Reminder to opt in to the NosillaCast News to get the shownotes fed to you every week via email at NosillaCast News Signup Page, my maudlin and sentimental look back at 10 years of podcasting and what it’s meant to me, Kevin from Connecticut reviews eM Client which allows him to check iCloud email on Windows, and Ken Knight reviews the Zoom IQ5 Microphone for iPhone. My Dumb question this week was about Clarify 2, and I do experiments to prove that your PDF output won’t be huge if you let Clarify scale your images. In Chit Chat Across the Pond Bart walks us through how to run xkpasswd locally and then how to modify it using scripting, and finally how to create an Automator Service which we can run from any application to generate secure passwords on the fly.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday August 17, 2014 and this is show number 484. This week I had a lot of fun getting to be on the Daily Tech News Show again with Tom Merritt. I had a blast talking to him again as always but I must say I felt a TEENY bit guilty because in order to be on the show, I wasn’t able to help pick up Devon and Maryanne from New Zealand at the airport. You may remember Maryanne, she’s the professor who told us about induced memories in Chit Chat Across the Pond a little while ago. They’d just had a 14 hour plane flight but I still chose Tom’s show over picking them up. Am I a bad person?
Every once in a while I like to remind you guys of some things you may not realize I do that are available to you. Did you know about the NosillaCast News? This is a newsletter that comes out every time a new episode goes up that hand delivers all of the links to you. I wondered whether folks would really like it, but I looked at the statistics on how many people open it. I have read that a hugely successful newsletter gets something like 5-10% open rates. The NosillaCast News is opened more than 50% of the time!
Every once in a while I use the NosillaCast News as a way to communicate something cool (like a prize drawing) or something catastrophic, like to be able to tell folks why the website is down or something like that. Luckily the first happens more than the second but I really like having a way to communicate directly with you guys if something does go wrong.
One of the cool things about the NosillaCast News is that it’s opt IN, and super easy to get out if it’s not your cup of tea. If you think it sounds helpful, go to podfeet.com and tap the tab in the menu bar that says NosillaCast News Signup Page.
I got an anonymous Dumb Question this week about Clarify 2 and I thought maybe others would be interested in the answer. Anonymous wrote:
I would like to import screenshots of my ipad into Clarify and then create my annotated pdf in Clarify. But I am worried about the final product being too large a file. So, my simple question is this: What is the ideal size to import these screenshot images into Clarify so that my final pdf (filled with these annotated screenshots) is nice looking but not huge?
I searched the Clarify support documents and didn’t find an answer to her question, and I knew I could write to the Clarify folks and find out but I thought an experiment would be more fun.
I opened a blank Clarify document, and took a screenshot of my entire 27” cinema display. I exported to PDF with no annotations or other text, and the resulting PDF was 700KB. The same screenshot simply saved to disk was about 900KB so they’re doing a wee bit of compression even without shrinking the image size.
Step 2 – I set the Document Properties to auto-scale images to 300px across
I then took the same full screenshot, and Clarify auto-scaled it to 300px across for me. Exported to PDF and now the file is only 30KB! woohoo, looks like they really do shrink it, not some sort of metadata applied with the real (giant) image still in there.
I often forget to set the auto-scale image on the entire document ahead of time, so I thought I should also check what happens if you take the screenshot and import it to Clarify huge, and scale it after the fact (which you can do by right clicking on the image and choosing Resize Image).
When I did that third experiment it also was about 30KB in the final PDF.
If you’d like to set a default so you don’t have to remember to resize, you can do that in the General Preferences. Note that it says your original image size is stored, so your Clarify document might get huge with a lot of giant images, but at least your PDF will be manageable.
If you’d like to get a copy of Clarify 2 before the NosillaCastaways discount expires, be sure to go to clarify-it.com and enter coupon code xxxxx to get 25% off. This code expires on September 1st so hop on it!
Chit Chat Across the Pond – 20:33
Important Security Updates:
- Last Tuesday was patch Tuesday, there were updates from Microsoft (Windows, One Note & more) & Adobe (Reader, Acroabat, Flash & AIR): http://krebsonsecurity.com/2014/08/adobe-microsoft-push-critical-security-fixes-5/
- Apple patch a number critical security holes in Safari 6 and 7 on OS X 10.7, 10.8 & 10.9 – http://support.apple.com/kb/HT6367
Important Security News:
- Synolock randsomeware attacking un-patched Synology NAS boxes – if you own one, patch it ASAP! – http://www.macobserver.com/tmo/article/synology-nas-products-hit-with-synolock-ransomware
- A lot of places reported this story poorly (no, the internet is not full!), so I’d like to try explain it properly – The internet did some serious creaking and groaning on Tuesday with some sites going off the air for a while, or becoming very slow. The cause was the internet’s routing table briefly peeking above the 512k limit many older internet routers have. Every block of IP addresses given to an organisation creates a new route, effectively saying “these addresses are that-a-way”. Before IPv4 addressees started to become scarce, the blocks allocated were big, so the number of routes needed was relatively small. As we run out of IPv4 addresses we’re starting to break the space into ever smaller chunks, needing ever more rules to route. Instead of one rule saying a few millions addresses are that-a-way, there are thousands of rules saying a few thousand addresses are one way, another few thousand another way, and so on. This week’s outages don’t seem to have been caused by any sort of attack, but the outages do highlight a pinch-point attackers could target in future – since we’re close to the limit, an attacker would’ t need to get too many spurious rules into the routing table to cause mayhem – http://arstechnica.com/security/2014/08/internet-routers-hitting-512k-limit-some-become-unreliable/
- HP Researchers warn that the nascent ‘internet of things’ is a real security wild-west – tread with care! (consider a separate wifi network for all this IOT stuff) – http://nakedsecurity.sophos.com/2014/08/05/hp-finds-that-internet-of-things-gadgets-are-sitting-ducks/
- Teen finds major flaw in PayPal 2 Factor Auth – effectively rendering it useless – PayPal are working to fix the problem – http://arstechnica.com/security/2014/08/paypal-2fa-is-easily-bypassed-teenage-white-hat-hacker-says/
- Security researchers crack crypto locker allowing victims to recover their data for free – http://arstechnica.com/security/2014/08/whitehats-recover-victims-keys-to-cryptolocker-ransomware/
- Google begin to support accented characters in email addresses, and, immediately need to introduce filters to deal with a very dangerous new kind of spam that uses look-a-like characters to take phishing up a notch: http://nakedsecurity.sophos.com/2014/08/13/gmail-introduces-filters-for-non-latin-characters-weeding-out-more-phishing-emails/
- Google also adds warnings to Chrome Browser when apps try to change your default search and install toolbars and stuff like that – http://nakedsecurity.sophos.com/2014/08/15/google-adds-deceptive-software-warnings-to-safe-browsing-service/
- IE to join with other browsers and start blocking out-of-date plugins – initially just Java, but now that the technology is in place it seems reasonable to assume they’ll start blocking more as time goes on – http://nakedsecurity.sophos.com/2014/08/08/microsoft-brings-internet-explorers-security-into-the-21st-century/
- Google incentivise a shift to HTTPS all the time by rewarding HTTPS support in their page ranking algorithms – on the fence about moving your site to HTTPS, now you have a really good reason to (free non-commercial certs at www.startssl.com) – http://arstechnica.com/security/2014/08/in-major-shift-google-boosts-search-rankings-of-https-protected-sites/
- Reputable security research reports that a Russian gang have a cache of a billion stolen internet credentials – http://arstechnica.com/security/2014/08/report-shadowy-russian-hacker-group-now-has-1-2b-usernames-passwords/
- RELATED – Brian Krebs explains what we know and what we don’t in a well-written Q&A post – http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/
- Two major US supermarket chains announce they have been breached (including SuperValu, Albertsons, Jewel-Osco and a bunch more subsidiaries) – http://arstechnica.com/security/2014/08/grocery-shoppers-nationwide-probably-had-credit-card-data-stolen/
- RELATED – Brian Krebs posts interesting Q&A on why breaches like this happen – http://krebsonsecurity.com/2014/08/why-so-many-card-breaches-a-qa/
- DefCon talk reveals that there are a lot of people running VNC but not securing it – leaving critical systems wide open to the internet: http://nakedsecurity.sophos.com/2014/08/15/thousands-of-computers-open-to-eavesdropping-and-hijacking/
- WordHound cracking tool capitalises on the fact that “People are influenced greatly by their environment when choosing a password” – yet another reason to use a password generator rather than trying to think up your own passwords – http://arstechnica.com/security/2014/08/meet-wordhound-the-tool-that-puts-a-personal-touch-on-password-cracking/
- A good article on Intego’s Security blog explaining why jailbreaking your phone seriously reduces your security – http://www.intego.com/mac-security-blog/dont-jailbreak-your-iphone-if-you-want-to-stop-government-spyware/
- An intersting article on the Naked Security blog reports on what Honey Pots are telling researchers about modern botnets (in one week, a single infected computer can send as many as 5.5 million spam emails!) – http://nakedsecurity.sophos.com/2014/08/05/how-to-send-5-million-spam-emails/
- The BlackPhone does a lot better at DefCon than some reports would have you believe – http://arstechnica.com/security/2014/08/blackphone-goes-to-def-con-and-gets-hacked-sort-of/
- Thousands of wordpress blogs vulnerable because they are running out of date versions of the Custom Contacts Form plugin – http://arstechnica.com/security/2014/08/critical-wordpress-plugin-bug-affects-hundreds-of-thousands-of-sites/
- Yahoo announce they will implement PGP encryption on Yahoo! Mail later this year – http://arstechnica.com/security/2014/08/yahoo-to-begin-offering-pgp-encryption-support-in-yahoo-mail-service/
- Cool new site shows DDoS attacks in real time on a map – http://map.ipviking.com/
Main Topic – Using the XKPasswd 2 Perl Module
Following on from last time we first create simple script for generating passwords from the Terminal: https://www.bartbusschots.ie/s/2014/08/16/xkpassws-2-absolute-beginners-guide/
Then we move on to convert that script into an OS X Service so we can generate passwords purely from the GUI – https://www.bartbusschots.ie/s/2014/08/16/xkpasswd-2-service-with-automator/
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at email@example.com, follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.