NosillaCast Logo

#517 Politics Stopped My iPhone, Vert, TTT part 31 Secure File Copy with SSH

This week I was on the Daily Tech News Show with Tom Merritt at Daily Tech News Show and the SMR Podcast at smrpodcast.com. I tell the story of how Politics Stopped my iPhone, and then I give you a review of Vert from calumaa.com/vert. In Chit Chat Across the Pond Bart takes us through Taming the Terminal Part 31 of n: Securely Copying Files Across the Network over SSH.


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday April 5, 2015 and this is show number 517. Before we dig in, I wanted to warn the live audience that we will be recording this coming Saturday night instead of the normal Sunday night because Steve and I are going to the National Association of Broadcasters in Los Vegas. We’re really looking forward to it. We’ve never been before, but Chuck Joiner and Dave Hamilton convinced us that it’s a recording gadget love fest and we should go. Don McAllister is coming too – so we haven’t even had a chance to miss him since we were together for a month in India! Finally Joseph Nilo will be there. Not sure you’ve heard of him but he was one of the original four Mac Roundtable folks along with Tim Verpoorten, Adam Christianson and Steve Stanger. We’ve only met Joseph once at a Macworld so we’re really looking forward to seeing him again. If anyone listening will be at NAB, be sure to let us know. I would love to get a chance to say hi.

It’s been a busy week of appearances on other peoples’ shows. On April Fool’s Day Tom Merritt had me on the Daily Tech News Show. I’m SURE it wasn’t because it was April 1st. We had a bit of a twist on the news, not joking but instead of doing all the US-centric news, every tech story started outside of the US. In one case we started talking about smartphone penetration in Kenya but then realized that it’s better than in the US! The main discussion topic was about Microsoft’s increased efforts in accessibility. Check out the podcast at Daily Tech News Show and of course there’s a link in the shownotes.

Chris Ashley of the SMR Podcast asked Terrance Gaines (aka BrothaTech) and me to join him for Episode #250 since Robb and Rod were both out of town. We chatted a bunch about the new Macbook, more about Microsoft’s Accessibility Developer Hub, the new Surface 3 from Microsoft (and how Chris is going to buy one with only TWO GIGABYTES for his wife) and then the boys droned on about some music service from Jay Z. I’m not sure what that was about, I was editing photos while they talked about music. I COMPLETELY tuned them out. In any case we had a great time so you should go check it out at smrpodcast.com and look for Episode 250, The Dream Team.

I suspect this won’t be the last time I say this, but I forgot one tech story from the trip to India. Let’s back up a little bit first and I’ll give you some background on why this might be of interest to you.

Blog Posts

Politics Stopped My iPhone

Convert Just About Any Unit and Currency with Vert

Clarify

Last week (and next week) we did the live show on an off day. Normally that just means letting the audience know when to keep an eye out for the video on Google Plus but now that we’re also broadcasting on Alpha Geek Radio (alphageekradio.com) we have to make sure Todd Whitehead who runs it can accommodate our new time on our regular channel. I should back up a little bit. Alpha Geek Radio is a collection of all geek shows with multiple video and audio channels so you can basically fill your day with geeks. Last week we realized that we needed to switch from our normal channel 3 over to channel 1 for just that show. No big deal, but we’d never done it before.

When Todd first helped me get the NosillaCast into Alpha Geek Radio, he walked me through the instructions, so you know what I did, right? I whipped open Clarify and took screenshots as he walked me through it, and rapidly slapped in some notes as he explained what to fill in on the different tools to get this to work. After I got off the horn with him, I cleaned it up, drew arrows and boxes around stuff on the screenshots, fixed the typos, and published a tutorial for him to give to other people. While he was super happy I’d done that for him (and super interested in how Clarify worked), it turned out to be immensely useful to Steve and me when we moved the show. I opened up the document inside Evernote, and I was able to jump right to the settings I needed to change to accommodate broadcasting on Channel 1 instead of 3.

If you use Clarify to easily make fantastic tutorials you can a) help other people, b) get them to stop asking you over and over again how to do the same thing, and c) even help yourself if your memory is as bad as mine. Check out Clarify over at clarify-it.com and tell them who sent you! No, not Todd, ME!

Chit Chat Across the Pond

Security Medium – FireFox 37 and Opportunistic Encryption

Mozilla release FireFox 37 with a number of security fixes, and, some controversy.

IMPORTANT – DO INSTALL THIS UPDATE.

The controversy surrounds a technology that has been added to the HTTP2 spec called Opportunistic Encryption (known as OE). FireFox 37 turns this feature on by default, but some argue that remove pressure from website owners to do the right thing and move to HTTPS. FireFox say that poor encryption is better for FireFox users than no encryption, hence the decision to turn it on.

To understand why OE is controversial, lets start by reminding ourselves what good encryption gives us. HTTPS makes three security promises:

1) Confidentiality – a man in the middle cannot read the data we send

2) Integrity – the data sent is the same as the data received – it has not been tampered with in transit

3) Authenticity – the data really was sent by the site is appears to be coming from

Confidentiality and Integrity come directly from encryption and is relatively easy to achieve, the hard part is authenticity, and that’s why we need certificates and certificate authorities. The only thing they add to the mix is authenticity.

The problem is that authenticity is VITAL. Without authenticity you can have man-in-the-middle (MITM) attacks. If you remove authenticity then an attacker can inject themselves into a transaction undetected, and hence remove both confidentiality and integrity.

OE ONLY provides confidentiality and integrity. In effect, this means it ONLY provides protection from PASSIVE attackers. This is not useless, but is’t not actually that far off being useless. The danger would be in offering users a false sense of security, which is actually worse than no security at all.

The good news is that the FireFox UI will show OE connections are INSECURE, so users will not see a padlock, so not mistakenly think their connection is secured when it’s not. Because of this, I disagree with those criticising FireFox. Reporting a connection as insecure when it actually has a little security is a positive thing.

More: http://arstechnica.com/security/2015/04/new-firefox-version-says-might-as-well-to-encrypting-all-web-traffic/

Security Light

Important Security Updates:

Important Security News:

Notable Breaches:

Suggested Reading

Main Topic – Taming the Terminal Part 31 of n – Securely Copying Files Across the Network over SSH

https://www.bartbusschots.ie/s/2015/04/04/taming-the-terminal-part-31-of-n-ssh-file-transfers/

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live normally on Sunday nights at 5pm Pacific Time (but this week on SATURDAY night_ and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

3 thoughts on “#517 Politics Stopped My iPhone, Vert, TTT part 31 Secure File Copy with SSH

  1. George - April 5, 2015

    Google very recently implemented a new Android App policy and humans are now checking Apps. Probably as a second step if the App passes a robotic evaluation.

    The Apps removed from the Chrome store also show a change in how Google is viewing user’s security.

    The biggest danger on both platforms are ad networks. Of course, there’s a lot of Android App piracy, and those who Torrent Apps can receive counterfeit malwared. So just don’t! And stay out of Russian & Chinese App sites!

    http://techcrunch.com/2015/03/17/app-submissions-on-google-play-now-reviewed-by-staff-will-include-age-based-ratings/

  2. Donald Burr - April 11, 2015

    OK, I LOVE the new term you coined, “codefading.” I hope the Oxford people or whoever it is that scours the Internets to find new Internet slang to add to their official lexicon hear this episode!

  3. Donald Burr - April 11, 2015

    BTW, funny story re jet lag. When we went to Japan in 2004, I had NO problems whatsoever with jet lag. At the time I was out of full-time employment, and basically working contract jobs, where I get to set the schedule, and so was keeping REALLY weird hours, usually sleeping in until 3 or so in the afternoon, and staying up until 5 AM, or sometimes even later. (This is my natural tendency anyway, I am a night owl.) Well, it just so happens that 2 PM Pacific time is 7 AM Tokyo time, and 5 AM Pacific time is 9 PM Tokyo time, which were just about perfect – our tour group usually left around 8:30-9 AM local time, so getting up at 7 AM left just enough time to get cleaned up and have a rather nice breakfast; and after a full day of seeing the sights, I was usually ready for sleep by 9 or 10 PM or so. So I basically didn’t have any problem with my body rhythm, either while on the trip, or after coming back. 🙂

Leave a Reply

Your email address will not be published.