Barkings! | The Small Dog Apple Blog

A blog about our business, our industry, and our lives. You'll find posts from everyone at Small Dog and if the dogs could blog, they'd be here, too!

(RSS) and (ATOM)

MAC TREAT #248: Guided Access

I have a two year old at home and, as those of you out there who are also parents know, sometimes a little screen time can turn a bad mood around or at least buy me a few minutes to make some coffee to fortify me for the rest of the day. I don’t want my son to use my computer but thanks to my sturdy Hammerhead Jacket Case and AppleCare+ protection plan I am willing to let him use my iPhone. However, there are only certain apps that I want him to use and he has already figured out how to use the Home button and then open different apps. What to do?

Fortunately, I have discovered a great tool to restrict his use to a single app and disable buttons within that app: Guided Access. This is one of the assistive features built into iOS. To turn this on, go to Settings > General > Accessibility > Guided Access and enable this service. There is also an option to set a passcode and/or use Touch ID to prevent Guided Access from being turned off.

Once enabled, Guided Access can be started while in any app by triple-clicking the Home button. You will then have the option to circle areas of the screen to disable (such as buttons that control features of the app that you want to shut off), as well as an Options menu where you can disable the Sleep/Wake button, the Volume buttons, Motion, the keyboard, turn off touch control completely, as well as set a time limit. Once you have it set the way you want, press Start and the Guided Access begins.

To turn it back off, triple-click the Home button again and enter your Guided Access passcode. Make sure to get it right, as the first time you get it wrong you have to wait 10 seconds to try again, the second time you have to wait a minute, and I don’t want to find out how long it locks you out if you get it wrong thrice!

Comments Closed

Diagnosing & Treating Bash "Shellshock"

OS X is a descendant of a long lineage of UNIX operating systems, from which it inherits its incredible stability and enhanced security. However, the past two weeks have uncovered numerous bugs in a core piece of software relied on by many UNIX operating systems, OS X included: bash (Bourne-again shell). It turns out that these bugs have been very long standing and can be exploited in numerous ways to provide unchecked access to a computer (in some cases remotely) with an afflicted version of bash installed. Due to the surprise and scope of this vulnerability, many have dubbed it “Shellshock”, in reference to the combat fatigue experienced by soldiers, but it’s really not a fair comparison to the effects of war.

A “shell” is a program that interprets and acts on textual commands either entered directly by a user at a terminal (or using a virtual terminal like the Terminal app found in /Applications/Utilities on OS X) or from a file containing one or more commands to be run automatically (sort of like a player piano, if that’s even a useful analogy anymore.) Bash is a very common shell program and is the default on many UNIX operating systems, including OS X (as of Mac OS X 10.3 Panther). If you’ve ever opened up the Terminal app and run a command in the last decade, you’ve used bash.

I personally write a fair number of scripts in the bash language to automate various processes on my computers and servers, primarily because it so ubiquitous. It may be partly because I’m a bit of a masochist, but—as a server admin—I also find it helps me perform tasks more efficiently when working in Terminal since it is the default. Needless to say I immediately started investigating the bugs, the attacks, and testing OS X workstations and servers.

Fortunately, without very specific custom configuration, OS X is not vulnerable to remote attacks through the afflicted version of bash, as echoed in the following statement from Apple (given to Jim Dalrymple of The Loop):

The vast majority of OS X users are not at risk to recently reported bash vulnerabilities. […] With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.

None of the OS X 10.6 Snow Leopard through OS X 10.9 Mavericks systems I tested were vulnerable to remote attacks, however, all versions were susceptible to local attacks. The bugs are such that malicious commands can be inserted into “environment variables” (just what they sound like, data that exists in the environment in which individual shell scripts are run and therefore can be accessed by many scripts) and will be automatically executed upon any bash command or script being run. Not good. Since there are multiple bugs, there are different ways to test for each, but I find running the ‘bashcheck’ script to be very convenient way to test for all of them at once.

The bash developers and community have worked feverishly to investigate and fix these bugs. Apple has released “OS X bash Update 1.0” which includes fixes for the initial pair of bugs, but it unfortunately does not address subsequent bugs. As a further inconvenience, Apple does not provide this update via Software Update or the App Store, so you must download & install the appropriate update for your version of OS X:

OS X bash Update 1.0 – OS X Lion (10.7)
OS X bash Update 1.0 – OS X Mountain Lion (10.8)
OS X bash Update 1.0 – OS X Mavericks (10.9)

For those of you running Mac OS X 10.4 Tiger through 10.6 Snow Leopard on much older Macs, the developers of TenFourFox (an open-source version of the Firefox web browser specifically for older PPC & Intel Macs), provide a download along with detailed instructions to install a version of bash that fixes all the known vulnerabilities at this time. It does require command line experience, so is not for the faint of heart. The updated version provided by the TenFourFox team can also be used on OS X 10.7 Lion through 10.9 Mavericks and actually installs the very latest 4.3.x version of bash as opposed to the older 3.2.x version that Apple includes by default (and provided the partial fix for). This newer version of bash also has some benefits that programmers might enjoy, but it comes at the risk of possibly being downgraded by a future OS X update from Apple.

If you never use the Terminal app, I’d suggest you at least apply the appropriate version of “OS X bash Update 1.0” and any future updates that Apple might release to fix the additional vulnerabilities. For those of you who use Terminal with any frequency, you’ll want to proceed with caution and weigh the pros & cons of relying on Apple’s partial update or manually updating to the latest version of bash for your particular use.

Comments Closed

SOAPBOX: The Failure of War

Start Soapbox

Each night after dinner, my wife and I watch the national news. It has been so depressing lately that, even though I want to be informed, I can hardly stand watching. The constant news of war and people killing each other in the name of religion, territory or riches is simply senseless.

You know that I have often predicted in my annual prognostications that this would be the year of confirmed alien contact. But let me tell you, if I was an intelligent alien, I would stay way, way away from this planet. War is barbaric, uncivilized and the case can be made that wars do not solve any problems.

I certainly see that in recent wars. We sent our sons and daughters to fight in Iraq and Afghanistan and I would challenge anyone to give me a list of problems that they have solved. In both cases, the situation is worse, not better, and thousands and thousands have died and suffered.

The Israelis and Palestinians have been fighting my entire life, and while I unequivocally support the right of Israel to exist in safe and secure borders without rockets raining down on them, I cannot justify the indiscriminate violence against Palestinian civilians which is causing such dramatic suffering. Of course, I do not have a solution to the stand-off, but it saddens me and alarms me that each side so easily slides into war as the answer.

Syria, Ukraine, Somalia, Nigeria, Central America, Central African Republic and literally dozens of other smaller wars are causing such widespread suffering, displacement and death that I just start thinking about Albert Einstein’s famous quotation, “I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.”

Until we eliminate war as a means of “solving” problems, the most important challenges facing humanity — poverty, hunger, climate change, health care, education — cannot and will not be addressed, and we will slip deeper into the haves and have-nots. The strong, the weak and ultimately, innocent people will continue to be the victims.

War is simply a failure. A failure of humanity to think clearly. Before our country went to war in Iraq, we put out a big sign in front of our headquarters that had the simple message “NO WAR.” I think it is time for us to put up another that says “END WAR.” Dwight D. Eisenhower, a notable military man, President, and General, has perhaps summed it up best:

“Every gun that is made, every warship launched, every rocket fired signifies in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed. This world in arms is not spending money alone. It is spending the sweat of its laborers, the genius of its scientists, the hopes of its children. This is not a way of life at all in any true sense. Under the clouds of war, it is humanity hanging on a cross of iron.”

End Soapbox


Internet Privacy, or Lack Thereof

Something that has been in the news lately (or at least the online news articles) is the topic of privacy on the internet with regard to how government agencies and other commercial entities are trying to keep tabs on people’s browsing habits.

Complete anonymity online is nearly impossible, as you are tagged by the address assigned to you by your internet service provider (ISP). Your browser is also being tracked by where you go, what sites you visit, and this information is being logged and sent to companies that track consumer habits to better advertise to those particular consumers. All of this paints a disturbing picture where just about everything you do online is being watched by someone and logged for analysis.

There are ways to protect yourself and make it difficult (but not impossible) to track your online travels — however, those methods are now being watched. If you even research how to protect your identity online you get flagged for monitoring 
(article from The Independent who re-ran this article

 from WIRED, and the Herald).

Once I started reading about how transparent everyone’s online journeys were to the people with the right equipment, I began researching about how to have a smaller online footprint. Yes, this probably got me flagged — but since I don’t partake in illegal online behavior, I’m not too concerned.

There are several ways to try and protect your identity. One would be using Proxy servers or Virtual Private Networks. Using Proxy servers is risky unless you know/trust the server owner and the latter usually requires some form of payment method. If you have access to a VPN, then whoever provides this service would most likely be the one to be flagged for the watch list. Your web traffic would likely get bundled into the provider’s internet access as well.

Another method is what’s called the TOR browser. TOR stands for The Onion Router, which is a service originally created by the US Navy, and is now privately maintained (though it still receives funding from the government). The TOR browser bundle includes software that allows you to connect to the TOR network. When your computer is connected to a node on this network, it gets bounced all across the world while encrypting your traffic every step of the way until you come out at your destination.

Say you want to visit; normally, your computer would connect by the shortest distance between your ISP and our ISP, making as few ‘hops’ as possible. The TOR browser makes your computer travel all over the world to protect your source and destination, as well as the travel paths of the nodes along the way.

In the past, TOR has been a safe way to browse the internet anonymously, but it recently has become the target of government agencies across the world because, as we all know, information is power. Russia has even offered a reward to the Russian researcher who is able to crack the TOR network and allow it to be monitored.

 This reward is only available to Russians within their borders in order to protect what is discovered from outside government agencies.

There have been a lot of articles about the NSA watching the traffic of average Americans, but that is for another article. For the time being, I have been thinking about how to reduce my footprint online and the biggest hurdle is social networking. Everything you post to a social network — be it Facebook or LinkedIn — is stored on some server somewhere forever,* even if you delete it from the social network it was on. There are no takebacks when it comes to posting online. Somewhere, everything that has hit the wire has been saved somewhere else. So whatever you post online, you should probably be okay with a total stranger looking at it because nothing is ever completely safe.

Knowledge is power, so guard it well!

*Editor’s Note: “Forever” may not be literal when it comes the internet, but we also know that it has a very long memory…better to be safe than sorry.

Comments Closed

Automatic Car Accessory

I drive a lot — two hours a day covering a total of 100 miles. This week, I was shown this cool little device by a coworker and was immediately intrigued.

Automatic is a tiny device you plug into your car’s data port and links to your iPhone or Android (download at Google Play) through an app. It provides all sorts of fun information about your driving and your car. At first I thought my 2007 VW Rabbit wouldn’t be smart enough to contain the proper hardware to make this work, but Automatic actually works with most cars that have sold in the US since 1996.

The Automatic Link gives you useful information such as gas consumption, time it takes to get to and from places, driving style and car maintenance. It’ll also keep track of where you park, which can be helpful in certain situations (I may or may have not lost my car in Brooklyn a few weeks ago…).

Automatic learns your driving style and gives you the appropriate feedback to improve things like wasting gas from accelerating too fast or slamming on the breaks too often. Every week you’ll get a driving score to help you improve. They even claim that a high score could save you hundreds on gas every year.

Automatic is priced at $100 and does not have subscription fees. My other car-enthused coworker may just invest in one of these in the near future. I think I may wait to hear his feedback before rushing out to grab one myself, but I think that this could provide some really cool information as well as improve my (sometimes crazed) driving.

Have one yourself? Tell me about it!

Comments Closed

Previous Page Next Page