SVMUG Meeting August 15, 2016
News and Events
Expects to pay no repatriation without “Fair Rate”.
35% would be paid if off-shore money was brought into the USA.
He points out that most of Apple profits are generated from overseas sales.
Beware of emails that appear to be from Apple
claiming that help is available on a web site to
recover a stolen iPhone. They are actually trying
to obtain your Apple ID password.
up to $200,000 for reports of bugs
in iOS and iCloud. But the offer is
only for invited researchers, of known
forward phishing emails to firstname.lastname@example.org
other suspicious emails to email@example.com
up by 55%
will make $3 billion from the Pokémon craze
It was another company, mistaken for Apple
Rumors of new Macs in the Fall.
Steve Jobs did not put much effort into enterprise customers
but new business is coming from enterprise customers for iPads, iPhones.
from their solar panels
Public Betas Updated
Home Automation - Doorbell - www.ring.com
Jamie Siminoff — CEO of Ring - firstname.lastname@example.org
The product is an intercom/camera/doorbell that communicates over the internet.
WiFi enabled doorbell with one-way video, two-way audio
+ additional cameras for use in the home.
The original was the “doormat” which he built for himself for his needs, not expecting to turn it into a company.
Launched in 2012 at the Paris Web event.
$199 full retail price classic
$249 full retail price Pro version
They appeared on “Shark Tank”, which brought in publicity and sales.
Doormat was shipped at the end of 2013, but they realized it was really a beta product.
They retooled and built Ring, bringing it out in 2014.
Sir Richard Branson has invested.
They are now in stores like Target, CostCo, Amazon, Lowes, …
Q: IoT providers are not usually security conscious. What do you do to protect the device from hackers intruding via the network?
A: There is a big financial gain for us to lead in security.
The system will be streaming video in 600 milliseconds, sent to the cloud servers.
A member comments that he knows of users who have found the system to be too slow.
The auxiliary cameras - stick up cameras - are battery powered as well.
The cloud storage costs $3 per month or $30 per year, and the videos are saved for six months.
They will be compatible with the forthcoming release of HomeKit.
Under normal use, the battery only needs to recharged every six to twelve months.
Peer-to-peer operation is expected in a few months.
Are you concerned about China manufactured knockoffs? You have to out-execute the competitors who are making knockoffs.
California is an All Party Consent state — http://www.bc-llp.com/illegally-recording-conversation/
Classic: dual powered door camera - uses both battery and wired powered.
Pro: works only off doorbell wires
A solar panel can be installed to trickle charge the doorbell.
You may share access to your door camera and videos with others, e.g. a neighbor.
Motion detection by heat detection can be filtered on the Pro version to reject non-human events.
SVMUG discount code: 9svmug
The Markdown text formatting syntax standard.
1. Is there a replacement for AppleWorks for drawing?
EZDraw. — available in the App Store or at the web site.
There is a trial license available. Look into Libre Office as well.
2. AlternativeTo.net — will pull up alternative software
3. Measure upload speed of my connection.
4. Why is the Apple iTunes Store unreliable — outages of one to four days.
It may not be the ITS, but could be your ISP.
Try using LTE instead of WiFi.
5. iOS and iCloud Photo Sharing. Can the cache size setting be adjusted.
We will have investigate.
April 18, 2016
News and Events
Note that there were three vectors i) fake hotel network, and ii) downloading a file (via text), plus one ‘Bluetooth Driveby’
proficient hackers demonstrated hacks.
man in the middle using fraudulently WiFi hotspot
Defense: environmental awareness, and use a VPN.
throw away such messages — it is a fraud.
Bryan will cover this in his presentation tonight.
empower judges to force companies to assist law enforcement
over orders to reveal customer’s emails and a gag order on those orders
Presentation — Bryan Chaffin
FBI versus Apple and The People
1990’s - crypto wars, our intelligence agencies try to prevent encryption technology from being exported.
— so the foreign tech companies developed their own.
— now twenty years later, we are making a similar mistake.
is there a way to let only the good guys to snoop? Reason dictates that is not possible. If keys exist, everyone can look for those keys.
Also, if you give the government the ability to spy secretly on anyone anytime, how long until they get around to spying on you?
Open Source — GnuCash
Questions and Answers
1. Preview has a memory leak when dealing with PDF files. Recently I had to do a lot of work with PDF, and lost 40 GB of disk space. How do I recover this space.
We think it should be a cache file management problem. Also Preview may be saving versions of files, but that should be visible. Maybe virtual memory files are eating disk space. Perhaps a disk optimization program might find the missing space. Use the console to check for recurring errors. Perhaps the logs are increasing without limit.
2. Booting up MacBook Pro, it seems to always use a WiFi connection rather than an ethernet connection, even though the ethernet is plugged in and ready.
In Mac System Preferences -> Network Settings, you can enable several different connections simultaneously. The priority by which each will be used is set by the order in the list of connections in the network settings control panel. If you wish ethernet to have the highest priority, simply drag the ethernet item to the top of the list.
By the way, the same is true for setting the priority of WiFi connections, should more than one WiFi “hotspot” be available in a given environment. Simply drag the item for the most preferred hotspot to the top of the list that is found under Network -> Advanced settings.
(Flash, Java, Silverlight)
No actual damage done for three reasons:
1) the malware was designed to stay dormant for 72 hours (presumably to make it harder to figure out where it came from)
2) Transmission, the vendor, responded promptly with clear and accurate messages to users, and, with an updated version of Transmission that removed the malware. (Bad Version only there for 36 to 48 hours)
3) Apple responded quickly by revoking the developer cert used to sign the malware, and adding the malware itself to XProtect. Revoking the cert stopped the malicious installer from passing gatekeeper, and adding the malware itself to XProtect prevents it from running, even on systems that installed the malware before the dev cert was fixed.
The end result of all this is that it seems like none of the few thousand people who contracted this malware lost any data. So – in real terms this was not actually a major disaster, it was however a near miss!
from Bart Busschots on podfeet.com
FBI Could Crack the Phone…. Here’s how
iOS 9.3 - must have for security
OS X 10.11.4 -
iTunes 12.3.3 -
Watch OS 2.2
Marcus Aiu and Jeff Parker from Quicken presenting.
sneak preview - right now have a per month budget. New: budget over a full year. Currently, this is “alpha” code.
New: direct connect bill pay.
Buy: quicken.com/mac and the Mac App Store.
and vote for new features.
Raffle: a copy
1. Limit the number of emails that are displayed in the recent emails of the iPhone.
Limit the downloading of emails to the iPhone. Try creating folders for different categories of mail, using the tools on the server.
2. When you click on a purchased TV program, can you set the preferences to show only the most recent episodes, rather than the whole list of episodes? Otherwise you do a lot of right swiping to find the desired episode.
We are not sure
The download buffering estimate seems wrong.
This is because of the way Apple TV attempts to estimate, based on the first few bytes, and the byte rate average.
3. When I add events to my Gmail calendar, the events show up in my iPhone calendar, but not vice versa. Can I fix this to work both ways?
On the iPhone, under calendar settings, set default calendar to Google.
The iPhone fetches data from multiple calendars, but creates events in only one calendar.
4. How do I delete a recovery disk (recovery partition).
Normally, you only see the Mac partitions — the recovery partitions are only shown if you use an “option” boot.
Frankly, you should not delete the recovery partition. It is necessary.
5. Is there a way to prevent iCloud from opening upon startup? I have an ATT cell phone modem, called “ATT All Access”. I am shown two successive iCloud sign-in windows, which takes forever to connect.
SVMUG November 16, 2015
Still More on 1Password Metadata (Scroll down to ‘Security Lite)
iPad Pro is Available (Robert has one!!)
Swift Programming for the non-programmer
What is a programmer?
Flexibility, ease of use, portability, and speed
languages before Swift: problems and solutions
What is Swift? How is it different?
Programmers create instructions intended to cause a computer to do some work.
Users are just programmers who believe anything you tell them.
stored instructions: program, playlist, bookmark, app, Macro, script, shortcut, … html, document…
Programmers care about flexibility, ease of use, portability, and speed.
The Facebook web interface makes it very easy to share a post on Facebook,
but you can’t use it to write a program to solve a math problem.
Using Assembly language you can write a program to do anything,
such as posting to Facebook,
but it takes much much more work then using Facebook.
Trade-off: ease of use versus flexibility
Portability is also a concern. Where can I run the program?
Facebook runs everywhere (via web browser).
But assembly language is very specific to the platform.
Speed is also important: how fast is a program after I write it.
— Find the Middle Ground —
Flexible enough yet easy enough
portable enough yet fast enough.
Control Flow: specify the order of execution of program statements
Spaghetti code: a program where the control flow is hard to follow.
With spaghetti code, different parts of your code can be meshed with each other,
so that changing one piece might break some other piece, especially in unexpected ways.
Excel Macros are flexible but not easy to use — makes spaghetti code inevitable.
Furthermore, it is not portable (works only in Excel), and not particularly fast.
— create anything
— easy to create simple elegant code
— portable - everything has a C compiler.
— Speed - very fast
[Sidenote: a compiler takes readable code, e.g. English, and converts it into machine code (or “byte code”).
“The nice thing about C is that you can do everything. The bad thing about C is that you must do everything.”
Solution: object oriented programming: objects encapsulate data with the code that operates on that data.
— code becomes a loose collection of objects.
— the objects are replaceable without great modifications to the rest of the code.
— objects encapsulate code
Objective-C is a strict superset of C.
— perhaps not quite as easy as plain C
— it was designed to portable, but really only used for Apple devices
— fast, but not as fast as pure C
Apple’s Goals for Swift
- open source
- No “silent consent” for unexpected conditions
- Better memory protection
- No selectors.
If Objective-C encounters an unexpected condition, e.g. null pointer, it does nothing, generates no exceptions, no errors.
Swift will deliberately crash the program. This prevents problems later.
Memory Protection: C can wander around in memory, changing stuff that should not be changed.
Swift will enforce array bounds, rigorously check for overflow, and uses no pointers by default.
In C, C++, or Objective-C, it is easy to accidentally modify memory.
Swift does not support selectors. This allows for the creation of private code that other objects are not allowed to call.
Modern: “when Swift was release, everyone said it was just like their favorite language”
— modern nice syntax
— Swift source code is usually shorter than Objective-C source code.
Fast: significantly faster then Objective-C.
Interactive: not a feature of the language, but of the creation tools (Xcode).
— playgrounds execute code automatically.
— — see the results instantly
— — can use Apple frameworks
— — can use image and sound files
— — no need to embed code in complex programs, to see the results.
Open Source: at WWDC 2015, Apple announced that Swift would be made open source by the end of the year.
— it is not the end of the year, yet.
1. Best Swift book for novices is the Apple Swift book. (Currently version 2.1 in iBooks.)
2. How to speed up file sharing between two Macs?
— Use WiFi for the connection.
— AirDrop is also very quick.
3. I am getting restarts in Yosemite. Is this a bad sign? No problems are found in diagnostics. “Your Mac restarted because of a problem.”
— possibly the HD is starting to fail.
— use Disk Utility to read the SMART data on the drive.
— Google kernel restarts - there is an Apple Support Document.
— try EtreCheck
4. How do I view an email in ‘source text’ without opening it?
— you have to open it.
— in the mail list, force touch the mail item or use the menu “view” -> “message” -> “raw”
5. Suggestions of where to start learning programming?
— pick something simple, write it.
— then move on to more complex things.
6. I can calibrate my monitor using the Apple tool. What can I use?
— Use Spyder Pro, X-Rite Pro, etc.
7. New iPhone 6+ — try to transfer my SIM card, but AT&T says I need a new SIM card for new features. What are these features?
— only AT&T knows — ask them at the retail store.
— it might be the WiFi calling, and HQ calling.
SVMUG October 19, 2015
YiSpecter Malware - for iOS
distributed by enterprise administration, not via iOS App Store
Apple Removes ‘Continue Button’ (iOS9)
Enterprise administration can get around this.
Flash - of course - Advice on Flash
Apple Removes Apps that Could Spy
Safari 9m iOS 9.02
iWork for iOS & El Capitan
Apple Ordered to Pay U of Wisconsin
Apple to Report Earnings Oct. 27, Call @ 2PM
Figuring Costs on New iPhones
Gary Allen, Founder of IFO Passes On
Apple Initiates Help for Apple Music via Twitter
El Capitan problems with Office ‘Apple’s Fault’
Apple Launches Program for MacBooks with Screen Issues
IBM Likes Using Macs Photo from the Past
‘ChipGate’ - Much ado about Nothing 1
‘ChipGate’ - Much ado about Nothing 2
Steve Jobs Movie
Economist Review of Steve Jobs Movie
‘Old News’ - Ron Johnson and a Startup
Harry Potter Books on iBooks
1. Is there a browser that will reflow text when you zoom in on a page?
This is, today, mostly related to the coding of the web site: is it “responsive”.
Try using landscape mode to help.
2. I have some old Adobe Type Fonts. Is anyone interested in these?
3. System Report: storage tab displays a lot of device images in “/tmp” with BSD names.
Perhaps you have some old disk images still mounted? Use Disk Utility to locate the offending items, and eject these.
4. What is the safest way to dispose of SysQuest or Bern. disks, with sensitive information?
Drill a physical hole through the disk.
Rumor: Steve Jobs wanted to make a car — he was in to cars.
Tim Cook: a car is the ultimate mobile device.
Software has become more important than mechanics.
Apple is the best software company on the planet.
(Apple has NOT become Microsoft, because Apple doesn’t suck.)
Google may beat Apple with having a ready-to-go car.
But it will not be as “pretty” as Apple’s. Or “neat” as Apple’s.
(Before Google, Larry Page has been thinking about
self-driving cars since the early 1990’s.)
Apple has special experience in power conservation.
The Apple car will a luxury item, maybe at $70,000.
August 17, 2015
Silly season: DefCon and Black Hat conferences
An attack using Thunderbolt cable chips as a infection vector.
However, it is a low impact.
Screen shot of a scammer attempt
— this ransomware that targets naive Windows users.
— completely bogus
Screen shot of Apple Fixing bad stuff
“Installer” will damage your computer. You should eject…
— this is a real warning, generated by the Apple malware scanner.
— pay attention if this pops up on your computer.
Zero Day Privilege Escalation Bug in OS X Yosemite (patched)
has been patched in 10.10.5
Cyber Flashing & How to Stop It
A woman on the London subway opened her phone
and saw a genitalia image (a human flasher). The
vector was AirDrop, so it was a naive user enabled
Be sure to update.
Don’t run Flash unless you have to.
And just today, an Italian research found a theoretical
vulnerability. He notified Apple, but then one hour later,
released the details to the public. Normally, such a
researcher would wait for the company to respond.
This was very bad on his part.
10.10.5 - Very important - contains lots of security fixes
iOS 8.4.1 - also lots of security fixes
— beat estimates in revenue and eps,
but not for iPhone unit shipments.
50% off Selected TCO Books for MUG Members
Presentation - Home Automation
by John Rich, author and journalist and photographer, www.JasonRich.com
Download this presentation from www.JasonRichClasses.com
Automate your home and vehicle using smartphone or tablet, with technology that is available today.
Your iPhone and/or iPad can become a powerful remote control for many other devices and appliances.
Door Locks & Doorbell
Television & Stereo
Vehicle Navigation (GPS)
Hands-Free Cell Phone
Q and A
1. Thunderbird email app - accidentally closed inbox viewer. How do I get it back?
— we will investigate
2. When I expand Finder column widths, it does not persist when I open new Finder windows.
— hold the option key when dragging the column borders.
3. Apple ID - cell texts go arbitrarily to either Messages or email. How do we set this?
— Messages will try to use the relay of “Messages to Messages”, but if you are offline, it will use a secondary method, e.g. email, cell SMS.
4. I need help loading 10.5 onto a G4 Powerbook.
— 866 MHz CPU and 512 MB RAM is required.
5. When I copied a file, the file size was different on the copy. Why?
— Maybe block sizes are different. Maybe the metadata was changed. Maybe the copy is more efficiently de-segmented.
July 20, 2015
Earnings for FY Q3 Tomorrow
iTunes 12.2 NOTE: NEW TCO BOOK OUT, See Discount code on Agenda
***PLEASE BE RESPECTFUL OF THIS CODE***
Apple Music - Jeff Gamet, Managing Editor of MacObserver
Apple Music is part radio station, part streaming music, part music storage, and part musician social network. That’s a lot for for a single new online music service, and depending on how you use Apple Music, it can be a little confusing. Jeff will show us the new features that Apple Music gives us and point out what’s changed from iTunes Radio and iTunes Match. We’ll also find out which devices support listening to Apple Music.
Via Skype and the MacObserver Web Site.
Catch Jeff’s weekly podcasts.
What is Apple Music, as compared to iTunes, iTunes Radio, iTunes Match?
1. Beats One — Apple’s own Internet radio station
much like a traditional radio station,
with DJ’s, music, interviews, call in requests, etc.
“old school radio station”
Zane Low is the station manager.
Beats One focuses on Pop Music.
Maybe in the future, there will be a Beats Two, Beats Three,
and so forth for separate genres of music.
2. Apple Radio — this is iTunes Radio retooled.
This is a genre selectable streaming service.
A computer algorithm put together the stream
for iTunes Radio, and made odd choices at times.
However, human curators put together the streams
for Apple Radio. The ideal is to hear a mix of songs
that you already know with news songs that you do not.
3. “For You” music collections — hand curated recommendations.
iTunes Match vs. Music in the Cloud
iTunes Match — takes your purchased library and puts it in the
cloud so that it is available from the Cloud on any of your devices.
The purchased library includes CD’s that you have ripped into your
library. The artist royalty was paid out of your original purchase price.
Apple Music in the Cloud — you can listen on demand to any item
in the catalog of iTunes, and the artist is paid a per-play fee.
This is a subscription service.
Apple chooses the music curators very carefully,
looking for expertise in the given genre.
DRM - Digital Rights Management — Apple Music allows you to download music for per-play-fee listening, under your monthly subscription. So it has copy protection. This means that should you end your subscription, any downloaded songs still present on your hard drive will be unplayable.
If you have a given item in your purchased library, you will play the non-DRM file. If you do not have the item in your purchased library, you will download and play the DRM file.
Without Apple Music Subscription, you get these services:
listen to any music you've purchased, ripped, or uploaded to your device.
(If you pay $24.99/year for iTunes Match, you'll be able to listen to any music
you've uploaded to iCloud, regardless of whether it's on your device or not.)
listen to Beats 1 radio, view and follow an artist's Connect stream,
listen to ad-supported Apple Music radio stations
(which replaces the current iTunes Radio interface)
—though you'll only have limited song skips available.
With Apple Music Subscription, you get these additional services:
Apple Connect — a social network for artists to interact with fans
(but not for fans to interact with artists).
It is the modern version of “liner notes”.
Jeff believes that Apple Music is aware of your connection method, e.g. LTE versus WiFi, and will appropriately choose the best bitrate for the given connection. So you LTE data plan will not be overwhelmed.
The CrossWire Bible Society is an organization with the purpose to sponsor and provide a place for engineers and others to come and collaborate on free, open-source projects aimed at furthering the Kingdom of our God. We are also a resource pool to other Bible societies and Christian organizations that can't afford-- or don't feel it's their place-- to maintain a quality programming staff in house. We provide them with a number of tools that assist them with reaching their domain with Christ.
The heart of most projects here at CrossWire use a common technology called The SWORD Project.
— a Bible reading and study app for iDevices
— by CrossWire Bible Society
It is more than just Bible study. It provides for language studies,
learning foreign languages, learning grammar of your language.
Runs on desktops (Linux, Windows, Mac), and on smartphones.
There is a Java version as well.
Eloquent (formerly known as MacSword) brings the power and versatility of The SWORD Project to users of OS X, along with a beautiful Aqua interface.
Discussion: “does not seem to have been deployed”
Windows Update Cautions - Sequence is Crucial this time
More (Update) on Superfish - Government Certificates not an issue AFAIK, Superfish is an issue
“… it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours.”
— stolen credit cards are used by thieves on their own Apple Pay
— not really an Apple Pay problem
Apple Updates for FREAK Vulnerability & More (Note, this is iOS, Mac OS & Apple TV)
Tim: Tell us how/where we can do better http://apple.com/feedback
The Internet of Things
Withings scale, Nest thermostat, …
Previously at Frog Designs.
You do not want separate apps for each smart device.
How about URL’s instead?
The growth of smart devices will be exponential, and getting more apps is not going to scale with that growth.
Furthermore, apps are being drown in the number of App releases.
40% of apps on the Apple store have NEVER been downloaded!
The goal is to get the controls of smart devices to scale like the web scaled.
The smart device sends a bluetooth code to bring up its web page. It is a discovery service for the devices in your immediate environment.
It has to be decentralized.
Discover - Rank - Interact
It is not a Google product — it is a web product.
Bluetooth LE sends out an advertising packet, once each second.
The packet is a URL, e.g. “http://coke.com/v/23432” from a coke machine.
A phone comes by and checks what is nearby, e.g. the coke machine.
These physical devices create the physical web.
Bus stops, vending machines, restaurants, groceries, home controls, etc.
But it only shows you things when you ask to be shown.
Users can opt-in to letting the system gather anon. data.
Your past behavior will be used to rank the most interesting things for you.
It is like QR codes, only broadcast over Bluetooth LE.
The web site, e.g. http://coke.com, can send instructions to a vending machine, that you have paid with ApplePay, and you want a Diet Coke.
simple web: smart device sends you a link to the web
triangular web: the web server tells the smart device what you want.
direct connect: your phone talks to the web server, and also to the smart device.
The project is on Github, with more than 3400 developers watching, participating.
physical web is available on the Apple iOS store.
1. Odd email problem with Apple Mail on my computer, Mavericks.
Outbox items are not being sent.
This might be a known problem with Gmail, where the SMTP server keeps dropping off the list.
Maybe check the Taking Control of Apple Mail book.
Some big providers, e.g. Comcast, are not letting mail work except on their network.
2. My old printer is not working under Yosemite. It is a Canon.
Apple Support may be able to help — call the support number.
Try generic printer driver.
Keep checking the Canon site for new driver downloads.
3. When I use Siri to initiate a phone call over a bluetooth headset, it drops the headset just as the call starts.
Check your preferences, and make sure you preference is to use the headset for phone calls.
4. QEMU - running Windows programs on Mac. http://wiki.qemu.org/Main_Page
5. Best practices for Time Machine backup:
external drive direct connect is the best, using Thunderbolt.
WiFi network drives allow multiple machine backups.
6. Under Yosemite, can I have an app start up automatically?
Yes -- under Users account, set up in login items.
and also by using contextual menu on a Dock icon.
7. How do I uninstall MacKeeper?
Go to www.thesafemac.com for instructions.
Also try "App Delete" or "App Zapper".
Do not trust the MacKeeper provided uninstaller.
Pages by Michael Cohen
Author of Take Control of Pages
Why was Pages rewritten by Apple?
— because the market is now been led by iDevices as opposed to desktops or laptops.
— Apple wishes to have continuity of appearance and operation between iOS and Mac OS X.
Part of the cross compatibility is that Pages will recognize when a given device does not have a font which is used in a document, make the appropriate substitution, but without changing the original font assignment.
Alas, we lost newspaper style column flows, mail merge, and other utilities.
So many people are complaining that “Pages was dumbed down”, but this is unfair. Pages remains a sophisticated document authoring tool. The new Pages is not stupid.
1. Bluetooth keypad (LMP) is not communicating with my Mac. The connection was lost suddenly. The battery is fine. It will not pair with the computer.
— try leaving the battery out for more than 24 hours, to clear out residue data in the memory.
— in the Mac, tell it to forget the given bluetooth device, and discover it fresh.
2. If I have 5 GB in Dropbox, when I install Dropbox on my iOS device, will it take up 5 GB? Can I selectively sync only certain folders of the Dropbox?
— yes, you can choose, on each device individually, which folders will be sync’ed.
— we will investigate.
NEWS January 26, 2015
REMINDER: FEB MEETING WILL BE THE 4TH MONDAY OF THE MONTH
FEB 23, 2015
Dave Peck on VPN software and use.
What is CloaK?
Keeps you safe when you are connected to WiFi networks in the wild.
It is a easy to use VPN.
Three freelancing software developers put it together.
They wanted to make a VPN that was Mac-like and Mac-friendly
Why should you care?
Unprotected WiFi can be dangerous.
For example, Firesheep is a FireFox plug-in that allows snooping of communications on a WiFi network.
It would even automatically log in to Facebook as some one else when a log-in was detected on the network.
Cloak provides value where HTTPS is not in use.
Cloak prevents passive snooping.
What is a VPN?
virtual private network
Every byte will be encrypted before it is sent from the local client.
A special VPN server receives the encrypted data, unwraps it,
and forwards it alone.
How is this different from TOR?
How does it affect workplace snooping?
What about other platforms?
We love our Apple devices, which is why when we first built Cloak we built it for Macs, iPhones, and iPads. But we haven't forgotten Android, Windows, and Windows Phone — and perhaps someday in the future, we'll have more to say about them!
How many Cloak accounts do I need?
One! You can use one Cloak account with as many devices (Macs, iPhones, iPads, etc.) as you like.
(We only ask that you keep it to one account per person.)
Do you support Yosemite?
Of course. We're all about Apple.
Do you support iOS 8?
Try for free for 30 days.
$9.99 per month for unlimited service.
$2.99 for 5 GB per month.
Given how much of our daily life and business is conducted online, the question isn’t really if you can afford to sign up for Cloak — it’s if you can afford not to.
Dan Moren, Macworld
SSL is pretty much broken - so people should be using TLS.
POODLE was an attack that caused a client browser to downgrade from SSL to TLS.
The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.
It used to be believed that TLS v1.0 was marginally more secure than SSL v3.0, its predecessor. However, SSL v3.0 is getting very old and recent developments, such as the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it). Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications. If that was not enough … POODLE certainly was. In fact, as a result of POODLE, SSL v3 is being disabled on web sites all over the world and for many other services as well.
SSL v3.0 is effectively “dead” as a useful security protocol. Places that still allow its use for web hosting as placing their “secure web sites” at risk; Organizations that allow SSL v3 use to persist for other protocols (e.g. IMAP) should take steps to remove that support at the soonest software update maintenance window.
Subsequent versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0. For example, the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods.
Cloak includes “Overcload”, which makes sure that when you change networks, no communication is made until the security has been established.
Cloak provides security for the immediate network, but not for the global network — The NSA can still get you.
Open Source Corner
Treat icons on a web page like styled text.
The iconic font and CSS toolkit
Font Awesome gives you scalable vector icons that can instantly be customized
— size, color, drop shadow, and anything that can be done with the power of CSS.
Free, as in Speech
Font Awesome is completely free for commercial use. Check out the license.
One Font, 519 Icons
In a single collection, Font Awesome is a pictographic language of web-related actions.
Q & A
1. Got a new MacBook Pro. Having trouble connecting Firewire 400 drives via an adapter. Does not work with USB either. The drive is a 5.25 with its own power supply. The drive works fine with older computers under Firewire 400.
We suspect the adapter is not good, but as USB is not working, something deeper might be going on.
Perhaps the bridge chips in the cables?
2. Any experiences with upgrading from Mavericks to Yosemite?
Most experiences seem to be good.
Read “Taking Control of Upgrading to Yosemite”
3. How to use AirDrop on a Mac?
4. Does iPhoto work on Yosemite?
Yes. But bear in mind the Photos will replace iPhoto and Aperture.
5. Demo Handoff.
6. Recurring directory corruption on internal hard disk.
Very intricate problem — we can only recommend AppleCare. Something is actively damaging your disk — perhaps a third party hardware, like one of the external drives.
svmug December 15, 2014
Our annual solstice pot luck holiday goodies meeting.
WireLurker - lesson: do not install unsigned applications.
MSFT Office for Mac, and IE as well
Adobe Flash has another problem - please do updates.
Sony is threatening to sue reporters who pass along stolen information.
United Air Lines has purchased iPhone 6+ for flight attendees.
An "antique" market has developed for first generation iPhones and classic iPods.
iOS 8.1.2 has been released
-- a member reports that the update 'bricked' some iPhones, apparently older models.
Reminder: January and February 2015 meetings will be on the fourth Monday of each month. Jan. 26 and Feb 23
eBook price fixing case was ruled in favor of Apple, but is now in appeal. It could go to the Supreme Court.
Why password managers are important
Do you use the same password for more than one site?
It is a common mistake. The problem is that if some one gets your password from one site, they will have it for your other sites as well.
You need to use unique passwords for each site.
But will need help to generate the passwords, and help to remember the passwords.
That is the purpose of password managers.
1Password: AES 256 bit encryption, convenient and simple
-- with browser integration
Create a strong password for the master password, but it needs to be memorable.
Recommendation: use four random words: "correct horse battery staple"
supported browsers: safari chome firefox opera
Look at the blog, for apps that love 1Password
BAckup data using the 1Password emergency kit.
Use the security audit to find duplicate passwords, weak passwords, old passwords.
Use the Watchtower to fetch information on which web sites have been hacked.