#311 GTD on Lotus Notes, JB Systems Mic, Code Signing, LastPass Breach, Skype Vulnerability

The true answer on what “i” stands for straight from Steve Jobs, Jans from Germany explains how to use the GTD concepts even with Lotus Notes on a locked-down Windows machine, Poster from reinventedsoftware.com is worth another look for uploading photos to Facebook and Flickr. Knightwise demonstrates his new road mic (JB Systems HM06/PS Headset Microphone) for recording his podcast while driving. In Dumb Question Corner Allison asks Kirschen to explain Code Signing, and Guy and Gaz from mymac.com accidentally pull off a Honda Bob Commercial. In Security Light we talk about why you shouldn’t be worried about the LastPass vulnerability and how you have to actively seek the security update to Skype 5 on the Mac. In Chit Chat Across the Pond Andy Walker of butterscotch.com and tucows.com joins us to talk about the year of mobile, why you might consider switching to Android, the future of the BlackBerry OS and QNX, and he makes the mistake of dissing moms everywhere by saying we’re not technical.

itunes

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday May 8th, 2011 and this is show number 311. A while ago I started the NosillaCast News, and I told you that one of the purposes was to let you know if there was ever anything wrong in the podcast, like if my site was down or anything dreadful like that. Last week in editing the show, I inadvertently moved the jingle track so that it left gaps in the audio file, and then jingles on top of the voice recordings. Steve does a sampling of the show instantly after I post it, but his sampling missed the three spots where the error occurred.

When I awakened at 5:30am on Monday morning, my early warning system @ConnorPJ1 from the East Coast and @mactopics from Germany alerted me to the problem. The first thing I did was correct the problem as quickly as I could, and while the file was uploading to the server I shot out a note in the NosillaCast News subscribers. Anyone who was subscribed knew about the problem, and knew not to download until after the time I gave them. I was so happy to be able to tell people up front! The additional benefit of having such trustworthy early warners combined with the newsletter meant that I didn’t get ANY other emails or tweets telling me it was messed up. Usually when something goes wrong I spend the whole day emailing back, “yeah, I know…” If you haven’t signed up for the NosillaCast News yet, just head on over to podfeet.com and look in the right sidebar for the signup form. Thanks again to Connor and Claus!

The meaning of “i”

Last week Professor Albert asked what the i stands for in all the Apple products. I did a bunch of googling and wikipediaing and came out with some weak half answers, but Adam Hermann (@thisisadamh) sent me the REAL, definitive answer! I’m so glad because I hate that I disappointed the Professor, you know? He puts me on such a pedestal I hated to shatter his image of me.

Adam sent along a video link to the 1998 Apple Keynote. Steve Jobs is up on stage in a dress shirt and jacket announcing the first iMac. In the first 30 seconds, he puts up a chart showing what the “i” stands for in iMac. His chart says internet, individual, instruct, inform and inspire. Let’s hear it in Steve’s words:


using a screenreader? click here

So many thanks to Adam for sending in the video and helping us to resolve this most important dumb question!

ScreenSteps

Last week ConnorP chatted me up with a question about how I managed photos for my son’s track team. He’s struggling with the volume of photos coming from parents, where to store them, how to present them on his website for his team. Originally I was the main photographer for my son’s track team, taking 3-400 photos at a single meet (there are hundreds of kids and the meets last hours and hours). I used jAlbum to create a nice visual experience, and then ftp the albums up to the website I created using WordPress. He asked how I managed OTHER people taking photos. You can hear the answer already, can’t you? I used ScreenSteps to teach them! I did have the advantage that everyone was willing to use a Mac, so i was able to teach them how to download and install jAlbum, how to export their photos from iPhoto into jAlbum, how to create the albums to the standards we’d chosen (black background, ribbon across the top, and access to reasonably high res photos so the kids could make them profile pics). I taught them how to install the free CyberDuck so they could FTP to the server, and then how to set the page up in WordPress. I created PDFs that I mailed out, had the people over for a one hour lesson at my house, modified the instructions easily and quickly in ScreenSteps, and they were on their own. That was 2 years ago and I haven’t had a single support call since! If you don’t think ScreenSteps is as powerful as I say, try their free trial and prove me wrong! Head on over to ScreenSteps.com and check it out.

Jans from Germany on GTD on Lotus Notes

Running a GTD System in the Standard Lotus Notes Task Manage

Lots of people have to live in both worlds, like PC at work and Mac at home. The even poorer of them have to accept an environment without admin rights on their work PC. So the only solution to get around with a decent GTD system is to deal with the stuff one’s got and this may be Lotus Notes (or Outlook).

If you’re not sure how GTD works, please check it out before you continue this blogpost on davidco.com/ or en.wikipedia.org/wiki/Getting_Things_Done

What I’ve learned is, that with only a bit of work you can install a well working GTD system even in the standard, built-in Lotus Notes task management system, although it doesn’t provide the fancy features a full-blown GTD application like Omnifocus, Things or Remember-the-Milk has.

But that isn’t a must if you only want to run your system, provided you just set up your workflow in a slightly geeky way: For myself it worked out like this:

Apart from having due-dates for the tasks – which is a basic feature in almost all softwares, a must for all GTDers is the ability of linking context to them. In Notes, this can be done by using the “Category” field in the task applications GUI.

The only thing you need to do is to write the context(s) in the category field and Lotus Notes, after hitting ENTER will remember the category for re-use.

But first things first. Going that way, you need to think about a structure that works best for you. I’ve chosen the following one, so I can distinguish between contexts being places, persons or projects:

“@” at the beginning of a category/tag signifies a place context like @work, @phone, @computer, @home, @errands etc.
“-” signifies a person to interact with or to talk to, like -John Miller, -Spouse, -Boss, -Erica etc.
“.” signifies a project the task is allocated to, like .christmas, .vacation, .garage_sale, .younameit

Since Lotus Notes allows multi-tagging, one can add all context needed to each single task to be completed. So if I have to call the butcher for the christmas roast, the task would be:

Call butcher for christmas roast +498912345678
duedate: 2011-12-20
Tags: @phone, .christmas, -Spouse

I think you got the idea. If you now want to view the tasks with the same assigned context, that is nothing but a tag, you simply have to click on the “view by category” in the left column of the task page within Lotus Notes. In order to not being forced to type in the same context over and over again, I use a very smart application called “Breevy“, that could also be called “TextExpander for PC”. this software expands abbreviations to full text on a systemwide basis. The good thing about Breevy is: There’s a portable edition for breevy as well! This can also be installed locally on your PC without admin-rights enabled.

Therefore I’ve chosen abbreviations for the text snippets to expand in every application on the PC when typed in, like:

@p for “@phone” or @w for “@work”, or “-jjm” for “-John Miller” and so on.

Apart from the ease of writing at the first place, it is also essential for not ending up with a bunch of almost similar categories/tags due to typos or different writings like @computer/@Computer or -John Miller/-John miller and so on.

After doing this all, you can easily review your tasks by going to the “view by category” section of the task application within Lotus Notes, pick the phone-list by expanding @phone and if you’ve been smart enough to copy and paste the phone number of the butcher into the task, you can end up having the phone list for you way from/to work handy by either transferring it to your mobile device or printing it out before leaving the office.

If you are using a Blackberry handheld, synced with your work PC you can also find the task-list in your applications folder. Within the task list, you can set a filter to the @phone category tag i.o. to see all @phone related actions due. Then start phoning the people listed thereunder by doubleclicking on the highlighted phone number.

This works for all categories/tasks like @errands or so, enabling you to walk away with a well prepared list of action items doing your groceries or to seeing a co-worker you need to interact with.

Besides the use of Lotus notes in connection with a Blackberry, one could also connect the BB, and so also LN with “Remember-the-Milk”. This can be done by installing the “Milk Sync for Blackberry” on your BB Device.

After setting up your Lotus Notes like this you should be done with meeting someone, not knowing what you wanted to talk about, or handwriting lists beside your computer.

Thank you so much Jans, that was really interesting. Several years ago I did read Getting Things Done: The Art of Stress-Free Productivity by David Allen
, but I must confess I never really implemented it. I did go so far as to make labels for my paper folders though, and hang each one in it’s own pendaflex – does that count? I bet your instructions will be really helpful to people, I may even give your ideas a try with my email application!

Poster

A few weeks ago we went to San Diego to celebrate Steve and my birthdays and i took a ton of photos. I of course Barted the heck out of them in Aperture, winnowing them down to the best of the best (sir! with honors!) When it came time to upload to Facebook, I instinctively used the Poster plugin from reinventedsoftware.com. I told you about this little application when it first came out but I wanted to remind you about it because I like it so much. If you find it tedious to upload via the built-in functionality in iPhoto and Aperture (I hate their interfaces), you really might like Poster a whole lot more. It works as both a plugin like I said, or you can use it as a standalone application. It’s beautiful, it’s fast, it lets you describe and tag your photos all before they go up so people don’t start looking at them before you’re ready.

My friend Diane has only just recently started using Facebook, and just this week she complained to me about how much she hates the native interface in Facebook for uploading photos, and she doesn’t use Aperture or iPhoto to organize her photos. I told her about Poster, she bought it and immediately told me how intuitive she thought it was and how much better she likes it.

I know this sounds like a commercial and I swear it isn’t, it’s just that I enjoy it, i love the developer Steve Harris (the same guy who wrote Feeder, my favorite podcast feed application and where I write all my shownotes). Steve is the number one most responsive developer I’ve ever worked with. Anyway, go check it out – it’s only $10 and there’s even a free 15 day trial from reinventedsoftware.com.

Knightwise

Knightwise is back with another one of his “unique” reviews, this time for a new traveling mic setup. Let’s give it a listen:

JB Systems HM06/PS Headset Microphone
adapter
JB Systems HM06/PS Mic & Touch Mic 3rd Party Mic Adapter Cable

Smile

I was thinking about what applications make me happiest on my Mac, and I think it’s utilities that make me more efficient. The king of these applications has to be TextExpander from Smile. I’ve been using TextExpander for as far back as I can remember, and I’m still learning new things about it. A few weeks back I wrote to them asking if there was a way to create a snippet to change a lower case I to upper case. For some reason my fingers have gotten lazy and I often simply don’t capitalize that first person pronoun. Jean from Smile wrote back and gave me instructions that revealed a whole set of options at which I’d never even looked. I haven’t been using Groups all that much but she showed me a great reason to use them. For a given group, you can set an option to Expand after Whitespace. This was the key trick to getting the lower case I to upper case I to work. So with TextExpander you get high efficiency, great support, options beyond what I even know, and plus it makes a cute little sound whenever the abbreviations expand! Check out TextExpander at smilesoftware.com.

Dumb Question Corner

Dear Kirschen: I have a dumb question. what does code signing mean? If you have your code signed, does that mean someone looked at your code and declared it non-dodgy and gave you a sign of approval? I’m confused.

Hi Allison! Kirschen from FreeRangeCoder.com – thanks for your “dumb” question on Code Signing. I looked around at various developer documents and other references on the web and found out more information.

Here’s what code signing is all about – it makes you, the user of an application, confident of two things – (1) that the application indeed came from the application author (this is something typically called “authentication”) and (2) that no one has tampered with the application, for instance its executable code or scripts (this is usually referred to as “integrity”).

You can think of authentication as analogous to the situation when you visit a secure https website, such as a bank. The identity of these secure websites have been validated by a third party agency. Such validating agencies are called Certificate Authorities or CAs, and examples of some of these are Thawte and VeriSign. CAs provide a file called a digital certificate to the website owner and it is this file that essentially pronounces that the site is who it says it is. The CA embeds its digital signature in the certificate, along with other information about the website being authenticated, so that web browsers can check the validity of the website.

So in the case for authentication for an application, the developer obtains a digital certificate from a CA and uses that along with a cryptographic code to sign their application. This is used with the Mac OS X code signing tool called “codesign” (more on that later) to authenticate the application.

In order to provide integrity for the various code and resource components of an application, a developer can opt to sign each application content item individually. The code signing tool generates and associates a special value for these items – this special value is called a “hash”. Changing the contents of any of these signed items, even ever so slightly, will result in a different hash value – meaning that Mac OS X can detect if an application has been altered.

As an aside, a Mac OS X application appears to be one file, since the Finder shows and treats it that way. However, you can peer into the contents of an application by control- or right-clicking on the application file icon and selecting “Show Package Contents” from the context menu. Just close that Finder window showing the application contents when you’re done looking in there.

How code signing works is a rather deep topic – involving public key cryptography systems, digital certificates, and the like. I’ve put links to the Wikipedia and Apple Developer resources in the show notes if you’d like to read further.

Now, when I read Apple’s “Code Signing Guide” in the Mac OS X Developer Library, it mentioned that code signing does not guarantee that the code is free of security vulnerabilities, or contain unsafe code (for example untrusted plug-ins). What’s more code signing is not a copy protection or Digital Rights Management system – Mac OS X can determine that the code signature is invalid but this does not prevent the user from running the application.

Apple provides a code signing and signature validation tool in the Mac OS X UNIX command shell. This is called “codesign” and can tell you if an application happens to be properly signed. For more information, check out the Code Signing documentation at Apple’s Developer site.

When application developers submit their programs to the Mac App Store, these programs have to be code signed with a digital certificate from Apple. Next the programs have to go through Apple’s review process – which makes sure to the best of the reviewers’ abilities that the program is doing what the developer says it does, adding more assurance to the program. Does this mean that non-Mac App Store programs are not to be trusted? Of course, not – my take is that Apple just wants to make sure that programs that it accepts into the Mac App Store have passed its review process, much like iOS programs going through a similar process for the iTunes App Store.

Now, let’s get a little more down-to-earth. My sweetie had a problem with iTunes on her MacBook Air. iTunes kept coming up with a dialog saying “Do you want iTunes to accept incoming network connections?” and showing Deny or Allow buttons every time it was launched. This happened after we installed iTunes 10.2.1 via Software Update. I also managed to reproduce the problem on my iMac.

Searching around, I found an article in the Apple Discussion Forums (now known as Apple Support Communities) describing the same problem. The article showed how to diagnose the problem using codesign, and most importantly, provided a fix – which was to remove and re-install iTunes from a fresh download. Do check out my article on FreeRangeCoder.com detailing the problem and its solution (link in the show notes).

Code signing – it’s a pretty deep topic, but the problem it solves is simply that code signing assures us, the application users, of the veracity of the application’s origin and the integrity of its contents. Once again, thanks for letting me share an answer to a “dumb” question and I’ll be seeing you all in the bit stream!

Links:
Wikipedia: Code Signing
Apple’s Developer documentation on Code Signing
Apple Support Communities thread on iTunes and Code signing
iTunes and Firewalls at Free Range Coder

Honda Bob

You can call Honda Bob from Bucharest by dialing +001 562 531 2321. HDA Bob’s Mobile Service is not affiliated with Honda, Acura or Honda Worldwide.

Security Light

Last week I decided that I was tired of doing Security Light because I didn’t feel that I was adding the value that you really deserve. I can’t pretend to be Bart in this segment, that’s for sure. I probably won’t be doing it much any more, but this week I have to tell you about two things because I actually DO know what I’m talking about here.

LastPass

First let’s talk about the LastPass breach. If you hadn’t heard, on May 4th, the folks at LastPass discovered an anomaly that gave them pause. To quote their (very transparent) blog:

Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script. In this case, we couldn’t find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server).

They couldn’t explain the anomaly so they took pre-emptive measures to secure the data. I’m not going to read you all of what they discovered, instead I’d rather talk about what this actually means to you from a security of your most important passwords. Steve Gibson of Security Now! was on Tech News Today episode 236 and he explained again how LastPass stores your data. They take your email address and your single master password, and hash them together to encrypt them. Then they hash that combination together with the password again.

This is all done client side, so the people at LastPass never do have your Master Password, and they can’t figure it out if they wanted to. So in the situation from this past week, a small amount of data may have leaked out, but there’s no way the potential hackers could ever break into your account. Even if they’d downloaded the ENTIRE LastPass database, they still couldn’t break into your account. This is the reason that Steve Gibson is such a big fan of LastPass and why as a security expert he recommends it so highly.

The only concern you should have would be if you have used a dictionary word as your LastPass Master Password – because given your data potential hackers could do a brute force attack to guess your password. But let’s be serious for a minute, if you’re smart enough to use LastPass, are you likely to use a dictionary word for your password?

Skype 5 Vulnerability

Next up let’s talk about Skype. It seems like there are several ways you can screw up in the security front. One is to have vulnerabilities, another is to not fix those vulnerabilities, but the folks have come up with a unique way to screw up – have a vulnerability, fix it, but don’t tell anyone there’s a fix. Let’s back up for a minute. Pure Hacking discovered a vulnerability in Skype 5 for Mac that’s pretty frightening. They figured out how to send a message to someone on Skype that had a payload in it that gave them access to a command line shell, thus gaining complete control over the other person’s Mac. The folks at Pure Hacking contacted Skype, who according to them basically said, “yeah, we know about that one, hotfix coming”.

Ok, so far this is pretty normal, but what Skype did next was idiotic – they came out with version 5.1.0.922 which fixed the vulnerability, but when you launch Skype it does NOT prompt you to accept the update! The fix has been there since April 14th! In the past I’ve said things like, “let Firefox update itself” or “let Chrome update itself”, or “let OSX update itself”, but in this case I have to say launch Skype 5, and go up to the menu and choose Check for Updates and only then can you get the update to version 5.1.0.922 and be safe again on your Mac. Sheesh.

Chit Chat Across the Pond

========insert music===============
Any Al and Sean years ago
Today we’re joined by Andy Walker of butterscotch.com and tucows.com and co-host of Labrats at butterscotch.com/labrats. I’ve been following their antics for years first on Call for Help and then on to Butterscotch. Their tagline is they demystify technology. using great analogies and silliness. Plus some cats.

  • Andy’s inevitable move from Windows to Mac (he even authored two books about Windows)
  • Year of mobile
  • Reasons why you might consider an Android over an iPhone
  • Windows Phone 7
  • Blackberry OS & QNX – will Microsoft buy Blackberry?
  • Andy refers to his mom as not being tech-savvy and pays the price
  • Tablets – Android Honeycomb and QNX
  • Andy’s favorite food-related explanation: e-ink explained with eggs, shoe polish and salt

I still miss Bart terribly but I do like that we’ve gotten such interesting and varied guests over the past months, and Andy was no exception. I had no idea he had his fingers in so many pots these days, I’m really impressed! He’s just as silly as he always was though, so that’s a relief. by the way I DID send a tweet to Amber MacArthur asking her to go smack him for all the tech geek moms out there.

That’ll do us for this week, many thanks to our sponsors for helping to pay the bills: ScreenSteps, Smile, and of course Honda Bob. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter at twitter.com/podfeet. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time. Thanks for listening, and stay subscribed.

1 thought on “#311 GTD on Lotus Notes, JB Systems Mic, Code Signing, LastPass Breach, Skype Vulnerability

  1. Katie - May 9, 2011

    Great show as always. Thanks for the iMac intro video, great walk down memory lane. Heck, he had me ready to go buy a Bondi Blue iMac. Except when he kept talking about how great the mouse was!

Leave a Reply

Your email address will not be published.

Scroll to top