How to Turn Off NAT-PMP and UPnP on Your Router

A few weeks back after the disastrous distributed denial of service attack on the DNS servers was found to have been caused by insecure Internet of Things devices, Bart suggested that we turn off automatic port forwarding. This is a technology that is built into routers that allows devices (and software) inside your network to punch holes through your firewall in order to talk to the Internet. The advantage of this technology is that you don’t have to understand or even know what port forwarding is in order to get your devices and software to work. Unfortunately, we’ve learned that our IoT devices are often spectacularly insecure. For example, there are devices with hard-coded Secure Shell (SSH) usernames and passwords that were largely responsible for the denial of service attack.

This automated port forwarding I’m describing on most routers is called UPnP, and on Apple routers they use a similar protocol called NAT-PMP. Bart recommended that we turn this service off, and only open ports manually when we know why they need to be opened. I have both a Netgear router and an Apple router, so I thought it might be helpful if I posted tutorials on how to turn off UPnP via the web interface on the Netgear router, and NAT-PMP from the Airport Utility. Thanks to Allister Jenks for helping put together the instructions for turning off NAT-PMP from an iOS device for the Airport. And of course we made the tutorials with my favorite app, Clarify.

Here’s links to the three tutorials:

NC #599 iPhone 7+ Portrait Mode, 2016 MacBook Pros, Security Bits

Next week the show will be out early because we’ll be out of town on the weekend, so don’t try to go to the live show because there won’t be one! In Chit Chat Across the Pond, Bart taught us how to create a JavaScript API in Programming By Stealth 24. I did some experiments with the new iPhone 7+ feature called Portrait mode comparing the photos to a DSLR. The new MacBook Pros are coming and I’ll talk through the features and try to help you see if they’re good or bad choice for you. Bart Busschots is back with Security Bits where we do a deeper dive into DirtyCOW and Drammer along with important security updates, notable breaches and suggested reading.


itunes
mp3 download

Continue reading “NC #599 iPhone 7+ Portrait Mode, 2016 MacBook Pros, Security Bits”

2016 MacBook Pros Promise Big Improvements

As I’m sure you’ve all heard, Apple updated the MacBook Pro line this week. The big excitement is that they’ve replaced the function keys with an OLED touch screen they’ve called Touch Bar. They added Touch ID to the right side of the Touch Bar. They got rid of the mechanical trackpad, replacing it with a force touch trackpad that’s twice as big as the old one. The list goes on and on of the improvements they’ve made.

Macbook pro lineup 500px

I’d like to walk through these improvements, specifically targeting the 15″ model, and give you my take on them. I’d like to start with the price because I’m hearing a lot of complaints about that. I dug out my receipt for my late 2013 MacBook Pro (that I keep in Home Inventory from Binary Formations) to do a comparison.

Continue reading “2016 MacBook Pros Promise Big Improvements”

iPhone 7+ Portrait Mode Depth Effect

Allison forbes depth effectThis week Apple released iOS 10.1, which included the beta of the new Portrait mode for the iPhone 7+. Portrait mode applies what they call a depth effect, blurring things in the background while keeping the focus sharp on faces in the foreground. The effect is limited to the 7+ because it uses the dual cameras to produce this effect. Two lenses, and a LOT of math.

I’m a huge fan of portrait photography, so this effect was a big contributor to my decision to go with the 7+. Spoiler: I love Portrait mode. I’ve taken dozens of portraits so far of adults and children, and the crisp focus on peoples’ faces really makes them pop out of the photos.

Continue reading “iPhone 7+ Portrait Mode Depth Effect”

Open post
PBS logo

CCATP #461 Bart Busschots Programming By Stealth 24 – Creating a JavaScript API

PBS_Logo.pngIn this week’s installment of Programming By Stealth, Bart teaches us how to create a JavaScript API up to and including an easy way to create professional documentation in order to publish our work as a JavaScript library. In order to get there we learn how to write reusable and sharable code, how “closures” help you keep your variables out of the global scope so they don’t mess up other people’s code, we learn one Ternary Operator), and my favorite, self-executing anonymous functions.

Apologies for getting the episode number wrong in the audio – I said it was #460 when it’s actually #461.

You can find Bart’s tutorial we follow in this episode at bartbusschots.ie/….


itunes
mp3 download

NC #598 YouTube Takedown, Not Sad About Samsung, Reminders, Echo Dot, Dyn DNS DDoS Attack

I got to host Bart’s show, Let’s Talk Photography at lets-talk.ie/…. My RecoLive Tutorial is up at ScreenCasts Online, check it out at screencastsonline.com/…. I go on a bit of a rant about how the Live Show almost died because of a guy doing a takedown notice on YouTube of an interview we did with his company. That rant is followed by another one where I explain why I am neither sad nor surprised about the mess Samsung is in. If you get value out of the show, please consider pledging support at podfeet.com/patreon. I do a deep dive into the Reminders app for iOS and macOS. Then I walk you through my experience setting up the $50 Amazon Echo Dot. Bart Busschots jumps in for an out of band Security Medium where he explains what happened to the Internet this week. We talk about DNS and how the servers work, the role insecure IoT devices played in it and some suspicions about who was behind the attack.


itunes
mp3 download

Continue reading “NC #598 YouTube Takedown, Not Sad About Samsung, Reminders, Echo Dot, Dyn DNS DDoS Attack”

Echo Dot 2nd Gen is Clumsy on Initial Setup

DotEvery once in a while there’s a device comes out that everyone loves, and urges you to get, even if they can’t articulate to you why it’s so awesome. I remember a hundred years ago when my friend Eric told me to get a Palm Pilot. He explained to me that it was a small handheld device that would hold my contacts and calendar. I pointed to my 3 pound full-sized Franklin Planner notebook and said, “My planner already does that, why do I need this?” He was relentless. I took his advice and of course I was hooked.

This same kind of enthusiasm and zeal is happening around the Amazon Echo. People love their Echos. They don’t just like them, they loooooove them. You may remember when I had Mike Elgan on the show, he said one of the few things worthy of being carried around the world in his nomadic life is an Amazon Echo. He said all the usual things I’d heard before, play music, ask the weather, set a timer or listen to podcasts. I pressed him that I could do all of those things with Siri. He said it was different but hard to articulate, so I should just get one. Continue reading “Echo Dot 2nd Gen is Clumsy on Initial Setup”

Reminders is a Hidden Gem in iOS and macOS

Reminders overviewThere are a lot of terrific to do apps out there, from the simple little Wunderlists of the world to the great and powerful OmniFocus. But I thought it would be fun to do a deep dive into the Reminders app that’s built right into our Macs and iOS devices. I hadn’t poked around in there in a long time, but it’s really quite amazing what we get for free.

Reminders is sort of a go-between that connects a to do list application with your calendar. If you’re an iCloud user, it automatically creates a set of lists that trigger off of your iCloud Calendar. But what if you have a work account through Microsoft Exchange (or even use that voluntarily)? You can add an Exchange account calendar to Reminders and have a whole separate set of Lists attached to Exchange inside Reminders. If you haven’t gotten rid of your Yahoo account after the recent hacking and improper scanning of emails scandals, you can add an account for your Yahoo Calendar. Google? Sure. It even supports AOL. Continue reading “Reminders is a Hidden Gem in iOS and macOS”

Why I Am Neither Sad nor Surprised About Samsung

person with magnifying glass inspecting Samsung logoI’ve been silent up until now about the Samsung Galaxy phones catching on fire. At first I felt badly for the employees. Can you even imagine being in the room when the CEO found out about this? It must have been a dreadful couple of months for everyone there.

In case you need more convincing of how bad this really was, Tom Merritt on the Daily Tech News Show did a bit of research and came up with a good way to understand it. Chemical and Engineering News in 2013 cited the failure rate of Lithium ion batteries at one in 10 million cells. Samsung shipped approximately 1 million Note 7s in the US alone and received 96 reports of phones overheating. That’s 960 times as many as the average.

So nearly a THOUSAND times more likely to catch on fire than any other lithium ion battery. While that makes me feel better about how many batteries we use in our day to day lives, it does shine a light on how dangerous these Samsung really phones are. Continue reading “Why I Am Neither Sad nor Surprised About Samsung”

CCATP #460 Shelly Brisbin on Self-Publishing

We’re joined by Shelly Brisbin, author of the book iOS Access for All and host of The Parallel Podcast. As she’s written more than a dozen tech books, I asked her to come on the show to explain how she creates her books, what tools she uses, and how she migrated from using an agent and a big publishing house to doing self publishing. It’s a really fun episode because while you’d think creating a book is all about writing, Shelly gets into how she uses TextWrangler and writes her own Cascading Style Sheets to create her books.

You can find Shelly on Twitter @shelly and you can find her book at iosaccessbook.com/…, and The Parallels Podcast at parallelpodcast.com/….


itunes
mp3 download

Links to things Shelly mentioned in the show:

Posts navigation

1 2 3
Scroll to top