First I’m going to tell you how I made fire, or how I fixed Pat’s WordPress installation (instructions at instructions over at wordpress.org. Then Dorothy tells us about PiCAT, an iPad app to let your cat paint from the App Store. Next up I talk to Linda Decker, aka NYLinda, aka “normal person” on the phone about her experience upgrading Microsoft Office. In Chit Chat Across the Pond we have an extended version of Security Light with Bart along with a bite-sized episode of Taming the Terminal Part 19 of n.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Saturday July 19, 2014 and this is show number 480. What? The podcast is out on a Saturday? Yup, I’m leaving today to spend a week on the beach with Steve’s family in Santa Barbara, but I couldn’t leave you without a show before I left. I know it’s annoying to hear me talk about going on vacation when I’m retired anyway so I won’t dwell on it. I know Maryanne will be worried about Buzzy while we’re gone, but no worries – our good friend Brandy will be staying at the house to take care of her. Tesla on the other hand is off to summer camp where she’ll come back exhausted but happy from a week frolicking with her other dog friends.
Next week’s show will be hosted by Bart, so please if you’ve got a review of a cool gadget or a fun tech tip (Mac, Linux, Windows, iOS, Android, Windows Phone, we take them all) – please send them to Bart at firstname.lastname@example.org, and don’t leave it till Saturday or it might not make the cut! Many thanks in advance to Bart and those of you who help him out.
I’m getting pretty excited, Clarify 2 is supposed to be coming out next week! I’ve done a screencast for Don McAllister’s awesome ScreenCasts Online tutorials and an article for SCO Mag, but those won’t be out for a couple of weeks. I’ll be sure to let you guys know when it hit the streets, but stay tuned for a special discount code JUST for NosillaCastaways!
Last week when I was going through my top 5 menubar apps, I explained how to bring up the keyboard viewer to put the cool accents on your letters. After I posted that, both David Allen, aka @A20Q and Jonathan Cost @MacTipsDaily sent me tweets reminding me that if you hold down a key on the Mac keyboard for longer you get a pop up with choices of letters with accents. I had TOTALLY forgotten about that! I only remember when I’m not trying to get an accent, I’m trying to do a repeated letter. If someone posts something appalling, I may want to write noooooooo! but instead I get the option now to add an umlaut to my o. I wish you could toggle this feature off because I do repeated letters way more often than I do accents. But good on David and Jonathan for reminding us that there’s a way easier way to get accents than the convoluted Keyboard Viewer!
Well we’ve got a big show today – first I’m going to tell you how I made fire, or how I fixed Pat’s WordPress installation, then Dorothy has a real productivity boosting app to tell us about, then I’m going to talk to Linda Decker, aka NYLinda, aka “normal person” on the phone about her experience upgrading Microsoft Office. In Chit Chat Across the Pond we have an extended version of Security Light with Bart along with a bite-sized episode of Taming the Terminal, Part 19 of n.
Reasonably Bright Girl Linda’s Experience with Microsoft Office
We’re joined for a short rant by Linda Decker, also known as NYLinda in the chat room for the live show. Linda is a normal person who doesn’t live for tech, it’s just a tool for her. She’s a brilliant writer, she’s a chef, she’s runs a small business, and she’s one of the funniest people I know. While she doesn’t have a technical bent, and we refer to her as a “reasonably bright girl”. I asked her to come into the show via telephone to tell us about a recent experience she had with Microsoft Office.
Chit Chat Across the Pond
Important Security Updates:
- Patch Tuesday has been and gone with important updates from MS & Adobe – http://krebsonsecurity.com/2014/07/adobe-microsoft-push-critical-security-fixes-5/
- Apple release four security updates (OS X 10.9.4 & Security Update 2014-003 –http://support.apple.com/kb/HT6296, iOS 7.1.2 – http://support.apple.com/kb/HT6297, Safari – http://support.apple.com/kb/HT6293 & Apple TV – http://support.apple.com/kb/HT6298)
- Oracle release critical patch for Java – http://www.intego.com/mac-security-blog/critical-java-patches-misery/
- Microsoft released an emergency update to revoke certificates from a compromised CA in India which had issued fraudulent certs for Google domains (only MS ever trusted this CA, so no matching FireFox, Chrome or Mac updates) – http://arstechnica.com/security/2014/07/emergency-windows-update-revokes-dozens-of-bogus-google-yahoo-ssl-certificates/
- Adobe released an update to Flash to prevent Flash being used to attack websites with improperly secured JSONP end-points. Note that this is not actually a bug in Flash, but a bug in many websites, and Adobe are doing the responsible thing and protecting Flash users from websites that have not yet been secured – http://www.intego.com/mac-security-blog/adobe-flash-player-update-combats-rosetta-flash-attack/ (Apple blocked the old versions of flash to force Safari users to update) (This is the security researcher’s announcement of the problem http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ )
- A critical wordpress patch has been released, fixing a bug that allowed admin authentication cookies to be forged (hence giving the attackers admin access to WordPress-powered sites) – http://www.us-cert.gov/ncas/current-activity/2014/07/08/WordPress-Releases-Security-Update (popular plugin MailPoet also patches critical bug http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/)
- LIFX release new firmware for their LED lightbulbs after it was found the old firmware leaked users Wifi passwords to passersby – http://arstechnica.com/security/2014/07/crypto-weakness-in-smart-led-lightbulbs-exposes-wi-fi-passwords/
Important Security News:
- Some versions of Android have a critical vulnerability in their KeyStore that allows supposedly protected data to leak out – http://arstechnica.com/security/2014/06/serious-android-crypto-key-theft-vulnerability-affects-86-of-devices/ (naked security break down the bug – http://nakedsecurity.sophos.com/2014/07/02/anatomy-of-a-buffer-overflow-googles-keystore-security-module-for-android/ )
- Apples rolls it’s two-stop verification out to many more countries – http://9to5mac.com/2014/07/17/apple-id-two-step-verification-feature-rolls-out-to-dozens-of-new-countries/
- A world-cup hoax we all need to read about and understand – the next time this trick is pulled it could be a LOT more dangerous – https://medium.com/message/how-to-always-be-right-on-the-internet-delete-your-mistakes-519a595da2f5
- Google have launched “Project Zero” – an initiative to find and responsibly disclose zero-day exploits (before the CIA & friends exploit them) – http://arstechnica.com/security/2014/07/google-project-zero-hopes-to-find-zero-day-vulnerabilities-before-the-nsa/
- related – EFF sues NSA over hoarding of Zero-day exploits – http://nakedsecurity.sophos.com/2014/07/03/eff-sues-nsa-over-hoarding-of-zero-days/
- Security PSA – beware of public computers! Arrests made in US after key loggers found on public computers in US hotels – http://nakedsecurity.sophos.com/2014/07/15/arrests-made-after-keyloggers-found-on-public-pcs-at-us-hotels/
- Another Security PSA – a wiped Android phone is a lot less wiped than you may think! – http://www.macobserver.com/tmo/article/poke-a-used-and-reset-android-phone-itll-spill-its-guts
- Many No-IP customers suffered major outages as Microsoft make a serious screwup a mis-guided botnet takedown attempt. MS convinced a judge to let them take over domains belonging to No-IP without notifying No-IP up front and without giving them a chance to defend themselves (shame on that judge IMO) – this gave MS control of another company’s assets, which they then totally messed up. Turns out Windows Azure is not up to hosting a massively used DNS service, and No-IP customers lost service for days. MS eventually dropped it’s case against No-IP, gave them back their domains, and apologised – http://arstechnica.com/security/2014/07/microsoft-drops-case-that-severed-dns-hosting-for-millions-of-no-ip-users/
- FaceBook co-authered a journal paper explaining how they experimented on users to attempt to (and succeed to) alter their moods (http://www.avclub.com/article/facebook-tinkered-users-feeds-massive-psychology-e-206324) – many people were aghast at the questionable ethics, and shocked that FaceBook really didn’t understand why people object to having their emotions played with – privacy groups respond – Privacy group EPIC have filed suit – http://www.macobserver.com/tmo/article/privacy-group-epic-files-ftc-complaint-over-facebook-experiment, the UK Information Commissioner launched an investigation – http://www.latimes.com/local/lanow/la-fi-tn-uk-regulator-facebook-experiment-20140701-story.html
Security News Commentary:
- Scientific paper shows that humans are so bad at generating good randomness, that it is mathematical more secure to re-use bad passwords on un-important sites than to try create an original, strong, password for every site – http://arstechnica.com/security/2014/07/mathematics-makes-strong-case-that-snoopy2-can-be-just-fine-as-a-password/
- I can very well believe the maths – humans are terrible at being random! However, there is no good reason to waste our time trying to create, or remember, passwords, we can get computers to do that for us, and they’re better at it! A password generator + a password manger is much more secure! Mac users don’t even need fancy-pants 3rd party software, Safari will do the lot for you!
- The facts are a lot less scary than the headlines would have you believe. The researchers did find problems in all five online password mangers they tested (LastPass, PasswordBox, RoboForm, My1Login & NeedMyPassword), but they responsibly disclosed them, and, with the exception of NeedMyPassword, the vendors all responded promptly and patched the holes before details were released. This is security working properly, and the dangers here are much less than the dangers of re-using passwords!
- c|net – 1 million passwords compromised by a Russian hacker group – http://nakedsecurity.sophos.com/2014/07/15/cnet-website-and-1-million-passwords-compromised-by-russian-hacker-group/
- ‘Right to be forgotten’ developments:
- Crowd-sourced site “Hidden From Google” catalogues some of the sites Google has to hide in the EU – http://nakedsecurity.sophos.com/2014/07/16/hidden-from-google-site-remembers-the-pages-googles-forced-to-forget/
- Bing opens ‘right to be forgotten’ application process- http://nakedsecurity.sophos.com/2014/07/18/bing-follows-google-by-offering-right-to-be-forgotten-form/
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at email@example.com, follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.