Jonny Quinlan reviews Usage Widget for iOS. I tell the sad tale of how we gave Steve’s mom a new Mac mini and almost lost both of her email accounts forever. Don’t like your bills? Call the service provider and ask them to lower the bill. How my father taught me to tie something to it first and how it helped us with our newly wired Drobos. In Chit Chat Across the Pond Bart takes us through Taming the Terminal Part 23 of n, the second half of our Networking instructions.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday November 9, 2014 and this is show number 496. We have a HUGE show for today but before we dig in, I wanted to tell you that Steve and I are taking a short jaunt off to New York to visit the New Zealand professors next weekend. To keep the symmetry intact, New Zealand’s own Allister Jenks will be taking the reins of the NosillaCast in my absence. As always when we have guest hosts, I sure hope if you’ve got an idea for a short, 3-5 minute review of a product you’re enjoying or a tech rant, or a dumb question, you’ll send them to Allister for inclusion in the show. The best place to send them is to firstname.lastname@example.org and it’s never a bad idea to cc me over at email@example.com just in case. If you’ve never submitted an audio review before, be sure to check out the link in the shownotes to the page called “Record Your Own Review”. If you’re too lazy to find the shownotes, it’s a link at the top of every page on podfeet.com! In there you’ll find out the best way to record and send the audio files to us. I’m really looking forward to Allister’s show, he’s a great host with an amazing voice, AND he won’t tell me who he’s got for Chit Chat Across the Pond but promises I’ll like it!
Like I said earlier we have a huge show today so let’s get started with a listener contribution:
Jonny Quinlan on usage widget for iOS 8
Hello Allison and NosillaCast-aways, I am here today with a review for the usage widget for iOS 8. The usage widget once added to your widgets in the notification panel will display your in use and free RAM, the free space on you iOS device as well as the current real time CPU & Wi-Fi/3G/4G usage. I enjoy having this widget, as I like to be able to look at what my iOS device is doing as well as when your iOS device is lagging or seems blocked up, it’s nice to be able to check
at a glance what is happening with your device. The app is available on any iOS 8 device. One of the perks I felt with Android was being able to check a lot of system factors and usage; this widget I feel is on par with what is available for Android. Although the app is currently quite basic, they say that in future updates there will be further user face customizations available which will be cool.
All the best, Jonathan “Jonny” Quinlan
After I listened to Jonny’s review I got all excited and ran over to my phone pulled down the notification center in iOS 8 and scrolled to the bottom where it says Edit so I could enable Usage. I couldn’t find it. Baffled, I wrote to Jonny to accuse him of teasing me, and only then did he confess that Usage Widget is actually something you go get from the App Store. Search simply for Usage Widget and you’ll get a free download. When I tapped on Open I got a very simple screen telling me the widget is installed.
After that Usage showed up in my notifications under Edit and now I too can see my memory usage by free, active and a third category that’s white text in about 1 point font on a pink background, no idea what that one is. I can see my wifi speeds and my cpu usage as a nice graph. I’m betting this is way more interesting when something is borked up as he says, for now it’s a fun thing to look at and very cool that Apple is finally letting us have some diagnostics. Let’s see a show of hands for how many people want iStat Menus as a widget on their iOS devices?
I went back to the app itself and it turns out that page that tells you Usage Widget is installed as a Today extension also shows me some of the same info as the widget – In much bigger type I can see free, inactive, active, and wired usage of memory, and that I’ve got 44.45GB of free space on my 64GB iPhone. I definitely like the widget capability more but it was nice to know what those little bars said on them!
I put a link in the shownotes to Usage Widget for now, go get it, it’s free! And thanks Jonny for the quick review.
Remember how Dorothy created a tutorial teaching us how to create a safe version of Chrome that would force SSL in our browsing? A good friend of the show who goes by the name Horse in the chatroom wrote to me and Dorothy explaining that if you’re not running as Administrator then you won’t be able to save your new Application from Automator into the Applications folder. He gave us the instructions to follow in this instance, which weren’t hard. Now I want you to think right now about how YOU create documentation at work or instructions for your friends and family.
If you don’t use Clarify, you’re probably feeling that dread of launching word, plopping in those extra words and watching all of your formatting go to the garbage heap. Images inserted have jumped to the wrong pages, your text isn’t wrapping properly any more and it’s basically a giant mess that will take you quite a while to fix.
Well not for me, because I popped open Dorothy’s glorious tutorial in Clarify, plopped in the extra text, and hit the publish button to podfeet.com and I was done. I could have exported to Word or PDF and it would have been just as beautiful as her original. All of the friction is eliminated with Clarify. If you’re still fighting with Word or heaven forbid, Powerpoint to make documentation, please do yourself a favor and go over to clarify-it.com and be sure to tell them Allison sent you when you inevitably buy Clarify. And thanks so much to Horse for letting us know so we can improve the tutorial for everyone.
Chit Chat Across the Pond – Time: 23:48
- PaloAlto Networks issued a report on a new Malware variant they have named WireLurker that infects Macs and then waits for iOS devices to be connected to those Macs via USB. The malware then tries to infect the iOS devices – http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
- A lot of the media coverage has been inaccurate, leaving out a very important piece of information – the malware that is pushed to the iOS devices can’t run without the user accepting a Software Provisioning profile. IF, and only IF, you accept the provisioning profile on the iOS device, the malware will install on un-jailbroken iOS devices. This is not a bug, it’s a feature! When you accept a companies certificate, you are supposed to be able to run software signed with that certificate, that’s how companies distribute internal apps. NEVER EVER EVER accept a Provisioning Profile you are not expecting!
- Apple respond quickly to block WireLurker – http://www.macobserver.com/tmo/article/apple-blocks-wirelurker-apps-to-help-stop-malware-threat
- Also – note that yet again the Mac malware is spreading via pirate apps, so we are again talking about Trojans and not viruses.
- The most accurate coverage I have seen on this has been from Intego’s Mac Security blog – they lay out in detail all the highly risky things you have to do to get yourself infected with this: http://www.intego.com/mac-security-blog/wirelurker-malware-infects-macs-attacks-non-jailbroken-iphones/
“Perma-Cookies”/X-UIDH Headers (Verizon & AT&T’s Latest Shenanigans):
- Despite the name, they are not cookies at all. What Verizon and AT&T are doing is intercepting your web requests, and injecting a unique identifier into the HTTP request headers as they passed through their servers on route to the internet.
- In effect, this is a Man-in-the-middle attack – Verizon and AT&T are abusing their privileged position as a man-in-the-middle on all your traffic to inject an un-deletable tracking number into all HTTP requests you make
- In truly Orwellian style, this is known as “header enrichment” in the ad industry
- Every web server you visit sees the ID injected by Verizon/AT&T. Because of this, every advertiser in the world can track you using this ID, because it follows you around the net, and you can’t remove it. It can be used to tie separate tracking cookies together into one Auber-profile, allowing those trying to track you to put the disparate pieces they have together to learn a staggering amount about you.
- The use of these IDs by third parties is not theoretical – Twitter are at it already – http://www.propublica.org/article/somebodys-already-using-verizons-id-to-track-users
- Opting out of having your data sold does NOT stop Verizon injecting the header – this means all Verizon cellular users can be tracked by third parties
- AT&T say they are just testing this technology – but if the headers are there then the problem exists, even if AT&T are not using it themselves yet
- To defeat this digital-tracking bracelet, you need to start treating AT&T and Verizon cellular connections as if they were open wifi, and avoid ever sending un-encrypted HTTP traffic through them. You can do this by remembering to only visit HTTPS sites while on cellular (utterly impractical), or always surfing with a VPN enabled.
- To see if you are being tracked, you can visit http://bartb.ie/headers – this script simply prints out all the HTTP headers received by my server, if there is a header called X-UIDH, then you’re being tracked.
- EDITORIAL – IMO when you start altering the content of your customer’s internet traffic you have crossed a line, and have become a malicious actor. If my mobile provider started to do this I would switch immediately.
- The EFF have taken up the fight, and started a campaign to end this practice (also includes a good description of the problems caused by this header injection): https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
Important Security Updates:
- Adobe have patched their Digital Editions e-reader, patching the widely reported issue where the reader was phoning home over an un-encrypted connection, allowing governments and others to see what you are reading – http://nakedsecurity.sophos.com/2014/10/27/adobe-updates-its-e-reader-drm-data-no-longer-transmitted-insecurely/
Important Security News:
- Google Starts Offering USB security key to make password m00t. Only works with Chrome for now – if you’ve bought into Google’s ecosystem, this is a nice new offering – http://arstechnica.com/security/2014/10/google-offers-usb-security-key-to-make-bad-passwords-moot/
- Researcher announces that there is a privilege escalation bug in many versions of OS X, including 10.10. The bug allows local admin users to get root without being asked for their sudo password. Not running as an admin provides useful protection in this case – http://arstechnica.com/security/2014/11/unpatched-bug-in-mac-os-x-gives-root-access-to-untrusted-people/
- New research shows that MD5 is now totally dead – arbitrary hash collisions can be creating using just 65¢ worth of compute time on Amazon EC2 – http://arstechnica.com/security/2014/11/crypto-attack-that-hijacked-windows-update-goes-mainstream-in-amazon-cloud/
- Drupal issue a PSA warning that every Drupal site not patched within 7 hours of the release of Drupal 7.32 on 15 October should be consider hacked as massive automated exploitation started then. Merely patching a hacked site now will not resolve the issue, as the hackers back doors will already be installed (closing the barn door after the horse has bolted) – https://www.drupal.org/PSA-2014-003
- CA Highway Patrol provide a great example of why it’s important to encrypt your phone – cops found searching phones for nude pictures and sharing them – http://nakedsecurity.sophos.com/2014/10/28/cops-swap-arrested-womens-photos-in-nude-photo-game/
- Home Depot reveal they lost 53M customer email addresses as well as the 56M payment cards we already knew about – http://krebsonsecurity.com/2014/11/home-depot-hackers-stole-53m-email-addreses/
- * EFF issue scorecard on messaging services – https://www.eff.org/press/releases/which-messaging-technologies-are-truly-safe-and-secure
- * a graphic illustration from Ars Technica showing just how much info you are revealing by leaving wifi enabled on mobile devices – http://arstechnica.com/information-technology/2014/11/where-have-you-been-your-smartphones-wi-fi-is-telling-everyone/
- * A nice piece from NakedSecurity outlining what Bots do, and why you should care – http://nakedsecurity.sophos.com/2014/10/31/how-bots-and-zombies-work/
- * Two nice articles from NakedSecurity to with tips on securing your Gmail & Yahoo! Mail – http://nakedsecurity.sophos.com/2014/10/30/3-ways-to-make-your-gmail-account-safer/ & http://nakedsecurity.sophos.com/2014/11/06/3-ways-to-make-your-yahoo-mail-account-safer/
- FaceBook reports as 24% rise in government data requests – http://nakedsecurity.sophos.com/2014/11/05/government-demands-for-facebook-user-data-soar-by-24/
- FaceBook connects it’s servers directory to TOR, allowing TOR users to access FaceBook without their traffic having to cross the public internet – http://arstechnica.com/security/2014/10/facebook-offers-hidden-service-to-tor-users/
- Researchers bridge air gap by turning monitors into FM radios – http://arstechnica.com/security/2014/11/researchers-bridge-air-gap-by-turning-monitors-into-fm-radios/
- 2FA is no panacea – cell providers are also susceptible to social engineering, allowing unauthorised call forwarding which can be used to hijack some 2FA protected sites – http://arstechnica.com/security/2014/11/cell-carrier-was-weakest-link-in-hack-of-google-instagram-accounts/
- A Virginia judge has ruled that you can be forced to provide a finger print to unlock a cellphone because that’s not testimony any more than taking a DNS sample is – http://arstechnica.com/tech-policy/2014/10/virginia-judge-police-can-demand-a-suspect-unlock-a-phone-with-a-fingerprint/
Main Topic 1 – PSA – Why I’m Abandoning FileZilla, and Avoiding Source Forge
Main Topic 2 – Taming the Terminal Part 23 of n – second half of Network – Time: 54:35
NOTE – the notes from last week have been updated to fix an inaccuracy in my description of UDP – thanks to listener Matthew Miller for pointing out the error in a comment on G+.
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at firstname.lastname@example.org, follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.