How to Build Accessible iOS Apps now with audio! Hold Mars in your hand by going to 360cities.net on your iPad. MyScript Calculator from Vision Objects lets you scribble your equations on iOS and Android. Proving the Apple Genius wrong: you can create a local network to stream video to an AppleTV. Two more interviews from Macworld | iWorld: Belkin shows off the Wemo to control devices when you’re not home, and Crashplan convinces me finally to start some offsite backups. We’ve got Security Light, Security Medium, then we clean our palettes with a fun discussion of how changing focal lengths can change your photos dramatically.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday February 24, 2013 and this is show number 407. I finally got around to doing something I’ve been planning to do for a long time. Remember back when Donald Burr did that great chat across the pond where he explained how easy it is to make accessible apps, and taught us learn exactly how to do what he does? I took the great notes that he wrote back then, and I made them their own separate page under tutorials on podfeet.com. What I finally got around to doing though, was embedding the audio of that episode of chit chat across the pond on that same page. I put a link in the show notes you can go directly there, or better yet send it to your developer friends so they too can create accessible apps!
Mars. In your hand.
I wanted to start the show this week by telling you about one of the coolest things I’ve seen in a long time. Steve sent me to a link where NASA has created a 360° panorama of Mars from the Mars rover. I first saw it on the website and it’s pretty cool when you can go there using a web browser; you can click and drag with a mouse on the video which allows you to look around on Mars, but when you open it up on an iPad like Mark Pouley suggested it is absolutely amazing. You hold the iPad up, and rotate your body, and you’re on Mars. It is so wicked cool. We live in a day and age where we can hold Mars in our hands. It’s really Mars. I know that sounds dumb when I say it but when you have to see this to realize how amazing it is – it looks like an animation but it’s real. The view of the Mars rover is excellent too – fabulous detail. One of the tricky bits about this is that they combined a lot of images, so you never see the robotic arm that was holding the camera for all these shots, so it really looks like someone or something else took the photos! anyway, check out the link in the shownotes to 360cities.net where the panorama is hosted.
Steve’s friend Lance tipped him off to a really cool calculator for iOS and Android called MyScript Calculator. I know we had a lot of fun with the whole RPN calculator discussion, but this is entirely different. It’s a scientific calculator where you actually write the equations with your finger! This is a free app for iPhone and iPad, and it’s crazy cool. so you scribble an equation, or the start of an equation, and in a half second it changes to perfect typed equations. You can put in square roots, trigonometric functions, whatever you’ve got. If the equation is really long it’s hard on the iPhone because you run out of room, but of course the iPad gives you more room. If you make a mistake on the equation, or if MyScript Calculator misinterprets what you wrote, simply scribble over the wrong parts with your finger and they disappear.
MyScript Calculator is available in the iTunes App Store, Google Play Store, Amazon Appstore and even the Samsung app store. It’s made by Vision Objects, the same people who brought you MyScript Memo that I’ve reviewed, and a couple of other MyScript applications I need to go check out! Thanks to Steve and Lance for letting me know about this cool app.
AppleTV on a Boat with no Internet
My friend Dorothy (aka @maclurker) and her husband bought a boat recently. They stocked the boat with a zillion DVDs and a DVD player, but I suggested that putting the videos on a hard drive and using an Apple TV would be a much less cluttered approach. Dorothy went to the Apple Store and the guy there told her that you absolutely could not use an AppleTV without the Internet. She patiently explained that they would have a local network on the boat but that it just wouldn’t be attached to the Internet, but the guy was insistent that this would not work. She tasked me with proving him wrong, and here’s the results of four experiments.
Use an AppleTV on a wireless connection but no Internet service to stream video/audio from a Mac or an iPad to a TV. Possibilities to use shared iTunes library or simple Airplay streaming.
- MacBook Pro capable of Airplay that also has the Air Parrot software for when Airplay fails, and which can create an adhoc network
- iPad 3 which we use for Airplay daily
- AppleTV 2nd generation (only difference from 3rd gen is 720p vs. 1080p)
- Kanex mySpot private wifi device http://www.kanexlive.com/myspot designed to take an Ethernet cable and spit out wifi like in a hotel w/o wifi
- Apotop WiReader – sort of like the Kanex but does other cool stuff too
- Airport Extreme Router
Before I kick into the experiments, I do want to point out that the Kanex mySpot is an incredibly cool little device, not in any way intended to do what I’m asking it to do. The problem mySpot is designed to solve is that you’re in a hotel and they only have wired Ethernet, or you don’t want to expose yourself using their wifi. The mySpot is a small plastic device a bit bigger than your thumb that has an Ethernet jack on one end, and a fold out USB cable on the other end. USB is there to plug it into a power source, like an iPhone or iPad or BlackBerry charger or even right into your computer. Plug it into Ethernet and you’ve got your own private wifi router in a device that weighs next to nothing. For $49, the Kanex MySpot solves a real world problem and is so small you can throw it in your travel bag and never notice it. With that disclaimer, let’s go through my experiments.
Experiment 1 - make adhoc network with the MacBook Pro
- iPad could connect to the Mac’s network
- AppleTV could not see the ad hoc network
Experiment 2 – use mySpot plugged into MacBook Pro via USB (charge only)
- AppleTV and MacBook Pro could connect to the mySpot
- Note: AppleTV took a loooong time to connect and finally asked did I want to continue without Internets. I said yes
- iPad saw the network but never finished connecting
- Using the MacBook Pro I tried Air Parrot to connect to the AppleTV but it wasn’t visible in the list of devices
- Using the MacBook Pro I tried Airplay to connect to the AppleTV but the button for Airdisplay disappeared
Experiment 3 – use Apotop WiReader as wireless router
- iPad instantly connected to the WiReader network
- Mac connected to the WiReader network
- AppleTV took forever to connect, complained about not having an Internet connection but bent to my will and accepted it’s fate
- Both the iPad and the Mac (using AirParrot and Airdisplay) could see the AppleTV and it could be selected for playback
BUT, in neither case would the video actually begin to play. I got the image on screen on the AppleTV but it never started to play. I highly suspect that the WiReader has a crappy wireless signal because I’ve had trouble with the speed on its intended use which is transferring photos from an SD card to the iPad
Experiment 4 - Disconnect Modem from Airport Extreme Router
This is the test Dorothy suggested I try from the very beginning but I was queasy about messing with my network at home so I did this one last.
- All devices could see each other
- I could play video from the iPad and Mac onto the big TV using AirParrot or Airdisplay
- Even more importantly, in case the PC laptop will be the device with the videos, I could use the “Computers” playback on the AppleTV to point to the Mac and playback video
So technically the guy is wrong, you can use an AppleTV without an Internet connection and the devices to which you connect on a standalone wireless network. However, you have to find a device to create that network. If I were to depend on this for travel, I’d recommend getting an Apple Airport Express to do the job while my boat was sailing the seven seas.
Let’s kick into two more interviews from Macworld | iWorld – we only have four more so I’m going to tease them out to you. This next one was one of the most enjoyable for me.
Belkin WeMo Home Automation
Using a Screen Reader? click here
The Wemo is so cool, I simply have to find a device I need to control from the Internet. Steve and I are thinking about getting a dog and it might be cool to be able to turn on a webcam instead of having it run all day to check things out to see what he’s chewing up while we’re away. I can’t say I can think of a reason I NEED a Wemo yet, but I’m working on it because I want one.
Using a Screen Reader? click here
Well good to my word during the Crashplan interview, I started testing it – but I didn’t start till today! I started by running GrandPerspective to see where my biggest gobs of data are. My Aperture library is over 100GB but that’s top on the list of what I want backed up. I found a couple of other pretty big items – my virtual machines take up a 26GB and are all completely replaceable so I unchecked the box for those. I also have a about 30GB of ripped movies on here, but they exist in at least 4 other places so I unchecked those. In preparation for this plan I also moved every one of the audio files for the podcast into a separate bucket and I didn’t tell it to back that up which shrank it by 43GB. I figure the mp3s are online and I have a local backup and a backup at work. That still left me with over 320GB to be backed up by Crashplan.
I installed the software, and when I tried to back up to their servers, it said I had to get an account. Ok, sounds good – but for the life of me I was unable to do a free 30 day trial like Tom said in the interview. I decided to buy one month’s worth of the family plan for $14, but I was annoyed that the free trial didn’t work like he said. I took a look at the options for notifications. It defaulted to warnings going to email but it also had the option to turn on twitter notifications. That sounded great so I connected the accounts. About 30 seconds later I got a tweet from Topher Sorenson asking me how I liked Crashplan. Um, what??? Turns out they send a tweet on your behalf saying how much you love it! I was FURIOUS at that. I instantly deleted the tweet. That’s really really rude in my book. I’m going to keep up with the one month trial, as of show time it has backed up about 2GB so far and I was able to see the files on my iPad which is actually pretty stinkin’ cool I have to say. It’s vacillating between 7 and 15 days to finish so we’ll see how that works out. I’m pretty excited about this, even though i had those two glitches to start with. I’ll keep you posted!
Picture this. There’s a big reorg at work, and someone is screensharing the charts showing the new organization. Now of course this person says they’re going to send the charts out right after the announcement, but in your experience, how often has that actually happened? If you want to be the first on your block to run around showing what’s happening, think about popping up ScreenSteps or Clarify while you’re watching the presentation and grabbing screenshots in order as they go through it! You can even annotate what you thought was interesting, you know like a big red box around someone’s name with the words “are you KIDDING me?” next to it. Aw come on, don’t pretend you don’t have that reaction sometimes!
There’s a more benevolent use that’s very similar, ever taken an online class and you want to take notes to help you remember things? Use ScreenSteps or Clarify to grab screenshots and annotate what you want to remember – way easier than using a pen and paper to write it all down, and a LOT faster. You’ll have your notes all in order and easily accessible for later use. If you use Clarify to do it, you can store the lessons in Evernote, keeping a weekly set of notes all in one notebook for easy access and searching.
There are about a thousand uses for these tools and I challenge you to think up more creative ways to use them and then tell me about them! Check out Clarify and ScreenSteps from BlueMangoLearning.com. And tell them Allison badgered you into it! They even have free trials available so you can be sure you like them before you slap down your cold, hard, cash.
Chit Chat Across the Pond
BART – remember to start recording!
Before we get started on Security light….
On the SMR Podcast with Rod Simmons, Chris Ashley and Robb Dunnewood, they were talking about the exploit that hit Apple Developers that we’ll be talking about today. Rod and Chris went back and forth a few times but then Rod noticed that Robb had not spoken. I wanted you all to hear what Robb happened:
I loved this because it’s actually what Security Light is all about. It’s for people who don’t want to sit around and talk security all day, who don’t have the energy or enthusiasm to absorb the knowledge that Steve Gibson offers up each week in Security Now! but don’t want to keep their heads in the sand. Robb went on to say that he’s like his grandpa who doesn’t want to wear a seatbelt because he wants to be thrown clear in the event of an accident. I thought that was a perfect analogy because physics tells us that his grandpa will be far more likely to have his head driven through the windshield than being thrown clear, and in that same way Robb is far more likely to get hacked than he is to be safe because he kept his head in the sand.
Enough busting of Robb’s chops for this, but I couldn’t resist!
If you don’t wear a seatbelt you do indeed turn accidents that would otherwise cripple you into accidents that kill you, BUT, you turn accidents that would otherwise leave you mostly unharmed into accidents that cripple you, and, less severe accidents are MORE common than more severe accidents, so by trying to save yourself from a life in a wheel chair you actually make that outcome more likely!
You don’t need to know the ins and the outs and all the details about computer security, but you do need to know what the digital equivalent of a seatbelt is, and how you put in on!
Security Dumb Question:
Listener Arthur writes:
Hallo Allison, Lets see if this question qualifies: Apple released “Java for Mac OS X 10.6 Update 13″ yesterday. Is SnowLeopard to be considered as still supported and secure? Best regards, Arthur
The best answer I can give is “kinda”, or “maybe”, the simple fact is that Apple are not telling us.
Here are the facts:
- Java is just one small part of OS X 10.6
- There are thousands of un-patched security vulnerabilities in OS X 10.6 which is littered with out of date open source components, as well as out of date Apple software.
- So far, of all the thousands of un-pathched vulnerabilities on OS X 10.6, only one set has been heavily exploited in the wild, the Java ones.
- Apple have responded to the wide-spread Java attacks with patches for OS X10.6
These facts raise two important questions for me:
- Will Apple respond like this to all future OS X 10.6 problems?
- The Java problems affected all versions of OS X, not just 10.6, will Apple respond similarly to problems that only affect 10.6?
The answer to both is the same – we don’t know!
My conclusion based on the little we know is that OS X 10.6 support is in a limbo somewhere between no support at all and full support, where exactly it is in that spectrum is debatable, but I would say it’s closer to the “not supported” side than the “fully supported” side. Bottom line, I would not run 10.6 on any computer I was responsible for.
Important Security Updates:
- Adobe release critical security updates for all the usual suspects: Flash, Shockwave Flash (if you still have this obsolete tech installed, consider nuking it), and Reader & Acrobat (this one patched a Zero-day exploit so V-important).
- Mozilla release FireFox 19 (and matching updates to their other products) – http://www.intego.com/mac-security-blog/mozillas-firefox-19-patches-critical-flaws/
- Apple releases critical Java updated for OS X Lion & Mountain Lion (more on this later) – http://support.apple.com/kb/HT5666
Important Security News:
- The Zendesk support portal was hacked and personal data compromised. Zendesk powers support for many many major sites including Twitter, Tumblr and Pinterest – http://nakedsecurity.sophos.com/2013/02/22/zendesk-hack/. Zendesk’s statement titled “We’ve been hacked” is refreshingly honest, and serves as a good example for others to follow – http://www.zendesk.com/blog/weve-been-hacked
- Another iOS lock-screen by-pass vulnerability found, though it’s not easy to trigger – http://www.macworld.com/article/2028162/exploit-allows-contacts-photos-access-on-a-locked-iphone-5.html (Apple are working on a fix which is slated to be included in iOS 6.1.3 – http://arstechnica.com/apple/2013/02/ios-passcode-bug-slated-to-be-fixed-in-ios-6-1-3for-real-this-time/)
- FaceBook, Apple, Microsoft and others infected with Mac-targeted malware hosted on a hacked iOS developer website. The malware used Java to compromise the Macs (reason 1001 to get Java OUT of your browser), and is an example of a so-called “watering hole attack”, where attackers place their malware somewhere where the people they are interested in attacking regularly come – http://googleblog.blogspot.ca/2013/02/an-update-on-our-war-against-account.html. Apple acknowledged the hack, and released a Java update to patch the vulnerability used to infect the Macs – http://www.loopinsight.com/2013/02/19/apple-comments-on-hacker-attack/, http://nakedsecurity.sophos.com/2013/02/20/apple-patches-its-own-java-hole/. The site which unwittingly hosted the attack was NOT informed about the infection by Facebook or Apple, and only found out when the story broke in the media (a poor show by all companies involved) – http://arstechnica.com/security/2013/02/dev-site-behind-apple-facebook-hacks-didnt-know-it-was-booby-trapped/. In Microsoft, it was the MacBU that fell victim to the attack – http://nakedsecurity.sophos.com/2013/02/23/microsoft-malware-attack/
Interesting Security News:
- Jawbone accounts compromised, and personal info accessed – affected accounts have had their passwords reset – http://nakedsecurity.sophos.com/2013/02/13/jawbone-hack/
- McAfee accidentally revoke the key used to digitally sign their Mac software – http://arstechnica.com/security/2013/02/a-world-of-hurt-after-mcafee-mistakenly-revokes-key-for-signing-mac-apps/
- A new backdoor for OS X has been found, and is being called PintSized-A. The C&C servers have been sinkholed, so there is no immediate threat – http://www.intego.com/mac-security-blog/pint-sized-backdoor-for-os-x-discovered/ (some say this backdoor was dropped in the FaceBook/Apple/MS hack, but I have not seen confirmation of this)
- Attackers continue to use targeted Mac malware to go after Tibetan activists – http://www.intego.com/mac-security-blog/new-targeted-attack-on-tibetan-activists-using-os-x-discovered/
- ZDNet report that Google send personal data of every app purchaser on their play store to the developers without asking the purchaser’s permission – http://www.zdnet.com/google-play-privacy-slip-up-sends-app-buyers-personal-details-to-developers-7000011249/
- Google blogged an interesting updated on their on-going battle against account hijackers – http://googleblog.blogspot.ca/2013/02/an-update-on-our-war-against-account.html
- Oxford University briefly blocked access to Google Docs to protect against targeted phishing attempts hosted on the service – this is a very common problem, and IMO Google are too slow in responding to reports of abuse on their service – http://nakedsecurity.sophos.com/2013/02/21/oxford-university-blocks-google-docs-phishing-attacks/
- This week’s Security Now contains a fascinating interview with Brian Krebs, a leading security researcher who spends time in “the under web” as he calls it – http://www.grc.com/sn/sn-392.htm
Security Medium – There is no such thing as a Safe Website, even on a Mac!
I’ve been beating this drum for years, but I think it’s worth re-visiting this very important but under appreciated reality again this week because of some recent developments.
Three common ways this happens are as follows:
- Malicious code gets by the curators of an ad network, and all sites that display this malicious ad are now infecting their users – Any site that displays ads from an ad network is a potential risk – again, that’s the vast majority of popular sites on the internet!
- The site can be hacked, and malicious code subtly inserted into site in such a way that is it not visible (a 1px by 1px iFrame is a common technique) – unlike defacement attacks, the attackers are trying to go un-noticed, so website owners are often oblivious to the fact that their site has been compromised for days, or weeks, or even months – every site on the net is a risk for this kind of attack.
You often hear people say that you are safe online as long as you avoid the “dangerous” parts of the internet, or the “seedy” parts of the internet, by which they mean warez, gambling, and porn, this may have been true once upon a time, but is most certainly not true today. To underline this point, here are two very relevant recent news stories to add to the high-profile FaceBook, Apple & Microsoft hack:
- LATimes websites hosted malware for six weeks – http://krebsonsecurity.com/2013/02/exploit-sat-on-la-times-website-for-6-weeks/
- NBC.com briefly hosted (for a few hours) the RedKit exploit kit which attempted to infect visitors with dangerous banking crime ware – http://nakedsecurity.sophos.com/2013/02/22/nbc-website-hacked-and-distributes-malware/
Many Mac users are also labouring under the false impression that Macs are not being targeted by attackers – that was definitely true in the past, but it is not true today, and arguably hasn’t been true for a few years now. With this week’s news of Apple, Microsoft, and Facebook all being hacked by malware targeting Macs, we finally have the smoking gun that puts this question beyond debate. Anyone who still thinks Macs are not being targeted is now provably wrong.
If you are still not running AV on your Macs, or on the Macs belonging to family members which you look after, today is another one of those days when you need to stop, absorb the new facts, and re-evaluate the pros and the cons. Personally, my advice now is that all Mac users should be running AV. There is no need to pay a fortune for AV though, ClamXav is still a good free and resource-light option. Sophos also offer a free Mac AV product for home users (it is not free for commercial users). And, there are lots of paid AV products out there for the Mac, including offerings from big names like Norton & McAfee, and from Mac-specific companies like Intego.
Main Topic 1 – CVE Numbers
Last time I was on I mentioned CVE numbers in passing, but we were short on time so I didn’t elaborate, but I will now.
CVE stands for “Common Vulnerabilities and Exposures”, and is a public list of known IT security problems. The idea is that each known problem gets a unique CVE number so that it’s easier and clearer to talk about security problems. If there were no such thing as CVE numbers, we would have to describe the vulnerability each time we talk about it, and if we were talking about something like Flash that gets a lot of problems, it would be almost impossible to be clear in which exact problem we mean.
Withe CVE numbers there is no ambiguity. If you are reading about the dangers of a certain bug in a proper security article that cites the CVE number you don’t have to wonder whether or not a given patch does or does not address the bug, you just compare the CVE number in the article with the list of CVE numbers addressed by the patch, if they match, then both the article and the update are referring to the same bug.
CVE numbers are of the form CVE-YEAR-SEQUENCE_NUMBER, e.g. this week’s Flash update from Adobe fixes CVE-2013-0640, which is the 640th bug added to the CVE database this year. Note that 4 digits is becoming too few, so there is talk of increasing the number of digits after the – in future.
If you’re curious you can find out more at the CVE FAQ – http://cve.mitre.org/about/faqs.html.
Main Topic 2 – A Quick Photo Tip – Experiment with varying your focal length as well as your POV
I’ve often said that pixels, unlike film, are free, so you should experiment with lots of different takes on an interesting subject. Instinctively people think of shooting the same subject from lots of different angles, which is definitely important, but don’t stop there – experiment with different focal lengths too – the difference can be quite spectacular.
As an example, I came across a lovely statue in the formal gardens in front of Carton House a while ago, and spent about 20 minutes experimenting with different takes on it. BTW, the statue is of Mercury, the messenger to the Gods, you’ll notice he has a little scroll in his left hand. Anyway, I started by getting quite close with a fairly wide lens (30mm prime f/1.4 prime) to try put the statue into it’s larger context, using a wide aperture (f/2.5) to blur the background a little so that the statue did not get lost in it:
Then I got even closer to exaggerate the blur and allow the statue to take up almost the entire FOV without losing too much of the surrounding bigger context, and started to move around the statue trying different angles (pay particular attention to the middle image below, we’ll refer back to it later):
Having explored the statue from close and wide, I went to the other extreme, changed to my 55-200mm zoom, and walked back far enough to get the statue to fill the frame at 200mm, and again moved around the statue to try different angles. In both sets of images, the statue fills the same amount of the frame, but, the change in focal length has had a dramatic effect on the background, zooming it significantly. There is still a nice blur in the background, but this time it is not coming from a low focal ratio (all three shots were taken at f/5.6), but instead from the compression caused by the high focal length. Again, notice the second shot, it is take from the same angle as the second shot above, and it shows the same alcove in the wall, but notice the difference in scale:
(The middle image also shows the dangers of mergers – that distant electrical cable sure does look like a tail!)
Comparison of 30mm vs 200mm:
So – next time you’re out and about and experimenting, don’t forget to alter your DOF as well as your POV!
After Bart and I got off the phone, I drew myself a little diagram to see if I could figure out why the wide angle lens shows so much of the building but a narrow angle lens (200mm) actually zooms in on the building, even though the statue looks the same size. It actually makes sense to me, so I put it in the shownotes in case it helps it helps you too.
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of ScreenSteps and Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at email@example.com, follow me on twitter at @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.