Podcast feed went on a diet with fewer episodes and shorter names. K-Array Ecodock Review available at B&H Photo. Clarify Beta lets you export to Evernote available at clarify-it.com/download/beta. Opena iPhone Case review from openacase.com. iKliK Stand review with video from Kickstarter, available at Amazon. Three video interviews from Macworld | iWorld: Readdle Remarks from readdle.com, Qmadix Quick Shot & Eclipse from qmadix.com and TourWrist from tourwrist.com. In Chit Chat Across the Pond Bart answers listener questions about permissions, Google privacy changes, and how DNS works and what this DNSCrypt from OpenDNS is all about.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday February 12th, 2012 and this is show number 353.
I’ve made a few changes to the podcast feed this weekend. After a lot of pressure I finally succumbed and I’m no longer sending you the feed with all 353 episodes in it. I am so darn proud of all that work, I wanted it to show in iTunes, but I was finally convinced that it made the file too big and with bandwidth caps on iOS and home devices, it just seemed like an idea who’s time had come. I decided to keep a running 52 in the feed, if you think that’s still too many let me know and we can negotiate. The cool thing is that I wrote to Steve Harris of Reinvented Software asking his advice, and he let me know that there’s a feature in Feeder where you can simply tell it how many episodes to keep in the feed, so I don’t have to do any work to keep it going like this.
The other thing I did was changed my naming convention. I’m no longer going to use the NC_YYYY_MM_DD format for the front end, we’re going to episode numbers. I had always figured that it helped to know the date, but it takes up gobs of space on the displays of our devices so I figured I’d do that change at the same time. I’m not trying to scare you guys with too much change, but it’s been something I’ve been noodling for a long time.
App Delete Lite Giveaway
Bob Cassidy, Don Moeller, John Malonson, Donna Sieron are our winners of AppDelete form reggieashworth.com.
K-Array Ecodock Review
very once in a while you run across a really simple solution to a specific problem, and I might just have found one of those. Here’s the problem to be solved – you’re trying to listen to your iPhone sitting at the desk, or working in the kitchen, but it’s just not loud enough. You don’t want to wear headphones and figure out how to hold it while you’re messing around, and you don’t have a powered speaker dock at your disposal. This is where the Ecodock from K-Array might just be what you want.
This device is almost exactly the size of the iPhone but it’s a plexiglass resonant cavity. It has a slot in the top where you stand your iPhone, and inside the plexiglass there are these swirls cut out that amplify the sound. It’s very unusual looking but is actually fairly effective. The Ecodock requires no batteries, as the sound is passively amplified. It’s light and would fit in a man’s shirt pocket easily, or slip into a purse without you noticing the weight at all.
Now the Ecodock can’t change the basic audio characteristics of the iPhone. The iPhone speakers are tinny and not great, so what you get with the Ecodock is louder yet still tinny sounding. I made two recordings for you: the first you’ll hear is the opening to my show without the Ecodock and then the same with the Ecodock. Let’s listen to the difference:
so you see that it’s almost twice as loud, but it’s still not the greatest audio quality you’d get from hundred dollar, powered speakers with good base. The good news is the Ecodock is only $19.95, and a “portion of the proceeds” will be donated to the “A Smile for Burkina Association” which funds an orphanage in one of the poorest West African countries. They weren’t clear on how BIG of a portion went to the orphans, would have been good if they said something like 25%, wouldn’t it?
One complaint I have about the Ecodock is that the iPhone doesn’t feel secure when sitting in the Ecodock. The slot into which it rests is perfectly vertical and the slot isn’t very deep, so it’s sort of wobbly when it’s standing in it. If you need some added volume on your iPhone, and want an inexpensive device to pull this off that doesn’t require another power brick, the Ecodock from K-Array might be just what you want. We already used it once – when our good friend Barry called before Macworld, we used it as a speakerphone and it actually worked really well.
I heard about the Ecodock from Sennheiser, not K-Array, but they had no way for you to buy the device, but after some digging I found it for sale at B&H Photo and of course there’s a link in the shownotes.
Beta Clarify to Evernote
Last month I read you a testimonial from Antony where he explained that he uses Clarify to make little tutorials, and then drops them into Evernote where he can tag them and put them in notebooks for easy reference when someone needs help. I thought that was a really inventive use of the two tools together, so I forwarded it on to the Bluemango Learning guys.
Greg Devore wrote back and told me that they’d had the same idea, so they’re working on a beta of Clarify that will allow your o export directly from Clarify to Evernote. How cool is that? The beta is open to the public and I’ve been using it for a couple of weeks and it works a champ! If you want to try it out yourself, click the link in the shownotes to download for Mac or Windows. Greg has created a tutorial (of course he has) to show you how to effectively use it too.
If you haven’t downloaded Clarify yet, this is a great chance to try it out and start with even cooler functionality than the released version. When you’re ready to buy, please use the link in the shownotes or the link in the left sidebar where it says “Buy Clarify” and be sure to tell them Allison sent you.
Opena iPhone Case
This week’s show is dedicated to simple, yet useful solutions. Here’s the problem to be solved. You’re at a party, you go to the cooler to grab a brewski, and some moron has moved the bottle opener. That’s the whole problem. What if you had an iPhone case that will also open your beer bottles? The Opena from openacase.com is just what you need. I thought this was a goofy idea at first, so I gave it to Lindsay’s boyfriend Nolan as a joke. His first impression was that the Opena Cast was really heavy, and it really is. It has a steel bottle opener that slides out of the back, so it makes sense that it would be heavy. He was also worried that if you put too much pressure on it, it could damage his iPhone. We were all more than willing to test with HIS iPhone of course.
We made him open a few bottles, and it actually worked pretty well. Then we went to a party, where they had a cooler, and beer. Sadly no morons had moved the bottle openers, but we still made Nolan do his party trick to open everyone’s beer. I think Nolan was just being polite taking it with him when they left for San Diego. But imagine my surprise when Lindsay called me today to tell me that everyone at the brewery where Nolan works, Ballast Point Brewery, LOVES the Opena Case! She called because she wanted to know where I got it because a bunch of his co-workers want one too. I asked her if he’s used to how heavy it is, and she said he absolutely doesn’t notice it any more.
The Opena Case from openacase.com is only available through their Web site, and it costs $39.95 AUD, which is around $43. That’s an awful lot of money for an iPhone case, but it might make a fun gift for the beer drinking people in your life – and it comes in black OR white!
Here’s one more simple and elegant solution. I know the iPhone has a small screen, but I see a lot of people at work watching videos on their iPhones. They prop them against a book, they buy clumsy cases that have kick stands built into them, or they pay for an expensive dock. One of the most enjoyable people we talked to at Macworld was Brian Weinberg, who had invented a product called iKliK Stand. It’s very simple really, and that’s what makes it beautiful.
The iKliK lets you slide a bare iPhone into it either vertically or horizontally, and then rotate it to several different angles to get just the right angle. The base is well designed to be sturdy without being heavy at all. It comes with four little pads to give you a little bit of friction so it’s even more sturdy. I like it for two reasons, one because it’s so simple and elegant, and two because Brian was so enthusiastic about it and how it was created. At Macworld he showed us his prototype for an iPad stand with the same design. He uses rapid prototyping, creating these designs with a 3D printer, and he was so excited by his ability to change the design, test the ergonomics and then redesign and print another model. You could tell he’s put a lot of work and thought into the design.
If you’d like to see the video on Kickstarter where Brian and his partner explain their product and watch a little animation of how it rotates, head on over to the Kickstarter Link in the Shownotes. Or if you’re looking for a light little stand to put your iPhone at the perfect angle while watching a video, cooking, or reading, I put a link in the shownotes to the KliK Stand on Amazon where you can buy it for only $13.
We’ve got the last three interviews from Macworld up next, followed by Chit Chat Across the Pond with Bart. Remember the Macworld interviews are all available in video on podfeet.com so go check those out if you’d like to see the products demonstrated. You’ll definitely want to check out the video on TourWrist!
Qmadix Quick Shot & Eclipse
Chit Chat Across the Pond
- FireFox 10 realised on 1 Feb (been updated to 10.0.1 already). 3.6.26 was also released – these are now the ONLY two safe FF versions –http://blog.intego.com/firefox-turns-10-fixes-vulnerabilities-and-changes-add-on-upgrade-process/
- Apple release OS X 10.7.3 & Security Update 2012-001 for 10.6 – http://support.apple.com/kb/HT5130
- Next Tuesday is patch Tuesday, MS are releasing 9 bulletins affecting Windows (XP up to and inc 7), Visio, Sharepoint & Silverlight –http://technet.microsoft.com/en-us/security/bulletin/ms12-feb
- Flashback trojan continues to morph – latest version gives up on using a standard OS X installer, and instead switches it’s focus to Java. If you have out-of-date Java you will be infected with ZERO user interation, it will be silent! If you have a patched version of Java a popup will ask your permission, but, many people will just say yes – http://blog.intego.com/new-flashback-trojan-horse-variant-uses-novel-delivery-method-to-infect-macs/
Security Dumb Questions
Question 1 (from Chris):
“For a dumb question segment, how about a primer on permissions. What are they, how do they work on a Mac and what is this “repair your permissions” advice you always get?”
- OS X is a Unix-based operating system, so it uses the same basic permissions system that other Linux & Unix OSes use.
- All processes have an owner, so when ever that process tries to access a file or folder, it’s that ownership that’s used to determine whether or not the file or folder can be used in the desired way.
- All files have three things: an owner, a group, and a permission mask.
- The owner is the UID of the user on the system who owns the file
- The group is the GID of the group on the system that owns the file
- The permission mask specifies what different people can do to the file or folder. The mask has three parts, the user permissions, the group permissions, and the ‘world’ or ‘everyone else’ permissions. Each of these three sets of permissions allow the following three things to be set: can the file/folder be read, can the file be written to (or if it’s a folder can the file listing be altered by adding, deleting, or renaming a file or folder within it), and whether or not the the file can be executed (or if it’s a folder, whether or not it can be ‘traversed’ to get to the content nested within it)
- When a process tries to access any file or folder, it checks to see if the files owner is the same as the processes owner, if so, those permissions are used, if not, then the OS checks whether the owner of the process is a member of the group that owns the file, if so, then those permissions are used, finally, if neither the user or group match, then the ‘world’ permissions are applied
- Permissions also apply to processes, if you don’t own a process, you can’t kill it, unless you are an admin.
- As well as these regular permissions, there are also some other flags that files can have, including a very important one called the setuid bit. This tells the OS that no matter what user executes the file, the process should not be owned by the executing user, but by the user specified in the setuid bit.
- As well as supporting regular Unix permissions, OS X also supports “extended attributes” which allow more complex permissions to be set on files. These extended attributes are used for things like storing the URL a file was downloaded from, and whether or not it has been OKed to run, or whether or not a file should be hidden in the Finder.
- OS X keeps a database of all the permissions that should be set on all OS X system files
- Sometimes, the permissions on files get messed up, often because of badly written software, particularly poorly written installers. When this happens your Mac can start to act very funny as OS operations get blocked by incorrectly set permissions
- To fix this, you can tell you Mac to scan through the database of correct permission, and re-set them all system files. This is what Repair Disk Permissions in Disk Utility does.
Question 2 (from Ed Tobias):
- Now, Google have replaced all these disparate privacy policies with one global one that covers all their products.
- As policies like this go, it is very short, and very human-readable. I read it all from start to finish, and I didn’t feel overwhelmed by the language, or find anything in there that disturbed me. Basically, it just confirmed what I was pretty sure I knew anyway.
- The policy also links to the Google Dashboard, which is an amazing utility that lets you see what google knows about you on ALL their services, and lets you correct or remove any data you want gone. https://www.google.com/dashboard/
- If more companies were this transparent, and made things this easy, the world would be a much better place IMO *cough*FaceBook*cough*
Main Topic – DNSCrypt from OpenDNS
Listener Scott Howell wrote to Allison suggesting this as a good topic, and he’s right!http://www.opendns.com/technology/dnscrypt/
Before we start, we need to remind ourselves what DNS is, and how it works.
What is it?:
- DNS stands for “Domain Name System” and it’s used to translate domain names like www.podfeet.com into IP addresses like184.108.40.206 (and vica versa, and to do other cool stuff too)
- Each and every time you send an email or visit a web page, you are relying on the DNS system to make sure that your mail is sent to the right server, and that you are shown the right web page
- If an attacker can mess with your DNS they can make it look like you are at a particular URL when in fact you have been sent to an attacker’s web server instead
How it works:
- DNS uses UDP packets because they are more efficient, BUT, that means there is no connection, so replies can be spoofed much more easily that with TCP
- The DNS system is a hierarchy, with the top of the tree on the right of the domain name.
- There are four types of entity in the DNS system: authoritative DNS servers – these specify what servers have authority over what domains, and what IP addresses in the domains they are responsible for match what IP addresses, DNS resolvers (often called DNS servers) – these do the hard work of turning a DNS name into an IP address by following the full chain of authority from the DNS root servers all the way down the chain until an IP address is found, DNS forwarders (also often called DNS servers) – these simply pass on all queries they receive to a DNS resolver, and finally, DNS clients – these are the processes that run on your machine and query some form of DNS server on your behalf, and give you the answer.
- The process of resolving a domain into an IP address starts with the client sending a UDP packet with a request to some form of DNS server, either a resolver or a forwarder. If sent to a forwarder the forwarder passer the request on to a resolver (or another forwarder which then passes it on etc.). The resolver then does the hard work of actually resolving the IP, and it sends a reply UDP packet back to the server that called it, which sends a reply to what ever called it and so on until the reply arrives back at the client.
- The DNS system is simply full of caches to save the same domain having to be resolved over and over again. DNS clients cache, DNS forwarders cache, and DNS resolvers cache.
- For home users, the following is normal, your computer runs a DNS client, which sends all DNS requests to your home router, which is a DNS Forwarder, which sends your requests to your ISP’s DNS resolver, which does the work, and sends the result back to your router which sends it back to you. Your computer will cache the answer for a while, so if you are viewing a page with 20 Flickr images, there are not 20 DNS queries generated. Your router possibly also has a cache, so that if someone else in your house is also looking for Flickr they can get an immediate answer from the router without having to pass on the request to the ISP’s resolver. The ISP’s resolver can also maintains a cache so that if any other user on their network needs to know Flickr’s IP, then can just reply to them without doing all the hard work of resolving the domain again.
What’s the problem?
- Because DNS uses UDP, there is no TCP connection, so DNS responses can be easily forged.
- We use some crude hacks to fight this like using randomised sequence numbers (a response is only accepted if it has the same sequence number as the request that was made) – but these can be beaten with brute force and enough time
- If someone manages to get a fraudulent response accepted it will get cached, so all users of that DNS server will see the fraudulent answer. This is called DNS Cache Poisoning.
- If it is your ISP’s resolver that gets poisoned, then ALL users of the entire ISP will get poisoned (SOPA would had forced ISPs to intentionally poison their own caches to stop you visiting blocked sites)
- Many ISPs are not good about patching their DNS servers, and are hence quite vulnerable
- If you are on an open wifi network you yourself are quite vulnerable, because attackers in the coffee shop can send fraudulent packets straight at you, and poison you.
OK – with our homework done, we can now look at this new product from Open DNS.
Who are OpenDNS?
- They run DNS resolvers that are very well hardened from a security point of view, and are free to use by anyone.
- You can either set your machine to use OpenDNS’s resolvers as their DNS servers, bypassing your router and your ISP
- Or, you can set your router to use OpenDNS instead of your ISP’s DNS servers.
What is DNSCrypt?
- DNSCrypt is a DNS proxy server that you run on your own computer.
- You tell your computer to use itself as a DNS server, and and DNSCrypt runs on the DNS port to be that DNS server
- DNSCrypt then encrypts your request, and send it to the OpenDNS server in encrypted form, over a TCP connection.
- The OpenDNS servers resolve the domain, and then send the answer back to your computer in encrypted form through the same TCP connection. DNSCrypt then replies to the client on your machine withe the answer.
What does that protect you from?
- It protects you from DNS cache poisoning
- It takes your ISP completely out of the loop – making it impossible for them to interfere with your DNS traffic in any way
- It stops people on open wifi networks attacking your computer
- It would have utterly defeated SOPA had it passed
Some VERY important Caveats:
- This software is BETA, and, for now, Mac only
- Since it’s Beta, it disables itself on each reboot
- It is very nicely written though, with a convenient menubar icon to control it and show your status, and a nice OS X PrefPane.
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Bluemango Learning from BlueMangoLearning.com with their great products ScreenSteps and Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter at @podfeet. I contribute a fair amount over on Google Plus nowadays so just search for me by name if you want to circle me up. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.