Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday 7 February 2016 and this is show number 561. This week we have reviews from George from Tulsa and Victor Cajaio, I’m going to tell you about a service to make any text article into a podcast, we’ll hear about Ditto for wearable notifications, I’ll review the Smartbean to turn any headphones into Bluetooth devices, and to get you to listen till the end of the show, I’ll tell you about my new PC! After that Bart Busschots joins us to talk Security Bits with a special section on this “Error 53” thing that’s been causing some hand wringing about bricked iPhones.
This week I had the great pleasure of being a guest on the SMR Podcast with Chris Ashley and Robb Dunewood. I asked to be on the show because I really wanted to publicly announce that Robb was right. I’ve been arguing with him for over a year about how I thought he should have a Google Plus group and not a Facebook group, so I had to go on the air and admit that I had created a Facebook group. We had a blast and if you haven’t ever heard the show before you should definitely check it out at smrpodcast.com/….
Chit Chat Across the Pond this Week
In Chit Chat Across the Pond this week Bart and I had a marathon session of Programming By Stealth where we really dig into how CSS can help you control where boxes of content lie on a web page in html. It was a lot of information for my tiny little brain to grasp but Bart finally pulled me up the hill. I think. Remember to subscribe separately in your podcatcher of choice – just do a search for Chit Chat Across the Pond in iTunes, Downcast, Dog Catcher, Pocketcasts, TuneIn Radio, Stitcher…or if you just want this episode you can go over to podfeet.com/… and get the audio and a link to Bart’s amazing tutorials.
We’d better dig into THIS show now! Last week George from Tulsa sent in another review and I ran out of time to run it so let’s start with George:
George from Tulsa – Ground Loop Isolator
Life get’s messy. Just look into the center console of my 2007 Camry Hybrid. Hey, it’s nine years old and the odometer says it’s out in New Zealand visiting Allister on its third trip around the world.
My Camry was state of the art in February, 2007. 5 Disk CD Player. Hands-Free Bluetooth for my phone. 3.5 mm AUX IN plug, and a convenient nearby DC power out “lighter” port. It’s been very reliable, quiet, comfortable, and, sadly, too fuel efficient, as evidenced by the current low price of crude.
I’ve used a variety of players plugged into the Camry’s AUX port. They all play just fine, on their own battery But when plugged into the car’s power there’s a constant and very annoying low ground fault hummm which I couldn’t solve. A Kinivio Bluetooth Transceiver made it worse, adding a penetrating high pitched squeal.
While looking for a solution to a different hummm, the one that plagued the recordings I made for Allison on my Mac, I found the Esky Ground Loop Noise Isolator on Amazon. Its reviews were encouraging. $13, Amazon Prime, and with Amazon’s easy returns if it didn’t work, why not?
What’s to say, except it works, and works well.
I’ve even been able to take the Kinvio Bluetooth gadget out of the back of my junk drawer. My phone now seamlessly connects by Bluetooth to the Camry’s audio system when I push its state of the art 2007 START button.
A brief word about the Kinvio. It’s a transceiver and can function for both phone and audio player. I use it only in its audio mode.
You’ll find Allison’s Amazon Affiliate links to the $13 Esky Ground Loop Noise Isolator, Works with HIMBOX/i Pod/Zune/iRiver and Others and the Kinivo BTC450 Bluetooth Hands-Free Car Kit for Cars with Aux Input Jack (3.5 mm)
NOTE FROM ALLISON – The Esky ground loop isolator George bought is unavailable on Amazon right now but I found a ground Loop Noise Isolator from PAC that looks like the same kind of device. This one is only $8 on Amazon – hope that one works as well as the one George recommended. George also sent me a link the exact device on another site: http://chargerbuy.shop.rakuten.com.
Blog Posts
Magically Turn Text Into Podcasts with Narro
MyDigitalSSD 256GB OTG (On The Go) Portable SSD
This next review is from good friend of the show Victor Cajaio, one of the greats in podcasting who started the Typical PC User, then converted and ran the Typical Mac User for many years. He’s on a new venture, a rather eclectic show called Terratech Podcast. He’s got a review I know you’re going to want to hear, but will cost you money!
He moved a 2.4GB movie by just dragging from the desktop to the drive , it took 9.73 seconds. I then took a 20.58GB file where I have all my logic music files, this is what I wanted to be able to cary with me. He ran the Chronosyc job and it took 1:28 seconds so it was going about 250MB per seconds the whole time.
$90 on Amazon. You can find Victor on Twitter at @victorcajiao on Twitter
Ditto Wearable Notification
Stay tuned for more info on the Ditto – they gave me two of them and Dorothy and I have been wearing them for the last few days. When we’ve formed a considered opinion I’ll let you know if Ditto is as useful as it sounds and who could benefit from owning one.
Beam Smart Presence System
One of my favorite interviews at CES was with Arika Bunfill about the Beam Smart Presence System. This was a VERY visual interview so I’m not going to play it for you, I want you to go watch it at the link in the shownotes. You’ve probably seen this idea before, where someone is telecommuting but they have a presence in the office that’s a roll around monitor. That description completely undersells the Beam device.
I was so entranced by the Beam Smart Presence interview that in a surreal way I really felt like Arika was in the room with me. I was thinking (and luckily didn’t say), “wow, that’s really expensive for an employer to have one in each telecommuter’s house…” Duh, they’re not in their houses, they’re a sharable device in the OFFICE you dummy! Go watch the video, it’s amazing!
Smartbean Turns Any Headphones or Speakers into Bluetooth Devices
After I posted this to the blog, I learned two things. One is that it’s super expensive to buy from Canada! Steven Goetz tried to buy one form the Amazon Affiliate link and it was the US equivalent of $60! I spoke to the Antec folks, and they gave him a $25 off coupon to buy it through their direct store, but the shipping was $25 so it was still way too expensive. Antec is trying to figure out a way to be more price friendly to “our friends across the border” and I’m sure they’ll come up with a solution for this. I thought it was super cool that they wanted to help. The second thing is that Steve Davidson commented on the blog post that the Smartbean is the same kind of device as the BlueAnt Ribbon that he did a review of for us a while back. The Blueant Ribbon is way cooler looking, BlueAnt makes wonderful products that I’ve used before to great delight. It’s $25 on Amazon if you’re interested.
What Would Make Allison Buy a PC?
Security Bits
Error 53
The latest storm in a teacup is over iPhones showing the cryptic "error 53".
Here's the facts:
1) when installing the OS, upgrading the OS, or restoring a phone from a backup, iOS verifies that the hardware is all in order, and, that the Touch ID sensor has not been tampered with. If iOS cannot validate that the Touch ID sensor is definitely fine, it gives Error 53 – in other words, this is a fail secure system – if in doubt, protect the crown jewels!
2) When Apple, or any authorised Apple Repairer (that last part is VITAL to understand, and being missed by many while they rant and rave) repairs an iPhone, they securely pair the Touch ID sensor with the rest of the hardware in the phone. This means that no matter what parts Apple, or an Authorised repairer, replace, you will not get an Error 53. But, when an un-authorised party replaces the Touch ID sensor, or some other parts of the phone, they cannot do this re-pairing, so the security check will fail.
3) This test provides protection against two scenarios:
i) someone tampers with your phone, and inserts a malicious TouchID sensor with some kind of back door
ii) someone takes your Touch ID sensor, and connects it to a different iOS device and tries to get it to give out your secrets
The part I want to re-state for clarity is that you DO NOT have to get the phone repaired by Apple themselves, any company that has passed Apple's certification tests can service your iPhone without voiding the warranty in any way. To illustrate this point, there are ZERO Apple Stores in Ireland, but there are MANY companies providing authorised iPhone repairs. I've had my own phones repaired in Ireland without voiding my warranty. It was very straightforward and simple. The thought of handing a $1,000 device over to someone who is not certified to repair it seems insane to me.
Like the brakes on a train, a security device should not fail open, it should fail secure. When a train's brakes spring a leak or malfunction in some other way, they don't release, they clamp down. If Apple's promises of protecting our privacy are to mean anything, then Apple devices have to lock themselves down when their security chips are tampered with. If there is something fishy about the Touch ID setup, lock it down!
Requiring items be serviced by authorised parties is not in any way abnormal. Voiding a warranty for making an authorised repair is completely normal. A modern smart phone is a very complex device, it is very easy to break it while trying to fix it, and it is utterly unreasonable to expect Apple to foot the bill when some random person mucks about with its innards and breaks it. Trained and authorised repairers will not cause an Error 53, because they will do the repair properly! (and if they mess up, your warranty will cover you)
Apple are being held to a ridiculous double standard here, and what is worse, they are being vilified for protecting our privacy!
I would suggest it would be better to criticise Apple for what they really did get wrong here – that is, for putting up a totally useless error code rather than a meaningful message!
Another valid criticism would be that a better response to a failure to validate the TouchID sensor would be to offer users a choice – get the phone repaired, or continue with Touch ID completely disabled. In other words, brick the Touch ID sensor, not the whole phone.
I still can't bring myself to have any sympathy for anyone who thinks it's sane to get a $1,000 device serviced by some cowboy outfit that doesn't have the appropriate training and certification to actually do the job though!
Links:
Important Security Updates
- Google's latest Android security bulletin is out, and everyone should update, but many will not be able to for some time, if ever – nakedsecurity.sophos.com/…
- Oracle have pushed a critical Java update – patch it or get rid of it – krebsonsecurity.com/…
Important Security News
- Ding Dong The Witch is Dead 🙂 – The Java browser plugin is being discontinued by Oracle – future versions of Java will NOT have direct browser integration – Web-based Java apps will need to rely on Java Web Start instead – krebsonsecurity.com/… & arstechnica.com/…
- Google will trial a program where anti-extremist charities get Google Ad Words credits that they can use to buy adwords against search terms of their choice – the idea being that searching for extremist terms will get you a positive message with an alternative to radicalism – nakedsecurity.sophos.com/…
- Security researchers are warning of a serious bug in eBay's site that could allow sellers to inject JavaScript into their eBay pages, allowing them to do all sorts of trickery they should not be able to. The really scary thing is that eBay have said they have no plans to fix this! Bottom line – be careful on eBay, and don't trust any downloads the site offers, they may not really be from eBay! – arstechnica.com/…
- Study finds that the Apple Watch is the only fitness tracker properly securing user data – www.macobserver.com/…
- The US FTC have re-vamped their IdentityTheft.gov site to provide improved help for victims – the site also contains advice for protecting yourself from identity theft – www.us-cert.gov/…
- A study from Harvard finds that while encryption is important, the government should not worry about the "going dark" problem, because the Internet of Things will provide more avenues for spying that you can shake a proverbial stick at – www.macobserver.com/…
- Security firms are reporting an as-yet unexplained spike in WordPress sites getting hacked to distribute ransomware. If you have a WordPress site, now would be a good time to make sure it is fully patched, including plugins and themes – arstechnica.com/…
- This is not security in the strictest sense, but it could permanently deprive you of the use of your computer, so it is somewhat relevant – beware cheap USB-C cables – they can literally fry your computer's brains – arstechnica.com/…
- Naked Security are warning users of TP-Link routers to change the default password and network name because both are derived from the MAC address, which is broadcast as part of the wifi protocol – nakedsecurity.sophos.com/…
Suggested Reading
- Apple bought the security firm that found the ThunderStrike 2 vulnerability – www.macobserver.com/…
- A nice description of the security enhancements the latest version of Windows 10 allowed Google to add to Chrome – arstechnica.com/…
- A nice primer on TOR from Naked Security – nakedsecurity.sophos.com/…
- A rundown of where the main US Presidential Candidates stand on the encryption debate – nakedsecurity.sophos.com/…
- Not strictly security related, but really cool! Microsoft are experimenting with under-sea data centres to save energy on cooling – arstechnica.com/…
- Users of the Magento e-commerce platform should patch their sites ASAP – nakedsecurity.sophos.com/…
- A survey of Dark Web sites on TOR finds that the majority of Dark Web sites are illegal in some way – nakedsecurity.sophos.com/…
- Another SSL bug, thankfully it's difficult to exploit – arstechnica.com/…
- A worrying story that highlights how bad Amazon is at understanding social engineering, and protecting their customers against it – medium.com/…
- Tax Fraud behind a 47% spike in ID theft in the US – krebsonsecurity.com/…
- Ad blocker blockers take things to the next level, start proxying ads to hide them from ad blockers – nakedsecurity.sophos.com/…
- US FDA release draft guidelines to improve cyber security in medical devices – nakedsecurity.sophos.com/…
- NYC launches investigation into the hackability of baby monitors – nakedsecurity.sophos.com/…
- Israel's electricity grid hit by cyber attack – arstechnica.com/…
- TaoBao, China's eBay breached – 100 million records used to hack 20 million users – nakedsecurity.sophos.com/…
- Brainprints hit 100% accuracy – nakedsecurity.sophos.com/…
- Microsoft have said that the next version of Skype, and those after, will hide user's IP addresses, removing the ability to map Skype usernames to IP addresses, a feature abused by ner-do-wells for years – krebsonsecurity.com/…
- Device search engine Shodan illustrates the problems with IoT devices with a new insecure webcam gallery – arstechnica.com/…
- A year on, a security researcher finds that Ashley Maddison still leaves a lot to be desired in terms of privacy – nakedsecurity.sophos.com/…
That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community at podfeet.com/googplus and the Facebook Group at podfeet.com/facebook. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.