NC #550 I Love You Man, Will Apple Pencil Make You an Artist, Star Trails with E-M10, Apple Certificate Problems

In Chit Chat Across the Pond #413 Bart is back with a rather short installment of his series Programming By Stealth, this time taking a look at in-line elements for HTML. Download that episode here: podfeet.com/blog/2015/11/ccatp-413. I have a rather mushy discussion of how much the NosillaCastaways mean to me, I ask and answer the question of whether the Apple Pencil will make an artist out of you, and I tell you how I finally succeeded in getting a photo of star trails using the Olympus E-M10’s built in function called Live Composition. In Security Lite Bart sheds some light on what exactly went wrong with Apple’s certificates that caused so much grief for users of the Mac App Store this week.


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Monday November 23, 2015 and this is show number 550.

On Chit Chat Across the Pond Bart is back with a rather short installment of his series Programming By Stealth, this time taking a look at in-line elements for HTML. Remember that to get Chit Chat Across the Pond you have to go subscribe either in iTunes or in your favorite podcatcher simply by searching for it. I also put together a little table of how to subscribe to all three of the podcasts, the NosillaCast, Chit Chat Across the Pond and Taming the Terminal at a link in the menubar at podfeet.com that should help if you get lost, including links to the RSS feed and how to find them in Stitcher Radio.

I mentioned that Chit Chat Across the Pond was rather short, and that’s because Bart is still in the habit of keeping Chit Chat short if he’s got a longer Security Lite, which means we have a big one this week. He explains the intricacies of what happened in the Mac App Store that caused people to get the messages that their apps were corrupted and needed to be reinstalled. Pretty interesting stuff along with the usual security tomfoolery.

Blog Posts

I Love You, Man

Will the Apple Pencil Make You an Artist?

Star Trails with the Olympus E-M10

Amazon

We’re halfway through November and the gift giving season is upon us. If you’re looking for that very special Festivus gift you know you’ll probably wait till the last minute and need to have free Prime shipping on Amazon, so why not use the Amazon Affiliate link for the show? If you do it sends a few percent back to help us keep the lights on here and I’d really appreciate it. Simply click on the big, fat Amazon image on the left sidebar and everything you buy during that session will go to help the show while not costing you a penny more.

Security Lite with Bart Busschots

Security Medium 1 – What really happened with the Mac App Store

One of the security technologies Apple uses to protect Mac users is code signing. This protects Mac users from trojanised versions of apps, but, this week things went wrong when one of the certificates Apple uses to validate signed apps was replaced.

Initially, reports were that Apple forgot to renew the cert, but those early reports were not correct.

Here is what happened:

1) in the lead up to the old cert expiring, Apple issued a new Cert, using the newer, and more secure SHA2 hashing algorithm.

2) due to a bug in the App Store app, the old cert was cached beyond it’s expiration date, so while the new cert was ready on time, it did not make it into people’s computers fast enough, so signatures were failing to validate. A reboot was all that was needed to fix this caching problem, and Apple have promised an update to the App Store app to stop this happening again.

3) some apps are using very old code to validate digital signatures, and they cannot deal with SHA2, this caused a number of apps to remain ‘broken’ even after the updated cert was downloaded by people’s computers. Apple fixed this problem by issuing a new cert with the old SHA1 algorithm. This is a short-term patch, and the real fix will be for developers to update their apps to use modern crypto libraries.

Links:

Security Medium 2 – Paris Doesn’t Change Maths

There is a maxim in politics – ‘never let a good crisis go to waste’. There is a lot of that going on in the aftermath of the vile attacks in Paris, and part of that is the perversion of this tragedy to attack our security by attempting to outlaw effective cryptography in various ways.

Emotions and anger do not change reality. All the reason banning effective encryption were a bad idea are still valid. It is still impossible to have a secure back door.

The key points:

1) a government mandated backdoor will make all of us less secure, and be a boon for the burgeoning cybercrime industry.

2) no matter how invasive a government-mandated backdoor is, there is nothing to stop people adding their own layer of encryption before their data is sent through the backdoored service, so no back door can actually be counted on to work when it really matters.

3) banning crypto will not make it go away – the maths is known, it cannot be made un-known. Encryption exits, and criminals will use it, regardless of the law. The only question is, will we be allowed to use it too to protect ourselves from criminals and foreign governments?

Don’t take my word for any of this:

Security Light

Important Security Updates

Important Security News

Notable Breaches

Suggested Reading

That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

Leave a Reply

Your email address will not be published.

Scroll to top