#350 Macworld 2012, Blindfolded!, Avatron, Nite Ize Gear Ties, ParaSync, Powis iCase, WPS Flaw in Wifi, Star Photography

Macworld 2012 has come and gone, hear our experiences, how well Blindfolded! went, and hear interviews of vendors on the show floor. Avatron with Air Display on iOS in iTunes, Air Display in the Mac App Store, Air Sharing for iPhone in iTunes, Air Sharing universal for iPhone & iPad in iTunes, and Print Sharing in iTunes. Nite Ize brings us Gear Ties at REI, iPhone Connect Case Niteize.com Connect Case and Connect Case accessories: NiteIze.com Connect Case Accessories. Parat Solutions demonstrates the ParaSync to charge and sync 10 iPads (also models for 20 iPhones/iPods) at Paratsolutions.com. Powis iCase with 9 different positions at powiscase.com. The NosillaCastaways party was lots of fun at Macworld | iWorld, check out the photos on flickr.com/photos/nosillacast/sets/72157629089333159/ and Mark Pouley’s shots of just the Google Hangout we did with people who couldn’t come at flickr.com/photos/switchermark/sets/72157629087853459/. In Chit Chat Across the Pond Bart tells us about a dreadful flaw in WPS on most wifi routers (not in Apple Airports luckily). To look up your router to find out if it’s got the flaw and if turning off WPS will actually help, go to https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c. If yours has the flaw and you want to be daring, install a non-standard router OS like the ones listed here: wikipedia.org/wiki/List_of_wireless_router_firmware_projects. After that Bart lightens things up with his tutorial on how to take photographs of stars without fancy kit: bartb.ie/blog/?p=2226.

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday January 29th, 2012 and this is show number 350.

Well Macworld was a total blast. The vast majority of the Mac Roundtable crew was there, so it was a great time to meet up with old friends. Not everyone was there, which was bittersweet but we managed to bear up. There were a lot of NosillaCast listeners there too. It’s such fun to walk down the halls and keep running into someone you know. The show was wonderful for more reasons than friends. This year they changed the pricing for the technical class track. It used to cost $3-400, so I never went. Now it’s only $75 for the Tech Talks if you sign up early, $100 if you sign up late. All day long I was stressed out because there were so many cool subjects I wanted to learn about. I was stressed out because I couldn’t find enough time to go to the show floor either! I think that’s the good way to go though, you don’t wanna be bored, right? Zack wrote in and said he knocked out the show floor in 3 hours so he was disappointed. I think trying to go through that fast though you miss a lot of the little gems. Steve and I got a lot of interviews of some really cool stuff, so I loved the show floor. But I can see that if I only had the show floor to go to it wouldn’t have entertained me for days.

Let’s talk next about Blindfolded! I’ve really got mixed feelings about it – it was somewhere between a total success and an epic fail. I guess I should elaborate. The quick plot I’d planned was to use the iPhone and text messaging to ask Katie to dinner, then to switch to the Mac. From there I would use Spotlight to launch Safari. I’d navigate to Yelp, search for an Italian restaurant in San Francisco. Once I found one I liked, I’d copy the address (that was the trickiest part). Then I’d launch iCal, create a new event for dinner with Katie. I’d paste in the address from Yelp, set up an alarm, and then add Katie as an attendee and send her the message.

I know that sounds like 30 seconds for a sighted person, but that’s a good half hour with a newb like me using VoiceOver! I chose this sequence because it exercised so many different commands, especially on the Mac. It would require me to work with two different applications, interact with content, select buttons, copy content, and use pulldowns.

When we practiced all this at home, Steve and I realized that the microphone would never pick up the sound of VoiceOver, especially on the iPhone. Our plan was to have the house mic in front of me in a stand, but also to have the mic that transmits to Steve’s camcorder also right in front of me on a stand. The iPhone would have audio basically perpendicular to the mics so it would be totally lost for the audience. Then we got the idea to use Steve’s Jawbone Jambox. I’d use an audio cable to connect it to the iPhone and then the Mac, and with it’s great booming sound, we’d be golden. We made sure it was charged, we brought two different audio cables in two different bags, AND we brought a backup sort of cruddy speaker just in case something was wrong with the Jambox.

When we got there, we realized that we could actually grab the audio jack for the house sound and just pipe that right into the iPhone and then the Mac, bypassing the need for the Jawbone. That turned out to be great for the live audience, but unfortunately it was still a mistake. We didn’t realize till we came home and watched the video that Steve’s camcorder picked up ME just great, but the house sound was very low on the recording. We did have our friend Wally Cherwinksi do a second camera shootm and he actually did get the house sound. I’m not sure how this will come out in the end game but it looks like Steve may be able to steal most of Wally’s audio and also splice in Wally’s video. We want Wally’s video too because he was REALLY creative. I had no idea, but he was clambering all over the stage shooting over my shoulder, behind my back and way up in the air. For the sightlings in the audience you’ll enjoy being able to see what I’m doing. ANYWAY, let’s talk about how the talk actually went!

I started with some slides in Keynote, but I wasn’t blindfolded for that part. I suppose I could have done them blindfolded, but I wouldn’t know what was on the slides unless I memorized them, so I’d have to have them read to me, which would be lame. Memorization isn’t exactly my strong suit, you know? I’m also not wild about slides as a general rule as you know, but there were a few points I wanted to make. I wanted to make sure that people knew why I was doing this. Part of it was for my own education, to force myself to learn it, to stretch my brain, but more importantly I wanted to point out how many people are actually blind (1.3M in the US alone) and that there’s a 70% unemployment rate amongst the blind. If more people were aware of how well sites can work that are well designed and how well applications can run if developers just use the APIs that Apple puts right out there for them, that could get more people to realize how it can be done well. So I made it through the slides ok.

After the slides, I plugged my iPhone into the audio system and dramatically put on my blindfold. We couldn’t figure out an easy way for people to see my phone’s screen, plus it would be problematic to show it on the big screen because other people’s phone numbers would show on screen as I did the searching. I used Katie’s Google Voice Number so if I tapped on her number no one would get her real voicemail. When I first launched Messages it wasn’t quite where I expected, but I was able to recover and successfully send her a message. Recovering from unexpected events was the main thing I worked on for the second half of my learning. It’s all well and good if you can do it when nothing goes wrong, but what if something strange happens? The real trick is in recovering. I wasn’t too worried about the iPhone because for me at least, it’s a LOT easier than the Mac.

So once I got that done, I had to unplug the audio and plug it into the Mac. Not too tough, managed to pull that off. I turned on VoiceOver on the Mac successfully. Then I used Spotlight to launch Safari. I muffed up a bit on getting to Yelp, but again, I recovered. I did a search for an Italian restaurant, found one, and copied the address. Boom, I’m golden. All I had to do next was launch iCal and do the invite. iCal in general had never given me fits once I got the hang of it, so I figured I was home free after Safari was over with.

So remember how I said Steve and I shouldn’t have varied from our original plan on the audio? Well I made another mistake. When I was practicing about a half hour before I went on stage, I had a brilliant idea to speed things up. I had put my Blindfolded! Keynote file in Dropbox, but I thought instead of opening a Finder window and navigating to it, I’d just drop a copy on my desktop. There shouldn’t have been any harm in that, right?

Ok, so I just finished with Safari, and I quit the application. I didn’t normally quit it, but I thought that would be cleaner for the viewing audience. I held down command-option to open Spotlight, and typed in iCal, but the nice VoiceOver lady did not say “ical” when I typed it. That’s when things went horribly wrong. I haven’t yet figured out why this happened, but somehow that Keynote file on my desktop got selected, and for the LIFE of me, I couldn’t get off it. The only reason I even knew I was stuck on it was the audience had to start helping me. They explained to me that I was actually using spotlight INSIDE the Keynote and it was trying to search for iCal inside my presentation. I thought I’d be brilliant and open a finder window and maybe that would get me unstuck from the Keynote file. That didn’t work either, all I did was launch spotlight inside the finder window! I started popping up pictures and all sorts of stuff. Evidently I brought up a picture of myself, and Steve started getting really nervous that I might pop up a tax return or something!

This went on for quite some time, with the audience trying to help, and I have to sadly say that in the end I had to pull off the headband. I had to kill VoiceOver, launch iCal, and put the headband back on. From there on out it was smooth sailing – by some miracle through all that shenanigans VoiceOver still had the address in the copy buffer so I could paste it into the event. That was a small success that made me happy. I finished up the invite and hit send.

Now I said it was an epic fail because I did have to remove my headband, but I need to tell you that the audience reaction was exactly the opposite. They all told me afterwards that it very very vividly illustrated how incredibly hard it is to learn VoiceOver, how hard it is to get unstuck without some sighted people to help out, and how you still can muddle through in the end. I was very pleased with their reactions to it, I thought they’d be throwing eggs at me for not having flawless execution. They felt that having the problems I had was actually a much better illustration of what must really go on for the blind.

One question came up in the Q/A at the end that I really did want to point out. Mary Cajiao (wife of Victor Cajiao) is a teacher, and she asked me whether there are any podcasts or good teaching programs to teach people how to use VoiceOver. I told her that I didn’t know of any but that I would throw it out there to find out. So if you guys know of any resources, I’d sure like to be able to get back to her with an answer.

Steve will have to put some time into editing this video – between his video and Wally’s he’s got some creative editing time to enjoy so we hope it will come out some time next weekend. I hope you forgive the uneven audio we expect, but I think you’ll get the gist of this experiment. I’m still ambivalent on whether it went well or not, but I have to say I really appreciated something Don McAllister said during his QuickTime Tech Talk at Macworld. Before he started he told the audience that he figured his talk would be easy because at least he didn’t have to wear a blindfold to do his!

Well let’s dig into some demos from the show floor. You’re about to hear the audio versions of the demos, but if you’d rather watch the videos, head on over to podfeet.com and they should be up soon.

Avatron

Air Display on iOS in iTunes
Air Display in the Mac App Store
Air Sharing for iPhone in iTunes
Air Sharing universal for iPhone & iPad in iTunes
Print Sharing in iTunes

Using a screenreader? click here

Nite Ize

Gear Tie at REI
iPhone Connect Case Niteize.com Connect Case
Connect Case accessories: NiteIze.com Connect Case Accessories

Using a screenreader? click here

Parat Solutions

ParaSync to charge and sync 10 iPads (also models for 20 iPhones/iPods) at Paratsolutions

Using a screenreader? click here

Powis iCase

iPad cases with 9 different positions: powiscase.com

Using a screenreader? click here
That’s enough product demos from Macworld for this week, but we have lots more that we’ll be giving you over the next few weeks.

Dumb Question (and Clarify)

Steve Davidson brings us our Dumb Question this week:

A couple of months ago, ’twas the season when I generate a passel of sticky-backed address labels in order to send family, friends, past colleagues, and other assorted people my wife and I have collected over the years our family’s “annual report” — you know, the typical holiday card featuring a photo of my kids (and dog) accompanied by a one-page note packed with photos and stories about the year just ending.

Before I migrated to Lion, I had been using the Palm Desktop application to manage my address book — and print the annual address labels. The Palm Desktop is a PowerPC application, as is/was Eudora, so these two applications are no longer an option for me. As astute listeners of the Nosillacast know, I now use Apple Mail — and as a consequence, I also use Apple’s Address Book to manage my contacts.

There are around of the ~150 recipients of our “annual report,” and for some I have home address, for others I have work address, and for many/most I have both addresses. My algorithm for printing labels was: If exists Home then use it, otherwise, use Work. With Palm Desktop’s Excel-like view, I sorted them on “home street address,” selected those that had entries in that column and printed the selected set (specifying a label template that printed home address). Then I would select the remainder, print that set specifying a label template that printed work address.

Now I’m using Apple’s Address Book, which lacks much of the functionality of the Palm Desktop, and this year I ended up producing nearly 1-1/2 times as many addresses labels than I need to, which was wasteful and required sifting through the printed output to remove the redundant labels (which was not without the commission of errors).

So, the Dumb Question is: Is there any way to recreate the capabilities I gave up when I migrated from Palm Desktop to Apple’s Address Book? And if not, can you recommend a better alternative for the purpose producing those labels?

This question baffled me at first, especially since it hadn’t been a problem for me. I wasn’t sure I’d even be able to think of a fix. Completely unrelated, a buddy of mine happened to mention how much he hates using Word Merge from a CSV file of an address book was to make labels for Christmas cards. I remember those good old days, what a nightmare that was! So I whipped out my Mac and showed him how in Apple’s address book all you have to do is create a group, add names to it, select all, go to print, and one of the options is address label. He was amazed and delighted.

I bring this up because while I was showing him, I noticed a field that said Addresses: and then it had a pulldown that was currently set to “all”. I clicked it, and low and behold if you click that you can choose home, work, or other. I thought that the best way to make sure there was no confusion on how to do this, so I whipped open Clarify from BlueMangoLearning.com, took 5 quick screenshots, threw in a couple of annotations, clicked the share button, and I was rewarded with a link I could drop into the email back to Steve. I didn’t really mean this Dumb Question to turn into an ad for Clarify, but Steve’s response back sort of made me do it. He wrote, “Incidentally, you are a great advertisement for Clarify; the visual was excellent.”

So Steve is happy, and I was able to sneakily trick you into learning about Clarify. If you haven’t checked it out yet, go to BlueMangoLearning.com for a free trial, or you can go straight to the link in the shownotes for Clarify in the Mac App Store and buy it!

NosillaCastaways Party

I wanted to make a quick mention of how much fun the NosillaCastaways party was. We had a much better room at Jillians this year, complete with a pool table. I really enjoyed spending time with the other members of our crew and most of the Mac Roundtable was on board for the party too. I can’t mention names because you KNOW I’ll forget someone, but you know who you are and how much fun it was to hang out.

We did a Google Hangout and it was a great success. We set up Steve’s Macbook Air up on a table a bit out of the way of people knocking it about, used the Samson Meteor Mic and a pair of headphones so the party goers and the Hangouters could actually hear each other. We had a bit of a hiccup when we were unable to actually keep a hangout going – it IS a bit buggy. Eventually Kevin Allder did get it going on his end so we just tweeted out to have people join his. It was way more fun for those on Google Plus because when there was no one at the party there, they still had their own little party! They didn’t get much peace and quiet though – there was a constant stream of people joining them. On the hangout we had Kevin of course, Donald Burr, Michelle Lopez, Timothy Gregoire, Mike McPeek, Karell Harrison and Allister Jenks. I think a big moment for everyone on the call might have been when Rod Roddenberry joined them and Donald did Live Long and Prosper, and Rod did it right back at him! Rod’s such a great guy – he loves the geekfest as much as anyone!

I posted a Flickr set of the party, most of the pictures are mine but some of the best ones are actually from Kirschen:
flickr.com/photos/nosillacast/sets/72157629089333159/.

Mark Pouley, AKA @switchermark also posted a set of just the Google hangout. You can see how much fun everyone is having playing with the hangout:
flickr.com/photos/switchermark/sets/72157629087853459/

Anyway a good time was had by all!

TextExpander

While we were at Macworld I was listening to Dave Hamilton and John F Braun on stage for a live Mac Geek Gab. Someone had a problem when they rebuilt a system. Dave speculated that there was a problem in ownership of the files, and explained that the first account you create is account 501, the second is 502, etc. He went on to explain that you can change the ownership of the files in question by using the unix chown command. He popped open a Terminal window and typed in the command so everyone could see exactly what it looked like. I remember thinking to myself, wow, that’s sure a slow way to do it! I said that because of course I have a TextExpander snippet! When I put my SSD into my MacBook Pro, I had the same problem as this guy asking the question, and it was exacerbated that in my ignorance I thought it was a GOOD idea to keep my original account (of the same name) on my spindle hard drive. OSX was constantly getting confused, and I had to keep explaining to it which allison it was supposed to be giving control of things. Ok, so that’s not exactly an ideal condition, but it IS an ideal condition to use TextExpander! I simply type ch ; and out bangs:
sudo chown -R allison ~allison/
3 characters displacing 32, not a bad tradeoff! If you’d like to have TextExpander at your fingertips to make it really fast to type out things you need all the time, head on over to the Mac App Store to buy it once for all your Macs. If you’d like to check out the free trial first, head on over to smilesoftware.com and be sure to tell them Allison sent you!

Chit Chat Across the Pond

Security Light

Nothing to report!

Security Medium – the WPS WiFi Flaw

What is WPS?

• WPS stands for “Wifi Protected Setup”, and is a mechanism designed to make it easy to add devices to a secured WiFi network.
• The system uses a PIN number to associate a device with a WiFi router. It’s MUCH easier to enter a PIN than to enter a 63 char password 🙂
• The system was designed to use a randomly generated PIN which would change each time you added a device
• Having the PIN change each time meant that routers would need a display of some sort, and manufacturers balked at that idea – so a second variant of the protocol was developed, that used a static PIN written on the bottom of the router
• The variable PINs are 4 digits long, but that seemed too short for static PINS, so they were set to 8 (with the last digit as a checksum, so 7 really)
• 7 digits is not a lot, so to prevent brute-forcing, routers are supposed to force a timeout on successive failures
• In order to get “WiFi certified” routers HAVE to support WPS, and, it HAS to be on by default

What’s the Problem?

• There is no problem with routers that use the variable PIN method
• Fundamental flaws have been discovered in the static-PIN version of the protocol – the entire concept is in fact fundamentally flawed to the point that there is only one fix – disable WPS!
• There is not just one problem in fact
• Because of how the protocol works, bad guys don’t actually have to brute-force 7 digits, they have to brute force four and then three, which is MUCH easier. However, even if they had to do 7, that is still not enough to be secure
• To make the problem infinitely worse, many routers fail to implement any sort of lockout on a failed try – so, many routers can be brute forced in just a few minutes
• Because the PIN is fixed, once a router’s PIN has been cracked, the attackers has access FOR EVER, and the only way to lock them out is to disable WPS, or get a new router!
• The second flaw is that an attacker does’t even have to brute force a router to get a static PIN! An attacker just has to watch a single successful pairing, then take the packets home, and brute force those packets instead – this means that even if the router does implement the lockout, it doesn’t help, the attackers can work ‘off-line’. When they have the packets cracked, they just successfully auth first time!
• To add insult to injury, some routers not only have WPS on by default, BUT, don’t provide a mechanism to disable it, or, worse still, provide a switch that lets you think it’s disabled, but actuality does nothing!
• There is already and open-source attack tool out there for this flaw (called Reaver) – so no skill is required on the part of the attacker

How do we protect ourselves?

Ultimately, what you need to do depends on the make and model of your router. If it’s old enough it may simply not support WPS, or, if it’s a good router it may use the variable PIN method, or, you may have to log in to your router and disable WPS, or, you may have to get a firmware update for your router, or, you may have to get a new router!

Lets deal with the simplest case first, do you have an Apple router? Then you’re golden. Apple use the variable PIN version of WPS, and WPS is only enabled while you are adding a device using the Airport Utility app.

If you have a Belkin, DLink, Netgear, or TP-Link router, then you can disable WPS in your router’s interface, and get on with your life.

If you’re using a router supplied by your ISP, you might want to start by calling them and asking them what to do. Realistically, this is probably a waste of time, because you’re unlikely to get through to anyone who knows what you’re talking about 🙁

If you have a Linksys router you have things as bad as you possibly could have – there is a button in the interface for your router to turn off WPS, but it does NOTHING!

If you have a router that’s not listed above, US-CERT, in their note on this flaw (http://www.kb.cert.org/vuls/id/723755) link to a spread sheet with over 100 routers showing their vulnerability:https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c

If your router is vulnerable, what can you do?

• If it’s quite new, return it get your money back, and buy a new one that’s not vulnerable
• If you’re feeling brave, install a non-standard router OS onto it like DD-WRT or Tomato (long list of options here: http://en.wikipedia.org/wiki/List_of_wireless_router_firmware_projects)
• Buy a new router

Main Topic – Taking Photos of Stars without Fancy kit:

http://www.bartbusschots.ie/blog/?p=2226

What a whirlwind week – I want to give a big shout out to Steve for getting the videos encoded of our interviews so quickly and pulling the audio so it would be in the podcast as well. I know it was a lot of work to bang all of those out and do all the week’s worth of chores in a single day!

Many thanks to our sponsors for helping to pay the bills: ScreenSteps, and Smile. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter at @podfeet. I contribute a fair amount over on Google Plus nowadays so just search for me by name if you want to circle me up. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.