#455 Mac 30th Event, Are Your Passwords Secure in Safari Keychain, Spibelt, Trello, Paul Kent on Macworld/iWorld

Steve and I went to the Mac 30th Event – check out the pictures of the Macworld All Star Band. Correction to last week’s show with Knightwise – you CAN use iCloud with Android! Check out Stefaan Lesage’s post over at iTutorPodcast.com to learn how to sync your contacts and calendar! I discovered a flaw in Apple’s implementation of Safari Keychain Syncing to iOS – your super secret good strong passwords are only as secure as your 4 digit code. Check out the Spibelt to carry your phone and keys while you exercise. Trello at trello.com might help you keep a small team organized. Paul Kent from IDG who runs Macworld | iWorld joins us in Chit Chat Across the Pond to get us all excited! Be sure to listen for a secret code to cut $100 off the price of a conference pass!

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday January 26, 2014 and this is show number 455. Today’s show has a lot of great content, including an interview with Paul Kent, Vice President and General Manager of IDG World Expo, responsible for running the Macworld/iWorld event. He’s going to talk to us about all the cool stuff going on at Macworld this year, and in the audio you’ll get to hear a double secret coupon code that for 48 hours from when I post this will get you $100 off a conference pass, or $15 off an exhibit hall pass. He’s an awesome guy and I think you’ll enjoy the interview. By the way, yours truly will be doing a Tech Talk called Avoiding Digital Disaster, Life After Death at 3pm on Thursday the 28th of March and NosillaCastaway Kirschen Seah will be doing one called Fitness Fun With Your iPhone at 12pm on Saturday the 29th of March. Be sure to put those into your calendar right away so you don’t miss them.

Speaking of Paul, Steve and I went to the Mac 30th Event up in Cupertino on Saturday night. Why do I say that has to do with Paul? Well Paul is a member of the Macworld All Star Band, and they performed live at the event! I know I’m not much for music, but I love watching and listening to them play. They’ve got Dave Hamilton, Bryan Chaffin, Duane Straub, Chuck La Tournous, Dr. Bob Levitus and Chris Breen in the band too! You’ll hear Paul talk about the band a bit in Chit Chat Across the Pond but I put a well-Barted gallery of photos up in Google Plus for you to see how much fun the band has when they play.

After the band was finished, they brought up on stage members of the original design teams for the Mac. It was really cool to hear their stories of how they ended up at Apple, what were exciting moments of tension and drama in the design process, what it was like working directly with Steve. I think one of the most poignant points to me was when they said how incredibly sad they were when the price came out at $2500. They had really tried to get it under $2000 but were told that the marketing costs had to go on top of that. they had hoped that this would be a computer normal people could afford to buy.

I found myself wishing I knew more about the original people who developed the Mac. Andy Hertzfeld spoke on one of the panels; he was the primary software architect of the Macintosh Operating System. He was a real character but became quite serious when he talked about how much they shared with Microsoft while MS was writing the earliest applications, and how their questions seemed overly in depth, and then discovered how Microsoft was writing a competing product using that information.

Bill Atkinson, who wrote MacPaint, was probably the rock star of the show. They played a video of him introducing MacPaint and it brought back such cool memories as he showed the eraser for the first time, or the old spray can we used to have. It’s amazing how similar many of our tools are today to those earliest programs. My favorite story he told was about how they actually tested software on real humans. They had one way glass set up so they could observe people using the software and they encouraged them to talk out loud as they figured out how to do things. He said that they had them choose to save something and then it came up with a window that said “do it” or “cancel”. Each person would look at it for a while and then click cancel. Baffled, they cranked up the audio on one of the recordings and they heard the guy mumble, “dolt, what the heck is dolt?” He said it was the thing that made him certain you always have to test on normal people away from the project because none of them had ever thought that do it in that particular font could look like dolt. Really comes home with that one.

Oh wait, I lied, he had another story that I loved. He said that they purposely didn’t give anyone instructions, and one guy set the mouse so that the “tail” was down. He had a lot of trouble figuring out how it worked because of course everything was upside down from what they’d intended. He managed to go through all the exercises successfully and when they asked him what he thought of the device he said he thought it was pretty cool, but if he could make one suggestion it would be that they should make the mouse so that when you pull down it goes down instead of the opposite way!

They played a lot of the classic videos that we’ve all seen but I think the one that gave me the most chills was when they played the original introduction of the Mac by Steve Jobs…and then the video panned back and it showed that we were in the very same theater where Steve had introduced the Mac. We had a great time, not the least of which was because we got to hang out with Barry Fulk who flew out from Chicago for the event. I think my favorite thing about events like this is the great people we get to meet and hang out with.

Live Show at 1pm on Super Bowl Sunday

Title says it all – the Live show will be 4 hours EARLY next week so people can watch the Super Bowl (people like us).

Correct KW

Last week on the show during my interview with Knightwise I have to say that my audio was way way way too high. Hopefully as you’re listening to this you’re not hearing the peaking that was on last week. I was so mad listening after the fact. Maybe you’re not as picky as me but if it weren’t my own show I would have turned it off! Steve and I worked a bunch on my audio this week to fix the problems. Even though I don’t use a fancy complex mixer, there are about 28 different places in the stream where my audio is controlled!

Anyway, enough apologies, we have a major correction from the discussion with Knightwise about how to integrate an Android phone into a Mac household. Knightwise incorrectly said that you can’t use iCloud for mail, contacts and calendar on an Android phone. Now in his defense one of his goals is to get out from under the closed environment, but he was actually delighted to learn that Apple is using protocols that are indeed portable to competing operating systems.

Kevin in Connecticut was the first to notify me that if you simply use the generic email app on Android (instead of the gmail app) you can enter your mac.com/icloud.com credentials and you’re immediately in business. Shortly after that Nicholas Riley wrote in our G+ community made the correction as well and suggested SmoothSync for iCloud contacts and calendars. Stefaan Lesage, another Belgian and friend of Knightwise’s jumped in and did a blog post on iTutorPodcast.com walking through each step of how to set up SmoothSync to sync your contacts and calendar.

What I love about Knightwise is that he was delighted to be wrong on this, delighted that Apple is using open standards so it’s all good! Many thanks to Kevin, Nicholas, and Stefaan for adding to the community effort for Sandy – she’s thrilled with all the help the community gave her.

Keychain Syncing to iOS Danger

When Apple announced Keychain syncing to iOS, I was pretty excited about it. Those of us who pay attention to Security Lite are either using LastPass or 1Password, but this would be great for “norms” to help them be more secure. If you’re unfamiliar with the concept, let me elaborate. If you’re on your Mac and running Safari and you enter your password to your bank, Safari will offer to remember it for you in your OSX Keychain. That’s been around for a long time. Let’s say you’re brilliant and using LastPass or Bart’s xkpasswd.net service to generate a wicked strong password. Well it would be delightful to have Safari remember it for you so you don’t have to launch your password manager before going to your bank, Safari will just know it for you. You’re also smart enough to have a password on your login to your Mac that kicks in when you’ve been away from your Mac for 15 minutes or so. Ok, we’re all nice and secure, good long password, it’s all good.

Now Apple comes along with Keychain syncing which will sync those passwords it’s been remembering over to mobile Safari on your iOS devices. This sounds great, right? Now instead of being tempted to have dumb but easy to remember passwords, you can have that wicked strong password we mentioned before but you don’t have to peck it out on that tiny iPhone keyboard. I don’t know about you but it takes me at LEAST three tries to type in a secure password.

Yay, we’re secure now, right? Well…probably not.

You’re reasonably security conscious but you didn’t go for the full long secure password on your phone because you don’t have Touch ID (or it doesn’t work that well) so you can’t stand typing in that long password. Instead you’ve got the 4 digit passcode. This shouldn’t be a problem, right? Certainly Apple didn’t put your passwords on your phone in clear text, right? Of course they didn’t, that would be silly.

But let’s say you’re at the gym, or at work, and you pick up your phone and enter your 4 digit passcode. How hard is it for your co-worker/gym-mate who is next to you day after day to see you tap in that code? I figure everyone who knows me has figured mine out.

So I leave my phone in a conference room or on the treadmill and someone picks it up. If they type in my passcode, again surely they can’t see my passwords, right? If they go to General, Settings, Safari, Passwords & AutoFill and then Saved Passwords, they’ll see a list of the sites for which I’ve saved passwords. If they tap on any of those, say my bank for example, they’ll be asked for my four-digit passcode again, and boom, there’s my big strong password from LastPass right there in the clear.

So…yeah. If you’re going to use Keychain syncing on your iOS devices, I’m just thinking you might want to put a strong password on your device, or use a crappy 4-digit passcode and then don’t sync your passwords via Safari and the keychain, but instead use LastPass or 1Password only to store your passwords. Another trick is to enable the long password option but only USE a 4 digit code, which helps by obscurity because a real hacker who finds your iOS device won’t know it’s only 4 digits long.

I ran this by Bart to make sure I wasn’t misunderstanding and at first he said he didn’t think it would be a big deal for him personally because he never hands his phone to anyone and it’s never unattended. Then he realized that his iPad is often unattended and so he IS in danger because of this. I guess it’s up to you to think about how you use your devices, who sees you enter your passcode and whether this is a significant threat to you.

Spibelt

If you’ve been paying attention, you might have picked up on the fact that I’m a fan of exercise. I’ve been working out 7 days a week for more than a decade but when I got a Fitbit things just went up a notch. They say that you will affect what you measure and the Fitbit is sure proof of that. I watch my steps all the time to make sure I’m meeting my own standards, which is somewhere around 14,000 steps a day. I used to shoot for 10, then 12K but then my friend Diane was kicking my behind in the stats that Fitbit shows you and I knew I had to do more (I’ll have you know I”m beating her now but only by a few thousand steps a week!) I also tried to keep up with @tt4mac until I found out he’s a mail carrier for crying out loud! He’s very encouraging though so he helps me stay motivated.

But this isn’t a Fitbit review. When I go on my runs or on my long walks with Tesla the Wonder dog, I would like to have my phone with me, but girls running shorts just don’t have pockets. Heck, I actually have jeans that don’t have pockets! It’s not like I’m going to stop on my beach run to take a phone call but every once in a while the morning sun hits the building at the end of the pier in Manhattan Beach and I’ve wanted a photo. Or there’s those times Tesla runs right in front of me because she sees a dog. or a cat. or a bird. or a feather. Thank goodness there aren’t squirrels on the beach. Anyway when she does this my future jumps in front of my eyes – I trip over her and land flat on my face, and when they haul me away in the ambulance it would be nice if they found my phone on me to call Steve and explain why I never got home. If they were clever they’d call the number on Tesla’s collar but I figure by then she’s still chasing the bird/cat/dog.

So I don’t have pockets, and it’s not very ergonomic to hold a phone in your hand while you run, and by the way I HATE those arm bands for iPhones. They just slide down all the time and make me crazy.

Enter Spibelt from spibelt.com. I first heard about Spibelt from Rod Simmons of the SMR Podcast. His wife is a triathlete and loves hers. In fact, Rod told me about Spibelt when I complained that my jeans didn’t have pockets! Spibelt is a 1″ tall stretchable belt with lots of adjustments that has a very small, elastic, zippered pocket sewn into it. The pocket looks WAY too small to hold an iPhone but it’s actually so nicely elastic that I can fit my phone, a giant key fob and more into it without a problem. The pocket doesn’t press against your back at all because it’s the belt that you feel. I was very worried that jogging the phone would bounce up and down and irritate me but it stays nice and flat up against my back.

Another concern I had was that I sweat when I run. Let’s not pretend I “glow”, ok? To me sweating proves you worked out hard enough. I remember when I used to wear on of the early iPod Nanos with the lanyard headphones (great design) and the sweat actually killed off my iPod. I didn’t want that to happen to my iPhone. Luckily you can get a Spibelt with a Waterproof Loksak. The first time I ran with the iPhone I put it in the Loksak, but after that I realized with a case on my iPhone as long as I put the case towards my back I didn’t need it. I suppose if you’re a triathlete like Rod’s wife, true waterproof is a great idea!

The Spibelt I have been talking about is small but they actually sell bigger ones – big enough to hold an iPad on your back (maybe this one should be worn like a messenger bag). I’m not sure that solves a problem I have but maybe it would for you. Spibelts come in crazy neon colors, or you can go with a plain black belt. Some of them come with the waterproof Loksak like I mentioned, some don’t. So size, color and accessories are all options. The one I got was just $25 through Amazon. And of course there’s an affiliate link in the shownotes!

Trello

I think one of the most enjoyable categories of applications are those designed to help us get organized. I know people who’ve spent months studying them just so they didn’t actually have to get anything done. “If I just had the right tool…” Come on, admit it, you’ve done this, right?

I’m still a big fan of Wunderlist that I reviewed back in April of last year on show #416, which is a pretty impressive run for me. I usually fall back and ignore my to do list applications after a while but Wunderlist looks like it’s going to last for me. It’s great for helping me keep track of what I need to get done, but in it’s not designed to help a team get a project accomplished. It does have premium features I’m not using but from what I read it didn’t seem like I would need those features.

I came across another service that might fit the small team need for organization, called Trello over at trello.com. To test it out I asked my good friend Dorothy, aka @maclurker to help me out. One of my hobbies is keeping Dorothy entertained by giving her little automation assignments. She’s written a lovely Automator/Applescript for me that automates the entire post production process for me after I’m done recording the podcast. I hadn’t entertained her in a while so I thought maybe it would be fun if she helped Tom Merritt with his post production automation. Since he’s rolling his own for now, every bit of inefficiency he can pull out of his production is wonderful. I’m not sure if anything will come of this but it seemed like a fun little project on which to test Trello’s ability to help us get organized and get things done. Oh I should mention that Dorothy is addicted to Omnifocus and actually DOES get things done as a result, so I’m not actually solving a problem she has.

Trello works on the concept of Boards. A single board would be a single project. Within the board you create Lists, inside Lists are Cards. In our example for Tom, we created a board called “Automation for Tom Merritt”. Once I made that board, Trello offered me three lists, To Do, Doing, and Done. For a simple project like this, it’s actually a great way to organize the few tasks at hand. You can change the name of the lists and add more lists to meet your needs.

Graphically Trello is very pleasing and I think that’s one of its strengths. The background defaults to a nice medium blue color, and lists are pale grey boxes with rounded corners. The lists grow in length as you add Cards to them, where the Cards show as white rounded rectangles on top of the grey List background. Let’s say I am working on one of the actions on a Card, I can click and drag the card from the To Do list over to the Doing list. I should also mention at this point that Trello works GREAT on the iPad and they say it works on Android as well. This ability to tap and drag a card around is perfect for a mobile touch screen interface. For some reason Dorothy had trouble tapping and dragging cards around on her iPad but I just told her she was holding it wrong. Changes I made on the web or Dorothy made on her iPad were instantly synced to both of us.

I jumped into how Trello looks before explaining what you actually do with Cards. First you name the card, so for example I created a card called “Create Video for Tom explaining Dorothy’s existing script”. You can add a more elaborate description to the card as well. When I tap on the card, it flips over and reveals three options. I can create a checklist (think to do list), I can write comments, or I can add attachments. I added 7 actions that I needed to accomplish for this task and the card front then showed 0 of 7 completed. Once I checked off all of my actions, it showed a green box saying 7 of 7 tasks completed. I tried to upload my video as an attachment, but was gently told that the limit for a free account is 10MB but that if I wanted to upgrade to a Gold account for $5/month or $45/year I could add upload files of 250MB. That was comforting actually because we all know that completely free services will eventually fail if they don’t have a premium model available for super fans.

Within the Cards I can also add due dates, and Assign members to the cards. I created a new card with some tasks for Dorothy (I love doing that) and Assigned her to the card. It didn’t work quite like we’d hoped, it didn’t really give just her the action, I just added her as a member of the card. I’m a fan of a specific person being responsible for a task, because it never seems to work out well when multiple people have responsibility for the same thing.

I asked Dorothy whether she had gotten any notifications as I was assigning her to cards, and she hadn’t received any. I had her add me to a card and again I didn’t get an email notification. However, AFTER she assigned me to a card I got a little red bell on the upper right and only then could I select an option to begin receiving email notifications. I chose to be notified immediately if anything was done on one of my boards, but Trello sent the emails to me more than an hour after Dorothy and I finished working on it together.

I did some reading on the Trello Blog where they explained that you can also add Power Ups to your boards. They work hard to keep the interface as simple as possible, only revealing the things most people need, and adding Power Ups are a way to get more functionality when you need it. I expected this would be another call for money, but delightfully it wasn’t. The three free Power Ups available to you are to add a calendar view for your actions, automatic aging of tasks (you know you’re not going to get that thing done, why have to keep looking at it?) where they sort of fade away, and the ability to vote on things.

I love the Trello interface, and I’d like to try it on a real project some time soon. I’m glad they have a business model already so they just could make it for the long haul. Check it out for your next group project – maybe planning a family reunion, or remodeling your kitchen. I’ll be curious if any of you find this helpful.

Clarify

Do you ever work on some application where it doesn’t let you see two windows at the same time? That’s a frustration for me with Aperture, there’s often times I want to see two windows into it but you can’t do that. This weekend I was working on BorderFX settings, that’s the plugin that Allister Jenks turned me back onto that lets me watermark my photos. It was kinda janky a few years ago when I tried it but it works MUCH better now. Anyway, I’d made a preset with everything just the way I wanted it, font size, placement of my Creative Commons license, etc. but then realized that it was actually cropping my photos to a different aspect ratio than I like.

I wanted to have that BorderFX window up with my saved preset while creating a new one. Nope, since I’m technically inside Aperture I couldn’t do that. I figured out how to get around the problem though, I just whipped open my trusty Clarify and took a series of screenshots of each window I wanted to view. Created a new preset and then looked at each screen inside Clarify to reset things the way I wanted them. It worked perfectly and only took me a few seconds, much less time than I would have wasted trying to flip back and forth between two presets!

I can’t believe how often Clarify saves my bacon and makes me more productive, even if sometimes they’re non-standard uses of the tool. Check out Clarify over at clarify-it.com and…you know the rest!

Chit Chat Across the Pond

Paul Kent joins us today, Vice President and General Manager of IDG World Expo, responsible for running the Macworld/iWorld event. And, perhaps more importantly, founding member of the Macworld All Star Band!

In our discussion he explains what Macworld is, who it’s for and talks about how to enjoy the show. He talks about the exhibit hall and how to get the most out of it, and he explains what the classes are like if you go for a Conference pass to the show. He even tells us what Cirque de Mac is like and how much fun that party is – especially because the Macworld All Star Band will be playing again this year!

He even provided a coupon code during the show that will get NosillaCastaways $100 off a conference pass bringing the price from $249 down to $149, or $15 off an exhibit hall pass bringing the price down to $10. Act quickly because this coupon code will only be good till Tuesday night!

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.