#537 Engadget Live, Dual Band Routers, HooToo TripMate TM05, HSXkpasswd Via the Terminal

Engadget Live video interviews: Engadget Live – Setrakian’s Art of Robotics, Engadget Live – Eclipse VR Game, Engadget Live – Ario Healthy Lamp, and Engadget Live – Lenovo. 2.4 & 5GHz Dual-Band Routers – Should You Give the Bands the Same Name? Why I Will Always Buy from OWC. Router, Access Point, Firewall, Media Server, Battery – All in One with HooToo Tripmate Titan TM05 for $60 at Amazon. In Chit Chat Across the Pond Bart goes through a GIGANTIC amount of Security Lite, and then teases us with some easy ways of running his awesome password creation tool HSXkpasswd from the terminal.

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday August 23, 2015 and this is show number 537.

Engadget Live

This week Steve and I went to a “little” event called Engadget Live in downtown LA. Think CES but instead of 12,483 booths covering 126 square miles, it’s one room with maybe a dozen booths. I applied for press entrance for us so we got to go in an hour before the general public so we got to have full access to the vendors before the crush of humanity came in. We only did four interviews but they were super fun. Instead of including the audio for these four into the podcast I’m going to link to the videos Steve created and let you watch or listen off line if you’re interested. Let me know if you like this better than the way we generally do it, where they’re included in the show.

First we interviewed Mark Setrakian who started out at UCLA in what I think was mechanical engineering but then he slid sideways into designing monsters and in his latest work has designed this super creepy art project he calls the Art of Robotics. They are mechanized robotic hands with creepy monster claws that slowly rotate a globe in space, and you have to see it to appreciate how mesmerizing it is. He also tries to convince me that there IS an A in STEM.

Engadget Live – Setrakian’s Art of Robotics

Next we got to play a virtual reality game that’s still in its infancy. The game is called Eclipse from White Elk Studios. It’s a first-person exploration game developed by the former God of War team. I loved talking to Jonathan Hawkins because he didn’t mock us at all for not knowing how to use Playstation controls while wearing an Oculus Rift headset. They built into the game a feature for newbs like us – if you need to push something on the controls, you can look down and see virtual hands holding a virtual controller with the right button highlighted. Experienced gamers will never notice this so it doesn’t get in their way. Both Steve and I found the game to be incredibly immersive and the very smooth frame rate made it not very urpy (maybe a LITTLE bit urpy but not bad). We were entirely sucked in by this game. We missed it in the interview but after we talked to him he explained that Eclipse will be a PC game but he was running it off of a MacBook Pro with an external specialized graphics card connected via Thunderbolt and in a home-built enclosure. Pretty cool stuff.

Engadget Live – Eclipse VR Game

In probably the most entertaining demo at Engadget Live, we saw the Ario Healthy lamp which automatically adjusts light color and direction to support your body’s circadian rhythm. The reason it was entertaining was be cause when we first arrived at the Ario booth, Brian Hoskins the business guy was trying to figure out how to fix the lamp because it got damaged in shipping. Steve did a Macgyver and fixed it using a piece of foil to bypass the blown soldered-in fuse, and then taped a broken toothpick across it to hold it tight. In the video you’ll see that the light is blinking but later we saw it had stabilized so that Brian could do good demos for everyone else.

Engadget Live – Ario Healthy Lamp

And finally we got to play with two interesting Lenovo tablets, the 8″ Yoga Tablet 2 with Windows and the 13.3″ Yoga Tablet 2 Pro running Android. The Tablet 2 uses “AnyPen” technology that supports the use of any metallic object as a stylus, including a graphite pencil or even a fork, which was my favorite part of the demo. The Tablet 2 Pro has a projector built into the base of the tablet that can project up to a 50″ 16×9 image which looked pretty cool.

Engadget Live – Lenovo

Many thanks to Steve for cranking these videos out this weekend so you could enjoy them all at once!

Blog Posts

2.4 & 5GHz Dual-Band Routers – Should You Give the Bands the Same Name?

Why I Will Always Buy from OWC

Router, Access Point, Firewall, Media Server & Battery – HooToo Tripmate Titan TM05

Clarify

In working on my network settings playing around with switching my Airport Extreme to go from a combined to separated band network, it occurred to me that my friend Diane might be able to isolate a problem in her network if she knew she could separate her networks. I whipped open Clarify, flipped through the settings in the AirPort Utility and hit command-shift-2 on each window as I went through the necessary screens, which automatically plopped screenshots into an open Clarify document. After that it was only a matter of dropping in some arrows and boxes to highlight what she needed to click, and then adding some text to go with each step to explain why she would want to choose these options. Boom, full on tutorial for her to test at her leisure, guaranteed to minimize the amount of time I’ll have to invest explaining the steps for her. I haven’t posted it yet, but I’ll definitely hit the little Share to WordPress button so if anyone else is wondering how to do it they might find it under Tutorials on Podfeet.com.

If you help other people, on Mac or Windows or both, get yourself a free 14 day trial of Clarify from clarify-it.com and when you’re ready to buy (because you know you will) be sure to tell them Allison sent you!

Chit Chat Across the Pond

Security Light

So last time I grumbled that there were 50 stories in my Instapaper folder for Security Lite – the news Gods were obviously displeased – I had 62 this time 🙁

Updates from Last time:

• The OwnStar attack we talked about last time has been patched in the OnStar app, but, some car makers (BMW, Mercedes & Chrysler) have custom versions of the app, so now it’s their apps that are vulnerable – http://arstechnica.com/security/2015/08/simple-wi-fi-attack-grabs-bmw-mercedes-and-chrysler-cars-virtual-keys/
• A bug has been found in Google’s patch for the StageFright bug, so even those few Android users who were patched, are now vulnerable again – http://arstechnica.com/security/2015/08/android-security-on-the-ropes-with-one-two-punch-from-researchers/

Important Security Updates:

• Patch Tuesday has been and gone with updates to Flash & Windows – http://krebsonsecurity.com/2015/08/adobe-ms-push-patches-oracle-drops-drama/
• RELATED – the Windows fixes include one for a bug being actively exploited that uses booby trapped USB sticks to spread – http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/
• Microsoft issues emergency patch for IE – http://arstechnica.com/security/2015/08/microsoft-issues-emergency-patch-for-critical-ie-bug-under-active-exploit/
• Office 2011 for Mac gets a security patch – http://www.intego.com/mac-security-blog/microsoft-office-for-mac-2011-14-5-4-update-patches-multiple-security-flaws/
• Google patch their Google Admin app to fix a critical bug – https://nakedsecurity.sophos.com/2015/08/18/google-android-admin-security-hole-time-to-patch/
• Mozilla release security updates for FireFox – https://www.us-cert.gov/ncas/current-activity/2015/08/11/Mozilla-Releases-Security-Updates-Firefox-Firefox-ESR-and-Firefox
• MANY patches from Apple:
• OS X 10.10.5 & Security Update 2015-006 – https://support.apple.com/en-gb/HT205031
• iOS 8.4.1 – https://support.apple.com/kb/HT205030
• Safari – https://support.apple.com/kb/HT205033
• QuickTime – https://support.apple.com/en-us/HT205046

Important Security News:

• The day after Apple patch OS X, a young security researcher publishes sample exploit code against a new vulnerability in OS X (what ever the opposite of responsible disclosure is, this is that). Like the recently patched DYLIB bug, this is a privilege escalation bug, so it does not allow hackers or malware in, but does allow any malware that gets in to do more damage – http://www.macobserver.com/tmo/article/new-os-x-security-flaw-detailed-on-the-internet-instead-of-going-to-apple
• Windows 10 uses your upstream bandwidth to peer-to-peer updates to other Windows users, and makes it REALLY hard to turn off by effectively hiding the setting (Editorial by Bart: this ‘free’ versions of Windows is turning out to be a pretty evil versions of Windows – since MS don’t sell hardware, they have to make money from their OS, so Windows 10 users not seem to be a resource to be tapped, and a product to be sold) – http://www.howtogeek.com/224981/how-to-stop-windows-10-from-uploading-updates-to-other-pcs-over-the-internet/
• Windows 10 comes under fire from privacy advocates – even when you un-check all the checkboxes MS give you to control what Windows 10 does on the internet, Windows 10 still communicates with MS servers, and uses a unique ID for each computer that survives reboots (Editorial from Bart: contrast that to OS X which does not send searches to the web when you turn the feature off, and even when you leave it on, uses a temporary random ID that changes every 15 mins to avoid tracking) – http://arstechnica.co.uk/information-technology/2015/08/even-when-told-not-to-windows-10-just-cant-stop-talking-to-microsoft/
• Another flash-based malvertising campaign attacked visitors to major sites like weather.com and thedrudgereport.com this month – http://arstechnica.com/security/2015/08/my-browser-visited-drudgereport-and-all-i-got-was-this-lousy-malware/
• RELATED: Starting form September, Amazon will no longer accept flash ads – http://www.macobserver.com/tmo/article/flash-gets-another-death-sentence-this-time-from-amazon
• Jeb Bush comes out against encryption (editorial by Bart: and sounds about as well informed, intelligent, and coherent as his presidential brother while doing so) – https://nakedsecurity.sophos.com/2015/08/20/jeb-bush-encryption-makes-it-too-hard-to-catch-evildoers/
• Research finds that Android lock screen patterns are surprisingly predictable – http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/
• Spotify get in hot water over changes to their privacy policy (Editorial by Bart: the clarification from the CEO is actually very reassuring, and thanks to iOS’s built-in privacy protections, iPhone users don’t have to take Spotify’s word for any of this – if you say no, iOS will simply not let Spotify near your location data, photos, or contacts. Android’s new privacy approach in their latest OS will hopefully slowly bring the same protection to Android users) – http://www.macobserver.com/tmo/article/spotify-just-learned-the-hard-way-about-customer-trust
• According to the US IRS, 330K taxpayers hit by the so-called ‘get transcript’ scam – http://krebsonsecurity.com/2015/08/irs-330k-taxpayers-hit-by-get-transcript-scam/
• More bad news for car owners – security researchers finally release a paper that VW sued to suppress for 2 years – the crypto in their immobilisers is weak, and this affects big brands including Volkswagen, Audi, Fiat, Honda, Volvo, and even luxury brands like Porsche, Bentley & Lamborghini. Because the problem is in hardware within the keys, all cars would need to be re-keyed to fix this – http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/
• RELATED – a security vulnerability in a telematics dongle issued by some French insurance companies to offer pay-per-mile-style insurance is vulnerable to remove hacking via SMS message, allowing attackers to tamper with just about everything on the CAN bus, including the brakes! (editorial from Bart: the CAN bus is so insecure-by-design that is simply cannot be safely connected to the internet – the auto industry needs to put this 20 year old tech out to pasture, and replace it with something designed to be internet connected ASAP – if they had understood security, they would have done this BEFORE they connected their cars to the internet) – http://arstechnica.com/cars/2015/08/hack-of-telematics-device-lets-attackers-mess-with-cars-brakes/
• Lenovo used a little-known Windows 8 & 10 feature to inject apps into Windows from a computer’s firmware (editorial by Bart: what idiot in Microsoft thought that this was a good idea? I mean what could possibly go wrong?) to install insecure crapware on the computers the sold (more editorial by Bart: this is AFTER super fish remember, I will NEVER buy from this company, I cannot possibly trust them) – if you have a Lenovo computer, you need to follow the instructions linked in the article to secure your computer – http://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/
• The ‘right to be forgotten’ rathole gets deeper – Google now ordered to delist links to news stories about it delisting a link (editorial by Bart: the only way this mess has a hope of getting fixed is if European ministers get together and write clear legislation on this – court judgements are much harder to interpret than laws, this needs to move into the realm of law ASAP IMO) – https://nakedsecurity.sophos.com/2015/08/21/google-ordered-to-remove-links-to-right-to-be-forgotten-removal-stories/
• Did you buy MacKeeper? do you feel you were ripped off? Now you can get some of your money back – http://www.macobserver.com/tmo/article/think-mackeeper-screwed-you-theres-a-settlement-for-that

Noteable Breaches:

• The Ashley Madison breach goes from bad to terrible:
• Two massive batches of data released – https://nakedsecurity.sophos.com/2015/08/21/ashley-madison-hackers-keep-on-going-post-even-bigger-trove-of-data/
• The data contained in the breach is worse than many feared – http://arstechnica.com/security/2015/08/ashley-madison-hack-is-not-only-real-its-worse-than-we-thought/
• The data is blackmail heaven, and contains details for hundreds of US government employees – http://arstechnica.com/security/2015/08/ap-ashley-madison-subscribers-included-hundreds-of-government-employees/
• Inevitably, the extortion has begun – http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-users/
• Mumsnet hacked – change your password – https://nakedsecurity.sophos.com/2015/08/19/mumsnet-ddosed-swatted-hacked-oh-and-change-your-password-too/

Suggested Reading:

• A very thoughtful piece from Marco Arment on the ethics of ad blocking – http://www.marco.org/2015/08/11/ad-blocking-ethics
• An interesting piece from Brian Krebs outlining how many gangs are turning away from risky drug dealing, and moving to the equally lucrative, but much less risk, area of identity theft – http://krebsonsecurity.com/2015/08/street-gangs-tax-fraud-and-drop-hoes/
• FCC fines conference opperator $750,000 for disabling wifi hotspots and making attendees buy expensive wifi access – https://nakedsecurity.sophos.com/2015/08/19/fcc-fines-company-750000-for-disabling-conference-hotspots/
• NSA preparing for a quantum-computing future – http://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/
• Google’s cloud service is not as resilient as you might like to think, some Belgian lightning loses some data (a tiny percentage, but still) – https://nakedsecurity.sophos.com/2015/08/21/google-customers-lose-data-after-lightning-strikes/
• A scary reminder about the importance of security for your privacy – https://nakedsecurity.sophos.com/2015/08/14/webcam-spy-sends-couple-photos-of-previous-nights-netflix-snuggle-session/
• Development on Mozilla’s Tracking protection feature continues – they are now looking for beta testers – https://nakedsecurity.sophos.com/2015/08/19/mozilla-wants-you-to-beta-test-this-firefox-privacy-enhancement/
• Oracle do themselves no favours when their chief security officer tells customers to stop testing their stuff for security bugs, because that is against their license – http://arstechnica.com/information-technology/2015/08/oracle-security-chief-to-customers-stop-checking-our-code-for-vulnerabilities/
• NSA playset – open source tools mimicking some of what we now know the NSA has at its disposal – http://arstechnica.com/information-technology/2015/08/the-nsa-playset-espionage-tools-for-the-rest-of-us/

A Nerdy Sorbet – Steve Jobs Gold

I know it’s become a cliché that Jobs was a visionary, but he really was – if you don’t believe me, just look at this 1996 interview about the Internet – this was BEFORE the .com boom, but it reads like a history written after the event! – http://evgenymorozov.tumblr.com/post/15396323139/steve-jobss-interview-with-red-herring-1996

Main Topic – the hsxkpasswd terminal command

https://www.bartbusschots.ie/s/2015/08/22/using-the-hsxkpasswd-terminal-command-part-1-of-2/

(it might be helpful to re-read the JSON primer from last time before starting: https://www.bartbusschots.ie/s/2015/08/08/json-a-quick-intro/)

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.