Allister Jenks has created new and improved Podfeet stickers for iMessage. I’ll tell you how obsessed I’ve become with automation from AppleScript to Workflow to Keyboard Maestro. Then Bart is back with Security Bits where he’ll regale us with news and things to watch out for, and tell us whether we’re at the end of times because of recent research into DNA and computer code.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Wednesday August 16, 2017 and this is show number 641. As I mentioned just 3 days ago, Steve and I are off to Oregon to see the eclipse with Jean MacDonald so you’re getting the show super early. That doesn’t mean it will be short on content though. I’m really looking forward to telling you how obsessed I’ve become with automation in the last week. And Bart graciously agreed to do a Security Bits really early in the week for us. I thought it was going to be a shorter segment than usual but I had a lot of questions and I got him off the rails talking about quantum physics and solar eclipses so it’s fun-filled episode.
Chit Chat Across the Pond
There is no Chit Chat Across the Pond this week. As I mentioned before, Bart and I are have declared summer vacation for Programming By Stealth, returning on on September 1st. I’m not sure if there will be a Chit Chat Across the Pond Lite next week. I might try to talk Jean into recording with me at her house about her new podcast, SestraCast, all about Orphan Black, but we’ll have to see if we find the time to get it done.
To hold you over till the next Chit Chat Across the Pond, you could listen to the Upgrade Podcast #154 by Jason Snell entitled “Masters of Automation”. It’s the podcast he recorded at CMD-D with Sal Soghoian, David Sparks, Shelly Brisbin, John Welch, and ME! It’s an interesting discussion about the state of automation on the Mac and on iOS. You can find it at relay.fm/upgrade… or search for the Upgrade podcast in your podcatcher of choice.
Allister’s iMessage Sticker Pack for NosillaCastaways
You know how in iMessage now you can add stickers to your messages? If you haven’t played with this, it’s pretty fun. In Messages, to the left of the text entry field is an A for Applications. When you tap on that, you have the option to go to the “Store”. There’s a bunch of cool applications in there. I’m a big fan of the Venmo app, which lets me send money right from Messages. But there’s something even cooler in there.
If you search the store for podfeet, you can get Podfeet stickers! I didn’t make them, they were made by the awesome Allister Jenks! He actually started these ages ago but he updated the Podfeet stickers to all the new logos. So there’s the new, light blue version of the NosillaCast logo, along with Chit Chat Across the Pond Lite , Programming By Stealth, Taming the Terminal, Dumb Question Corner, Tiny Tips, and of course the classic Podfeet feet!
You can simply tap the sticker you want, and it goes inline in the messages, or if you tap and hold on a sticker, you can drag it up on top of an existing message in the thread. If you’r’e really dextrous, you can use two fingers as you drag to rotate and pinch/zoom the sticker before you let it drop on a message. I find adding the Podfeet feet really sends the messgae home.
Thanks to Allister for putting these together. They’re silly and awesome all at once. You can also find these stickers by following this link: itunes.apple.com/…
Blog Posts
I Want to Automate ALL the Things
Patreon and Amazon
I talk a lot about how the Amazon Affiliate Links in the shownotes are a big part of how I fund the podcast. I thought it might be fun to give you a little more detail into how the links pay off. In the Associate’s program login, I can download reports of what people bought over a time period. I want to emphasize that I cannot see who bought something, only what was bought, how much was paid for it, how much I received in fees and a little more detail on what seller fulfilled the order and dates and such.
I tried to download the Excel file I requested from Amazon for the last 30 days, and Excel would not open. I was pretty angry as you might imagine. I’m sure it’s because I replaced this installation using Migration Assistant, so the authorization failed, but even that doesn’t make sense. While Excel, Word and OneNote won’t run, my second most hated software on the planet, PowerPoint DOES run! I get no information on why, just an Apple standard notice saying “The application ‘Microsoft Excel.app” can’t be opened”. Sheesh.
I could go down a big old rabbit hole about how angry this made me and how much I enjoyed navigating Microsoft’s arcane system and downloading a 1.67GB installer, and waiting 12 minutes for it to install. But I won’t, because I’m talking about Amazon Affiliate stuff which is fun and happy.
Anyway, I finally got the data for the last month and sorted it by what got the highest ad fees. I was delighted to see that someone bought a DJI Mavic – the very portable quadcopter. For that I earned a 4% fee, which turned out to be $52. As my daddy used to say, “better than a poke in the eye with a sharp stick!”
Someone else bought SEVEN Plantronics CS540 wireless headsets. This purchase was done in in two different orders, one of which earned a whopping 16% and the other 12%. The interesting thing is that the fee I received was higher on the order from a third-party seller and the lower percentage was from Amazon themselves. Very curious. But cool thing is that $48 went towards hosting fees and microphones and software to be reviewed on the show.
$12 came in from a teak computer desk made by Need, and a $10 from a gorgeous cherry two-door bookcase from Sauder Heritage Hill, I’m a sucker for wood furniture and I’m actually in the market for a nice desk when I redo Kyle’s old bedroom.
The list goes on and on, 141 separate orders were made using the Amazon Affiliate Links and it makes me so happy that so many of you choose to start your searches at podfeet.com/amazon as a way to help the show!
Security Bits
Reality Check – No, DNA Cannot Hack Computers!
There is has been a lot of hype in the media this week about DNA being able to deliver malware. The TL;DR summary is that security researchers did useful research, science-illiterate media sites got the wrong end of the stick and wrote OTT arguments with ludicrous headlines.
What was demonstrated was a proof of the concept that a bug in gene sequencing software could theoretically be triggered by a specific DNA sequence. This is no different to a bug in a JPEG parser being triggered by an image file, or a bug in a PDF reader triggered by a PDF.
The researchers did not create custom DNA to trigger a bug in real software, they wrote intentionally broken software so it would be triggered by existing DNA, and even then, they were only able to make the bug they created trigger about about 40% of the time!
This research does highlight the need for software developers in the bio-medical field to be as security conscious as software developers need to be in all other fields, but there is no need what so ever for panic.
Links:
- Biohackers Encoded Malware in a Strand of DNA – www.wired.com/…
- Great coverage on the Security Now Podcast – twit.tv/…
Notable Security Updates
- Microsoft released out-of-band patches for Outlook & Office on July 27th – nakedsecurity.sophos.com/…
- Last Tuesday was patch Tuesday, with critical security updates released by Microsoft & Adobe (including fixes for Flash, Acrobat & Windows) – krebsonsecurity.com/…
Notable News
- FireFox 55 starts the slow march towards the end of Flash, making all Flash require user-interaction before loading (click-to-activate). Note that FireFox 55 is also a security update – nakedsecurity.sophos.com/…
- The Center for Democracy & Technology (a US non-profit) has filed suit against Hotspot Shield VPN for engaging in ‘unfair and deceptive trade practices’ by advertising a service that protects your privacy but actually injecting trackers into users traffic and selling users data (Editorial from Bart: always be suspicious of commercial companies offering something good for free, they have to be making a profit somehow!) – nakedsecurity.sophos.com/…
- The WSJ report that Facebook use the VPN provider it owns, Onavo, to gather intelligence on what apps are up-and-coming, and uses that information to inform its acquisitions etc. – daringfireball.net/…
- Parents sue Disney for tracking kids in both Android & iOS apps. The suit claims 43 different Disney apps embed 3rd party ad trackers without parental consent, contrary to COPPA – nakedsecurity.sophos.com/…
- DreamHost is choosing to fight what it calls an overly broad search warrant seeking the IP address and browser details of all 1.3 million visitors to a website use to coordinate protests on the day of President Trump’s election – www.theguardian.com/…
Suggested Reading
- PSAs, Tips & Advice
- Notable Breaches
- News
- (US) Congress looks to take the wheel on autonomous vehicles – nakedsecurity.sophos.com/…
- Cyberattacks on GPS leave ships sailing in dangerous waters – nakedsecurity.sophos.com/…
- (Medical) Scanners to be patched after government warns of vulnerabilities – nakedsecurity.sophos.com/…
- The UK Department of Transport has published a guidance document for the automotive industry specifying a set of security first-principles for the industry – nakedsecurity.sophos.com/…
- Too many big online brands allow terrible passwords – nakedsecurity.sophos.com/…
- ⭐️ Smart Locks Bricked by Bad Update – threatpost.com/…
- The Alliance for Securing Democracy has launched Hamilton 68, and online dashboard for tracking Russian propaganda efforts on Twitter – nakedsecurity.sophos.com/…
- Judge orders LinkedIn to stop blocking third-party use of your data – nakedsecurity.sophos.com/…
- Opinion & Analysis
- ⭐️ A good explanation of why much of the media got the story of China’s Quantum Satellite wrong – it’s not about un-breakable crypto, but crypto where eavesdropping is always detectable – nakedsecurity.sophos.com/…
- Good guys and bad guys race against time over disclosing vulnerabilities – nakedsecurity.sophos.com/…
- Propellor Beanie Teritory
- ⭐️ Security researchers describe a new threat to Android users – Android’s security model allows code libraries that are incorporated within multiple apps to pool together the permissions from each app to maximise their access to user data – nakedsecurity.sophos.com/…
- High hopes for ‘more secure’ forked version of Bitcoin – nakedsecurity.sophos.com/…
- Debian move marks beginning of the end for TLS 1.0 and 1.1 – nakedsecurity.sophos.com/…
- .why .it’s .time .to .fix .localhost – nakedsecurity.sophos.com/…
Palette Cleansers
- A wonderfully written approachable article describing general relativity, and why it matters – The most beautiful theory of all – medium.economist.com/…
- xkcd.com/…
- Antikythera mechanism – Wikipedia from 150-100 BC could predict solar eclipse