#229 Screen Sharing, Real Deal Podcast, Cash Tracker, Use Two Headphones, Open Wifi Hotspots

Terry’s Timescroller app gets noticed by Leo LaPorte, first look at Apple’s Magic Mouse, what I learned at Blogworld & New Media Expo. Donald Burr tells us about ScreenSharingMenulet program from klieme.com. Tom Merritt of the Real Deal Podcast (cnet.com/real-deal-podcast) loves the Nosillacast audience. Ramblin’ Rosie tells us about Cash Tracker from intelligentartifice.com and Crazy Listener James gives us a handy iPhone tip on how to download podcasts even when they’re too big for 3G downloading. Jim Sewell explains why it might be dangerous to listen to your iPod with only one earbud. In Chit Chat Across the Pond Bart explains what’s dangerous about using open wifi hotspots and what’s not dangerous.

Listen to the Podcast Once (1hr 07 min)

Today is Sunday October 25th, 2009 and this is show number 229. Before I get too deep into the show I wanted to give a shoutout to Terry of timescroller.com because his server is probably down by now and it’s all Steve’s fault. You see, today Leo tweeted that he was having trouble figuring out what time it was where Cali Lewis is right now, and Steve replied back to him that TimeScroller is the only way to go. Leo looked at it and put it on his Mac instantly and bought it for his iPhone and thanked Steve for the perfect solution. I would not be in the least bit surprised to hear it as his pick of the week on MacBreak Weekly this week, which will of course bring down Terry’s site. You’re welcome Terry!

It’s been an Apple Store heavy weekend for us around here – Friday Steve and I went up to UCLA to pick up Kyle and he suggested we go over to the Santa Monica 3rd Street Promenade to check out the new Apple Magic Mouse. If you don’t follow every time Apple burps, the new mouse is a multi-touch device. If you use the Magic Mouse on a web browser, you can use two fingers to flick back and forward between web pages (which is a very unnatural movement by the way) and flicking up and down on the surface gives you scroll. The scrolling is fantastic, it actually has momentum so give it a good flick and it will scroll all the way to the bottom of the page. left right scrolling works the same way, but I don’t find myself needing that very often. I found the edges of the mouse kind of sharp and annoying, sort of like the edges on which your wrists wrest on the new Mac laptops. Bart asked about one non-starter on the Mighty Mouse for him, so when we went to a second Apple Store this weekend Kyle tested it for him on the Magic Mouse. What Bart had notices was if you keep your left finger resting on the mouse, you can’t right click – you have to lift your left finger. Unfortunately Kyle’s test showed that the same problem occurs on the Magic Mouse. Unfortunate definitely. You know us though, we’ll probably buy one anyway when they’re available just for the fun of discovery.

The reason we went back to the Apple Store was because a young friend of ours was in the market to buy a new laptop. I bring this up because the decision tree is more difficult these days with the advent of the new unibody white Macbook. Our friend Ryan was looking at the 13″ Macbook vs. the lower end 13″ MacBook Pro. They really mess with you here – the Pro has an SD card slot and Firewire 800, but the MacBook has a much bigger hard drive (250GB vs. 160GB in the Pro) and it’s $200 cheaper! They both have the same graphics card ( Nvidia 9400M), they’re both 2.26GHz Intel Core 2 Duo’s, they both have 2GB of RAM (but the Pro can go up to 8GB vs. 4GB Max on the Macbook), they both have the same resolution LED backlit screens. They both have the 8x double layer DVD writer, two USB ports, and the built in iSite and display port for video. The new Macbook now has the glass multi-touch trackpad like the MacBook Pros. Ooh – the Pro has a backlit keyboard.

So bottom line, for $200 more you get the SD card slot, the Firewire 800 and a backlit keyboard but you sacrifice 90GB of disk space. Ryan didn’t care about Firewire at all and we hadn’t actually talked about the backlit keyboard, but you know what? He bought the MacBook Pro. He bought it because he didn’t like the white of the MacBook. I tried to mock him, but then I remembered when I was buying my daughter’s first MacBook we paid $200 extra for the black one when the only difference was a bigger hard drive that would have cost $50 to upgrade in the white one! So Ryan happily walked away with his shiny new MacBook Pro.

Blogworld Expo Redux
Last week I said that I’d talk a bit more about what we learned at Blogworld & New Media Expo, so let me walk through my impressions. I’m ambivalent about the sessions themselves, because I don’t think I learned a great deal. They had a “keynote” every couple of hours which was a misuse of the term but really meant “this is the only thing going on at this time”. Every keynote was about philosphy – what does new media mean? how does new media affect the way we think about traditional media, how do you feel about the requirements the FTC is putting on bloggers for sponsorship…on and on like that. A lot of the presentations were about how new media is all about “love” and how “awesome” you are. It was ok the first couple of times but it got kinda sticky sweet after a while! As Steve pointed out, most conversations seemed to be about Twitter. The only time I heard WordPress mentioned was when I said it myself. nothing about themes or plugins or hosting sites or much about traditional blogging at all. I went to a session on blog metrics but it wasn’t really a practical how-to, more just showing what kind of stats are out there and how to relate them to making money, which isn’t what I was really looking for.

The first day didn’t have a podcasting track so it wasn’t until Friday/Saturday that the good stuff for us really came out. Victor Cajiao and George Starcher of the Typical Mac User podcast did a great session on advanced audio production. Victor loved the fact that before he talked about it, I’d never heard of the MP2 format. MP2 is designed to be a very high quality archival format that’s 1/5th the size of an uncompressed wav or aiff file and can be uncompressed to full quality. I’m not sure I’ll use this knowledge right away but it’s in my back pocket now as a way to move big audio files around. He also took another crack at explaining to me the difference between software and hardware compressors vs. The Levelator that makes all my audio level out nicely. I’m sure I can’t explain it but I’m closer to understanding it now.

Steve and I enjoyed a 30 minute speed pitch done by Izzy of izzyvideo.com. I think we liked it because it triggered some questions that Izzy didn’t actually answer but which helped us get some answers from our friends. Izzy was explaining how the mic on camcorders are actually designed to capture the voice of the person behind the camcorder, and a boom mic is really the way to catch your subject’s voice.

I asked the speaker about a mini version that could mount on top of a camcorder, but he acted like I had two heads. Afterwards Chuck Joiner of macvoices.com told us about a shotgun mic Steve can attach to his camcorder to get fantastic sound. It’s called the Rode Stereo Video Mic which runs around $250 at Amazon. Chuck had one with him and let Steve experiment with it so he could see how it exactly works. Steve’s been really interested in improving sound on the camcorder and this is just the kind of thing he wanted.

We also went to a pitch called “Work with Whatcha got: Video” by Lee and Sara O’Donnell from Average Betty. Their presentation style wasn’t fantastic but they did talk about ideas like throwing pillows and blankets around on the floor to dampen room noise, or putting paper towels over standing IKEA lamps to soften the lighting. The good part though was when then mentioned their low-end HD camcorder – the Canon HV30. We’ve been looking at HD camcorders but wanted a real life recommendation. I was bummed though when I looked it up and it was $1500! I thought they said this was a low end pitch? I kept digging and I found out that the newer version of the same camcorder with just a few enhancements is the Canon Vixia HV40, and it turns out it’s around $750 now. Still pretty steep but a heck of a lot better than $1500! The HV40 uses mini-DV tapes, which may or may not be a good thing. In any case it was a good thing to get some real life recommendations in this so we can narrow our search.

It was great fun to see Don McCallister of Screencasts Online give his pitch on Video Podcast production too. He does an amazing job on his screencasts so a chance to learn at the feet of the master was fantastic. A big surprise was finding out how much harder it is for him to make really short sponsored videos – he said that making the 13 one minute videos for Mac Heist took him THREE WEEKS! He says his weekly show only takes him 3 or 4 days. Another big surprise was that he really enjoys the preparation and organization side and he likes the production end, but the part he actually doesn’t like as much is the actual recording. You’d have thought that was the candy part of the process!

He gave some great tips – like what to do if you stop and start up and realize the mouse was in two different positions – he says if it jumps it’s very distracting, so he does a really quick dissolve and no one notices it. Of course now we’re all going to watch for it!

another thing I’m always looking for is what settings people use for their video encoding – Don uses h.264, 12-15 frames per second (makes it smaller than the traditional 30fps but still looks great), he uses automatic data rate and sets the quality to medium-best. He produces at 1280×720, and then makes versions at multiples – 960×540, 640×360, and 320×180. He did say that when he creates it at 1280×720 he does zooms in on the menus as he talks about them so that when it gets made into the teeny versions for the iPod you can still read the menus. Doing it that way is much easier than doing different versions.

One thing really surprised me in Don’s explanation of his process – he said that sometimes he records the audio separately from the video, and he finds the easiest way to do it is audio first and video second. I can’t imagine how that would work. I can picture making a video first, and then talking while I watch, but I can’t picture listening and following the instructions, it would seem there’d be a lag while you watched to see what happened and then described it? Maybe he just does short bits this way, a minute or so? I don’t want to question the master but I just have trouble wrapping my brain around the whole idea.

Donald Burr on ScreenSharingMenulet
Donald Burr of Otaku no Podcast from otakunopodcast.com reviews ScreenSharingMenulet program from klieme.com.

=======insert Donald=========

So I gave this tool a try and I’m not sure I agree with Donald that it’s any easier, in fact I found it much harder than using the tools in the Finder. So let’s start at the beginning – before you can do any screen sharing you have to open up System Preferences, and click on Sharing. In the list of things to share, check the box next to Screen Sharing. on the right, choose who you want to be able to share your screen – if you choose all users they still have to have a valid account on your machine so it’s not like you’re inviting the entire interwebs into your machine. Next click on Computer Settings and check the box that says “Anyone may request permission to control screen”. This last option allows requests, where if you’re sitting at your machine you can choose whether or not to allow it.

Execute these steps ahead of time on any machines you want to be able to control. now we can compare the built in Finder features to the Screen Sharing menulet Don discovered.

To use the finder, I automatically see Steve’s machine in the left pane, I click on it once, then click on screensharing. if I’ve been in before and told keychain to save my password, I’m installing viewing his screen.

To use the menubartlet Don discovered, I can pull down from the menubar and create a new connection by IP or under local hosts I’ll see Steve’s iMac and I can select it right there. I’m not sure this is any easier than using the Finder though – Don feels it’s easier because he doesn’t have to launch or find a finder window but I’m so used to jumping in and out of the finder it’s at my fingertips at all times, and I’ve got so many menubartlets I’m running out of room – I have to be very selective what I put up there now!

And as far as connecting to machines while away from the house – how would I get through the router to get to them? My router has an externally facing IP address, so the internal IPs are invisible to me from outside, so how would I talk through the router to the internal machines? I know this is possible but I’ve never understood how. I asked Donald about it and he said there’s some port forwarding stuff to do, but since I carry my only machine around with me everywhere I go I’m not up for this challenge today.

I do have one major caution on all of this screensharing – do not do what Steve and I did – do not open a screensharing session to a machine that screensharing to you. We were nervous about opening a hole in the space time continuum but did it anyway, and while at first it was entertaining, @macvader told us he lost control of his cursor and had to reboot. I scoffed at that…until I realized that I’d successfully locked up both machines. We did have control of our cursors but we couldn’t do a darn thing with either machine! We couldn’t switch apps, couldn’t force quit, all we could do was wiggle the mouse and watch each other doing it. Finally I just powered my machine down and it released his. So don’t do as we say, do as @macvader says and don’t do it!

ScreenSteps
And now for a word about my favorite sponsor, ScreenSteps. you know I’m no fan of Windows, and the annoyance of using Vista is like having someone poke me in the eye with a stick all day long, so I was thinking of changing my work machine over to Linux. Sure there’d be tons of stuff I couldn’t do, but at least I’d feel like there was a purpose and a reason why I was having so much trouble being productive. And then I realized, I would lose my precious ScreenSteps, and that was enough to make me abandon the whole idea. Remember when Knightwise talked to us about not getting dependent on tools that hold you to one OS – the good news about ScreenSteps is that it works on both Mac and Windows. Sure wish it worked on Linux too so I could escape the regime! What does ScreenSteps do that’s so amazing it would keep me using Windows instead of Linux? ScreenSteps allows you to create beautiful documentation of lessons and manuals for things you want to teach. I’m constantly called upon with those “how do I…” emails, so to be able to flip on ScreenSteps is fantastic. I take some screenshots, annotate them with arrows, words, and sequence numbers, throw in a nice text explanation of the steps right below that, and then hit export and I have a gorgeous PDF or html file with zero work on my part to format and make it look pretty. If you’d like this kind of joy in your life, head on over to screensteps.com and give the free trial a spin, and when you’re convinced it’s the cat’s meow, be sure to use the coupon code NOSILLA for 25% off your purchase price of standard or Pro ScreenSteps.

The Real Deal #182
So remember all the fun we had with the Mifi trying to find a way to charge it via USB without it switching to a modem instead of a wifi hotspot? A while ago I was listening to The Real Deal Podcast, with Tom Merritt and Rafe Needleman, and Tom did a review of the Mifi. In his glowing review, the only thing he didn’t like about it was that problem with the USB charging. I sent in an email to the show, and Tom read it on the show. I want you to hear his reaction to it:

=========insert real_deal_tom_love_nozilla=================

Now don’t you worry that he called it the Nozilla podcast, luckily if you do a search on nozilla the top two hits are to my show. Of course it would have been slick if he’d said it right but they’ll still find us. So when I first heard this recording I was thrilled that right after Rafe says “I love the audience”, Tom said, “I love Allison.” I was so excited I played it a few more times, and then I realized it’s even better than that! Listen again to just that one part:

==========insert real_deal_love_small============

Hear that? It’s not me he loves, it’s YOU guys! Now had I been truly giving with my letter I would have mentioned Drew and Richard who did all the heavy lifting on this topic, but I’m glad the entire Nosillacast audience got a big ol’ shoutout from Tom Merritt. You should check out The Real Deal at cnet.com/real-deal-podcast (there’s a link in the shownotes of course!

Ramblin’ Rosie on Cash tracker
Rose brings us a review of the iPhone app Cash Tracker from intelligentartifice.com.

=========insert rose cashtracker============
Lovely review Rose, and I’m glad you’re going to cut your chardonnay expense way back from $240 per week to $40 per week with this handy iPhone app!

Rose put some screenshots up at ozrose.posterous.com and a link to an iPhone app review site about Cash tracker at apptism.com.

James handy iPhone Tip
Crazy Listener James is back with a handy little trick for the iPhone:

==================insert James===========

It took me three times playing James’ message over and over again while playing with my iPhone before I figured out what he was talking about. Either I’m slow or he’s crazy, probably both. He said, clearly, but without emphasis to click on the text for the name of the episode, don’t click on “free” or “download”.

I turned off wifi and tried to download an episode of the Apple Byte with Brian Tong, and it said it was over 10MB so go away. Then I tried clicking on the name of the episode instead and boom, it started to play immediately!!! I hate it when James is actually useful.

One Ear Bud
Jim Sewell wrote in with an interesting observation. He was listening to the Mac Roundtable episode #70 when we were chatting about the legalities of wearing headphones while driving and I think we talked about the option of wearing one headphone like you would a wired hands free phone headset. He said:

There is an effect with a scientific name I don’t recall that causes sound heard in both ears to sound louder than that same level of sound heard in just one ear. What this means is that it is very common for someone to have both buds in and think everything is fine but when they switch to just one ear it sounds too quiet so they turn up the volume – often to damaging levels.

You’d think I would be from Missouri, because I told him I’d want some sort of proof that this was true – to be honest, it sounded a little bit like an old wive’s tale to me. Undaunted, Jim wrote back:

Sorry about that. I have a ton of info (mostly useless or trivial) locked up in my head and no off-hand source for any of it. I did the searches this morning and found a few sources although the best ones appear to be locked up in professional journal type websites.

He sent in a link to jstor.org where it says:

Binaural summation of loudness refers to the phenomenon that a sound heard with two ears is usually judged louder than the same sound heard with one; or, alternatively, that the sound-pressure of binaural sound is usually less than that of an equally loud monaural one.

In another reference he found:

It’s been studied by audiology scientists since the 1940’s. In fact, Shaw, Newman & Hirsh in a 1947 paper said “the threshold of hearing is approximately 3db better when listening with two ears compared with just one.”

Jim had a bunch more references but you get the idea. I didn’t want to believe him, because I use my lanyard headphones often with one earbud in. But now ever time I do that I hear Jim whispering “you’ll put your ear out…” Well I guess if this keeps one NosillaCast listener from damaging one of their ears, this Public Service Announcement was worth it – thanks for the tip Jim, AND the research!

more…
Acoustical Society of America scitation.aip.org:
“…monaural stimuli required approximately 6 dB higher levels than =1 for
equal loudness., monaural stimuli required approximately 6 dB higher levels
than =1 for equal loudness.”

Binaural and temporal integration of the loudness of tones and noises
shadowgov.1host.co.il

Honda Bob
Back in 1978 I bought a little yellow Honda Civic, used, for $2800 and I never looked back. Every car I’ve owned has been a Honda (or an Acura made by Honda Motor Company). There are several reasons for that – one is because they’re fantastically reliable, two is that I get amazing resale value on them, and three is because if I ever changed manufacturers I don’t know who I’d get to maintain my car. Back in ’78 when I bought that first Honda we also discovered Honda Bob. I’ve never had to go to some smelly garage and sit on plastic chairs watching Oprah while reading Highlights magazines were someone else has already figured out and marked which picture looks different from all the others while I waited for my car to get fixed. That’s because Honda Bob comes to my house, does all my major services right in my driveway, and on the very rare occasion that an actual repair has to be done, he does it right there too. I credit him with the high resale value of our cars too – we’ve got an 11 year old Honda Accord humming along because of the skill of Honda Bob. If you live in the LA or Orange County areas, give Honda Bob a call at (562)531-2321 or send him an email at [email protected]. HDA Bob’s Mobile Service is not affiliated with Honda, Acura or Honda Worldwide.

Chit Chat Across the Pond

Playing Catchup from last week.

• The Tuesday before last was Microsoft Patch Tuesday – THE BIGGEST ONE EVER!
• The same day Adobe released massive updates to their PDF products that affect their versions on ALL PLATFORMS – PDF vulnerabilites are very critical – people and programs consider PDFs"safe" so they are often auto-opened, and people don’t think twice about opening them.

Followup – Q from DebbieT

DebbieT from splashofstyle.com after hearing Bart explain webservers asked a great question:

what about servers like dropbox, amazon s3, mozy, etc? I am assuming they are different since they are secure, but there are a bunch of users on one server so I was just wondering?

Bart’s reply by email:

There’s a big difference between dropbox, mozy, S3 and their ilk. Nothing you upload gets to execute on the server. It’s the fact that you (and your fellow account holders) get to upload code which the server then executes that causes the problem. These other services are just storage. Nothing you uploads runs on the server, it just sits there waiting for you read it. There’s no earthly reason for DropBox etc. to let you run code on the server, so no one misses that functionality. But, on a web server, you just couldn’t disable dynamic code. Imagine a world without PHP, or indeed even CGI – that’s not Web2.0 at all – in fact, it’s not even Web 1.0! More like web 0.1!

Main Topic – Why is Wifi Hotel Ethernet so dangerous?

Question from Pat:

Allison-
I’m not too clear about what is vulnerable while hooked to a public wifi spot, either out in a coffee shop or in a hotel, and if there is a difference. Would this be something that you could delve into on the show? Or have you already and if so, could you point me at it.Thanks, Pat

The key to the problem relates to how computers actually communicate over a local area network. The protocol used is very old – so old it pre-dates any concept of security – so it has none at all! The protocols that make LANs work assumes that everyone on the LAN is trustworthy.

How does a LAN work?

• All devices on a LAN, be it ethernet or WiFi communicate using the ethernet protocol
• All ethernet devices (with cable or WiFi) have a unique address, called MAC address. e.g. 00:12:34:56:78:AB
• network traffic goes from one MAC address to another MAC address
• The internet works on IP addresses, not MAC addresses
• our LANs are connected to the internet, they use protocols that work over the internet, so the programs we use all use IP addresses to communicate with each other. Web, email, chat, skype, etc… all happens using IP addresses.
• IP addresses have to be mapped to MAC addresses when the data crosses a LAN – ethernet only knows how to shunt date from one MAC address to another
• IP addresses are mapped to MAC addresses using the ARP protocol (Address Resolution Protocol)
• Works off broadcasts – when a machine wants to send data to an IP address on a LAN it sends out an ARP broadcast which basically says "yo – all you network cards out there, which of you has IP address X, tell me your MAC address"
• There is NO validation of the answer. Who ever shouts "loudest" wins

So What’s the problem?

• So, it is trivial for anyone connected to a LAN (wired or WiFi) to claim to be EVERY IP, get ALL traffic sent to them, read and edit it, and the pass it on to the real MAC address it should have gone to. Your connection is not in any way interrupted. You have no idea something went wrong, but every bit is being intercepted, and potentially changed.
• Only protection is to use only encrypted protocols – that way the "man in the middle" gets nothing but junk
• Ideal solution, use a VPN – that sets up a "tunnel" so that every single bit of data you send gets encrypted while it travels between your computer and the other end of the tunnel, your VPN server, from the VPN server out it becomes normal traffic again.
• Every LAN you don’t control is dangerous
• Securing LANs is a big deal for large organisations like universities and companies. They protect themselves in one of two ways: 1) build security right into the network switches. Tell the switch which MAC address is connected to which physical hole, and don’t let any other physical hole claim to have that MAC address 2) have a server monitoring all NAT activity, and reporting on every change in mapping between MAC address and IP address
• Neither of these solutions is practical at home, so your only protection is not to allow untrusted people onto your network – hence not encrypting your WiFi is insane
• This NAT-based attack is called ARP Poison Routing, or ARP – it is trivially easy. You can download GUI Programs to do it for you, and automatically scan the traffic for passwords and give you a report of usernames and passwords. Or you can use it to inject malware into innocent web pages, or to phish people. A 10 year old could do it!

I’m afraid it’s time to take this one home – would you believe I actually took material out of this week and moved it to next week? If you’d like to send in a comment, Dumb Question, complaint, or even a review of your own, send them to [email protected], and be sure to follow me on Twitter at twitter.com/podfeet. Thanks for listening, and stay subscribed.