Want to Help the show? Click here!
Amazon Affiliate, Donate,
Buy Logo Stuff & More

Past Episodes

Don’t Ignore Your Tech – Choose Different Friends

watch showing steve telling me that Apple Music is outI was listening to TWiT this week and Georgia Dow was pleading with people to put down their tech and engage with each other. Becky Worley responded by talking about what the implications are when you look at your watch because you received a notification. Iain Thomson suggested that especially on a date you should put away your tech.

I would like to suggest there’s another way to look at this. Let’s say you really like tech. Let’s say it’s really important to you and a way that you keep connected with the world and your friends. Maybe you should choose friends/dates based on people with that common interest instead of giving up what you love?

Let’s pretend I went on a date with a man who loved music. Should he shut off his music whenever we’re together because I don’t favor music? Or should he perhaps realize that I’m not the right woman for him if I don’t like it?
Read More

Audio Hijack 3 Presentation at Macstock 2015

I had great fun presenting on Rogue Amoeba’s newest recording tool, Audio Hijack 3 at the Macstock Conference in Chicago recently. Hope you learn something watching this!

Using a Screen Reader? click here

#529 Be the Match, Audio Hijack Audio Unit Effects, Spigen Apple Watch Stand, Transcend SSD, XARA Security

In a weak moment I encourage you to send in improvement suggestions and even give examples of suggestions I’ve implemented. Honda Bob needs your help; he needs a bone marrow transplant. You can register by going to https://join.bethematch.org. I learned a ton about Audio Hijack from Dave Hamilton and Don McAllister after I taught a class in it at Macstock and you get to learn what I learn (and maybe the audio is even better on this episode as a result.) Quick review of an elegant and inexpensive Apple Watch stand from Spigen . I run some speed tests on the Transcend Portable SSD and compare to the Envoy Pro Mini. In Chit Chat Across the Pond Bart takes us through the XARA and other security issues this week.


itunes
mp3 download

Read More

Transcend 128GB Portable SSD for $83

transcend_ssdGeorge from Tulsa is a generous man and frequently will shoot Steve and me an email entitled “Brown Truck Arriving Soon”. By this he means that some gift is coming our way. One time it was peanuts, once it was a thing that plugged into power giving us USB ports and more 110V ports, and one time it was a pair of scissors designed for opening up those annoying plastic packages. Like Forest Gump so famously said, “You never know what you’re going to get.”

A few years back he sent me an Oyen Digital MiniPro external USB 3 SSD which I use as a bootable Yosemite drive for emergencies. Just recently the Brown Truck arrived carrying a Transcend 128GB portable SSD that’s the size of a few credit cards stacked together, again with a USB 3 interface. I think this was in response to the tests I ran on the OWC Envoy Pro Mini SSD. We got into a great discussion on how to measure speeds on SSDs, how it matters greatly what kind of files you’re trying to move (compressible vs. incompressible) and whether the memory is synchronous or asynchronous flash.
Read More

Elegant and Inexpensive Apple Watch Stand from Spigen

spigen with Apple Watch resting on itThe Apple Watch is an elegant piece of kit, but the charger that Apple sells you with the watch has a 6 meter, rather stiff cable going to the little magnetic puck. Since the cable is stiff, the puck kept flipping upside down so the magnet wasn’t face up. The puck is also white on both sides so you really have to inspect it closely to be sure you’ve got the right side up. The only way to tell if you don’t have your glasses on is to set the watch on it and wait to see the bright green charger symbol.

I figured there had to be a more elegant solution. I bought the Spigen Apple Watch stand to see if it would fix these problems for me. The Spigen stand is a curved piece of brushed aluminum that is very Apple-like. It captures the magnetic charging puck in a black rubber gasket material. That makes it hold the puck firmly in place but it’s very easy to take in and out. There’s a slot in the gasket to firmly hold the cable so that it can fit nicely through a slot in the side piece of the aluminum stand. They were brilliant on the slot making it big enough to fit either the usb end or the puck end through it for easy removal.

The stand holds the watch at a pleasing angle of about 45° so you can see it from above or across from the watch. That makes it perfect as a desk stand or a night table stand. The watch band easily drapes over the top and underneath the stand without any fiddling. It holds the watch firmly if you lay it on sideways which means it would work for the new nightstand mode coming in watchOS 2.

If I have any complaint about the Spigen is that it’s not heavy enough. Great to be light if you want to carry it on travel, but the charging cable pulling on it makes it hard to keep exactly where you want it and at the angle you want it. It’s not a huge downside but a bit more heft to the stand would be a welcome change. The Spigen Apple Watch stand is $19 at Amazon. I put some photos of the stand in the shownotes so you can see how it looks.

Spigen without the watch but with the charging puckSpigen upside down showing how the charging puck slips into the gasket

Keep Sending In Improvement Suggestions

muted grey background with blue text on mobile view of podfeetIt occurred to me that many of you might not know that I’m open to improvement ideas for the podcast and website. I get suggestions from time to time and quite often implement them. My favorite emails and tweets are telling me about typos. I can see a typo on someone ELSE’S writing from across the room when the document is upside down, but for the life of me I can’t see it on my own text. I hate it when I have typos on my blog because it makes me look like a moron who can’t spell or who has poor grammar, so if you see a mistake, PLEASE let me know!

Two weeks ago, a fan of the show who has poor vision explained that the mobile version of podfeet.com had so little contrast it was blinding for him. I use a WordPress plugin to generate the mobile version so I went poking around and discovered that I have a lot more control over the look than I realized. Before he wrote to me, the background was bright white, and the link text was a light blue. Now I’ve got a muted grey background with dark blue links (like nature intended) and it’s a lot easier to view.
Read More

Enhanced Sound with Audio Hijack’s Built-In Effects

graph with slidersOne of the great things about teaching classes at conferences and user groups is how much YOU learn. Last week at Macstock, I did a demo of the new Audio Hijack and I’ve learned SO much more about the tool because of it. Before I explain what I learned, let me back up and explain why you might care about Audio Hijack. This application is designed to capture audio on a Mac from external physical microphones, software applications and even system audio. Once hijacked, you can record the audio, boost the volume, enhance the audio and more. Even though I actually read the manual cover to cover in preparation, it turns out I hadn’t scratched the surface of what it could do.

Audio Hijack has a new and unique interface that allows you to drag bricks down onto the audio grid, where bricks represent microphones, speakers, recorders and more. When you drag them onto the audio grid you create essentially an audio flow chart, which is called a session. Sessions are automatically saved so I have one for the live show and a completely different one for Chit Chat Across the Pond. By the way, you’ll hear me talk about how visual Audio Hijack is – but it’s also completely accessible to the blind! I wrote to Rogue Amoeba (the makers of Audio Hijack) suggesting that it would be really cool if there were a way to share these sessions, and they explained that if you drag the session off of the session view to your desktop you can then give them to other people. So easy it never occurred to me.
Read More

#528 Macstock & Midwest Mac BBQ, LastPass Don’t Panic, Reminders Nano, iOS Dictation Mic Volume, QFD, Dean Elger Angry Man

Macstock Conference and Expo and the Midwest Mac BBQ in Chicago was a HUGE hit and will definitely be repeated next year so start making plans now! Bart explains (in my voice) why you shouldn’t panic about the LastPass breach. Donald Burr tells us about the 99-cent app Reminders Nano for iPhone and Apple Watch. I renamed the Apple Store the Apple Showcase because they simply have nothing in stock any more.
In Dumb Question Corner Steve Davidson asks and answers his own Dumb Question, how to stop the iPad and iPhone from making a noise if you accidentally hit the dictation microphone key on the keyboard. I tell you how the Apple Watch got me to dig up my yard and then how much fun it is to use a QFD for decision making. In Chit Chat Across the Pond, Dean Elger plays an Angry Man because of how much money I’ve cost him over the years in Apple gadgets.


itunes
mp3 download

Read More

How the Apple Watch Got Me to Dig Up My Yard

me celebrating finishing the yard - tool held above my head in victory with dirt behind meI’m afraid Fitbit is dead to me. I called time of death on the 6th of June at 10pm. This was a sad day for me because I’ve loved the motivation I got over the years from tracking my steps, making harder and harder goals for myself and competing with my friends and family in the social network supplied by Fitbit.

I’m sure you know what killed it for me, the Apple Watch and it’s Activity tracking applications. Apple doesn’t have a social network and I really miss that but the other benefits outweigh the loss. With the Fitbit I was obsessed with steps and stairs climbed. That was all that mattered. I hated days that I did an elliptical workout because I go so many fewer steps than when I went running. Once in a while Dorothy would make me do the bicycle at the gym and I only got half as many steps IF I remembered to put the Fitbit on my shoe.
Read More

The LastPass Breach – Don’t Panic!

lastpass logoWhen I do Security Lite with Allison as part of our Chit Chat Across the Pond segment I often tell people that there is no need to set your hair on fire. This is one of those times. Before I explain what happened and why it’s not a catastrophe, I want to start with a simple list what LastPass users should do now:

  1. Change your master password
  2. When setting your new password, make sure that your password hint is as cryptic as possible

It should not be possible to determine your password from your hint!

So, what happened?

The short version is that attackers were found to have accessed LastPass’s user authentication database, and that gave them access to email addresses, password hints, and very well protected master passwords. It’s important to note that people’s encrypted password databases were not in the breached database.

So, what of value did the attackers actually get?

Almost nothing!

The reason is that LastPass did a great job designing their architecture, so people’s data is very safe, even when attackers gain access to such a sensitive-sounding database. The reason people like Steve Gibson recommend LastPass is that their design is robust. The system was designed to keep your data protected, even if the LastPass servers were breached. Given that sooner or later every system gets hacked, that was very much the right thing to do.

Lets dig into the specifics – LastPass never store your actual master password, instead, they store an irreversibly encrypted version (more on how they do that later). When you need to prove you are who you say you are, the password you submit is irreversibly encrypted, and then that encrypted version of your password is compared to the encrypted version on file. Since LastPass don’t actually have your password, they can’t lose it!

The only thing the attackers can do with the protected passwords they have is guess what the password is, run it through the encryption process, then check if the encrypted version of their guess matches what was in the database they stole.

To make this as hard as possible, LastPass got two very important things right.

Firstly, every single LastPass users’s password is one-way-encrypted using a different random number known as a salt. This means that the password ‘open123′ encrypts to a different value for every user, so attackers have to re-do all their work for each user. Passwords protected in this way are referred to as hashed and salted.

Secondly, they did not just store the plain salted hashes, they ran them through a process designed to be computationally hard. A legitimate user doesn’t need their password validated often, so it’s not a problem that it takes a lot of CPU power each time. Attackers have to test trillions and trillions of password guesses, so the extra computational complexity really adds up for them.

This kind of password inflating is known as password based key derivation, and LastPass run the salted hashes of users passwords through 100,000 iterations of a password based key derivation known as PBKDF2. This is ten times more than the currently accepted best-practice of 10,000 iterations of PBKDF2.

Basically – LastPass were not just doing things by the book, they were doing things even better than that!

What this means is that even weak passwords will stand up to a lot more of an attack than you might expect.

Finally, once you change your password, the data the attackers have becomes useless, so, the inflated salted hashed passwords only have to stand up to attack for the short time window between the breach happening, and users resetting their passwords. So, if you are a LastPass user, go rest your password NOW as a precautionary measure.

Let’s talk about password hints

I do want to draw your attention to one subtle detail – the attackers got users’ password hints. We have seen from past breaches that some users do very silly things with password hints – there is the infamous example from the Adobe breach where some clown used the password hint ‘rhymes with assword’. The only people who need to panic here are those with dumb password hints. Given that a hint is shown whenever you can’t remember your password, those accounts were ALWAYS in danger, and they have been made even more vulnerable by the breach.

Bottom Line

To me the biggest take-away from this is that LastPass have been tested, and they have not been found wanting – their good design has paid off, and protected their users. Secondary to that, this breach serves as a reminder to be very careful when setting password hints on anything – if you make the hint too obvious, you have effectively published your password!

For more details, see this excellent Naked Security article: https://nakedsecurity.sophos.com/2015/06/16/bad-news-lastpass-breached-good-news-you-should-be-ok/