#383 Mountain Lion Upgrades, DryCASE, Snorkeling with iPhone, Private Eye, Rubbernet, iNet

Mac Computer Expo free ticket drawing – sign up for the NosillaCast News, a little more on why you should go to Mountain Lion sooner rather than later. Underwater snorkeling video complete with turtles and eels using the DryCASE recommended by Rod Simmons. In Dumb Question Corner Gregory Marchand asks advice on upgrading from Snow Leopard to Mountain Lion. In Chit Chat Across the Pond Bart walks us through the UDID issue, and a few other security issues but cleans our palette with five fun network utilities including Private Eye, Rubbernet, and iNet.

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday September 9, 2012 and this is show number 383. We’ve got a lot of fun lined up today (don’t we always?) Free tickets to the Mac Computer expo, a revisitation on my advice to jump to Mountain Lion sooner rather than later, an underwater video from my iPhone with turtles and eels, in Dumb Question Corner we talk about clean installs vs. migration. In Chit Chat Across the Pond with Bart we’ve got a fair amount of vegetables to eat with the whole UDID mess, and some other interesting stuff, but then we clean our palettes with five fun apps to monitor your network. Ok, let’s dig in!

Mac Computer Expo Free Ticket Drawing

Earlier this week I was chatting with Lorene Romero, the brains and sweat behind the upcoming Mac Computer Expo on Saturday October 6th in Petaluma, and she suggested that we have a giveaway for free tickets to the expo. I think the best way to do this is for you to subscribe to the NosillaCast News by filling out the teeny form in the left sidebar at podfeet.com and in the very near future I’ll send out a letter to the subscribers telling them how to enter to win. Sign up before Friday September 14th and I’ll send out the super secret instructions after that!

When to go to Mountain Lion Redux

Two weeks ago poor Professor Albert asked if he had to go to Mountain Lion. I explained at the time that the real question was “when do I have to go to Mountain Lion.” I’ve thought even more about it this week. I help out a lot on a message board for a local user group, and this week a guy wrote in with an email you never want to see. The title of his email was, “Help, please! Kernel panic!” The good news I that a bunch of people jumped to his aid.

He Uninstalled and reinstalled Flash, he booted from external HD and ran Disk Utility. Verified, permissions and repair, he disconnected router and USB devices, he cooled down computer with external fan. Over the next couple of days things actually got worse. Eventually he was unable to boot from an external drive. He described a chime he was hearing so we jumped on the idea of RAM as a cause. So he removed the memory sticks one by one trying to boot, but no joy.

He eventually figured out it was the logic board on his computer at fault. While this was bad news, the story actually gets worse. Would you believe this guy was running Tiger? That’s four revisions behind Mountain Lion and he has a lot of archived data in AppleWorks that he wants to preserve, AND he’s still running the Palm Desktop software. So this gets back to my answer to the esteemed Professor. You can drag your feet, procrastinate, pretend the new OS’s aren’t here, but if you wait long enough you end up in this kind of bind. Back in the day there were ways to convert your AppleWorks and Palm Desktop over to the new tools because everyone was doing it together, but now this poor guy is stumbling around in 4 year old forums trying to figure out how to move forward. It’s a big mess.

So bottom line is that it’s not a bad idea to wait for a few updates, but waiting years (or forever) never turns out happy in the end!

DryCASE Maui Style

I think the first review Rod Simmons of the SMR Podcast ever did for the show was about DryCASE, a little ziploc bag sort of thing in which you put your precious iPhone or other smart phone or camera and then go frolic in the water. This sounds scary but it really isn’t because the DryCASE has two clips that solidly close it off, AND a tiny little pump that you squeeze maybe 3 times and it sucks all the air out of the bag. Because of this, you know for SURE that it’s really sealed. If you ever see the bag not sucked agains the glass of the phone, then don’t dunk it under water!

I’m telling you all of this again because while we were in Maui a few weeks ago I took my iPhone snorkeling with me! I put a big, ugly, green rubber tether on the bag so I’d be less likely to drop it. Now here’s the crazy part of the story. The video came out GREAT! I got video of Steve underwater, several turtles (or possibly the same turtle multiple times), and even an eel! The clarity of video through the DryCASE from the iPhone is astonishing.

Now I can’t say that I’m Jacques Cousteau reborn in my skills as an underwater photographer, but if I do say so myself, I got a few good clips. I had to delete four or five 10 minute videos taken accidentally while it banged agains my leg when I was swimming, and of the good video Steve had to do a LOT of editing to get the good bits, but with his skill at Final Cut Pro X, and by applying some color correction, I think what we got was marvelous. Of course we posted the video on Youtube and it’s embedded in the shownotes!

Using a Screen Reader? click here

Dumb Question Corner

Gregory Marchand sent in a dumb question:

I am last couple years listener of your Podcast. Love to Listen to You and Bart talk about Security and stuff. I am a Long Time PC Tech who converted in November of 2010 and am Planning My first upgrade of the OS. Currently running 10.6.8 on my 2010 iMac.

Do you think it would be better to Clean install and Migrate, or will an over the top install not cause me any issues with speed and such. or left over SL stuff. I was planning on doing a Clone of my drive (also do time machine backups) and manually move items over. Wanted to clean house as I upgraded. is there any problems with migrating iTunes Library in this way?

This question is asked often and opinion varies but I’ll give you my take on it.

It sounded to me that Gregory might be like me, that he NEEDED to clean house once in a while. I think once a year is a good time to get out the dustbin and go to work. Now just like cleaning out your closet, if you take out everything you don’t wear, you won’t have any more space when you’re done, but if you take EVERYTHING out and then only put back what you DO wear, you end up with gobs of room. The same thing holds with applications for me. Somehow I get emotionally attached to applications and don’t like to delete them, but if I start fresh and only add apps as I use them I find I only need about half as many.

Every time I’ve done this I’ve ended up with a system that runs WAY faster too. I know Macs aren’t supposed to get the bit rot that Windows boxes do (no registry to get full of junk) but it sure does run better after a fresh install and without moving all the junk over.

So here’s how I would do it. Just as you said you would, back up first in at LEAST two ways, where at least one is a full system clone so you can go backwards if you need to. One thing that came to my attention only very recently is that many applications store your data in the ~/Library/Application Support folder. I found this out when I launched DVDpedia recently to find out if I had a certain DVD in my library only to discover that there was no library at all! Luckily I saved my previous backup from about 6 months ago so I was able to recover all that work. From now on I’m going to make a separate backup of that Application Support folder so I make sure I don’t lose anything there.

Then do a clean install of Mountain Lion. I’m not 100% sure where that comes into play in Mountain Lion as I haven’t upgraded yet myself. I do know that you can boot into the recovery partition on the newer Macs, run Disk Utility to format your drive and install the OS right from there (with an Internet connection). It’s pretty frightening but it actually works.

From there I would drag over your user data, not using Migration Assistant I don’t think. Using it seems to me to bring over the cruft you’re trying to avoid – like files in Application Support that you DON’T need. In answer to your actual question, you will be able to move over your iTunes Library in this way for sure, along with your photos from iPhoto or Aperture, etc. If you ever do have a problem with an iTunes or iPhoto or Aperture library not being correctly connected, all you have to do is open the application while holding down the option key and it will prompt you to point right at the library. Easy peasy.

Oddly enough, MANY applications can be simply dragged over as well. The last time Steve moved from his 24″ to his 27″ iMac he did this, dragging an app then testing to see if it worked and I think about 75% behaved normally. You may want to do a check for updates on each app as you do that though, in case you haven’t done a lot of upgrades. If you’ve got a lot of apps bought in the Mac App Store you’re in even better shape. They keep a record of all your purchases so you can just go bang bang bang down the line choosing what to install. Truly delightful way to installed.

it’s a laborious but interesting process, and you’ll learn a lot more about what’s really necessary. in the end you’ll have more free disk space and less fragmentation on your disk I suspect os it’s really cool when you’re done. Like I said, keep that backup for a LONG time though just in case there’s something you forgot.

I sent all that great wisdom to Gregory and he reported back that his fresh install of Mountain Lion went perfectly!

Clarify and ScreenSteps

I’m working hard on my Keynote presentations for MacMania and I’m trying to make them more interesting by dropping in screenshots. During the real event I’ll do as much as a demo as I can, but I like to give people a useful reference document for later. As you know, I’m fanatical about taking screenshots with all different tools. I started by using command-control-shift-4, which gives you a cross hair you drag across the area you want to capture and puts it in your clipboard for easy pasting into Keynote. I found though that I kept getting not quite enough of an area I wanted, or a little too much. When I had too little I had to retake it, and if I had too much I could use the Mask feature in Keynote, but that was pretty tedious.

With the screen capture I described, you can also just hit the space bar when you’re over a window and a little camera shows up and tapping the window gives you a shot of just that window. That used to work well, but a few OS revs ago Apple added a GIANT drop shadow on the picture. I like a drop shadow just as much as the next guy but I don’t have the real estate available on my slides for it. Plus I’m using a nice border in Keynote that would look silly added to a drop shadow.

So what to do? Well I got the idea to see how Clarify might do as a plain old screenshot tool. Obviously Clarify is a great documentation tool, but it’s actually pretty powerful as a screenshot tool. The default for Clarify is to take a snapshot with command-shift-2, and again you get crosshairs, or you can hit the spacebar and then tap the window. In contrast with the built in snapshot tool, Clarify gives you JUST the window with no silly drop shadow, and adds a very slight bit of rounded corners.

Using Clarify with the timed delay option lets me grab pull-down menus too. I know this isn’t a standard use of Clarify but I think it’s great that on top of helping me write tutorials for family and friends it can help me make more interesting Keynote presentations!

I happened to be over in iTunes looking at Clarify and realized that I never wrote a review of it – if you have Clarify and you LIKE Clarify, be sure to drop them a review too. Can you guess how many stars I gave them? Check out Clarify at BlueMangoLearning.com or just click the link in the left sidebar on podfeet.com.

Chit Chat Across the Pond

Security Light

Updates:

• Oracle release updates to Java 6 & 7 for Windows & Linux, Apple release patch for Java 6 on OS X. This patch sort-of deals with the recent Java zero-day, but there are already rumblings in the security community that this patch was not a real fix but just a bandaid to block the exploitation vector, and that workarounds are already in the works. Ultimately, the advice from the security community is clear – disable Java in your browser! – nakedsecurity.sophos.com/2012/08/30/oracle-releases-out-of-cycle-fixes-for-java, intego.com/mac-security-blog/apple-releases-java-6-update-to-fix-vulnerabilities and nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser
• FireFox updates to Version 15 – more improvements to the auto-upate architecture, and 16 security vulnerabilities patched – nakedsecurity.sophos.com/2012/08/29/firefox-15/
• Next tuesday is patch Tuesday, but for the first time in as long as I can remember, nothing for regular home users, just for dev tools and servers –technet.microsoft.com/en-us/security/bulletin/ms12-sep

Interesting Links:

• DropBox begin to beta-test two-factor auth – nakedsecurity.sophos.com/2012/08/27/dropbox-two-factor-authentication-available
• Researchers find a way to deploy phishing attacks without needing web hosting and domain registration by embedding the entire site in the URI – nakedsecurity.sophos.com/2012/08/31/phishing-without-a-webpage-researcher-reveals-how-a-link-itself-can-be-malicious
• Open source app release to read passwords from unlocked KeyChains on OS X – this is being WRONGLY reported as a bug or a vulnerability in some place, it is NOT. The OS has to be able to read an unlocked keychain (that’s what it means for a keychain to be unlocked), and the root user can do anything on a system. Only thing to take out of this is a reminder that you must trust everyone you give admin access on your computer to – arstechnica.com/security/2012/09/mac-os-x-keychain-pillaging-app/
• A cool video to explain spam to your computer-challenged relatives – youtube.com
• Sophos did a really cool project where they hooked up wifi gear (and a bunch of GoPro cameras) to a bike and cycled through the heart of London to “war drive”. End result – 62% of networks using WPA/WPA2, 19% open, and 19% WEP (may as well be open). If you exclude coffee shops etc, you find about 8% of home/business networks unencrypted – nakedsecurity.sophos.com/2012/09/06/warbiking-in-london-insecure-wifi-hotspots-exposed-video/

Security Medium – the UDID hack

What happened?

• This week a web posting claiming to be from an anonymous-related hacking group proporting to contain 1,000,001 UDIDs with personal data attached (but sanitised) was posted to paste bin. The post also claimed this was just a sample of a much larger DB of about 12million records, and containing much more personal info attached to the UDIS. Finally, the posting claimed this data was taken from an FBI laptop hacked into using a Java vulnerability back in March.
• The FBI has issued a clear denial
• Apple have denied that they gave this data to anyone, or were ever asked to do so.
• People on the list have verified that at least some of the data is genuine

Why does it mean?

• UDIDs are not actually valuable in themselves. The important thing here is not that the UDIDs are being released, the key point is the amount of data UDIDs allow you to connect together.
• UDIDs are like the ultimate 3rd party cookie – they link all the scraps of information apps leak about us together, and, they cannot be changed or deleted like cookies can.
• The reason Apple have deprecated their use in their APIs is that the privacy implications have become very apparent, with this being just the latest, and most spectacular, example.
• In future apps will have to use their own unique IDs within their code – this means scraps of information from multiple sources will not be as easy to assemble into a bigger picture.
• The fact that this CSV file exists proves that SOMEONE was able to gather all this data – it begs the question, who? and how easily?
• Another question is whether or not this really did come from some government agency – if it did, that raises serious questions for US citizens, who are not supposed to be subjected to surveillance without reasonable cause and due process.

Main Topic – Tools for Monitoring Your Home Network

You can never have too much data, and definitely never too much well organised and well presented data – these apps gather and display information about how you’re using your home network, and what machines are on your network and what network-facing services they are running.

Free Tools:

1. OS X’s built-in Network Utility (in Applications→Utilities) lets you do some basic but useful things like pinging machines on your network, looking them up in DNS and whois, and even port-scanning them.
2. iStumbler (istumbler.netget the GM4 version of 100, not 99) – mainly useful for checking out your wifi spectrum, but, also displays a rudimentary list of mDNS records on your network (only sorted by host, and seeing the contents of the records is a bit clumsy – have to cmd+i them)
3. Private Eye (radiosilenceapp.com/private-eyerecommended to me by @RickAbraham) – lets you see what network connections are being established to and from your Mac. A nice simple GUI, but not the most powerful app in the world. It does not show you existing connections when the app is launched, just new connections that are opened from the instant of launch on, and it does not show you any detailed information about the connection, just the app, and the destination/source.

Paid Apps:

1. Rubbernet – similar idea to Private Eye – but MUCH MUCH more powerful. It shows you current rates of traffic through connections, cumulative totals for connection, and even real-time graphs of the bandwidth begin used by each app. If you want to know what on earth is eating all your bandwidth, this app will tell you 🙂 The app has two parts, a free deamon that collects the data, and the front-end that you buy (from the developed or the MAS). You can run the deamon on all the Macs in your house, and monitor them all from a single copy of the app. It’s not dirt-cheap at €23.99 (Rubbernet in the Mac App Store), but it’s good value for money IMO.
2. iNet – this tool will show you what machines are on your network, what mDNS records are being published on your network (by service or by host), will let you interrogate the hosts you do find on your network, and also show you all the airport routers on your network, let you connect to them with airport utility, and better still, graph the status information being published by the router to the LAN (I presume this is done using SNMP). This fabulous app is VERY reasonably priced at just €4.99 (iNet in the Mac App Store).

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of ScreenSteps and Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter at @podfeet. I contribute a fair amount over on Google Plus nowadays so just search for me by name if you want to circle me up. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.