#404 OWC, App Development for Non-Programmers, LiveCode Goes Open Source, Router Flaw, MacVoices

Macworld | iWorld interviews: Other World Computing about the New Guard KX military tough iPhone case, the Voyager Dock for bare 3.5 or 2.5″ disks, the NewerTech USB to DVI/HDMI/VGA Video Display Adapter and the MiniStack powered hub and external storage enclosure. iOS App Development for Non-Programmers book from iosappsfornonprogrammers.com: in iBooks or Kindle Books. Atech Power Solutions at 8Tec.com. RunRev wants to make LIveCode open source – help out at kickstarter.com. In Security Light Bart tells us about a very serious flaw in 40-50 Million routers – check yours by going here: http://upnp-check.rapid7.com/ and clicking Scan My Router. In Chit Chat Across the Pond I’m joined by Chuck Joiner of MacVoices.tv to talk about reading and what we found cool at Macworld.

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Monday February 4, 2013 and this is show number 404. Thanks for waiting a day for the show, it worked out great for Steve and me to be able to wind down after Macworld, do some laundry and watch the Superbowl instead of trying to rush out a show. We had an absolute blast at Macworld, I think maybe it was my favorite one yet. Getting to hang out with good friends, old and new was fantastic. The NosillaCastaways party was outstanding – lots of people, the food held out, and I loved how people really moved around and got to know each other. I have to give special thanks to my three bouncers. Barry Fulk came in a full tuxedo, including a magenta cummerbund and sterling silver Tiffany studs, Then there was Paul Shadwell (who came armed with Swiss chocolates) and who wore a black suit, black shirt, and a Tasmanian devil tie, wore his dark sunglasses the whole night as he guarded the door. We rounded out our team with Julie Kuehl who came in her biker leathers and a red bandana headband. We all agreed that of the 3 she was the most frightening of them all!

I want to give special thanks to Kevin Allder, aka @big_in_va, for hosting the Google Hangout so that people from far away could be part of the party. I’m not sure it worked as well as we imagined, it seemed to be harder to get people into the hangout than we’d hoped, but at least a dozen or so people got to have some fun. There was a very special moment during the Google Hangout that made it all worthwhile. Mac OS Ken, aka Ken Ray, was unable to come to Macworld because he was stricken with the flu right before the show. He is a HUGE part of the tomfoolery of Macworld so he was missed and he was bummed! He also does the Mission Log podcast coordinated by Rod Roddenberry and co-hosted by John Champion. They were both at the party and because of the Google Hangout, Ken was able to talk to them and see them at the party. It was pretty cool, even if perhaps a bit bittersweet. So thanks again Kevin for the extra work, it meant a lot to people that you did that for us.

It’s time to kick into some content now. Steve and I were MANIACS on the show floor, doing 15 interviews in about 4 hours of exhibit hall time! Unfortunately 1 of them had unacceptable audio but the remaining 14 will give us some solid content for quite a few weeks to come. Chit Chat Across the Pond is going to be interesting – the first half is an emergency Security Light that Bart and I recorded (midnight his time on Sunday) because it’s that important. After that we have proof of peace in our time…None other than Chuck Joiner is my guest from the show floor at Macworld! Let’s start off with our first interview.

Other World Computing

Alan Bitterman from Other World Computing, aka http://macsales.com shows off four products to us:

Using a Screen Reader? click here

New Guard KX for $49.95: iPhone case, military spec tested case, survives 20 feet drop in their tests

voyager dock, 3.5″ or 2.5″ usb 3, fw 400/800 and eSATA, bare drive $68

NewerTech USB to DVI/HDMI/VGA Video Display Adapter – allows you to run a 2nd display from USB

MiniStack Powered hub and external storage enclosure, quad interface, 2 FW 800 connectors, made for the form factor of the Mac Mini. $79 (no disk included)

Like I said, I love OWC. I have to say they have an identity crisis though. OWC, or Other World Computing is their name, but their website is at macsales.com and many of their products have the brand name NewerTech on them. I get confused but they’re good enough that if you just remember OWC you’ll be able to find them. And of course I have providing links in the shownotes to all of the products Alan told us about.

iOS App Development for Non-Programmers

In this segment we talk to Kevin McNeish who has written a book and created a training series on how to program for iOS if you aren’t a programmer. Learn about the book and training at iosappsfornonprogrammers.com or buy the book in iBooks or Kindle Books.

Using a Screen Reader? click here

I got a copy of iOS App Development for Non-Programmers, and it’s not too thick so I might just give it a go. My buddy Niraj wants me to try so maybe I just will!

Atech Power Solutions

This is an odd product – it’s a stationary bicycle designed to let you download the hill profile of specific rides and apply them to the bicycle through resistance. The idea appears to be to allow you to train for a specific trail when you can’t actually get there regularly. Check it out at 8Tec.com

Using a Screen Reader? click here

I’m not sure I have a need for this bicycle but it was pretty fun to do an interview while riding a bike! You might want to go watch the video too!

BlueMango Learning

The guys at BlueMango Learning asked me to shift focus on the ads this week to tell you about a Kickstarter project that is really important to the development of ScreenSteps and Clarify. The project is from a company called RunRev. They are the company that makes the development tool (called LiveCode) that they use for ScreenSteps and Clarify. If this project succeeds then it directly impacts the quality of ScreenSteps and Clarify going forward. As LiveCode improves, so does the polish of these products. So they want it to succeed :-). Trevor Devore of Bluemango Learning wrote this to me:

I think your audience may be interested in this Kickstarter project for two reasons:

  1. LiveCode is based on HyperCard. Indeed, the tag line of the Kickstarter project right now is “Reinventing HyperCard for the 21st Century”.
  2. The purpose of the Kickstarter project is to help LiveCode go open source. The code for LiveCode is over 20 years old. If LiveCode is to succeed as an Open Source project it needs to be reorganized and some core modules need to be rewritten. The benefit is that it is free for educators, free for hobbyists and free for companies that make internal tools for their employees. Plus any C++ developers can begin contributing to make LiveCode better for everyone.

Trevor went on to explain that he really likes RunRev’s goal to make programming available to everyone. I put the link to the RunRev kickstarter project in the shownotes – if you’re a programmer or just want to support a project going open source, go check it out and maybe give them a few bucks.

RunRev Kickstarter Project

Chit Chat Across the Pond

Emergency Security Light:

1) Twitter hacked – 250,000 passwords potentially compromisedhttp://allthingsd.com/20130201/twitter-hacked-250000-user-accounts-compromised/

  • Twitter say they have emailed all affected users and re-set their passwords – if you got an email like that, be sure to also change your password on any other sites that used the same password, ESPECIALLY if those other site are in any way connected to your Twitter profile (e.g. the email address associated with your profile)
  • To be safe, I have re-set my Twitter password even though I didn’t get a notification that my account was affected. Since Twitter is such a big target, I made sure to use a password that I don’t re-use anywhere else.

2) 23 million routers are vulnerable to an absolute plethora of UPnP (Universal Plug ‘n Play) bugshttp://www.kb.cert.org/vuls/id/357851

  • This alert is the result of a long-term project by HD Moore’s (yes, the same HD Moore who founded Metasploit) company Rapid 7 – https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
  • Rapid 7 scanned the entire internet over half a year, re-visiting each IP address regularly, looking for routers answering to UPnP requests on their public interface.
  • REMINDER – UPnP is a protocol that allows applications inside your network to re-program your router automatically. It is used by applications like XBox live to automatically set u port tunnelling to allow people from outside your network connect in to computers behind your router. Many security experts have been advising against having UPnP enabled at all for a long time, because it allows malware in one machine on your network to open up your entire network attacks from outside, or to alter your router’s DNS settings to attack all your computers in one go. Because no manufacturer wants to have XBox Live not work on their products by default, all routers have an implementation of UPnP (or something similar), and have it turned on by default.
  • In theory UPnP is a LAN-only protocol, so the scan should have found zero responding routers – it did not, it found 80 million!
  • Of the 80 million that answered, about 40 to 50 million are vulnerable to one of three different attacks outlined in the Rapid 7 research
  • The worst vulnerability found is a remote code execution bug in older versions of the libupnp implementation of the UPnP protocol. All that is needed to execute this attack is a single UDP packet. Because UDP is connectionless, and because no reply is needed, this attack can be executed anonymously by putting a bogus source IP into the attack packet – 23 million devices are vulnerable to this attack!
  • Router manufacturers are not known for their efficiency at issuing patches, but, even if they were, end users are even worse at actually applying those patches, so realistically, these routers are going to be vulnerable for years and years to come. This is why Rapid 7 are calling on ISPs to block UDP packets on the UPnP port. This trivial firewall rule on their network would protect all their customers instantly.
  • Rapid 7 identified 6,900 different vulnerable products – this is largely because 73% of routers use one of a small set of standard libraries for their UPnP implementations, and those libraries are riddled with bugs. Just about all major vendors are affected, including big names like Cisco/Linksys and ZyXEL. The notable exception is Apple, their Airport routers do not expose UPnP to the world.
  • This vulnerability affects all UPnP-capable devices, not just routers, so corporations they need to check their printers and other network attached devices too, but for home users the dominant concern is routers.
  • Test your router now! – http://upnp-check.rapid7.com/ (don’t download the network scanner, just click “Scan My Router”)
  • If your router fails, what should you do? First – try turning off UPnP, then re-scan. There are bugs in some routers that mean you actually can’t fully turn off UPnP, so this may not work. Some ISPs lock down routers so much that users can’t access the settings, so you may not even be able to try turning it off. If this happens, you will need to call your ISP and get them to block UPnP traffic to their customers.
  • If you use XBox live, here is the list of ports you need to forward to your XBox if you turn off UPnP: http://support.xbox.com/en-US/xbox-live/connecting/network-ports-used-xbox-live (you must configure your XBox to have a static DHCP lease or a static IP so you know what internal IP to forward the ports to)

Chit Chat Across the Pond with Chuck Joiner

I’m joined by Chuck Joiner from Mac Voices. Chuck and I have had a long term (fake) rivalry going on, so it was fun to hang with Chuck and have a real conversation. in this discussion I ask Chuck about all this Read it Later, Instapaper, Pocket nonsense – when does he actually READ anything? When exactly IS later? We talk a bit whether you should feel guilty when you’re behind on podcasts (spoiler: no!). We talk about our favorite things we’ve seen on the show floor, and what we thought of the Tech Talks at Macworld | iWorld. Learn why Chuck wants to beat some people with a chair! Follow Chuck on Twitter @ChuckJoiner.

Using a Screen Reader? click here

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of ScreenSteps and Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter at @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

6 thoughts on “#404 OWC, App Development for Non-Programmers, LiveCode Goes Open Source, Router Flaw, MacVoices

  1. George from Tulsa - February 5, 2013

    Router Security

    1. It is my understanding the UPnP has never been enabled on Apple’s routers, if you have one of those, you’re (apparently) immune.

    Since Bart posted his link, Steve Gibson of SpinRite disk repair and Security Now Podcast on the TWIT network has updated his free “ShieldsUP!” to include a UPnP vulnerablity test. And more. http://www.grc.com Select the Services Pull Down.

    It is also important to note that not all UPnP enabled routers are vulnerable to web attack. Some work properly, letting UPnP work behind the router, but not as an outside attack. Still, you should check yours if it does offer UPnP.

    My two “security” routers have UPnP, and even when I tested it with the service “enabled,” both passed the Rapid 7 and GRC.com scans. As did everyone else who followed my recommendation to check their own routers.

    2. The big router weakness on non-Apple routers is WPS, an acronym for WiFi Protected Setup.

    WPS is intended to be an easy way to set up gear on a local network. Push the WPS button on your router, and you have two minutes to either push a button or activate WPS on a device in WiFi range.

    Handy. And was the ONLY way I could get my Brother WiFi MFP to connect to a new Netgear router.

    But from everything I’ve read, a huge security hole.

    If you can (and Netgear allows this, though I understand Cisco / Linksys don’t) enter your router settings and turn of WPS.

  2. Jamie Shiller - February 5, 2013

    After discovering iOS App Development for Non-Programmers at Macworld, I quickly devoured the first iBook in the series. It’s a breeze to get through. You make a nice looking shipping prototype app. There really isn’t any programming done in this book, just prototyping and simulation with the iPhone simulator.

    The next book in the series called Flying with Objective-C is where the actual programming starts. I’m on chapter 4. So far so good.

  3. Allison - February 6, 2013

    So glad you like it Jamie – I’m just halfway through the first book, hope I can keep up with you!

  4. Jonathan DeVore - February 8, 2013

    Great show! But you left out the details of all the partying you did at Macworld : )

    I especially appreciated the interview for the “iOS App Development for Non-Programmers” book – I’ll have to check that out. One of the most frustrating things about learning programming is that most everything is written for folks who are programmers. Unfortunately, my CPA courses totally left programming out of the curriculum and I’ve suffered ever since. Good thing we have Trevor!

    Also, in case anybody is interested, for the next week at the Mac App Store,

  5. Jonathan DeVore - February 8, 2013

    … Clarify is 50% off!

    (My previous comment looked a little unfinished – apparently my HTML tags didn’t go through.)

  6. Allison - February 8, 2013

    Totally try this book Jonathan. I sat down for a few hours yesterday and made it through the entire 1st book! I’m going to start book 2 today and I’m really getting jazzed. Not saying I know exactly what I’m doing yet but I’m definitely able to follow along. And like I said, my last programming class was in 1979!

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top