Would you believe I actually like the Nokia 635 Windows 8.1 Phone for only $92 off contract? Charles Gousha comes on with a second vote for the Jabra Sport+ Bluetooth earbuds, and I come back with a positive review of the $38 Avantree Jogger Sports Bluetooth headphones. Last time with Bart he taught us how to create an Automator action to create passwords with his xkpasswd tool, this week he shows us how to make it play a sound when it’s done creating the password and saving it to the clipboard.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday August 31, 2014 and this is show number 486. Steve and I had a blast this week. We went on a great trip to Kings Canyon and Sequoia National Parks with “The Professors”, Maryanne of induced memory fame and her partner Devon. We were really out in the wooded mountains, which meant that for five days we had no cell service at all, and virtually no internet service. I say “virtually” because the rustic hotel right on the south fork river in Cedar Grove had sort of fake Internet. Around 6-7 am, the porthole to the real world would open up long enough to squeak in a few text messages, and maybe an email or two and then close up. We decided that we’d suffer along with this and go for hikes in the meadows with giant cliff mountains surrounding us, listen to the birds chattering away and sit with our feet in a cold stream at the end of the day. It was horrible.
Luckily I’d done some work ahead of time and with some help from my friends, we still have a great show for you.
You know what I love? When normal people in normal conversation talk about Clarify with me. I guess I’m stretching it calling Dr. Garry, our memory expert, a normal person, but work with me here. We’re traveling down the highway and she asks me how to do something on the Mac or iOS, and she stops me as soon as I start telling her the answer. She says, “Oh just make a Clarify document for me, will you?” It was awesome. I think for a lot of people, or at least the circles within which I run, immediately think of Clarify when they want to know how to do something. Whether you use it to help your family, your friends, your co-workers, your boss, or heck even to help you remember things for yourself, Clarify is awesome. There really is nothing else in the market that competes with Clarify for making a series of screenshots with text and annotations to clarify instructions for you. Check it out at clarify-it.com.
Chit Chat Across the Pond
Preamble – correction regarding slow boot times comments we made about Bob Correa’s problem with his MacBook Pro with a spinning hard drive replacing his SSD. We said that was the problem but in reality he hadn’t told the machine to look for the new disk for an OS for boot up, so once he got that sorted he was down to the normal slowness of an HDD.
Important Security Updates:
- Microsoft had to pull one of it’s updates from last patch Tuesday after it caused some machines to BSOD. The problem was recoverable, but the steps to recover were cumbersome – http://nakedsecurity.sophos.com/2014/08/18/microsoft-pulls-patch-tuesday-kernel-update-ms14-045-can-cause-blue-screen-of-death/. Microsoft released and updated to the update on the 27th of August – http://support.microsoft.com/kb/2993651/%5BEN%5D
Important Security News:
- Yet another reason not to buy routers with WPS on all the time (like Apple’s Airport series) – a researcher finds another WPS bug that allows some routers be taken over in ONE SECOND (it’s not clear what models are an are not affected) – http://arstechnica.com/security/2014/08/offline-attack-shows-wi-fi-routers-still-vulnerable/
- Community Health Systems (SW USA) lose medical records of 4.5 million patients as a result of a hack by Chinese cyber-criminals – http://arstechnica.com/security/2014/08/hackers-steal-records-on-4-5-million-patients-from-healthcare-system/
- US Postal Service say 51 of their stores were infected with credit card stealing malware – http://nakedsecurity.sophos.com/2014/08/22/the-ups-store-breach-what-went-wrong-and-what-ups-got-right/
- Mozilla lose nearly 100K of email addresses and passwords through a breach of their their Bugzilla bug tracker – http://nakedsecurity.sophos.com/2014/08/29/97000-bugzilla-email-addresses-and-passwords-exposed-in-another-mozilla-leak/
- * Pew research quantifies the stifling effect of surveillance – people no longer feel comfortable discussing topics like Edward Snowden on social media, but have no problem doing so off-line – http://nakedsecurity.sophos.com/2014/08/27/social-media-users-dont-like-discussing-snowden-and-surveillance-online/
- * New website launched to shame apps and sites that fail to use HTTPS when needed for security, sad to see big names like Mashable, OKCupid, Apple, and Nvidia on the list, as well as security products like GPG4Win- http://httpshaming.tumblr.com/
- * An interesting article from Naked Security detailing the five most common excuses for doing nothing about computer security, and why they are wrong – http://nakedsecurity.sophos.com/2014/08/20/5-excuses-for-doing-nothing-about-computer-security/
- * “we need to talk about email” – a thought provoking article from Naked Security I recommend everyone read – http://nakedsecurity.sophos.com/2014/08/22/we-need-to-talk-about-email/
- Researchers find that it’s trivially easy to hack traffic lights, a great way to cause chaos and perhaps death – http://arstechnica.com/security/2014/08/researchers-find-its-terrifyingly-easy-to-hack-traffic-lights/
- Researchers reveal a new kind of attack called UI inference, allowing a background app to infer enough information to be dangerous about foreground apps simply by watching OS events and interacting with the app through OS APIs. By carefully timing the interactions they won’t be visible to the user. The talk demoed the technique working on Android, but, they claim it could work on Windows, OS X and iOS – http://arstechnica.com/security/2014/08/android-attack-improves-timing-allows-data-theft/
- The recent spate of POS malware has hit over 1,000 US companies – http://arstechnica.com/security/2014/08/point-of-sale-malware-has-now-infected-over-1000-companies-in-us/
- Lizard Squad hacker group target Sony with both a digital and physical DOS simultaneously – http://nakedsecurity.sophos.com/2014/08/26/lizard-squad-hackers-force-psn-offline-and-sony-exec-from-the-sky/
- JPMporgan and other banks hacked – FBI investigating – attacks were sophisticated, and attackers ‘played the long game’ – http://arstechnica.com/security/2014/08/the-long-game-how-hackers-spent-months-pulling-bank-data-from-jpmorgan/
- Only 50% of servers patched against Heartbleed – http://arstechnica.com/security/2014/08/heartbleed-is-the-gift-that-keeps-on-giving-as-servers-remain-unpatched/
- Bizarre Google translate behaviour leads some to wonder whether the service was being used to send coded messages – http://krebsonsecurity.com/2014/08/lorem-ipsum-of-good-evil-google-china/
Main Topic 1 – Quick Followup – getting feedback from Automator
Last time I was on we looked at creating an automator action for generating secure memorable passwords with the new XKPasswd 2 library. I mentioned that Automator is lacking in the feedback department because it doesn’t easily let you create a notification that your workflow is done. I said I worked around that by installing Growl (which is still the best solution IMO), but Allison didn’t want to go that route, and suggested it would be nice if it just played a sound. I now have two alternatives to suggest:
1) listener David Quattlebaum suggested a little terminal command he’s written that uses Apple Script under the hood to create a popup of your choosing. You can download it from his GitHub page: https://github.com/drq883/popup
2) I found a way to make Automator play a sound: https://www.bartbusschots.ie/s/2014/08/30/play-a-sound-in-automator/
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at firstname.lastname@example.org, follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.