X 10.10 Yosemite. The bug is in a new OS feature, so it does not affect older versions of OS X. The bug has also been patched in betas of 10.11 El Capitan, so Apple clearly knew about it.

The bug is sophmoric in nature – an Apple engineer added a new feature without putting any of the text-book safety checks in place, so, it is possible for any code on OS X to edit any file on the system as root. This makes it possible to give an user password-less sudo access by using the bug to edit the sudoers file.

Some media outlets are reporting that Apple will include a fix for this in the up-coming 10.10.5 release of Yosemite (I haven’t seen official confirmation of this from Apple, though it does make a lot of sense, since they have the fix in the 10.11 betas already).

While this is obviously not good, it is not time to set your hair on fire yet because this is a privilege escalation bug, so, it can only be used by software already installed on your system, so, either malware has to make it’s way in through a totally un-related vulnerability, or, you have to install the malware onto your own computer yourself.

Links:

Security Light

Important Security Updates:

Important Security News:

Suggested Reading:

Main Topic – Learning JSON

My original plan for this CCATP was to walk people through using the new hsxkpasswd command line password generator. The command line tool is included in the latest release of the Crypt::HSXKPasswd perl module, and that module has now been uploaded to CPAN, so, in theory, it should be as easy to install as:

sudo cpan Crypt::HSXKPasswd

(those who have one of the betas manually installed should delete it first: https://www.bartbusschots.ie/s/2015/08/08/uninstalling-a-crypthsxkpasswd-beta/)

But – there has been a LOT of security news, and, I only uploaded the module to CPAN on the day of our recording, and CPAN’s index hasn’t updated yet, so, I can’t be sure the module is working through CPAN yet, so it probably makes sense to wait until the next CCATP before describing how to use the tool.

The command line tool’s (totally optional) advanced features make heavy use of JSON, so, I figured it would make sense to use the remainder of this segment to teach people JSON, as a foundation for the next episode.

https://www.bartbusschots.ie/s/2015/08/08/json-a-quick-intro/

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

4 thoughts on “#535 TripMode to Control Data Usage, Apple Photos After the Honeymoon, Apple Watch is a Necessity, CableJive Dock Adapters, Latest Vulnerabilities, Intro to JSON

  1. Donald Burr - August 10, 2015

    Minor nit re the Stagefright vulnerability: since Android 4.0 (Ice Cream Sandwich) Android devices have Address Space Layout Randomization (ASLR) which means that, although the devices would be vulnerable to Stagefright, it would be very difficult to fully exploit and weaponize it. So basically AT THIS MOMENT the worst an attacker using Stagefright could do would be make your phone crash or freeze up. Also you don’t need to disable MMS, you just need to disable the automatic downloading/processing of MMS messages, which you can do in many Android messaging applications (for example, in Hangouts, which is now the default SMS/MMS app, tap Menu (hamburger button) -> Settings -> SMS, and UNcheck “Auto Retrieve MMS.”

  2. George - August 10, 2015

    Stagefright

    Two simple solutions.

    Easiest. Install the FREE and excellent TEXTRA messenging App and set it as default. Not it arrives with SF blocked.

    Do it yourself. Turn off auto-retrieve of SMS.

  3. Donald Burr - August 10, 2015

    @George – yes, thank you for reminding me, I had forgotten that Textra recently released an update that protects against Stagefright.

  4. switcherMark - August 11, 2015

    I was happy to hear your review of TripMode. This seems like a great tool for me, but I have a different use case. At our vacation home we have “high speed” DSL Internet. I use quotes, b/c it is terribly slow DSL that at times comes to a dial-up-like crawl. One solution to make the experience tolerable is to shut down all applications that might be trying to hog my precious bandwidth. As you noted, that can be easier said then done. TripMode sounds like the perfect app to make sure I’m limiting network use to only those applications that I want to be running. Well worth the $8 to try and squeeze out a few more drops of bandwidth.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top