Paul from Peru was the first to show me the benefits of a Circular Polarizing (CP) filter. Update on my ScannerPro review from last week (hint – it IS possible to password protect the content). Bob DeGRande brings us a review of the Kingston Wi-Drive. Vote for Clarify in the Evernote Cup Competition. In Dumb Question Corner Rick Abraham asks how to make PDFs when attached in Apples Mail app show as icons NOT as inline images and I suggest he try the shareware tool Attachment Tamer from Lokware.info. It’s a great week for Dumb Questions – Yadiel Sotomayor asks whether SSDs are a fad, and for advice on what to do with all of his passowords. Luckily in Chit Chat Across the Pond Bart and I spend the entire episode talking about passwords and how to create and protect them.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday July 15, 2012 and this is show number 375.
Last week I gave Bart and Victor credit for telling me about Circular Polarizing filters, when in fact Paul from Peru was actually first. Over a year ago he sent me a photo comparison he created showing how a polarizing filter eliminated the reflection on a glass-framed painting. He was able to prove that he was first – because I actually commented on it! Boy I have a bad memory! My apologies Paul for forgetting and it’s a great illustration of how well these filters work.
Last week I also did a review of an iOS app called ScannerPro from Readdle.com. I gave it a 100% thumbs up except for one fatal flaw. I told you that while I could password protect scans as I sent them to Evernote and other services, but I couldn’t figure out how to password protect scans while they were inside the app. I told you to withhold judgment until I had a chance to contact the developer. I did contact them and I don’t think they understood my fundamental question. Luckily Allister Jenks, aka @zkarj DID understand my question. He pointed out that in the Settings for the app you can password protect the entire app. that way whenever you open up ScannerPro you must enter a password. That’s great, and way easier than protecting every file one at a time. Now keep in mind that ScannerPro does sync to the cloud so that data is not protected up there, so you have to trust the Readdle folks. Thanks Allister for giving me the right answer to the question!
Kingston Wi-Drive from Bob DeGrande
Bob DeGrande joins us with his review of the Kingston Wi-Drive. This is a new class of device that allows you to watch video wirelessly on the go on portable devices – iOS, Kindle Fire, Android. Links to the three sizes Bob described:
- Kingston 64 GB Digital Wi-Drive with Mini-USB to USB Cable (WID/64GB-A)
- Kingston 32 GB Wi-Drive USB 2.0 Portable External Hard Drive WID/32GBZ
- Kingston 16 GB Wi-Drive USB 2.0 External Hard Drive WID/16GBZ
Thanks for this Bob, I’m really interested in these devices. Right now we keep our movies on a portable drive that we sync before trips but how much nicer to not have to move the files into the precious space on our iOS devices. I did notice that there’s a Wi-Drive app for Android too so I could use it on my new Nexus 7 when I get it. I’m also interested in looking at the Maxell Airstash Flash Drive. It actually looks like a thumb drive but takes SD cards so you can increase in size without rebuying the device, but it comes in at a much higher price to start. It is smaller too, again being the size of a thumb drive, but the Wi-Drive looks to be a nicely compact design too. Thanks for the great review
Clarify and Evernote
I have a couple of cool announcements from the Bluemango Learning guys, makers of two of my favorite apps, Clarify and ScreenSteps. They’ve been teaming up with the Evernote folks in the Evernote Devcup competition. They’ve added new integration with Clarify so that when you export to Evernote you can now choose the Evernote Notebook into which you’ll export AND a feature I was looking for, the Clarify document is actually attached inside the Evernote note. This means that if you want to modify the Clarify document you don’t have to go digging around to find the original source, you can just click on the Clarify file from within Evernote, edit it and save. It actually automatically saves back into the Evernote note. You never have to start from scratch when updating an Evernote note that uses screenshots. If you like these features, the Bluemango learning folks would love it if you went over to the Evernote Devcup competition and vote for them. And of course I put a link in the shownotes so you can do just that.
If you’ve been thinking about buying Clarify but just haven’t gotten around to pushing the button, this is a great week to do it. Clarify is part of the new StackSocial Bundle over at stacksocial.com. This bundle includes Clarify, Parallels Desktop (which will let you install a Windows 8 release preview or Linux Mint), plus Snagit and 7 more applications, for $50. The bundle ends on July 26th so go check it out.
Dumb Question Corner – Attachment Tamer
Rick Abraham asks how to make PDFs when attached in Apples Mail app show as icons NOT as inline images.
=======insert Rick ========
Hi Rick – what a great voice you have! you must send me more audio, that’s all there is to it. I’m answering here and this will also be the text in the show.
Now to your question. I’ve actually wondered this many times myself. I like having images inline but I don’t like PDFs inline, it just doesn’t make sense. It’s not like you can read it inline, right?
Luckily I found the solution and I have to give credit to Creative Bits (creativebits.org) for solving it. On the Creative Bits site they talk about two problems, one is the embedded image of PDFs but also how to send attachments that are friendly to Windows users. The solution is sort of a combo for the two problems. They say though that if when you create a new email, you click on Format and then choose Make Plain Text, all PDFs attached will show up as icons instead of inline. I tested it and the first PDF I chose worked perfectly. I started to reply to you and then thought maybe I should have tested more than one PDF, and it’s a good thing I did because the second one did not show as an icon but rather as an inline image again. I have no clue why one worked and one didn’t – both PDFs were created in the same way, by choosing print to PDF from the Apple print menu.
Not to worry, Creative Bits gave another solution. They suggested the $14.99 shareware program called Attachment Tamer from Lokiware (lokiware.info). It’s a plugin for Apple Mail and it has a ton of cool capabilities, one of which is to make PDFs show as icons instead of inline images! It looks like you and I are not the only ones with this itch to scratch!
I forgot how much I love shareware. It’s so nice to be able to test software before you buy. I downloaded Attachment Tamer from Lokiware and ran the installer. I was prompted to open Mail to the Attachment Tamer preferences, so I thought that was worth a play. The first tab controls how different things are viewed for your incoming mail. You can check boxes to always view as icons Text and HTML files, PDF documents, Images, and audio or video files. You can even control the behavior based on the size of the attachments, at least for PDFs and Images. I like the idea of being able to make audio and video files attachments too – it bugs me when they give me a little player in an email because I instinctively click it, and then while listening click away and lose where I was.
You can even add exceptions – if there’s someone from whom you always want to see the attachments inline, you can enter their email addresses. That seems odd but perhaps there’s an email list group or marketing company that does inline attachments you might like that.
So that was viewing, what about sending which was your original question! There’s another tab called Composing and from there you can set Insert Attachments to be according to viewing options, in place if possible, or always as icons. So lets say you like to receive PDFs inline but you don’t like to send as attachments, you have that flexibility. The more I dig into Attachment Tamer, the more I like it. I know you didn’t ask about this, but you can have Attachment Tamer automatically downsize images to small, medium, large, or last sized used. That’s kind of nice if you don’t want to have to fiddle with it every time you send an email.
As a nice touch, they also include easy access to some relevant Apple Mail settings that are available without Attachment Tamer but reveals them nicely inside the preferences for Attachment Tamer. From there you can choose whether to keep your original attachments in the reply, whether to send windows-friendly attachments (default is yes, don’t be mean and turn that off), and whether to insert attachments at the end of the message. From here you can also set the default message format to rich text or plain text, or whether you want to respond using the original message format.
There’s an advanced tab too that takes it up a notch but as is often the case, I’m not versant enough in the problems the advanced settings solve so I’ll leave that tab as an exercise for the student.
The last tab might be my favorite – it’s a tab that lets you update the plugin OR remove it. I wish it were more obvious how to remove plugins so I really appreciate that tab! I don’t plan on uninstalling Attachment Tamer but I feel good knowing it’s there.
I think Attachment Tamer solves the problem you have and I bet a lot of people will get great use out of it. Again, Attachment Tamer is $14.99 and you can get it at lokiware.com.
thanks for the Dumb Question, Rick – helped me find a cool solution to something that was bugging me too! Let me know if you had more luck poking around in the format of the email than I did, but if not Attachment Tamer appears to be a great solution.
Dumb Question Corner – are SSDs a Fad?
Yadiel Sotomayor wrote in with a dumb question too. Here’s what he sent:
>Hello Allison: I have a couple of dumb questions for you. Here we go:
1. Is there a really good advantage of using an SSD over a regular platter hard drive? I mean, sure it is fast, but is there any other really good advantages? I was talking to a friend of mine and he insist that SSDs are a fab. That they are just a gimmick.
Thanks for your help Allison, Yadiel
Thanks for sending this in Yadiel, it’s a great question. The main advantage of the SSD over a spinning hard drive is the speed. But it’s incredible speed. You get reboots in no time at all. This encourages good behavior of running system updates because you’re talking 30 seconds of your life to reboot. Apps bounce a half a bounce before launching. The combination of an SSD and Lion means when you reboot you can have all your apps relaunched with their windows already open. All normal operations are wicked fast too.
I definitely don’t think these are a fad or a gimmick, because the value is so very high. It would be like saying that the Intel Core i5/i7 series processors are a fad and that the industry will fall back to Core 2 Duos. Faster is always going to win unless it has serious downsides. The new stuff is always more expensive but The prices have dropped about 50% in the last year and are being built into computers now as standard equipment. Our phones and tablets are solid state – can you see those reverting back to spindle hard drives?
I thought perhaps your friend believed that SSDs are less reliable. Early on there was significant talk of limited number of writes, and problems with SSDs failing and there were some early problems with firmware causing some bad problems but that was very early on as well. I’m not a hardware guy and I don’t do extensive testing, so I thought I’d look for facts and data on the subject from someone who is – Tom’s Hardware at http://tomshardware.com. I found an extensive article from about a year ago where they go through all the facts and data available at the time, and from their research, the SSD is at least as reliable as a spindle hard drive, if not more reliable. It’s fascinating reading actually, if a bit deep on the geeky detail, I included a link in the shownotes to the full article on Toms Hardware.
So in answer to your question – are SSDs a fad? Heck no.
Now onto Yadiel’s second question:
I recently realized that I have a lot of passwords, so I decided to write them all into a text file and encrypt it using True Crypt. However, I recently was looking at password managers and I got really interested in them. My dumb question is, is there an advantage of a password manager over my method of writing them in a text file and encrypting them using True Crypt?
Luckily I procrastinated so long on answering Yadiel (he asked me this back in late June) that I have a great answer for him. Chit Chat Across the Pond for today is all about passwords! I hope this answers his questions, I think we covered it in a lot of depth.
Chit Chat Across the Pond
Security Updates & Bulletins:
- Last Tuesday was Patch Tuesday – this is a particularly important one because it patches the XML Services Zero-day that has been exploited in the wild for the last few weeks (nakedsecurity.sophos.com), and also continues to harden the SSL certs trusted by Windows, protecting against exploits like those employed by Flame: technet.microsoft.com
- Microsoft have issued a bulletin advising users of serious bugs in the Windows Vista/7 side bar and gadgets (these have been dropped from Windows 8). These flaws are so serious that MS are advising all users to disable them, and have provided a fix-it link to do that for you. The advisory: technet.microsoft.com, the fixit link:support.microsoft.com
- Microsoft update Office for Mac – intego.com
- There is a lot of talk of iOS In App Purchases being “Hacked” – the important thing to note is that this a piracy problem, not a security problem. This does not put people making legal purchases in danger, it provides those with a more flexible morality to steal from developers. The other point is that if you do choose to go down that morally dubious route, you are also putting yourself in danger, you have to give the “service” your Apple credentials, and you have to install THEIR root certificate into your phone. This means you can’t trust SSL anymore, and that you have given someone with obvious moral flexibility your Apple ID. Links: nakedsecurity.sophos.com, macworld.com & arstechnica.com
- There is a lot of talk this week about “cross platform malware” – I don’t get why this is getting so much attention, there’s nothing new here that I can see. The only take-away I see is that Macs are, as expected, continuing to get attention from malware authors. Note that we are talking about Trojans here, not viruses. intego.com
Main Topic – It’s Time To Talk About Passwords Again
There has been an absolute epidemic of password leaks in the last few weeks, and it should be giving us all pause for thought.
Part of the reason for this epidemic is probably a bug in Plesk (the second biggest web hosting control panel after CPanel) which exposed site passwords in plain text: unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel. Once passwords have leaked, just updating plesk doesn’t fix the problem, so there are loads of passwords to websites out there. These passwords allow attackers to log into the website control panel for sites, and simple download the password database! Once they have the database, the only protection is hashing, and the recent leaks show that many sites are either not hashing passwords, or hashing them so badly they may as well not bother.
One fun side-effect of all these hacks is that we now have some nice statistics on the kinds of stupid passwords people use! nakedsecurity.sophos.com/2012/07/13/yahoo-voices-poor-passwords
The fact that passwords are not being properly hashed is a big deal. It means we cannot safely re-use out passwords. The less significant the site, the more likely it is to be hosted on consumer-level web hosting, hence, the more likely it is to be hosted on Plesk, and hence the more likely your hashes have been stolen.
The ideal response to this new reality is to have different passwords for EVERYTHING. This isn’t practical without help from some tools, so one response is to update your toolkit and your practices. More on this later.
If you don’t want to go full hog, the ABSOLUTE MINIMUM is to protect the “crown jewels”, and use unique passwords on critically important sites and services. What are the crown jewels?
- Anything financial obviously (banking sites, stock trading sites etc.)
- Anything which stores your credit card (including things like your Apple ID, Skype, and store sites like Amazon)
- All email accounts – just about everything online allows password resets through email loops, if someone gets into your email address they own your digital identity – email accounts are VITAL. Give serious consideration to using a service with two-factor authentication like GMail
- All passwords relating to your work. You don’t want to be the person who allowed your company’s proprietary information to leak!
- Some websites like fan fora can’t afford SSL certs, so users have no choice but to log in insecurely – NEVER re-use passwords you use on sites like these
Some General Password Management tips:
- Don’t try and make up passwords yourself – you’ll be shocked at how un-imaginative you are! Use some form of generator. Perhaps xkpasswd.net 😉
- NEVER EVER store password in plain text. If you choose to let your browser save passwords for you, BE SURE THEY ARE STORED IN ENCRYPTED FORM. On OS X safari does this automatically using your OS X keychain, as does Chrome. On FireFox on any platform you MUST set a master password to protect your saved passwords, otherwise they are sitting on your hard drive in an SQLite file that anyone with a free SQLite client can read! I’m not sure what the story is on Windows, I don’t believe there is a Windows equivalent of the Keychain. If you need to save passwords yourself, save them in a trustworthy app like LastPass or 1Password, or in a text file inside an encrypted DMG if you don’t want to use any non-standard tools. If you’re on Windows you can use something like a Truecrypt volume or an encrypted RAR (be careful with encrypted ZIPs, depending on the version of ZIP you have, it could be very secure or very insecure).
- Password length is more important than password complexity. Whether attackers try to brute-force the sites or services directly, or to decrypt password hashes, the bigger the hay-stack you are hiding in, the safer you’ll be. Rainbow tables cannot be infinitely large, so the longer your passwords are, the less chance there is of them being found in a pre-computed table, or of them being brute-forced out of a salted hash. I am NOT saying complexity is irrelevant, just that length should be weighted above complexity. A short password, not matter how complex, will be in the rainbow tables, and can be brute forced. This is the “password haystacks” idea – grc.com/haystack.htm
What I do:
- I use different password on ALL new sites and services I sign up to. I’m still working my way back through older stuff and changing my passwords. I’ve been doing this slowly over the past few months, and I’m nearly done now.
- I dynamically generate all my passwords using the free and open source library that powers xkpasswd.net (http://www.bartb.ie/xkpasswd). I use a different dictionary file to the one shipped with the code, and I don’t tell anyone the presets I use with xkpasswd.pm. I have an automator action set up that invokes the xkpasswd library when I hit ctrl+x and saves the generated password to the clip board.
- All my passwords are AT LEAST 12 characters long, have a mix of case, include digits, and include punctuation and/or symbol characters.
- I save the master copy of all my passwords in a password management app
- I allows FireFox to cache my passwords, using a strong master password
- I avoid saving my credit card details on sites, instead, I use PayPal when ever possible, or I enter my details fresh each time. Not all sites allow this, so sometimes I have no choice but to save details in an account. When this is the case, I use extra long passwords
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of ScreenSteps and Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at firstname.lastname@example.org, follow me on twitter at @podfeet. I contribute a fair amount over on Google Plus nowadays so just search for me by name if you want to circle me up. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.