More on two mic recording using Audio Midi Setup, and Caleb’s ideas on audio recording equipment that will only cost a kidney. Alesis 2 mic mixer: sweetwater.com/store/detail/MultiMix4USB, Shure SM58 mic sweetwater.com/store/detail/SM58 and Sennheiser E835 mic sweetwater.com/store/detail/E835, Audio-Technica lavalieres Allison’s Amazon link, mic stand sweetwater.com/store/detail/MicStdDesk, XLR male to female cables from monoprice.com. Why you don’t need to defrag a Mac from support.apple.com/kb/HT1375. ScreenSteps webinar bluemangolearning.com. WizMouse to solve your scrolling woes in Windows 7 and prior versions fo windows from antibody-software.com and KatMouse from ehiti.de/katmouse. Etherpad owner AppJet purchased by Google, read the blog about how they went Open Source: EtherPad blog. trickimages.com for my awesome mic sticker on my MacBook Pro. In Chit Chat Across the Pond Bart and i talk about Patch Tuesday, and finally an Apple Java update and then we dig into “What’s All This About DNS Cache Poisoning Attacks?” and why you’ll want to change to Googles Domain Name Servers at 22.214.171.124 and 126.96.36.199.
Listen to the Podcast Once (1hr 1min)
Today is Sunday December 6th, 2009 and this is show number 236. We’re heading into the holidays full steam here now, aren’t we? One thing that bugs me is whenever I have a lot of time off, like during the summer, or over the holidays, most podcasters take a break and don’t do a show. Right when I have some time to listen they leave me high and dry. Well I haven’t had a break in the show in years and I’m not about to start now. Luckily, my cohort in crime, Bart Busschots is going to help out. I’ll be going on a vacation where I don’t have interweb access and Bart is going to stand in on the show. I’d like to ask everyone to rally up and send in Dumb Questions for Bart, and audio reviews to help him put the show together. He has lined up a secret co-host for Chit Chat Across the Pond so that should be fun too. Go ahead and send things to me and I’ll be sure to get them to Bart.
Two Mic Recording
Last week Curt Beaver sent in a dumb question about how he and his buddy Tommy could use two USB mics and record a podcast together in the same room at the same time. I came up with two ways to do it, and they’re up as ScreenSteps tutorials in Tutorials section on podfeet.com One was to use Audio Hijack Pro and Soundflower, the other was to simply use WireTap Studio. Both were reasonably simple, but did require buying some software.
Nick Brennan wrote in and told me that Victor Cajiao actually covered the same exact thing over at typicalmacuser.com but he had a totally different solution and it doesn’t cost a dime. The solution is to use a very under appreciated and practically hidden tool called Audio Midi Setup that comes with Mac OSX. Audio Midi Setup is in your Utilities folder inside Applications.
The basic idea of all of these solutions is that you need to combine two audio sources into one, otherwise known as aggregating them. As Victor’s tutorial explains, you simply add a new audio device with the big plus button, and it automatically creates an aggregate device, and then it shows you all the input devices from which you can choose to add to this aggregate device. Now when you open a recording application like WireTap Studio or Garage Band, you choose Aggregate Device as the audio input source. All this sounded great, until I tried it.
I set the Aggregate Device to take in the Blue Icicle (the USB interface to my Heil PR20) and Steve’s Samson C01U. I started with the Samson as channel 1 and the BI as channel 2 and did a quick recording with WireTap Studio. The Samson came through loud and clear and I couldn’t hear the BI at all. I switched the order so the BI was channel 1 and the Samson was channel 2, and then I couldn’t hear the Samson at all. I’ve eliminated the mics themselves, the cables, and the volume setting on the BI, so the only thing that could be having a problem is the Audio Midi Setup software. Oh well, it was a cool idea but it didn’t work for me.
Caleb on Mixers
Caleb Wong, aka geekosupremo on Twitter, sent in another path to Curt’s question. Now I said right off the top that I thought he should avoid using a mixer because a) it’s expensive, and b) they’re so confoundedly confusing. As I mentioned, my mixer has about 236 dials on it and it hurts my little head. However, Caleb thinks the mixer is the way to go. I won’t read everything he wrote because he goes into a lot of detail, but I put the full letter in the shownotes complete with links to the products Curt describes. here’s the highlights from Caleb’s email. He says:
- While it is more expensive, I do recommend going for the mixer with XLR mics. You will not regret the quality of sound that you will get. Now I know price is an obstacle so I did a little looking and came up with the following setup, it isn’t “cheap” but it is inexpensive.
- Alesis 2 mic mixer – w/ USB interface built in $80 (they call it a 4 input mixer because it also has two more line level inputs on the board to the right of mic channels)
Let me break in for a minute here. You should see this baby little mixer Caleb suggests. It’s just darling – it has a grand total of 14 dials on it. Now I know that sounds like a lot, but remember mine has 348 dials so this is really pretty manageable. I think if I’d started with this one I might have been able to grow up some day to the big one I have now. Even with countless patient hours on Victor’s part it still baffled me most of the time.
Caleb goes on to suggest three different microphone options – the Shure SM58, the Sennheiser E835, or possibly some lavaliere mics from Audio-Technica. Now I’m not sure I agree with him on the last option, I’ve talked to a lot of video guys like Sean Carruthers and Andy Walker of labrats.tv/about.html and they say that unless you spend a LOT of money on lavaliere mics, they’re all garbage, and that even the really expensive ones break constantly. You can certainly try the ones Caleb suggests, they’re only $30 each so it’s not a big gamble, but don’t come cryin’ to me if they fail on you.
- You don’t want to skimp on mics but these two are not overly expensive but are very solid choices.
• Shure SM58 $100
• Sennheiser E835 $100 (have personally used this mic and can attest to its quality)
If you’re not sure about spending that much, and are worried about moving around you might consider this Lavaliere mic
• Audio-Technica $30 (each) (if you get these remember to use Allison’s Amazon link)
Next up Caleb explains about the mic stands and mic cables Curt will need for this operation. As I explained buying cables was really fun with my mixer. I now have a drawer full of them and I feel fully equipped for any audio emergency! many trips to Sam Ash which is a really fun store.
- Oh and you’ll want mic stands and mic cable.
• XLR male to XLR female (cable doesn’t need to be expensive to be good) $8 for 3ft.
• desktop mic stand (the bases for these are very heavy so you might do well to get these locally) $13
- Okay so what’s the damage?
2 Mics $200
2 Mic cables $16
2 stands $26
total = $322 (plus shipping and handling)
2 Lavalier Mics $60
total = $140 (plus shipping and handling)
- So while not “cheap” you can see that a good setup is not an arm and a leg, maybe just a kidney. I have also passed along a little audio using my setup with has a Sennheiser E835 a PreSonus Firepod (now the FireStudio Project) and WireTap Studio (Garageband was a sack of fail). The advantage of a firewire interface is that it allows for the two mics to be separate channels in the recording software. But if you do a good job on the mixer, the USB’s stereo output should be fine.
Dumb Question Corner
Our old friend Jim Sewell (aka @deverill on Twitter) wrote in with a dumb question.
- Here’s a dumb question for you. “I came recently from the Windows world where weekly disk defrags are as much a routine as backups should be. I know it is not necessary to defrag my Mac because of the way it stores and retrieves data on the hard drive. My question is, is there ANY benefit to a Mac defrag?” I would call you Queen of the Newbs but it would come out wrong and sound like you are the chief newb instead of the one who is knowledgeable and helps us newbs.
Well first of all I like where you’re going with the newb thing, how about you call me The Great Newb Queen? That sounds about right. Anyway, on to your question. I started to write to you that I didn’t know exactly why you don’t need to defrag a Mac but I remembered reading something somewhere and it was brilliantly written but I’m too lazy to go find it. And then I did a quick search and rediscovered the brilliant article – it was by Apple. I put a link in the shownotes to the full article support.apple.com/kb/HT1375 but here are the major points (or at least the parts I understood).
All of this has to do with OSX, and doesn’t apply to the old OS9. OSX’s extended formatting (HFS Plus avoids reusing space from deleted files so it doesn’t jump into every little empty spot as it gets freed up. Fragmentation used to be caused by appending data to existing files as they changed, but with faster hard drives and better caching, it turns out most applications can rewrite the entire file every time you save.
Like I said, that’s the parts I understood, there’s a lot more in the article that I didn’t follow but you can read it all for yourself if you find the subject fascinating. I hope that helps you put your mind at rest!
Every time I think ScreenSteps is as cool as it will get, the developers take it up a notch. I just watched a video on their website where Trevor demonstrated a cool new feature of ScreenSteps when uploading lessons to your Blog. I won’t tell you all about it because it’s way more interesting watching Trevor explain it. But that’s just a teaser, on Tuesday, December 8 from 12pm-1pm EST they will be hosting a webinar entitled Advanced WordPress with ScreenSteps and ScreenSteps Live. Whenever I watch one of their webinars (and participate in the live chat) I learn a ton, and you’d think I already know everything about ScreenSteps by now! I put a link in the shownotes to the demo and seminar registration. You definitely should check it out. If you don’t already own ScreenSteps (I think there’s about 3 of you left) watch this to get excited and then when you buy ScreenSteps head on over to screensteps.com and be sure to use the coupon code NOSILLA for 25% off!
Windows 7 focus & scroll
Last week I gave my review of Windows 7 and while it’s got some huge improvements over Vista, one thing they didn’t change was the behavior of windows with respect to scrolling. On OSX if you hover over a window that window gains focus so you can scroll without one extra click. I was hoping Windows 7 had that feature but it doesn’t. Great news though – Gita and Connor both came through with options to solve this problem.
Gita suggested WizMouse from Antibody Software from antibody-software.com. WizMouse is freeware with a pretty easy license, mostly just protects themselves, no restriction on commercial use.
WizMouse instantly gave me the freedom to scroll over any open window and have it obey my command! This makes me ludicrously happy – as though I’ve been released from sort of bonds. That was extremely cool, but there was another side benefit. For some reason there are some mutant programs on Windows that actually don’t support a scroll wheel. you have to actually grab the scroll elevator to do it. Luckily most applications don’t act like this but if you are unlucky enough to use one of these applications, it will drive you crazy. Somehow WizMouse is able to actually talk those applications into obeying your scroll wheel! they do give you an option to disable that functionality just in case your application acts hinky when you turn it on. This is my new favorite Windows application – and it works on Windows 2000, XP, Vista along with Windows 7. Wheeee! thanks SO much Gita!
Connor’s solution was KatMouse from ehiti.de/katmouse, which he heard about from Steve Gibson on Security Now! While KatMouse does allow you to scroll a window that’s underneath a front window, it seems to scroll farther than I’d expect. It seems to have momentum but not when I fling it, just normal scrolling. KatMouse also has other functionality that I simply don’t understand.
First you decide what button will be the push button (defaulting to the scroll wheel itself). Then there’s a whole section on raising a window in Z-order by holding the push button, and setting how many milliseconds to raise after holding for…um, what? then it talks about holding the push button AND pressing the left/right mouse button and how that affects the mouse cursor pagewise…pagewise? I got lost here and gave up. Finally KatMouse doesn’t support two fingered scroll, but WizMouse does.
I appreciate that Connor sent KatMouse along, but it’s a bit more complicated than I wanted. WizMouse solves just the one problem with the added bonus of automatically allowing applications to scroll with a mouse that don’t normally support it, but I didn’t have to configure anything to get that extra feature. WizMouse from Antibody Software is perfect for me. Thanks to both Gita and Connor for sending in these solutions.
Etherpad bought by Google
This week has been an emotional roller coaster for me on one technology bit of news. Back in April I told you about an outstanding new service called Etherpad (show number 198. The idea is that you click one button (no login required) to create an Etherpad, and then you send the url it gives you to the people you want to collaborate with, and then all of you can start typing on this web page at the same time. Think about a wiki but no saves required, and not restricted to one person. I convinced the Mac Roundtable to use this for our shownotes and it’s been fantastic. We used to have some poor sod assigned to the shownotes (usually me when I was on the show) and I’d spend a long time after the show tracking down all the links people talked about, the products, trying to reconstruct what we said. Now with Etherpad people fill them in real time and when the show is done, so are our notes. There’s even a built in chat window so that’s where we “talk” to tell each other if our audio has gone wonky or to suggest we move onto the next topic. It works flawlessly and we love it.
So what was the roller coaster? Earlier this week I got a technology alert from the Wall Street Journal that EtherPad had been purchased by Google. My first response was pure delight for the people at AppJet (makers of EtherPad) because they have a great service and they’re being rewarded for it. My next emotion was pure sadness when I read their blogpost where they announced that no more new pads could be created, and that by March of next year they would shut down the service. Wailing ensued. I eventually got over it and moved on with my life, and then I was a little happy again when i read that EtherPad will become part of Google Wave. This is GREAT news for Wave because maybe I could actually USE it for something. Right now it’s still a novelty that appears to serve no real purpose. It would be a while of course before EtherPad functionality came back but at least I had hope.
And then this morning Niraj sent me yet another link to the EtherPad blog where they explained that the huge outcry, they’re NOT shutting down the service, instead they’re going to Open Source the project! This is the best of all possible news. Not only will the product continue to exist but it may get enhancements if anyone picks up the project, but we also get the functionality moving into Google Wave! Great news all around!!! See why I said it was an emotional roller coaster???
I just got something fun for my Mac Book Pro, Pat Dengler (the Mac Doctor) pointed me to trickimages.com. They sell these really cool vinyl stickers for your laptops. Now the REALLY cool one they had was of snow white and you situated it so that she’s holding the Apple logo. but obviously the trademark fools made them take that down. Pat suggested though that it would be appropriate for me to have an image of a microphone. Even though they’re outside of the US I got free shipping and it came in just a couple of days, and it was only 10 pounds, which is around $16. It looks really great, I put a picture in the shownotes so you could see how cool it looks. Thanks for the tip Pat!
So last week Kyle’s car exhibited a strange behavior, sitting at idle the engine would rev it self up to really high RPMs, then wind down and back up again, straining against the brakes while we were sitting still. Now for normal people this would mean making arrangements for when you can drop the car off at the mechanic’s shop, getting someone to drive you to work and back to the shop and probably being late to work and leaving early on the other end. And it means getting a second loan on your house to pay for the repairs. But that’s not what happens at our house, one quick call to Honda Bob, he diagnosed the problem (correctly) over the phone, and made arrangements to come over at a time convenient for us on Sunday. Even better, he gave us a report on every single repair we’ve had on this 1990 Accord, coming up on 10 years old, and the total we’ve spent is $1530 dollars in 10 years. Amazing. If you’d like this in home service on your Honda or Acura and you live in the LA or Orange County areas, give Honda Bob a call at (562)531-2321 or send him an email at email@example.com. HDA Bob’s Mobile Service is not affiliated with Honda, Acura or Honda Worldwide. Oh, one more thing – Honda Bob asked me to tell you to check out his playlists on his website over at hdabob.com – They’re under From Bob in the menus.
Chit Chat Across the Pond
- Next Week is Patch Tuesday – Critical bugs in Windows & Office to be patched – http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx
- Apple Update Java at last – but ONLY for SnowLeopard & Leopard – confirmation that Tiger is now dead –http://support.apple.com/kb/HT3891 &http://support.apple.com/kb/HT3892
Main Topic Part 1 – What’s All This About DNS Cache Poisoning Attacks?
Bart regularly mentions that DNS can be attacked, but how? Lets start as normal with how it works, then we’ll look at the flaw in the plan.
What is DNS?
- DNS stands for "Domain Name System"
- It resolves domain names like podfeet.com into IP addresses like188.8.131.52
- Computers can only talk from IP address to IP address, so to get anything done on the net you need to be able to convert domain names to IPs. Hot just web browsing but anything that uses domain names like email, SSH, FTP, etc..
- DNS is very very old.
- It was designed to be efficient, not secure – in the early days the internet was very small and only for academics and the military the concept of abuse didn’t enter into it. Everyone was just in shock that it worked at all!
- To aid efficiency the protocol has a lot of caching built in.
How does it work?
- The DNS protocol uses a single packets to send a request to the server which simply says what address it wants to resolve, and what type or record it wants (usually A for everything except email, and MX for email). The request also contains a sequence number chosen by the requesting server.
- The DNS server sends a response which either contains an error message if the domain can’t be resolved on that server, or it contains a reply that repeats the question, includes the answer and returns the sequence number the request contained. The reply also contains a TTL (Time To Live) value which tells the server that made the request how long it can cache the answer for.
- The receiving server knows what query the answer belongs to by the sequence number.
- Most internet protocols establish a TCP connection to communicate over. This has many advantages, it makes IP spoofing impossible (though within a LAN you can use ARP attacks to become the target IP), and it does error checking etc to make sure that all data sent arrives, and does so in order. But it has a large over-head. The hand-shake to set up the connection takes many packets, and there is also some overhead in closing the connection after the data has been sent.
- DNS only needs to send a single packet each way, one with the request, and one with the response. The overhead of using a TCP connection would be many 100%. Or, in other words, REALLY inefficient – especially on old hardware or on a very busy server like the root servers.
- That’s why DNS uses UDP rather than TCP. But in UDP there are NO connections. Single unrelated packets are sent in each direction – and the IPs in the from header can be spoofed because there is no TCP handshake to verify that everyone is who they say they are.
So what’s the problem?
- Anyone can send a reply and just fake the "from" header in the reply packet.
- If the attacker gets their packet in before the real packet from the reply then their false answer is accepted.
- Since the return packet specifies the TTL and hence controls how long the answer is cached for, an attacker get get their wrong entry into the cache for a long time. This is why it’s called a DNS Cache Poisoning Attack.
- To get your fraudulent answer accepted you need to get a number of things right, first you need the correct "from" IP address – trivial to get. Then you need the correct question in your answer – usually trivial too, since you know what you are trying to poison, and you also need to get the sequence number correct -a little harder.
- You could just fire packets at the server for ever in the hope that someone will query the domain you want to poison, and that you will guess the right sequence number when they do. This is REALLY inefficient and causes a LOT of traffic. Not at all subtle.
- Instead the attacker needs to know when you are going to send a request to the domain you want to poison. The best way to do that is for the attacker to trigger the request somehow. This could be done in a million and one ways. Via malware on a client of the DNS server you want to poison, or via a phishing attack, or via ads in web pages. The possibilities really are endless.
- In the early days of DNS the sequence numbers were sequential (as their name suggests). So, the attack was trivially easy. Using what ever technique you use to trigger the lookup, trigger two, one to a server you control, then one to the domain you want to poison. Because the sequence numbers were sequential it really didn’t take many packets to guess the right answer at all.
- To solve this issue sequence numbers were randomized. This worked for a while, but as machines and networks got faster it became too little randomness.
- The next idea was to also randomize the "source port" for the request. Initially DNS was always on port 53 for both the source and destination ports. By randomizing the source port (you can’t change the destination port), more randomness was added.
- Even this is not quite enough to be really safe anymore. So people are working on a new version of DNS that is properly secure. The leading contender is something called DNSSEC which uses digital signatures similar to SSL to verify the validity of replies. Many years off full adoption yet as it requires big changes on all the world’s DNS servers, and it means defining a global authority for issuing certs. No one can quite agree who to trust!
- There are some very creative stop-gap measures being used in the mean time by smart DNS servers – more in this in a moment.
How do we protect our selves?
- Being 100% safe is impossible – but you can be virtually 100% safe if your DNS service comes from a trustworthy and vigilant provider.
- If your provider applies all DNS patches quickly, has randomized sequence and port numbers, and perhaps a few more tricks, and most importantly, actively monitors for attacks, you are very safe. All these attacks involve guessing the sequence numbers and source ports etc, so they result in a lot of traffic, and a lot of errors. Good network monitoring tools should spot this, and alert the admins that their cache may be poisoned. They can then flush the cache.
- Who normally does your DNS? Your ISP. Many ISPs are slow at updating DNS servers. I simply don’t trust them to do it right, so I advise using other DNS servers.
- I used to recommend OpenDNS. They have excellent security practices, and their service is fast and free. They even have advanced features that allow content filtering. BUT, they do NOT properly obey the DNS spec, they NEVER return an error. When a domain does not resolve they return a success packet with the IP address of THEIR server, and use that to display ads to you! This breaks some things, including FireFox’s smart address bar. When FireFox gets back a DNS failure it tries a few permutations before giving up and displaying an error. If it gets back success it can’t do that!
- This week Google launched a new free DNS service. And it DOES obey the rules so it DOESN’T break FireFox’s smart address bar.
- The service is free, and all you have to do is tell your computer to use the 184.108.40.206 and 220.127.116.11 as it’s DNS servers.
- Best to set this on your router so that all your computers in the house get the benefit.
- I did this on Friday, no problems since, and it’s nice and snappy.
- Google also have some really cool security tweaks. Firstly, DNS is case insensitive, but servers respect the case you send them when you make a query. Google ramdomise the case of the domain, and if the response does not contain the same randomised case then the result is ignored! This makes spoofing even harder! They also insert extra fields into the question with randomised data, and need to get that same randomised data back. All this should make them very hard to poison.
- Google are also fast because they do something very cool with their cache. Just before a TTL is about to run out, they preemptively repeat the request to get a new answer with a new TTL so their cache remains very up to date, and very full. This speeds up requests nicely.
- For more on Google’s service see:http://googlecode.blogspot.com/2009/12/introducing-google-public-dns-new-dns.html
- BTW – a few of the poorer ISPs (in Bart’s opinion) block all DNS traffic that is not directed at their servers. This forces you to trust them. I would never stay with an ISP like that.
Well I hope you’ll come join us some time in the live show on Sunday nights 5pm GMT-8 at podfeet.com/live, we have a ball in the chat room and goofing around between recordings. The crowd is very welcoming and it’s friendly in there and we have a lot of fun. If you’re too shy to join the live chat, send in your emails with dumb questions, compliments and even complaints to firstname.lastname@example.org. If you’re feeling bold, give recording a product review a try. the iPhone recorder actually does a great job, come on, go for it! Well that’s enough from me, Thanks for listening, and stay subscribed.