2012-05-01

2012.05 Editorial: Off the Mousepad

By Holly McEntee

Hi everyone! We had a really spirited meeting on April 18, with several members chiming in to both help answer questions raised during the first hour and during Dave's presentation on e-books. (See below for a summary.) That's great, we love audience participation — a users' group is all about users helping each other! But now we on the board need your help in a different venue: While the board members have a lot of knowledge among us, we don't know everything (gasp!) and sometimes we receive excellent suggestions for Mad Mac presentations that none of us know anything about. In the newsletter two such topics are offered, and we're interested in any members who can help us out by doing presentations on them. Don't be shy — we're all friends at Mad Mac!

During the 6:00 Q&A at the April meeting a member alluded to the "voice recognition" capabilities on his iPad 3 and asked if there was an Apple-branded voice-to-text app available. A couple of members mentioned Dragon and MacSpeech, but the general consensus that no such app existed. The next day I got an e-mail from the member who explained that what he'd assumed was voice-to-text software was, in fact, Siri: the microphone icon disappeared when he disabled WiFi. (He did not have 3G capability enabled.) So for those who were hoping for an Apple-branded iOS voice-to-text app, you'll have to wait a bit longer.

Ho hum, on April 24 Apple announced 2nd quarter revenue of $39.2 billion and a quarterly net profit of $11.6 billion. Ye gods! I tried putting these numbers into perspective somehow to try and get my head around them, but no luck even with multiple internet searches (some of which led me into very strange territory, indeed...).* Makes the $25 million raised by a local public figure seem downright paltry. On that note, remember to participate in the primary on May 8. You should always welcome the opportunity to exercise your right to vote. For information on voting locations in Madison visit
http://www.cityofmadison.com/election/voter/where.cfm

I hope to see you at the meeting next week!

Sincerely,
Holly

*Info supplied by membership coordinator: The total equalized property valuation of the City of Madison was $21,965,2211,700 in 2011. In other words, Apple made enuf money in 3 months to buy the whole city and still have enuf left over to match the entire economy of Afghanistan.

2012.05 News: Results of Board Elections

At the April 18 membership meeting a motion was set forth by member Calvin Bruce and seconded by member Barbara Leuthner to elect the proffered slate of nominees, as all were unopposed, for the following board positions as presented. The following were so elected by a unanimous show of hands:
  • President - Dave Weston
  • Vice-President - Robert "Doc" Huntington
  • Secretary - Holly McEntee
  • Treasurer - Raul De Luna
Our deepest appreciation to outgoing president Chico Mitchell for his years of service!

2012.05 Announcement: Volunteers Needed!

The Mad Mac board is seeking volunteers among the Mad Mac members (and even those who aren't members) to step up and share your knowledge and familiarity on the following topics, which have been suggested as meeting presentations:
  • a compare-and-contrast demo of Windows 7 (on a non-Mac) vs. Parallels or Bootcamp on the Mac. How close are they?
  • genealogy software for the Mac
If you have experience with the topics above and are willing to share it with your fellow Mad Mac members, please contact any board member. If you've never done a presentation in front of a group before, we'll help you get ready and will supply the barf bags. (Just kidding!)

2012.05 History: April Q&A (Selected)

Dave Weston, Quizmaster

Q: Recently there was a lot of coverage (newspaper, websites) about a new Mac virus that seemed to be a real threat. What do I need to know?

A: The recent Mac "virus" was actually a Java trojan that connected infected Macs to a server that allowed hackers to connect to the infected machines, upload and download files, take screenshots, and even take over the infected machines. A followup trojan used a security flaw in pre-2008 Microsoft Word to infect Macs. Apple issued an update to Java via Software Update to combat the first trojan, and updating your version of MS Word / Office will protect your Mac from the second.

Q: What is Java, anyway? Is it the same thing as JavaScript?

A: Java is a cross-platform programming language or engine that is used to code tools that work in a web environment. Java is what makes parts of complex webpages work, say for example drop-down menus from which you can choose your state of residence or your gender (if you're filling out an online survey). JavaScript is minimally related to Java, but contains a smaller, simpler set of commands and tends to be easier for first-time programmers to learn. However, JavaScript apps are compiled at runtime (when you open a webpage), whereas Java apps are compiled prior to runtime.

Editor's note: For more information visit: 
   http://tinyurl.com/2wst7lj
   http://tinyurl.com/c5rzte5


Q: What is that weird square picture you see on ads and coupons? It looks like a UPC symbol.

A: It's called a Quick Response Code, or QR code for short. It was first invented by a subsidiary of Toyota to track vehicles throughout the assembly process. It's now widely used for advertising purposes, thanks to the ability of smartphones to "read" the patterns in a QR code like a UPC symbol and link viewers to a company's website for product information and coupons or deals.

Q: I have an old "hockey puck" mouse that is finally dying. I love it and want to find a replacement. Any suggestions?

A: State agencies use a service called Surplus With A Purpose (SWAP) where they can send unwanted or outdated equipment to be sold to other state agencies or members of the public (Friday mornings only). It is not unusual for older Mac equipment to appear at SWAP. You can check out the inventory at:
   http://www.bussvc.wisc.edu/swap/swap.html. 
Try searching on eBay as well. Any USB mouse should work with the iMac that came with the "hockey puck".

2012.05 History: April Feature: E-Books

Presented by Dave Weston, summarized by Holly McEntee

What are e-books? First Dave helped us understand what e-books are not:
  • e-books are not audiobooks. These are sound files (e.g. .mp3, .mp4, .wav).
  • e-books are not text files (like TextEdit, Pages, or Word documents).
  • e-books are not web pages (like reading the first chapter of a book sold by Amazon)
  • e-books are not PDFs. (Portable Document Format files provide an electronic image of text or text and graphics that looks like a printed document and can be viewed, printed, and electronically transmitted.)

Dave then explained that an e-book is a new type of computer file that presents the contents of a traditional hardcopy book in a digital format that is accessed by a handheld device or computer and allows a high degree of interactivity. While gaining in popularity, the e-book industry is still in its infancy. Traditional book publishers are struggling to maintain control over the distribution of, and the prices that can be charged for, e-books. This has resulted in different e-book formats, each proprietary to specific e-book readers. (Moby and ePub are the most popular e-book formats at the moment.) Specifically, it is the copy-protection component of e-books, known as Digital Rights Management (DRM), that differs between e-book publishers and sellers. This is why not all e-books work the same on iPads, Kindles, Nooks, and other e-book devices. There are apps that allow devices to read e-books that use other companies' DRM software — for example, there is a Kindle app for the iPad that allows iBooks to read Kindle e-books purchased through Amazon.com. However not all apps exist for all devices, and even where they do the user is forced to own multiple apps just to read their e-books. Also, due to the different file formats a third-party app such as Calibre is needed if you want to organize all of your e-books simultaneously.

The advantages of e-books were noted, including:
  • the reader can change the font size (helpful to those with aging eyes),
  • the lighting can be adjusted on the e-book device to the reader's comfort,
  • several dozens or hundreds of books can be carried around at a time in the e-book device (as opposed to toting several heavy tomes hither and yon), and
  • e-books of course use no paper in their production (The environmental friendliness of this aspect is mitigated somewhat by the fact that e-book devices use electricity, contain metals that must be mined from the Earth, and are shipped to the US from halfway around the planet. Oh, well.)

It was noted that several schools, from grade schools to universities and tech-school programs, are moving to using e-books for their textbook needs. Embedded images, audio files, and weblinks to practice exams and discussion forums are among the features that lend themselves well to textbooks.

Dave briefly demonstrated how one could create an e-book from existing text documents, scanned images of hardcopy books, or within special e-book-creation apps. For example, the iWork app Pages has the ability to format text documents created within it to the ePub format ... which, coincidentally, is the e-book file format used by iBooks. The free app iBookAuthor (only available for OS Lion, and not for iOS) lets the user create textbooks with full color pictures and interactive content, although there are some limitations. We did not have time to talk much about e-publishing (the ability for authors to publish their work electronically without having to rely on book contracts with publishing houses) but suffice it to say that e-books and e-publishing give a greater flexibility to new authors and authors in speciality genre niches to actually get their work into the hands of readers.

The general consensus is that the concept of e-books is tremendously exciting, and as the industry matures we can expect the stability of the e-book format to improve, the variety of books available as e-books to expand, and for e-books to generally take hold in our daily lives the way so many other digital media have done.

2012.05 Article: Make Your Own Spam Filter Tool with Your iPhone

By Jeanne Gomoll

We've entered the horrible season of robocalls and polls. The many loopholes in the do-not-call (DNC) rules allow advertisers, pollsters, charities, and businesses to call you anytime. Anyone and any company with whom you have done business may call you even if you have placed your numbers on a state or federal DNC list. And of course all charities, political groups, and pollsters can call you, even if (or especially if) you make regular donations to their cause, even if you have begged them not to call you.

I may get more spam calls than most people. I own a home-based business and my phone number is on the web. Also, I've set up my phone system so that all phone calls made to my land-line phone are automatically forwarded to my iPhone. During the last election week, I received an average of 2 political calls every hour.

Since the DNC lists didn't seem to be helping, I decided to do something about it myself. Here's what I did:
  1. An unknown number shows up on my iPhone's screen. Since I run a business, the unknown caller could possibly be a potential client. I give the caller one chance and answer it. If it turns out to be a spam call, I end the call as quickly as possible, or simply hang up on robocalls. Then....
  2. I go to my iPhone's list of recent phone calls and click on the right-pointing arrow to the right of the telephone number I've identified as spam.
  3. On the new window that opens up, I scroll down and select "Create New Contact".
  4. I create a new contact which I call "Spam". (I have to do this only one time.)
  5. I give the new contact a unique ring tone. (I've chosen "Sonar" for mine. The sound of a deadly, invisible U-Boat seems appropriate.)
  6. Next time I get a call that I identify as spam, I do not create a new client. Instead, I tap on "Add to Existing Contact".
  7. Then I add the new telephone number to the "Spam" listing. How many phone numbers can you add? So far, it does not appear that Apple imposes a limit on the number of phone numbers a single Contact name can have. So far, I have entered 170+ telephone numbers to my "Spam" contact. I guess if I ever do run up against a limit, I will just create a new contact called "Spam2" with the same ring tone.

So, when my phone's sonar sounds off. I can hear it from several rooms away if I don't happen to have my iPhone close to me. And (joy!) I know that it's not necessary to run to get my phone and answer. This system works great, and it only takes a few seconds to add a new telephone to the spam listing. Once the system is in place, you need never answer a call from that number again. If they really need to tell you something, they can leave a message. I figure if it turns out I've mistakenly labeled a good guy as spam, I can always remove them from the spam contact list. But that hasn't happened yet.

Now I wish I could set up a spam filter tool to protect me from unwanted text messages! 

2012.05 Article: How to Tell If Your Cloud Provider Can Read Your Data

By Rich Mogull in TidBITS (Excerpt only. Read full story here.)

With the tremendous popularity of services like Dropbox and iCloud there is, rightfully, an incredible amount of interest in cloud data security. Sometimes it’s hard to figure out exactly who can look at our information, especially since buzzwords like “secure” and “encrypted” don’t necessarily mean you are the only one who can see your data.

In part because there are numerous ways cloud providers could protect your data, the actual implementation varies from service to service. All consumer cloud services are what we in the cloud world call public and are built for multi-tenancy.

A public cloud service is one that anyone on the Internet can access and use. To support this the cloud providers need to segregate and isolate customers from each other. Segregation means your data is stored in your own little virtual area of the service, and isolation means that the services use security techniques to keep people from seeing each other’s stuff.

Practically speaking, multi-tenancy means your data is co-mingled with everyone else’s on the back end. For example, file-storage services intermingle everyone’s files and then keep track of who owns what in the service’s database. Some, like Dropbox, will even store only a single version of a given file and merely point at it from different owners. Thus multiple users who happen to have the same file are technically sharing that single instance; this approach also helps reduce the storage needed for multiple versions of a file for a single user.

Although multi-tenancy means co-mingling data, the cloud provider uses segregation techniques so you see only your own data when you use the service, and isolation to make sure you can’t maliciously go after someone else’s data when you’re using the system. The cloud provider’s databases and application code are key to keeping all these bits separate from each other. It isn’t like having a single hard drive, or even a single database, dedicated to your information. Multi-tenancy is used for files, email, calendar entries, photos, and every other kind of data you store with a cloud service.

A multi-tenancy architecture has two obvious problems. The first is that if there’s a mistake in the application or database the service runs on, someone else might see your data. There is a long history of Internet sites (cloud and otherwise) inadvertently allowing someone to manipulate a web page or URL to access unauthorized data, and the bad guys are always on the lookout for such vulnerabilities. The second problem is that the cloud provider’s employees can also see your data. Yes, the better services usually put a lot of policy and security controls in place to prevent this, but it’s always technically possible.

One way to mitigate some of these concerns is with encryption, which uses a mathematical process coupled with a digital key (a long string of text) to turn your data into what looks like random gibberish. That key is necessary to decrypt and read the data. Most cloud providers use encryption to protect your Internet connection to them (via SSL/TLS — look for https URLs) so no one can sniff it on the network. But encrypting data in transit is only half the battle — what about your data in the provider’s data center? Encryption of storage is also necessary for any hope of keeping your data secret from the cloud provider’s employees.

Some providers do encrypt your data in their data center. There are three ways to do this:
  1. Encrypt all the data for all users using a single key (or set of keys) that the cloud provider knows and manages.
  2. Encrypt each individual user’s data with a per-user key that the cloud provider manages.
  3. Encrypt each individual user’s data with a per-user key that the user manages.

Each has advantages and disadvantages, trading security for convenience. There are three different (but similar) indications that your cloud data is accessible to your provider:
  1. If you can see your data in a Web browser after entering only your account password, the odds are extremely high that your provider can read it as well. The only way you could see your data in a Web browser and still have it be hidden from your provider is if the service relied on complex JavaScript code or a Flash/Java/ActiveX control to decrypt and display the data locally.
  2. If the service offers both Web access and a desktop application, and you can access your data in both with the same account password, odds are high that your provider can read your data. This is because your account password is also probably being used to protect your data (usually your password is used to unlock your encryption key). While your provider could technically architect things so the same password is used in different ways to both encrypt data and allow Web access, that really isn’t done.
  3. If you can access the cloud service via a new device or application using your account user name and password, your provider can probably read your data. This is just another variation of the item above.

Last year it was widely reported that Dropbox accidentally allowed any user access to any other user’s account. With iCloud I have a single user name and password. It offers a rich and well-designed web interface where I can manage individual e-mail messages, calendar entries, and more. I can register new devices and computers with the same user name and password I use on the website. Thus, from the beginning, it was clear Apple had the capability to read my content. That doesn’t mean Dropbox, iCloud, and similar services are insecure. They generally have extensive controls — both technical and policy restrictions — to keep employees from snooping. But it does mean that such services aren’t suitable for all users in all cases, especially businesses or governmental organizations that are contractually or legally obligated to keep certain data private.

There are services that offer users flexible encryption (and thus more security). If you want to be certain that your data are safe from both attackers and the cloud provider’s employees snooping, look for services that offer additional options for encrypting data, either with a password or an encryption key known only to you. If such an option isn’t available at the next cloud service you check out, you’ll know that the provider’s employees could technically read your data. And when the next big story of a cloud provider reading data hits the headlines, you can smugly inform your friends that you knew it all along.