He does know how to get our attention: "Free!" Jim Hamm goes on to say, "Here is an article about free eBooks for your iPad or Kindle. For the iPad you might want to install the free app: eBook Search. Then you can really get started looking for eBooks." That's 38,000 FREE eBooks. (He closes the email with "sent from my iPad" so you know he's grinning, too.)
Summarizing the Malware Attempts
"Here is an excellent article summarizing the current state of affairs regarding the Flashback Trojan." Jim Hamm goes on to comment, "As the use of Macs becomes more widespread in the computer world, I suspect, unfortunately, there may be more malware attempts in the future on the Mac. One big concern I have is why Apple is so slow to respond to threats like this, as the article points out?"
The article does state that "Apple has been introducing a series of technologies—tools like Address Space Layout Randomization (ASLR), sandboxing, and DEP—to reduce the chances of exploitation even when a Mac is vulnerable and to limit the potential damage of an attack. But these technologies aren’t perfect, especially when complex programs that run Web content like Java or Adobe Flash are involved.
"Gatekeeper will significantly change the game for manually installed Trojans when it’s released later this year; it will make that form of attack much less profitable (and thus less likely)."
Finally, Some Humor!
Jim Hamm brightens our day with this, "Heck, who needs a fancy iPad holder? This device does double-duty just fine....(grin)."
OK, who else has an idea for us?
Keep Up to Date on Malware Info
Here's an article from Macworld describing malware that can infect a Mac. Jim Hamm writes, "To be safe, I disabled Java in Safari preferences. If one should need Java occasionally for, say, a bank site, just enable it for that site."
Today, 4-5, David Passell sends along this link to the BBC claiming that more than half a million Apple computers have been infected with Flashback Trojan.
If you do a search on Apple Discussions watch for the date to see if it's current information. Here's one link about it.
Now, an article on how it works, how to detect it, and how to remove it.
Today, 4-6, Jim Hamm writes that he's used the trojan-check from Mac2School's Ruth Davis. She spoke to PMUG awhile back. You can email her here for the very important virus information.
Privacy & Security? HTTPS & VPN
Earlier we heard from Jim Hamm, (posted on 3-28 as "Need to Use an Unsecured Wifi Hotspot") and now he helps us with clarification. Jim wrote to the developers of Cloak, which is VPN (Virtual Private Network), "If 'HTTPS' is all one needs to be secure, why have a VPN function at all?"
HTTPS is Hypertext Transfer Protocol over Secure Socket Layer. It encrypts and decrypts the page requests.
The reply Jim received explains more about HTTPS and VPN. The following is quoted from Dave Peck, founder of www.GetCloak.com
1. HTTPS helps your browser verify the identify of the server it's talking to. For example, HTTPS can help the browser decide whether it's really talking to your bank. (This is why, if you ever see a warning about certificates when connecting to a site, you should stop immediately.)
2. Once the identity of the server is verified, HTTPS sets up an end-to-end encrypted connection between you and the server. So to continue the example, HTTPS lets you have a secure communications channel directly with your bank that nobody can listen in on.
So HTTPS, and the protocol it is built on (TLS), is awesome. And... if everyone used HTTPS/TLS then yes, there would be no reason as an individual to use a VPN like Cloak. There would still be plenty of reasons for small and medium businesses to use VPNs. ----
Unfortunately, we don't live in this world, at least not yet. Not everyone uses HTTPS or SSL/TLS (in fact, most web sites don't) and, further, even sites that do use HTTPS often use it badly, or inconsistently. Things seem to fall into four buckets:
1. Sites that don't use HTTPS at all. This is, sadly, the majority of sites. When you're on a network you don't trust (like at a coffee shop, airport, hotel, or at a conference) anybody can see what you're doing.
2. Sites that use HTTPS badly. Usually this means they don't use HTTPS everywhere. Prime examples of this would be Facebook and Amazon.com. By default, when you log in to Facebook and Amazon, you log in with HTTPS. It might seem that this protects your username and password, but this isn't quite the case. After you log in, Facebook and Amazon kick you back to HTTP pages. But wait! How do they know who you are on those HTTPS pages? They know who you are because they've cookied you with an non-secure cookie. For the duration of your session with those sites, that cookie is as good as your username and password. Anybody can log in as you and do whatever they want as you. This is what the hacker tool Firesheep was built to exploit, and unfortunately it is all too common -- Firesheep works on nearly 100 different web sites.
3. Native apps! These days, lots of stuff is done outside of the browser. Does the Twitter App for Mac use HTTPS or TLS? Who knows! We see a lot of problems here these days, and a lot of opportunities for Cloak to make things better.
4. Sites that use HTTPS well. Your bank, and PayPal, probably fall into this category. For these sites, Cloak doesn't make a difference.
I would like nothing more than to wake up one day and discover that Cloak is not necessary. But given that only one of four buckets is actually truly secure, I think we're easily five years off from that day. That said, one can never truly predict in the world of technology. -----
I should explain, in case it isn't clear, that Cloak isn't an end-to-end solution for security. When you use HTTPS, you get end-to-end encryption: just you and (say) your bank. When you use Cloak, you get encryption from your laptop or iDevice to our servers. From there, things are decrypted. But we host our own servers on networks with great peering agreements and extremely strict security policies. Our networks are trustworthy, whereas presumably the networks "out there" in the wild, like at coffee shops etc, are not. It's only if you truly cannot trust the Internet at all that HTTPS and TLS are your only options. ---
Bottom line for all of this: I believe that we still live in a world where Cloak can provide real value; I hope that technologies like HTTPS and SSL will ultimately become so prevalent that tools like Cloak won't be needed anymore. I think we're many years off from that day."
Thanks to Jim for getting this information for PMUG.
Is Your TV Watching YOU?
"New HDTVs now have both the hardware and software capability to monitor both sound and video!" announces John Carter. He elaborates, "Do you want to your new TV to have Skype capability? If so, then would it be possible for the TV itself to get hacked and someone could be spying on you?Read the news here." Take a look, then pass it on.
More on POP and IMAP
John Carter passes on more info on the POP and IMAP question. "The reason you are able to see your mail on the server after seeing them using Mac Mail is that the preferences set in Mac Mail are to NOT remove the message from the server after retrieving them.
"In the snapshot below, I have my POP account preferences set to "remove copy from server after retrieving message” because in this case I have no interest to ever use webmail to access email for that account, and this option keeps the messages in that account on the server cleaned out.
"In this case, once I retrieve a message using Mac Mail (or any other mail app with the preferences set as above) and then subsequently either delete it from the inbox in Mail or move it to another folder in Mail, the message is deleted from the inbox on the server. Because it is not a POP account, when moving a message from the inbox to another folder in Mail the message on the server is just deleted. All folders in Mail for a POP account are local to the computer. And that’s another reason I prefer not to use a POP account if I can help it.
"(Note: the option to include - meaning to retrieve - when automatically checking for new messages is not checked because I have a filter for that account on that server to forward all incoming messages to another account on another server, after which they are automatically removed from the originating server. This may seem complicated, but it means I don’t have to check messages from multiple accounts.) For IMAP preferences, it’s also possible to keep messages on the server or not:
"The only need to keep messages on the server is if you would ever need to get to your email using webmail. I notice that one option is to keep only those messages that I’ve read, which seems backwards to me. I would think the option should be to remove the messages I’ve read and keep the ones I haven’t read (retrieved but not read). That’s the only confusing part that I can see here."
John concludes with, "The advantage of IMAP is that if you have two or more computers at home that you are using (like a laptop and a desktop) then both computers will always show exactly the same messages. Deleting a message on one computer deletes it from the other - unless the message you deleted was in a local folder. I never use local folders and I will use IMAP over POP (when possible) because I want my email on all my computers to be in perfect sync. That’s my personal choice. If you only have one computer then it doesn’t matter which protocol you use - although as mentioned in the previous note IMAP is more reliable and I think that eventually POP will go away."
Email: POP or IMAP
What's better to use, POP or IMAP for email? John Carter starts us off with this, "Google offers this explanation.
"If you’re trying to decide between using POP and IMAP, we encourage you to use IMAP.
"Unlike POP, IMAP offers two-way communication between your web Gmail and your email client. This means when you log in to Gmail using a web browser, actions you perform on email clients and mobile devices (ex: putting mail in a 'work' folder) will instantly and automatically appear in Gmail (ex: it will already have a 'work' label on that email the next time you sign in).
"IMAP also provides a better method to access your mail from multiple devices. If you check your email at work, on your mobile phone, and again at home, IMAP ensures that new mail is accessible from any device at any given time.
"Finally, IMAP offers a more stable experience overall. Whereas POP is prone to losing messages or downloading the same messages multiple times, IMAP avoids this through two-way syncing capabilities between your mail clients and your web Gmail."
Still puzzling over the POP or IMAP I found that we are signed up for POP with Commspeed and that arrangement does keep email saved on their site, up to 95.37 MB. Mail can be viewed and downloaded on either of our computers and still be viewed when we sign on to their website.
An article at www.upperhost.com/pop3imap.htm explains some of the differences. POP stands for Post Office Protocol, and works simply, sending the entire message to you. It works faster. IMAP stands for Internet Message Access Protocol, and it sends a copy to you while keeping a copy. It can sync messages, is slower but more redundant, and takes up more space.
Any other pertinent information that you've discovered, PMUG members?
Prolonging Battery Life: iPad
Jim Hamm passes this along to our PMUG members who have an iPad: "Here's a tip for prolonging battery life on your iPad.
"1. Batteries do get less effective as they get older, and 100% in a year’s time may mean half as much battery life as it does now — but there are precautions you can take to reduce the aging effects on your battery.
2. Don’t charge your battery all the time just because it isn’t at 100%.
3. Use the iPad until the battery is 100% depleted. If possible, leave it for an hour after depletion.
4. When charging, allow it to charge fully back to 100%.
5. Heat will also decrease your battery life, so take your iPad out of the case while charging.
6. Don’t leave the iPad plugged into a sleeping computer, as the battery will drain.
"By taking these steps you can ensure the battery is fully 'cycled' every time and should have minimal loss of battery life. Remember, every time you charge the device it will hold a little less charge, so avoid charging when it isn’t necessary."
Need to Use an Unsecured Wifi Hotspot?
Traveling and need to use an unsecured wifi hotspot? Jim Hamm passes along the info he's found, "Say, for example, you're at an unsecured wifi hotspot and have a need to send your credit card number to a company to buy something, reserve a hotel room, etc. over this network. Not a good idea to do this as hackers may be around to steal your card number. What to do? Here's an article that offers a possible solution using a program called 'Cloak.'
"Here's the link to the website. The use of this free service is limited to 2 hours per month, but one would only use it infrequently for transmitting sensitive information. Additional hours are available on a fee basis.
Jim will let us know more soon, "I've not used this service yet, but plan to look further into trying it."
Printer Ink: Tired of Feeding the Cash Cow?
Thanks to Prez Art Gorski for this info -- and for the clever headline! Art writes, "Here's a good article on the high cost of inkjet printing. As usual, I recommend that members talk to our friends at http://think4inc.com before buying a new inkjet printer."
Movies, Word Processing, Time Machine
Does it seem like there's always more to learn? Oh, yes, but it's fun on a Mac. At PMUG we call "learning"-- "opportunity." And April brings a bunch.
First, look at the PMUG site, www.pmug.us and see the Calendar. John Carter is our April speaker with his topics: Time Machine, the first hour, and Word Processing Software, the second hour. Note, too, his 2 Digital SIGs.
John also did an hour presentation for the combined Mac and PC group on March 24. He's generously posted his topic "Online Movies for Movie Addicts; " go under www.pmug.us/tips-n-tricks to find the link. It's password protected for members, so you'll go to About Us, scroll down to Contact Us, then click on Webmaster to email for the password.
From Problem to Solution
Having a Problem Downloading New Software?
Is your ISP Cable One?
Do you have a Motorola Cable Modem?
Howard LaPittus wants you to know what to do. (Yes, believe it or not, he wrote a technical article, what is the world coming to?) So, from problem to solution, let's hear from Howard. "If you answered yes to all of the above questions and you have the Firewall Protection checked as Enable in the set up of the Motorola Modem this could be the cause of the problem. "To solve this issue put in your browser http://192.168.0.1 and you will come to the Motorola Login page. User name: admin, Password: motorola. (Both Login and Password is lower case) Click the login in button and at the top of the next page click on Firewall. On that page you will see Web Features and if Firewall Protection is checked Enable, uncheck and Apply. Log out and now you’re now good to go. "Thanks to the suggestion made by John Carter, I contacted Cable One to have my line checked for static, which could cause problems download. I spoke to a Cable One technical representative who was very knowledgeable about Mac computers. He did find a problem with the line, and I did not have a clean connection. He said that is was caused by having the firewall enabled on my Motorola modem. Yes, Motorola and Macs sometimes to do play together well." (So, Howard, all I had to do was put in a few commas.)
Online Movies Topic To Be Presented
With his topic about online movies John Carter will speak at a joint meeting of PMUG and the PC computer club. Here's what John says, "Watching movies online can be either an exhilarating or a disappointing experience. Learn how to make it the most enjoyable experience possible. Discover the tips and tricks for downloading, streaming, viewing subtitles, and building a movie library. Find out where to get the highest quality movie. Find out what's okay and what's wrong with Torrents and file sharing. Learn how to protect yourself from lawsuits over copy protected videos."
The meeting will be Saturday, March 24 from 1 to 3 pm in the Prescott Public Library. John's presentation is the first hour. The second hour speaker will be Andy Reti from the PC group, discussing YouTube.
John describes that topic: "Over the last seven years of its existence YouTube has become part of our culture. From funny videos to excerpts from operas, YouTube is providing access to a wide variety of videos. YouTube has played a significant part in spreading the word on uprisings around the world, from the Arab spring to the current bloody violence in Syria. During this hour Andy will present the many uses of the YouTube platform. He will show you how to upload your videos to YouTube, and how to search for videos on specific topics. You'll also see some of the most astonishing and unforgettable videos on YouTube."
iPad Used in Many Commercial Places
Here's a blurb forwarded from Jim Hamm from an article http://www.macobserver.com/tmo/article/ipad_squashes_laptops_on_way_to_world_domination/ on different ways the iPad is being used in a commercial basis. Jim grins, "Just imagine walking into a restaurant and the maitre de saying, 'your iPad will be right with you.'"
This article says, in part, "In the same way, restaurants are increasingly using iPads as a substitute for printed menus, even allowing customers at a table to place orders, largely eliminating the need for a waiter. A recent article in The New York Times makes clear just how far and how fast this cultural shift is occurring in still other areas:
"Macy’s is testing cosmetics stations where tablets offer reviews and tips. At C. Wonder, shoppers use a touchpad to personalize the lighting and music in dressing rooms…Nordstrom [has] introduced an app [that customers use] while shopping at Nordstrom rather than approach the sales staff. Nordstrom has added Wi-Fi to almost all its stores, in part so its app will work fast, and is testing charging stations and clusters of iPads and computers. Samsung [has been] considering adding iPads that offer live video chat with a Samsung salesperson at stores like Best Buy.
"While some may lament the loss of human interaction (and possibly jobs) that this shift may engender, I doubt such concerns will slow down the locomotive."
Here's More on Security & Privacy
Ward Stanke passed along more info when he spoke at yesterday's PMUG meeting than his printed handout showed. Be sure to check out Mozilla Firefox because it gives you good choices for security and privacy. Look at 1Password for a utility to create and store unique passwords. See it at https://agilebits.com/onepassword/mac .
Look here about opting out of ads that are tailored to your Web preferences and usage patterns: http://networkadvertising.org Their policy is that all NAI member companies set a minimim lifespan of 5 years for their opt out cookies.
Take a look at this interesting possibility: http://pobox.com/ You can use a custom email address that you'll own for life.
Scroll down for Ward's handout reproduced in this newsblog.
Appreciating Others
If you missed yesterday's PMUG meeting here's my handout:
Appreciating Others
Well, Mac users, what better use for your skills than to write something on the computer -- writing that can be in different fonts, different sizes, different layouts -- and today I want you to consider writing that expresses your appreciation for someone.
Your skills, abilities, and experiences can put you in a position to show appreciation to others. You can find words and even punctuation to assemble a writing that someone will be surprised to receive!
Birthdays, promotions, graduations, heading into new territory, going into the hospital, the university, the armed forces, etc. these are but a few opportunities for you to gather up words in a picturesque way. Got a color printer? Add photos or illustrations. Got only black ink? Buy some pretty paper at Staples or OfficeMax. You can find a variety of certificate paper, too. Consider: your printer might not handle metallic paper.
Here are some suggestions. Write something. Let it rest until tomorrow. Go at it again and see what improvements your clever brain has thought of over night.
Certificates
A poem, rhyming or not
Parodies
Old songs with new words
ABC list of the person’s great qualities
Achievements
75 reasons why you deserve a special birthday celebration. (I wrote 16 and repeated them!)
Bragging on your kids to your siblings
Bragging on your siblings to your kids
Encouragement that’s descriptive
Acrostic poems don’t have to rhyme, just start with a letter of the alphabet that spells something going down from the top line.
An acrostic from the middle of words lined up to describe this special person’s qualities
Declare an imaginary holiday to celebrate any special occasion
My niece argued a case before the court in Boston, and the video was put out by her college there. Yes, I could have just emailed, “good job, Teresa!” But why not make my compliment clear. Besides emailing her we sent CC to her mom and dad: “Don and I watched the Flip4Mac program that brought up the video from Teresa in court. We brought the picture up to full size on our big screen. Ed and Deb, you must be proud of Teresa and Andy for both going into law. You did a good job raising those two cute little kids. Teresa looks confident and well-prepared. She speaks clearly and carefully, making her points understandable. We enjoyed watching her.”
The emails went first, of course, but then a nice printed-out piece of paper went to brother Ed and his wife Deb —and Teresa— via the post office.
Pages makes it easy. Fonts make it fun. Here’s a couple of examples to nudge you into action. Click to enlarge this screen shot:
Explore what you can do with all those words you’re accumulating! Surprise someone!
Of course, save a copy on Mac. Make a folder for this writing and associated correspondence. You can drag an email to the folder. Do Command + “i” when you highlight the title of this new document. Put some key words at Spotlight Comments which will make this new writing easier to find next time.
So, 2, 4, 6, 8 who do you appreciate? Have you told this person recently? This is a good time to let Mac help you do a nice job of giving compliments!
PRACTICAL. INTERESTING. MACINTOSH!
About iPad -- Of Course!
What did you expect to read in the news today? The iPad is here, of course. Jim Hamm is grinning as he informs us that Zee's new iPad is due in today, and her new case was delivered at 7 pm last night. "I have no plans to abandon my iPad 2, but as Jason (Snell) cautions, I haven't see the new retina display yet. Wonder if I could talk Zee into swapping with me."
Jim refers to this by Jason Snell, MacWorld. And he has found a peek inside the new iPad here. Jim remarks, "It is mostly battery, with a small logic board, small electronic parts, and lots of adhesive. I wonder, when they try to reassemble this, will it work again?"
You'll find lots of news stories about today's debut at the Apple Stores. Here's one other article.
Today is (drumroll, please) . . . !
Today is International Wait in Line for Your New iPad Day, according to one news report. Maybe you saw the small posters at our WalMart today? It's on sale tomorrow. Jim Hamm found this review, and there's 15 large photos to show the features, and 103 comments by people who put their 2 cents in.
The new iPad video and TV ad is shown here, and more info is here.
Connecting to Wifi When You're Traveling
Almost time for a vacation? Jim Hamm wants us to know about connecting to wifi and SNR (signal to noise ratio). He informs us, "When traveling, I'm trying to connect to wifi access points in RV parks and motels with my computer, often with poor success. I may show a good RSSI (Received Signal Strength Indicator) but yet have a poor connection to the net. In other words, a strong wifi signal, but perhaps unable to connect to the internet. The problem may be too much 'noise' interfering with the signal. To determine this, you need to calculate the signal to noise ratio (SNR)." Jim goes on to explain, "In the RV park I'm presently in I have a very good SNR. The signal strength is -49 dBm and the noise level is -95 dBm -- a spread of 46, which is good. The minimum spread show be at least 20 dB. I'm using a wifi booster, the Engenius EOC 1650, which gives a lot of detail about all the various wifi signals that show up in the park. Even with this, the download speed is slow (that's all the vendor provides), but I can connect and use the internet okay. "Here is a review of the Engenius EOC 1650. It's available on Amazon. "There are other similar wifi boosters available, and some plug directly into a USB port on your computer. The Engenius booster requires electricity and plugs into your computer via an ethernet cable. "Following is an article explaining more about this. At the end are some links you might look at to help you get the SNR ratio,".Jim suggests. When performing a radio frequency (RF) site survey, it's important to define the range boundary of an access point based on signal-to-noise (SNR) ratio, which is the signal level (in dBm) minus the noise level (in dBm). For example, a signal level of -53dBm measured near an access point and typical noise level of -90dBm yields a SNR of 37dB, a healthy value for wireless LANs. Don't let the unit "dB" throw you -- it merely represents a difference in two logarithmic values, such as dBm. SNR Variance Impacts Performance The SNR of an access point signal, measured at the user device, decreases as range to the user increases because the applicable free space loss between the user and the access point reduces signal level. An increase in RF interference from microwave ovens and cordless phones, which increases the noise level, also decreases SNR. SNR directly impacts the performance of a wireless LAN connection. A higher SNR value means that the signal strength is stronger in relation to the noise levels, which allows higher data rates and fewer retransmissions -- all of which offers better throughput. Of course the opposite is also true. A lower SNR requires wireless LAN devices to operate at lower data rates, which decreases throughput. I recently ran user-oriented tests to determine the impacts of SNR values on the ability for a user to associate with an 802.11b/g access point and load a particular webpage. For various SNRs, here's what I found for the signal strength (found in the Windows radio status), association status, and performance when loading the http://wireless-nets.com/staff.htm webpage from a wireless laptop. To ensure accurate comparisons, I cleared the laptop's cache before reloading the page: 40dB SNR = Excellent signal (5 bars); always associated; lightening fast. 25dB to 40dB SNR = Very good signal (3 - 4 bars); always associated; very fast. 15dB to 25dB SNR = Low signal (2 bars); always associated; usually fast. 10dB - 15dB SNR = very low signal (1 bar); mostly associated; mostly slow. 5dB to 10dB SNR = no signal; not associated; no go. These values seem consistent with testing I've done in the past, as well as what some of the vendors publish. SNR Recommendations Based on this testing, I recommend using around 20dB as the minimum SNR for defining the range boundary of each access point. That ensures a constant association with fairly good performance. Keep in mind that the corresponding level of performance only occurs at the boundary of each access point. Users associating with access points at closer range will have higher SNR and better performance. When measuring SNRs, be sure to use the same radio card and antenna as the users will have if possible. A variance in antenna gain between the survey equipment and user device will likely result in users having different SNR (and performance) than what you measured during the survey. Changes made in the facility, such as the addition of walls and movement of large boxes, will affect SNR too. Thus, it's generally a good idea to recheck the SNR from time-to-time, even after the network is operational. http://www.metageek.net/products/inssider/ http://istumbler.net/ (for Mac) http://www.softpedia.com/get/Network-Tools/Network-Monitoring/NetStumbler.shtml (for PC)