Amazon Affiliate Link

Amazon logo to be clicked to go to Allison's affiliate link
From another country but still want to support the show via Amazon? Follow this link

Want to Help the show? Click here!
Amazon Affiliate, Donate,
Buy Logo Stuff & More

Past Episodes

#506 Preview Reduce File Size, Tobii, Black Box Biometrics, AmpStrip, Synaptics, Taming the Terminal Part 27b of n DNS

A better way to reduce file size in Preview with a tutorial at podfeet.com/blog/how-to-reduce-the-file-size-of-a-pdf-using-preview/. Interviews from CES: Tobii from tobii.com with assistive technology for people with communication an mobility disabilities, Black Box Biometrics shows us the Linx Impact Assessment to track head impacts in youth sports from b3inc.com, the AmpStrip heart sensor from Fitlinxx learn more at ampstrip.com and Synaptics talks about their touch screens and fingerprint scanners over at synaptics.com. in Chit Chat Across the Pond Bart and I talk about David Cameron’s brilliant plan to try to stop secure communications in Britain and we get into a heated debate on whether Google did the wrong thing exposing a vulnerability in Windows when Microsoft missed their deadline. Finally we get to do the second half of Taming the Terminal part 27 of n, all about DNS.


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday January 18, 2015 and this is show number 506. We have a MASSIVE show for you today. I’m going to start off with a cool tip I found on how to reduce file size in Preview (it’s not what you think), then we’ll plow through four more interviews from CES. By the way I’m skipping ones that either I didn’t think were that relevant or maybe they aren’t that interesting in audio only, but we’re posting all of Steve’s videos on Podfeet.com. Then in Chit Chat Across the Pond Bart and I talk about David Cameron’s brilliant plan to try to stop secure communications in Britain (note sarcasm) and we get into a heated debate on whether Google did the wrong thing exposing a vulnerability in Windows when Microsoft missed their deadline. We end as friends as always but definitely have different opinions on the matter. In Chit Chat Across the Pond we get to do the second half of Taming the Terminal part 27 of n, all about DNS. Finally we get to play with the terminal again! Ok, we’d better dig in!

Oh wait! one quick thing – I was on the Daily Tech News Show with Tom Merritt again this week – talking about Google Glass, dead or alive! link in the shownotes of course. NOW we can dig in!

Blog Posts

A Better Way to Reduce File Size in Preview

Tobii Technology’s Eye Tracking Could Help Mobility and Communications Impaired

Linx Impact Assessment Records Head Impacts for Youth Sports

AmpStrip Heart Sensor Uses an Adhesive Bandage for 7 Day Wear

Synaptics Finds New Excitement About Trackpads and Fingerprint Sensors

Clarify

I always thought I’d run out of cool stories to tell about how Clarify helps me, but I haven’t run out yet. This week I needed to get one bank to let me transfer funds electronically to another bank. You would think this was easy but when I followed what looked like logical steps, I ended up with a javascript error. I whipped open Clarify, took screenshots and annotated them showing what buttons I was pushing and sent it off to the bank representative.

She called me back and got another guy on the phone who walked me through a completely unintuitive path. I told him I might go just a smidge slower than he would hope, because I was going to take screenshots along the way.

Again I snapped away using just the standard Clarify keystroke as he told me what to do and the good news is it worked. The better news was after I got off the phone I was able to annotate THAT document with the buttons to push so I could give it to Steve so he could do it too.

Neither of these documents was a masterpiece filled with elegant step numbers or descriptions, but they were both really useful to helping me get on with my life. If you’d like to help yourself and others, check out the free trial of Clarify over at clarify-it.com.

Chit Chat Across the Pond

Security Medium

UK Prime Minister David Cameron Attacks Cryptography:

  • British PM David Cameron has exploited the Paris attacks to propose a ban on all encryption that does not have a back door for his government – https://nakedsecurity.sophos.com/2015/01/14/david-cameron-wants-to-ban-encrypted-apps-like-imessage-and-whatsapp/
  • RELATED – The Guardian newspaper in the UK reported on a secret US report that concludes that encryption is vital to protect private data – http://www.theguardian.com/us-news/2015/jan/15/-sp-secret-us-cybersecurity-report-encryption-protect-data-cameron-paris-attacks
  • RELATED – The NSA admits that pushing the use of the back-doored Dual_EC_DRBG encryption standard through NIST was a mistake – http://arstechnica.com/security/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/
  • Editorial (Bart): I’m strongly reminded of the old adage – “never let a good crisis go to waste” – Cameron wants a state where nothing is beyond government reach (a police state in other words), and the tragedy in Paris is the perfect excuse to strip UK citizens of the ability to secure themselves digitally. It is impossible to have security if you have a back door. Now, if the UK get a back door, you can rest assured other nations will want one too. So, if crypto with one back door is already unsafe, imagine crypto with hundreds of back doors! In effect, Cameron is proposing the outlawing of effective security. This is nothing less than an attempt to make it impossible for us to secure ourselves in a digital world, and it strikes me as a supreme irony that it is being marketed as a security measure. I’m reminded of attempts to do something similar in the US a decade or two ago. In the end, sanity won out, and proposals to mandate backdoors were dropped. Speaking of the US – I’m also reminded of the failed policy of treating crypto as a weapon, and banning it’s export. That export ban crippled the US tech industry for years, until the government saw sense and ended it. It seems to me that the Cameron is determined to repeat America’s mistakes, and worse, to try to actually follow through and make a mistake American narrowly avoided. What makes it even worse is that even if the British were given a back door into all communications, it wouldn’t achieve much. People have been sending secret messages over insecure channels for centuries – if you know the government can read your iMessages, then you simply use a code, and they are locked out again! I can’t think of an innocent interpretation of this policy – as I see it it’s either unacceptable technological ignorance (it’s 2015 for goodness sake!), or an attempt to create a police state. In his response to this news (http://daringfireball.net/linked/2015/01/12/cameron-privacy) John Gruber quoted the great American Benjamin Franklin, and I think it’s the perfect quote to end my thoughts with “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”

Google & Microsoft go to war, and Windows users are the victims:

Security Lite

Important Security Updates:

Important Security News:

Notable Breaches:

Suggested Reading:

Main Topic – DNS Part 2

Blog post: https://www.bartbusschots.ie/s/2015/01/10/taming-the-terminal-part-27-of-n-dns/

Correction from last week: DNS records for IPv6 addresses AAAA not AAA (thanks to the Richard Machida, Bert Yerke and others who spotted my mistake)

Summary:

The Domain Name System is a hierarchical naming scheme that allows names to be mapped to values of a number of different types using different types of DNS record:

  • A records map names to IPv4 addresses
  • AAAA records map names to IPv6 addresses
  • CNAME records map names to names (think of them like aliases)
  • MX records map names to the domain names of email servers
  • NS records map domain names to authoritative DNS servers

There are two types of DNS server, authoritative servers host the records for a domain, and DNS resolvers query the authoritative servers on behalf of clients. Some resolvers merely pass requests on to others, and these are known as stub resolvers. All resolvers, including the stub resolvers, cache the answers they receive. How long an answer may be cached is defined by the TTL (time to live) metadata provided by the authoritative server the record was retrieved from.

True DNS resolvers (not stubs) contain a list of the root DNS servers. The root serves ‘delegate’ responsibility for the different top-level-domains, or TLDs, to authoritative servers using NS records. More NS records are used to delegate control down the hierarchy. Resolvers follow this delegation chain until they find an authoritative server than can give them a definitive answer to their query.

Owners of a domain must host their collection of DNS records, or DNS zone, on an authoritative DNS server. Large organisations will often run their own authoritative DNS servers, but home users will tend to use either their domain registrar, or their web hosting provider’s authoritative DNS servers to host their DNS zone.

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

1 comment to #506 Preview Reduce File Size, Tobii, Black Box Biometrics, AmpStrip, Synaptics, Taming the Terminal Part 27b of n DNS

  • I can sort of see Marriott’s reasoning behind their WiFi blocking… I’m not saying that I particularly like that policy (as a user) but I can see why they would want to do it (as an administrator/business owner). If everybody and their dog brought in their own WiFi hotspot, it would seriously crowd the already overcrowded 2.4 GHz spectrum, blocking those people who are using Marriott’s own network and degrading their service, etc. Remember a couple WWDC’s ago when Steve Jobs was still with us, and he was doing a demo of something (iPhone? iPad? I forget which) and he was trying to use WiFi and his demos were failing spectacularly, and he eventually got so cheesed off that he started berating the audience for not shutting down their little MiFi hotspots? Yeah, like that.

    Also, I’m with Bart on the whole Google vs Microsoft thing. For them to go ahead and publish the vulnerability even though they knew full welll that MS was close to releasing a patch is just the height of crassitude. I agree with Bart that they should have granted them some leeway. If you have a kid and you enforce a 10 PM curfew, but the kid shows up at 10:10 or maybe even 10:15, I wouldn’t call them on the carpet for it — maybe there was a accident on the freeway that caused an unexpected traffic jam; maybe the clock that they were watching was off by a few minutes; etc. In other words I’d give them the benefit of the doubt. Now if they showed up at 10:30 or later then that’s different. Or maybe not. If my kid were generally a good kid (didn’t get into trouble, didn’t hang out with the wrong crowd, etc.) and they showed up at 10:15 or even 10:30 I might give them the benefit of the doubt – maybe they ran into their best friend and went out for coffee and got to talking, etc. I’d give them a warning (“I’m letting you off this once, just try and be careful next time, okay?”) but I would still give them the benefit of the doubt. On the other hand, if my kid were always getting into trouble, I might strictly enforce a 10 PM time limit, because if they show up late, then clearly they’re doing it just to spite me. I’ll be the first to admit that this is completely arbitrary. Still, Google’s releasing even though they KNEW that a fix was mere days away is, like I said, the height of crassitude.

    Also I am beginning to worry that Google is using their “de facto” status to usurp more power than should be concentrated in one company, e.g. their recent heavy handed actions like force-deprecating TLS, prioritizing HTTPS sites in search results, etc. Sort of like Emperor Palpatine, machinating behind the shadows, giving himself special emergency powers to stop the Separatist Wars (which by the way he started himself in secret) but keeping those powers even after the wars have settled down, etc… until one day, all of a sudden one day, he kills all the Jedi, turns the Republic into an Empire, and elects himself the Emperor.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>