#226 Leo hypocrisy, Nano Video Review, qStatus, Web Servers Explained

I’m getting ready for Blogworld Expo – even using Keynote. In Dumb Question Corner we talk about how text expansion programs actually work and explain what a plist actually is. I call Leo on the carpet for being a hypocrite including audio clips of him to prove my point. Rose returns with a review of the video capability on the new iPod Nano, and Evan returns with a review of qStatus from Gx5 at gx-5.com. Research assistant Niraj buys a Honda with Honda Bob’s help. In Chit Chat Across the Pond Bart gives us a follow up on Net Newswire and then explains exactly what a web server is and what the components are and how they all work together.

Listen to the Podcast Once (1hr 29 min)

Today is Sunday October 4th, 2009 and this is show number 226. Well I’m gearing up for the BlogWorld Expo in Vegas in a week and a half, getting really excited about the trip. So glad Steve is joining me, that will make it even more fun. Can’t wait to see all my podcast cronies there and it looks like some NosillaCast fans will be there too. So I figured it’s about time i got serious about the session I’m teaching on beginning podcasting. You know how I feel about PowerPoint so you know I’m not going to use that. I’m a big believer in that you can do most stuff in a wiki so I made an outline in pbwiki (now called pbworks but I just can’t seem to get the hang of that name). After working on it for several hours, putting in bullet points and images of the tools and hardware i was going to tell people about I sat back and thought, “man, that looks like crap.”

So I walked away from it and just ignored it for a few weeks hoping for some inspiration. then I was watching a podcast called the Real Deal with Tom Merritt and Rafe Needleman, which is a great show, two of my favorite CNET hosts, and they had on the show Carmine Gallo who has written a book called “The Presentation Secrets of Steve Jobs”. He talked about what makes him such an extraordinary speaker. now of course I can’t hope to rise to his level, but Carmine did talk about some of Steve’s techniques with Keynote – and that’s how few words he puts on his charts.

I’ve never really gotten comfortable with Keynote, but I decided to give it a try. At first I got really frustrated because it didn’t matter what theme I picked, I got white letters embossed on a white background. I was furious and declared it a fail in Twitter and went outside to play. Of course when i came back, I had a lot of help from Twitter – especially from @MacFindHer who sent me a link to an article talking about this very problem, and that the solution was to download the new Snow Leopard-friendly version of Keynote ’08, aka version 4. I did the download and thanks to MacFindHer I finally got started. Check out her site at macfindher.com, a site with a great attitude about women in tech – a woman after my own heart.

Now I’ve taken my entire speech and put it in picture book form. Most of it I think will work really well – who wants to read bullets of what I’m saying? How about a stunning graphic in the background while they actually listen to me and watch my enthusiasm for the subject? I don’t need cliff notes, show me an image of the Feeder logo and I know exactly what I want to tell them – why it helps me do my show and how. I think this can only work when you know your material cold. I have the great advantage of having done Podcasting on Podcasting as the basis for the show, so I can tell them they don’t even have to take notes because they can go back and review the material later from my site.

Now the one tricky bit is after I go through all these apps and hardware tools, it would be nice if they had the url’s so I made the last few pages into a link farm, and also gave them the prices of the stuff I recommended. I’m really having a ball with the whole process and I think I’ll have a much better presentation when I’m done. I don’t think the charts stand alone very well but I’ll probably put them up online anyway so the attendees (and you) can get to them to get at all those links.

Dumb Question Corner
======insert music=========

How do text expansion programs actually work?
Dan Eickmeier has an interesting question about text expanding programs.

Hi Allison, an app which i’ve heard a lot about on mainstream mac podcasts like yours, is text expander from smileonmymac.com. However, being a voiceover user, due to being totally blind, I don’t really get the premise, and idea of how this app would work. I know that you can set up abbreviations for things which you commonly type, and then when you type those, you’ll get the full words. Or at least that’s my impression of it. My-thought is that these would activate when you’re just normally typing away in an email, in a pages document, etc. Am I wrong on that? Is it a case of hitting a hot key sequence to bring up text expander, and then typing one of the snippets which I’ve set up? Do I have the right idea here? It sounds cool, but could never really get an idea on the premise of this app, and exactly how it worked. Haven’t tried it, so not even sure if it is accessible with Voiceover. If you could explain it in your next podcast, I’d appreciate that, as i’m kind of lost as to how this app actually works. You may think it’s dumb that I don’t get it, but I seriously don’t. Some explanation to clear the mud, would be appreciated. Thanks, and good podcast as usual. Keep it up.

You’ve hit the perfect sweet spot of the dumb question – something that escapes your understanding, and you feel dumb asking but which I guarantee someone else has the same confusion. I’m lucky in that I have a lot of blind listeners, so that increases the chances someone else has your question too, but I bet there are those who are sighted who have the same confusion.

So here’s the way it works – you don’t have to launch Typinator or Text Expander to make the abbreviations work. What you DO want to do is make your keystrokes be something you would never type in regular writing. For example, I’ve always been at a loss for when to use a semicolon, so I end all of my keystrokes with the semicolon. That way I know I would never accidentally trigger it. Other people use double leading letters – like to insert the date, they might write ddate.

One of the apps I used to use would show you on screen that you had triggered an abbreviation (which of course wouldn’t help you at all) and then you could choose whether to accept it or not.

I don’t know whether Typinator or TextExpander support Voiceover but I can ask! Typinator does make a sound when it’s executed. For example, I set up the letters s l and a semicolon to mean Snow Leopard, and when I type the abbreviation it makes a very pleasant click noise to let me know that I’ve executed it properly. Typinator also has a built in dictionary of commonly misspelled words, and when it fixes a typo for you it makes a funny honk sound. By the way, these noises drive Steve nuts, so I enjoy them even more. You can choose what noises you have play when different things are triggered.

this was an EXCELLENT question! I’ll let you know if I can figure out if either or both tools are accessible.

What’s a plist?
Next up is a question from Pierre Bourgeois:

Allison – On many podcasts, including yours, mention is made of deleting «plist files» as part of troubleshooting. Following a recent Google search to fix a problem I was having with a printer, I followed the instructions provided and deleted some plist files. This did indeed seemed to fix the problem. But, I still do not know what a plist file is nor what it does. Could you provide us newbie nerds with some insight on this? Best Regards, Pierre

Good question, Pierre, plist stands for Property List and it’s a place that Mac OSX Cocoa and also NeXTSTEP and GNUstep programming frameworks use to store serialized objects. Ok, that’s what wikipedia says a plist file is. Put in signficantly simpler terms, a plist is a file that is created by an application to store user settings. They may contain more than user settings but at the very least they do that. Let’s say you’re an Excel fanatic like me, and you enjoy micromanaging the menu icons in the toolbar. You go into the customize toolbar and then drag out those silly ones for cut and paste and instead put in the one for set print area (which you need all the time and for which there’s no handy keystroke.) If you then go into your user account’s Library folder, select the Preferences folder in there, and then do a search on Excel, you’ll find in another sub folder for Microsoft a file called com.microsoft.Excel.prefs.plist. If you delete that file from that prefs folder, and you reopen Excel, all those menu bar changes will be gone.

It appears to me that developers have a lot of freedom of what to keep in the plist file – in some cases you can trash it (because for some reason they DO get boogered, as did your printer plist file) and there’s no ill effects. In my Excel example I’d be pretty cranky if I had o throw that away. Just this week I realized I’d lost my Pro key for Quicktime 7, and when I called Apple they told me I could drag my .plist file over from my Leopard backup and into my Snow Leopard install (in the preferences folder) and I’d be up and running and they were right. So glad I never had to trash that one!

It’s a very nice little diagnostic step to keep in your toolbelt – if an app starts acting hinky, just drag the plist out of the preferences folder (and there might be more than one so use spotlight to find them) and onto your desktop and see if the hinkiness goes away AND see if you lose anything you really needed. once it’s up and running properly you can toss that bad boy in the trash.

This is one of the few things that I realize makes the Mac as weird and mysterious as Windows. Whenever I’m about to scoff at someone for things like changing the bios settings or deleting dlls, I realize the Mac is weird and geeky too so I keep my mouth shut about it!

When god’s have feet of clay
This next segment is going to be very hard for me. When I was in high school someone I idolized turned out to have flaws like any human and I remember my mother quoting from the Bible that you’ll find your false Gods have feet of clay. I don’t mean to wax religious and that’s not what this is about – it’s about idolizing someone and then finding flaws and how sad that is.

the subject of my sadness is Leo Laporte. I adore Leo. I’ve met him several times and found him to be charming and genuine and caring about people. He’s funny and entertaining and great with people who have lesser geekery skills. I listen to TWIT, his radio show, MacBreak weekly and even Windows Weekly. I look forward to every episode.

But there’s one thing about which I’m highly intolerant and that’s hypocrisy. Leo has gotten into a mode lately that I see as hypocritical and to illustrate my point I’m going to play a couple of sound clips from his radio show. I know, you’re thinking “here’s another Apple Fan Girl angry that Leo said something mean about her precious Apple.” I did think long and hard about this before bringing it up because I wanted to soul search to see if that’s what bothered me. I have decided that I’m actually ok with the fact that he doesn’t see value in Snow Leopard, that’s not the part that bothers me.

What bothers me is that he blames other people for what he actually did himself. Let me start with a clip from his radio show episode 589 which aired on Saturday August 22nd, six days before Snow Leopard was released:

===insert 03_leo_ep589_good_snow=======

So Leo is a member of the media as he reports Tech news. he sometimes tries to disassociate himself from the media but that’s exactly what media is, isn’t it? In some small way I would suggest I’m a member of the media even, if you squint at it. So as a member of the media, in this clip he was not quoting anyone but Apple. He talked about how Apple was downplaying it as a very minor update but that Apple has put all these wonderful goodies under the hood. Note that everything he lists in his description of how wonderful it will be were actually delivered in Snow Leopard. Remember also in that clip he says “people will look at it and say, well this looks exactly the same”.

Ok, now let’s fast forward to episode 591 which aired on Sunday August 29th, the day after Snow Leopard was released. Here’s just one clip of his many diatribes about Snow Leopard:

======insert 04_leo_591_snojob========

So he’s angry with David Pogue and Walter Mossberg for saying that Snow Leopard does all these wonderful things, he accuses them of being “Apple Journalists”. Here he says “there’s supposedly changes under the hood” and “it looks exactly the same”. I’m sorry, isn’t that exactly what he breathlessly reported just before it was released? He said it had changes under the hood but it would look essentially the same. This makes me CRAZY. Again, while I’d sure enjoy hearing him gush over Snow Leopard, it’s the hypocrisy of his diatribe that gets under my skin. How dare he accuse Pogue and Mossberg of precisely what he did himself? Grr….

Ok, I tried to move on. I tried forgiveness. I tried letting those wounds heal (which was hard since he kept on this diatribe for every show he does). But I had moved on. But then he did another hypocritical thing that he’s done many times before but this time I’m just having trouble moving on.

A few weeks later on his radio show, he had a guy on who had a Windows PC that was reporting that it wasn’t a valid license, and then he’d try to validate it, and it would say he was valid, and around he went on that circle. Leo bemoaned all copy protection and how it just makes life impossible for the law abiding folks and doesn’t stop the real criminals. I’m with him 100% on this. Then on episode 594 from September 6th he was talking to Caroline who was trying to rip some DVDs she’d purchased so she could watch them on her iPod. This is a constant aggravation to many of us where we legitimately bought our media and just want to watch it in a different form. Let’s listen to what he says:

===insert 01_leo_your_a_criminal=========

I’m with him 100% again. He’s against copy protection because it keeps you from doing such normal things. But here’s where he made my blood boil. this is the same conversation, still talking to Caroline, where he’s talking about issues she may have running Tiger and how newer software may not work for her.

======insert 02_leo_sl_for_30dollars========

Can you believe this? Here’s a company that gives you a good affordable price on their product, they put no DRM on it to prevent you from misbehaving, so he tells her that she can disobey the terms of service!!! I know he technically didn’t tell her to disobey, but he certainly encouraged it, and made that snarky little, “Apple’s not going to like me for this” comment – well guess what Leo, I don’t like you for this! I don’t want Apple to start putting crapola on our software so that you have to jump through hoops to do legitimate things! I don’t want the five user license for the family pack to suddenly have protection that stops me from putting it on a machine after I wipe the disk clean to start over and makes me have to do an annoying call to customer support to beg for help! I want to encourage everyone to obey the terms of service, treat them with the respect Apple has shown US by not putting DRM on their software. Every time I think of this I get so mad I could spit. Shame on you, Leo.

Rose reviews the new iPod Nano
Ok, I’m going to try and calm down while we listen to another delightful review from Rose from Australia (follow her on Twitter @ozrose btw, she’s hilarious!)

====insert Rose 5 minutes========

Well Rose your review is, as always informative and different. I love the way you’d try things, stop the recording and come back to tell us what didn’t work. I did some sleuthing on the interwebs to try and find your Posterous blog since you so carefully teased us with it, and I was successful. Rose’s videos
ozrose.posterous.com.

I’m very curious why the .mac gallery didn’t work, but I do have an easy, free option on how to get a screen shot from a video. Download VLC (Video LAN Client) from videolan.org for Mac, Linux, BeOS, and even Syllable (never heard of that OS – MUST load on Virtualbox, don’t you think?). So open the video in VLC, and drag the slider to the frame you want to capture and choose Snapshot from the video menu! As they say in France, Le Voilá! Thanks again Rose for a great review…now maybe I need one…you know it DOES have the FM radio so I could listen to All My Children at the gym…wait, did i say that out loud?

ScreenSteps
This week I needed to demonstrate how to do something on the Mac but I needed to use the tutorial on Windows. That was an easy thing to do because ScreenSteps is cross platform. I whipped it open took screenshots, annotated them with arrows and sequence numbers and bright red boxes, then I wrote text to explain each step and why you need to do it. When I was done, I exported the file out as a ScreenSteps package file and mailed it to myself on my Windows box on another network. Then I could easily import the file into ScreenSteps on the PC and keep working and editing at my leisure. Any typos I needed to fix were easily done, adding more text to clarify the points, with my happy Mac screenshots in the file. I exported to html, posted the file on a website and I had happy customers. I love that ScreenSteps is cross platform, I love that it has one of the best screen capture utilities around (especially taking timed screenshots of menus) and my customers love that I give them easy to understand tutorials. It’s all good! If you’d like some of this yummy goodness, head on over to screensteps.com and download the free trial for Mac or Windows and then when you realize you need to own it for more than 30 days, be sure to use the coupon code NOSILLA for 25% off the purchase price of the Standard or Pro version.

Evan on qStatus
====insert qStatus Review=======

Hello allison and Nosillacast listeners. This is Evan From Colorado coming to you with another review of a great iPhone app. This weeks app is qStatus from Gx5 (iTunes store link).

qStatus is a little app that does one thing, and does it well. It is used to update your twitter and facebook accounts simultaneously. And of course you can update them both, or one or the other independently.

After downloading the app you open it and right away get a pop up indicating that you need to setup your accounts for both twitter and facebook. Tap “Setup” and you are thrown into the settings for the app. From here you can setup both your twitter and your facebook accounts using the appropriate user name and password.

After you enter your credentials for the two services you tap done and you are presented with a simple interface. There is pretty much the place you type your message in and your facebook profile picture by default. Although you can change this if you like.

Below the message field there are several buttons. You see the words “Twitter” and “Facebook” with either a checkmark, or an “X” next to them. If you see a checkbox that means when you send your update that service will be updated. If you see an “X” that means it will not be. You can tap on the name of the service to change it from a Check to an “X” and therefor you are choosing which ones to update.

Below that you will see a music note icon. Tap that and it will figure out which song you are listening to right now on your iPhone and enter the message “I am listening to”…and then the name of the song. Along with an iTunes link. I have not tried this with podcasts but I assume it will do the same thing.

To the right of the music button is a little camera icon. As you can imagine you tap this and it brings up your camera, allowing you to snap a picture, the link to which is put in your message.

To the Right of the camera icon you see the “Menu” icon. Tap this and you get a menu on screen with several options. “Settings”, which allows you to change the settings. “Dedicate current song”, which opens the mail app on your phone and puts the same information about what you are listening to and the iTunes link in a blank email to send to someone with the subject line: “Dedicating this song to you”
The next option in the menu is “Add photo from library”, which doesn’t need much explanation. Why this wasn’t put under the camera icon I am not sure, but if you want to choose a photo from your library this is where you find it. The last option in the menu is “Cancel”, which again, I feel requires little explanation.

Lets explore the “Settings” option a bit more. Tap it and you are presented with the same menu you saw before when you were entering account credentials. And you can go in ad change those if you would like. Below that is the option to pick a different username and password for services like twitpic, and twitvid.

There is also the options to change the sound your phone makes when you update your status. Change the background which you see on the main qStatus screen. There is also the option here to pick which profile picture you see on the main screen as well, you can pick between your Facebook, or your Twitter profile picture.

The only other things in the settings menu are “About”, which just gives some information about qStatus, and “Help” which when you tap it puts you into mobile Safari and onto the qStatus help page.

qStatus does not serve as a means of reading yours or other peoples updates, and therefor is not a twitter client. It is simply an easy and lightweight way of updating your profile.

qStatus is available in the app store and costs $.99, and is definitely worth it if you find yourself updating both your Twitter, and Facebook statuses with the same message at the same time.

To find out more about what I do you can follow me on twitter at Twitter.com/vanmo92

===================
Thanks Evan – I’ve got to check out qStatus. One of my goals is to update my Facebook Status more often, but I still don’t want to spam people with EVERY tweet I make, this sounds like a good option to do both but selectively. Thanks for another great installment.

Honda Bob
So Research Assistant Niraj was looking for a car. He and his wife Chau wanted to buy a used car and were looking at all different models, but then they came across a Honda CRV. Buying a used car is always scary, you may think the car is lovely but how do you know if the engine is sound? Well Niraj and Chau called Honda Bob, and he agreed to come out and take a look at it for them. Now Niraj had never met Honda Bob before, but obviously he had heard his praises sung SOMEWHERE. Bob met them at the car, and Bob went all over it with a fine toothed comb. At one point he turned the wheels sharply in one direction and crawled under to look around, and when he got up he asked the seller if he’d had the car out in the desert – and he said yes. Sounds like Sherlock Holmes in that one where he sees dust on the guy’s shoes and figures out that it’s the very dust from a particular construction site where the murder took place! Anyway, Niraj and Chau got a great feeling of confidence from Honda Bob, and when he gave the car a thumbs up, they knew they had a winner. They bought the car that day and I think Honda Bob has a new customer! if you’d like to have Honda Bob come to your house and maintain your Honda or Acura cars in tip-top shape, and you live in the LA or Orange county area, give him a call at (562)531-2321 or shoot him an email at [email protected]. HDA Bob’s Mobile Service is not affiliated with Honda, Acura or Honda Worldwide.

Chit Chat Across the Pond

Security Light – or should we rename this "This week in arbitrary code execution"?

Apple Releases iTunes 9.01

Apple has released iTunes 9.0.1 to address a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users to review Apple article HT3884 and apply any necessary updates to help mitigate the risks.

• Flaw in processing playlist files in the .pls format. Possible to create a booby-trapped playlist that would allow arbitrary code execution.
• Requires the bad guys to get you to open a .pls file
• Simple fix – when auto update (or Apple Update on Windows) asks you to update – say yes!

Followup – the Continuing NNW Saga:

• Still having intermittent syncing problems. Have "merged" my subscriptions many times now, but still come across feeds that exist locally but not on GR (Google Reader). This has a strange side-effect. The feed is downloaded, by no items are ever marked as new in it, so it effectively doesn’t exist!
• When you delete folders locally they don’t get deleted on GR – so you build up detritis
• When you add a new feed to a nested folder it doesn’t get added to the nested folder, instead a new folder is created at the root level with name of the folder within a folder you wanted to add the feed to. E.g. try to add a sub to Photography -> Flickr Groups, goes to a new folder called just Flickr Groups at the root level. Means you have to move the feed, then delete the new folder which gets left behind, so you have to go clean up in GR too!

Still feels exceptionally beta

Main Topic – How do Web Servers Work?

• We regularly talk about security issues with web servers but just sort of assume people understand what a web server is! That was a bit silly of us wasn’t it!
• A web server is just a computer running an operating system and a few programs. You can turn your Mac into a web server! Even your Windows machine
• The people who use that web servers get accounts on them. Just like setting up an extra account on your Mac – though a little more locked down. Each user who shares your web server has an account. That’s why it’s a shared server. Lots of users on the same server, each with their own username and home directory, but still on the same server.
• Most web servers on the internet run some flavour of Linux.
• To actually serve out web pages web servers run a program that is rather confusingly also called a web server.
• Most web servers run the free and open-source Apache web server. On Windows it would be IIS. There is ONE web server program running on the server which serves out ALL the sites on the server. It doesn’t care in who’s home directly the files are, they are all on it’s file system. Users are stuck in their home directly, the web server program is not. It CAN’T be!
• All a web server does it listen for incoming requests from web browsers – translate the URL they are being asked for into a filename on the server, then either fetch that file and hand it straight to the web browser (static content), or, if the file is a script, execute the script and send the OUTPUT straight to the web brower (dynamic content). That’s all it does. .html files, .txt files, and image files are examples static content. .php, .pl. .cgi, .asp files are examples dynmaic content. They have to be run to work. Who runs them? The one single web server program running on the server!
• How do you get your files onto the server? The server runs another program which acts as either an FTP or an SFTP server. This is a program that waits for an FTP or SFTP program like Transmit or FileZilla to connect to it and copy files up or down. You can set this up on your own Mac if you enable FTP file sharing or SSH logins.
• Finally – a lot of php programs choose not to store their data in files – but instead in a database. Because of this a lot of web servers also run a third program, a database server. IT’s also just a regular program but it stores and retrieves data using the SQL language. The most command database server programs are MySQL, PostreSQL, and SQL Server.
• So, in summary, a web server is just a regular computer, probably running Linux on which you and all the users you share the server with have accounts, just like the accounts you have on OS X or Windows. Websites are just a collection of files stored in your home folder in a pre-arranged place. The web server program reads those file and hands them out to people over the internet.

What are the Security problems?

• There is only one web server program, and it HAS to be able to read all the files in your website. If it can’t, then the pages are not on the internet.
• If a .php file in your account can write to a folder, so can any other .php script on the server. You have to trust that none of your fellow server users will abuse that fact. If one of them gets hacked, then the bad guys get to read and write all those files too. You are as vulnerable as the WEAKEST of the hundreds of users sharing your server.
• Your config.php file can be read by the web server – so, any other user on the system can read your database details! So can a bad guy!
• You can’t protect yourself! If you stop the web server from being able to read your files, your site falls off the internet. If you want to allow wordpress to uplaod files the web server HAS to be able to write, by ANY PHP script on the server can then write – there is only one web server running all the scripts after all!
• SOME web servers give a little protection using a trick where the web server uses the sudo command to run scripts as the user who owns them. This is very rare. It doesn’t stop the web server needing read access, but it does stop you having to give everyone write access if you do. This is not the norm. It is rare because it is a gigantic pain in the backside to configure and run. Sysadmins hate it!

Well it’s that sad time where I have to close the show now, much to the chagrin of the live chat room over at podfeet.com/live – you should come join us some time, we have a blast in there and the crowd is really welcoming to newcomers. We’re on the air at 5pm GMT-8 on Sundays every week. Keep up the dumb questions by emailing me at [email protected], and be sure to follow me on Twitter at twitter.com/podfeet. Thanks for listening, and stay subscribed.