Month: July 2012

On the Road Again…

Jul
19
2012

Yup, I’m on a train again.

As many of you already know, I prefer the trains to the airlines these days because I can get much more done, and it’s much more comfortable to boot. Strip-searches at the TSA Checkpoints aside, the seats are roomier, the view is better and the cafe car is open nearly the whole trip.

But, back to the blog, there are a few things that you should be thinking about when traveling with your Mac that revolve around security. Today, let’s talk about digital security while you’re on the road with OS X or iOS.

Specifically, let’s talk connectivity. When you’re traveling, there is a huge temptation to use all those free wifi hotspots you come across. If it is at all possible for you to avoid them, do so.

Let me repeat that – never connect to a free wifi hotspot unless you know for absolute certain who owns it, who’s on it, and what the vendor is doing with the data you send across it.

Public wifi sounds like a great idea, but the current state of our technology – at least here in the US – doesn’t allow you to be sure that “ATTWiFi001″ is actually a hotspot created and maintained by ATT until you’re already connected to it. Even when you know it’s a free carrier hotspot, you have no idea who else is on that same connection with you, and how much control they’ve carved out for themselves.

What that means is that an attacker can already be connected to your device before you know that they’re there. They’ve got the ability to start introducing malware and doing all forms of nasty stuff. Added to that, if you send or receive information across the network (which is, of course, the whole point), then the attacker can see all of that traffic “in the clear” and gain personal information from you as you surf. While SSL (secured) connections can remove some of this risk, if you’re on a hostile wifi hotspot then this tech cannot completely protect you.

A much safer bet is to use your own personal hotspot. Most iPhones can perform that function (for an extra fee to your carrier), and most wireless carriers also have stand-alone devices that can provide connectivity over their networks when you’re out and about. This gives you direct connectivity via a wifi access point (the device) that you know is connected to your carrier, and not an unknown access point.

If that’s just not possible, then protect yourself. Use a personal VPN service like WiTopia to shield your connection and the data going over it. While not totally foolproof, the idea of this kind of tool is to encrypt your data traffic from your laptop to one of their data centers. Once there, the traffic is allowed to enter the internet just like normal, but anyone listening in on the wifi hotspot you’re connected to will see gibberish.

These services are not free, but WiTopia is reasonably priced (US$50/year) for personal use. They’re great for that extra level of protection when you’re stuck using a network you just don’t have a good feeling about.

Note that WiTopia is just one of several providers of these services. I have used them for about a year now, and haven’t had any issues, but they’re not the only game in town. Ask around to see who the best fit is for you in your geographic region and for the type of things you do online.

Have fun on the road. Stay safe, think smart, and always suspect that “free” wifi hotspot you just picked up.

By Mike Talon •
HowDoI?, Security
0

What’s in a Frame?

July 19, 2012

By Mike Talon
in Dos and Don’ts, General Info
No Comments

So you’ve been reading along on this and other blogs, and you’ve begun crafting your image in Social Media. What about your literal *image* in Social Media – your icon, avatar, profile picture, etc.?

One of the very first things people see when they look at your tweets, posts, and pages is your picture. And they can often tell more than you want them to from just that one small icon. So what image will you choose to represent yourself?

First things first, you MUST change this from the default image for Twitter, Facebook, Pinterest, etc. Do not go with the default egg, shadow, outline, etc. no matter what. Using the default brands you instantly as someone who’s either fake (a spammer, temp account, etc.) or else someone who just has no clue at all how Social Media works. Neither of those images will help you build your brand or your business, and getting tagged as a probable spammer will actually hurt your cause.

Let’s look at a couple of the ins and outs of the more common methods out there:

Photos:

Photos can work quite well for professional use of Social Media. Your customers can see you for you! Remember to go for something that reflects the industry you’re in, however. I have seem Twitter icons that were supposed to be for very high-end legal partners who were hanging off the back of a “party boat” – probably not the image they want to be most closely associated with for business use. If it is, great, but if it’s not then you need to get a picture of you at work or a headshot of you in a suit.

Caricatures:

This one is very popular, and the method I use myself. Having a drawing or cartoon made from your photos can be a great way to allow you to put your face online without actually putting your real face online. As with photos, you want to ensure that the drawing lines up with the image you’re trying to portray for your business, but with the cartoonish caricatures, you have quite a lot of leeway there.

Images/Artwork:

If you prefer not to use yourself, you can always find a picture or photo of something that works well to represent your business. Maybe a picture of a green meadow if you’re an environmental firm, or a gavel for a legal firm. Maybe just some abstract image if you’re not sure which way you want to go.

Two things to watch out for: First, make sure you have the rights to use that image. It either needs to be something you paid for, or something you can license under Creative Commons or the Public Domain laws for your country. Using an image that’s copyright to someone else can get you in trouble fast, and in debt in some cases. Secondly, ensure that you can get a copy of the image downloaded to your hard drive. You do not want to only have a copy of the image on a web server if you can avoid that, as web servers can change or go offline without warning – especially if they’re not your own web servers.

Logos:

Using a business logo is a pretty straight-forward way to get your brand across before anyone even reads your tweets and posts. The only drawback here is that – unless you own the company – you may not have permission to use that logo for your own icon/picture. Make sure you check with the powers that be, lest you become an employee who was.

If you do get permission, then your can use the logo itself, or better yet you can incorporate your logo into one of the other types of icons/photos mentioned here. For some of my accounts, I use a simple graphics editor to place a small version of the company logo in the lower-right corner of my cartoon-y picture.

Another note specific to logos, not every logo works well here. The preferred logos for use as your picture are square or very nearly so. Wide logos will get cropped by Twitter and other services, making you look much less professional by showing a blob of unidentifiable text/graphics instead of what you’d hope they’d see.

So put your best face – or something other than your face – forward. Remember to make your icon reflect who you are, and who you want people to see you as. Also remember to always get the appropriate permission before using copyright or trademark images, and make sure they’ll fit in the space allotted for your photo/icon.

FYI, if you want a great artist who can make a caricature or image for you, check out Woody at GUComics.com – he’s the guy that did my profile image, and I can recommend him personally without hesitation.

EPEAT and Apple

Earlier this week, the media in general erupted with news that Apple was no longer going to register their company or products with the Environmental Product Evaluation and Assessment Tool (EPEAT). On the surface, this might sound like Apple is taking another step to say “screw you” to the environment, but it’s really not.

Now, before people start flaming me to death, I’ll be the first to admit that Apple has some non-eco-friendly policies. Their sourcing and manufacturing leaves a lot to be desired when it comes to that point, however this particular announcement does not add to that score at all.

EPEAT – for those who’ve never heard of them – is a non-governmental-organization that was started with funding from the US Environmental Protection Agency. The goal of the organization is to allow buyers, sellers, resellers, and consumers of electronics some way to register and track the ecological impact of the products they make and use. That’s great, and a wonderful way to show the community that your company has an eye on their eco-bottom-line as well as their monetary bottom line.

Apple, however, has policies which exceed those required by EPEAT, and in some cases do so in ways that don’t fit into the certification. I’ll let you read up on EPEAT as much as you want at their website, but wanted to point out a few things Apple is already doing which impact electronics recycling and the environment in general:

1 – Apple has taken many steps in recent years to make their business more eco-friendly. Smaller packaging, more efficient manufacturing and better energy efficiency are just the tip of the iceberg. Read more about that here. They’re still far from a stellar player in environment-friendly manufacturing, but they’re working on it.

2 – Any Apple Store will take in Apple computers for recycling – free of charge. As a matter of fact, if you bring an Apple computer (no matter how old) into a store that still has some monetary value, they’ll give you a gift certificate to use toward the purchase of new gear. The same goes for iPhones, iPods and iPads – and with phones they’re promising at least a 10% discount on new gear, even if the device is too old to be resold.

3 – Apple also allows you to bring in ANY PC or mobile phone and get at least a 10% discount, with them recycling the old gear for you. So they’ll recycle your old gear even if they didn’t sell it to you originally.

4 – All of these offers also work by mail. For larger gear (PC’s, Mac desktops and Mac Laptops) you’ll have to pay postage. For smaller items like phones and iPod’s, Apple will pay the postage.

You can get details on all of these recycling programs from the Apple Recycling Program page.

So, while Apple still has a way to go before anyone starts calling them an “eco-friendly” corporation; this particular issue is not something they should be faulted on. They already offer manufacturing and recycling options in excess of the EPEAT guidelines, so it didn’t make a lot of sense to spend a large amount of money for the re-certifications. They can, and do, make the information freely available on their website.

This was just one case where the perceived benefit of renewing the certifications far outweighed the expense in time and money that Apple would need to put out to do so. As long as they keep publicly and freely showing how they exceed the requirements, I can’t find fault here.

FYI: You can read Apple’s statement to TheLoop about the EPEAT issue here.

Twitter is Circling The Wagons

July 11, 2012

By Mike Talon
in General Info
No Comments

With two recent news stories (both encapsulated in this article), a trend is beginning to take shape in how Twitter is planning on dealing with users viewing, creating and managing tweets outside the Twitter-native clients and website.

Twitter wants to end that.

This is a rather short-sighted plan, and will no doubt hurt Twitter in the long term, but what does that actually mean to the average user?

First, it means that automatic cross-posting of tweets to LinkedIn is coming to an end. There are still third-party ways to perform this kind of action, but the officially-sanctioned methods are being shut down. Generally, since Twitter and LinkedIn are used for two very different audiences, that’s not a problem. However, for Information Workers using both services, it could be a bit of a hassle.

Secondly, Twitter looks as though they are trying to curtail the ability of third-party developers who want to create Twitter clients on various platforms. Instead, Twitter would prefer if everyone used their official clients for Windows, Mac, iDevices, Android, etc. or else used the Twitter website.

Why would they do that? Simple, they want money. Advertising and sharing of bulk data from their network are how Twitter makes their cash, and third party applications can skew those funding sources a bit. A non-Twitter client may not properly report all the information Twitter wants to sell to people, and may not show all the ads and sponsored tweets that Twitter wants advertisers to buy into.

Granted, if there’s one lesson that a decade of DVR’s and years of non-ad-supported pay-for-download content services have taught, it’s that users hate ads. The “digital generation” would rather spend hundreds of bucks on Tivos or rent/buy media through iTunes than watch it on ad-supported networks. This hasn’t, however, stopped advertisers from trying to load shows with more ads in some kind of futile game of cat-and-mouse for our eyeballs.

Twitter knows they need to sell ads to make money, and anything that can reduce that ability must be ended, quickly. Cross posting to and from LinkedIn was the first thing to get stopped – an opening salvo in the ad war over social media. Reduction of functionality for third-party clients appears to be the next step, even though that hasn’t been brought to bear just yet.

So what can you do? You could get used to using the native Twitter applications. They’re not horrible, and they may do what you need. If not, you can vote by letting Twitter know you’d be willing to pay for a premium service offering that lets you use any client that you want. If enough folks say they’d pay for that option, Twitter might find that appealing and make it happen.

Make no mistake, Twitter *will* reduce the functionality of third-party software. It’s the only way they can make money, and like any other business in the world; their goal is to make money. You can vote with your wallet, or you can get used to using the service for free in only the ways they say you’re allowed to. Your choice.

I, for one, would be willing to pay for an open Twitter platform. I could cough up US$3-5/month for a service without restrictions. But that’s just me. What do you think? Sound off in the discussion section!

Hardware Hiccup? Try Resetting the SMC

Jul
3
2012

Today I ran into an interesting issue. I booted up my Mac this AM as I had needed to shut it down last night since it was going to be quite warm in the room where I keep the computer with the air conditioner off. After letting the AC cool the room down, I turned it back on as normal. On boot, it was ok, but within about 5 minutes the fans went into ballistic overdrive mode and began to sound like a small airplane was about to take off.

I immediately checked the internal temperature sensors (I have the iStat Pro widget installed, but there are many ways to do this) and saw that everything was within normal ranges for my late 2010 iMac. The fans, however, were going at full tilt still. Quickly checking my system processes and open apps, nothing was driving the CPU or graphics card to extremes, so I was at a total loss as to what could be causing the iMac to think I was sitting in a sauna all of a sudden.

Next up, web searches to find out if this was any kind of known issue, and what do you know, it is. Apple even has a KB article that details excessive fan speed as a symptom of an unusual, but known, situation.

NOTE: You’ll be resetting some pretty critical components of your Mac, so the author takes no responsibility if you don’t read that KB article and/or don’t follow the full instructions on that page.

The System Management Controller (SMC) is a set of hardware monitoring and control operations that are in charge of very low-level components like fans, hard drive speeds, etc. They exist to handle things that OS X may not be able to deal with, such as making sure the system doesn’t overheat when the processor goes off the charts. Something inside the OS itself would be just as frozen, but the SMC can shut down the Mac to save the hardware until you can figure out what’s wrong.

In my case, the SMC got confused and though the system was overheating even when it clearly was not. Other symptoms of the SMC needing to be reset can be odd lights on the keyboard (e.g. the CapsLock light won’t ever shut off) or just general hardware flakiness that seems unrelated to system settings or operations within OS X. Luckily, resetting the SMC doesn’t cause any data or preferences loss, and is pretty painless.

First, go read the KB article. There are a few steps you should really take to rule out OS X or application issues that could just as easily be causing the problem you’re seeing. In my case, I shut down all apps and rebooted to rule out that something might be running the CPU or GPU at full tilt by accident.

After that, gracefully shut down your Mac. If you cannot gracefully shut it down (Apple menu, Shut Down…) then the problem is most likely not SMC related. If you shut down cleanly, leave the Mac alone for about 30 seconds.

Then, for Intel-based Mac desktops:

Unplug the power cable from the desktop. You must then wait at least 15 seconds before you plug it back in. This step basically forces the SMC to reset when you plug the power back in – the desktop recognizes that there was a total power loss at some point, but now it’s back, triggering the event.

After plugging the power back in, wait at least 5 seconds to allow the hardware to figure out that it’s come back from a power loss, then press the power button. The machine should now boot up just like normal.

If all went well, the hardware hiccup you were experiencing should have disappeared. In my case, the fans sped up on boot, but returned to their default behavior within about 3 minutes. Since then, they’ve been operating as expected, only revving up into “airplane mode” if I do something that taxes the video card or CPU.

The KB article also has instructions for how to perform this operation on non-desktop Macs, such as MacBook Pro and Air devices, so it appears to be a universal control for all Intel-based Mac computers. Be sure to follow the instructions exactly, as not waiting for the correct length of time, or not hitting the right keyboard triggers at the right time can cause the SMC reset to be skipped.

Of course, if this doesn’t fix the problem, you may need to call into Apple Tech Support or stop by a Genius Bar to get more help. Gremlins like this do turn up from time to time – based on the descriptions in the KB article – so knowing how to do this can be handy.

By Mike Talon •
HowDoI?
0

I Shouldn’t Have to Say This, but DO NOT POST PICS OF YOUR CREDIT CARDS

July 3, 2012

By Mike Talon
in Dos and Don’ts, Security
No Comments

Strangely enough, it would appear that a large number of people have – for reasons that defy logic and sanity – been posting pictures of credit and debit cards via Social Media. Don’t believe me? Check out the Twitter account of NeedADebitCard and see for yourself.

So, since it apparently *does* need to be said, I’ll say it: “Do not, under any circumstances at all, post a picture of your credit/debit cards, work ID’s, personal ID’s (like your driver’s license) or any other personally identifiable documents. Ever. For any reason. Seriously.

Now, here’s why:

We are not alone

Along with all the great folks, customers and colleagues you can meet on social networks, there are a large number of people who live in the dark alleys of the Internet.

As you can see from that Twitter account, anyone can see the pictures you post – sometimes even if your account is marked as “private.” That means an ID thief, using the same exact (legal) tools that the Twitter account creator used, can harvest tons of credit/debit card numbers, expiration dates, and account names. They can then use that information to purchase easily re-sellable objects and turn your card into quick cash.

It’s bad enough that folks are getting tricked into giving up their information by people who have tampered with ATMs and card scanners, we don’t need to make it any easier by purposely sharing information with these crooks.

Security isn’t always that secure

I’ve personally been to several websites that do not require the 3-4 digit security code from the back of the credit/debit card to make a purchase. Even very legitimate websites don’t always ask for the security codes, and that means when a thief has the number, your name, and expiration date; he or she can rob you blind without ever seeing the back of your card.

Let’s all use a little common sense here

I have a rule for what you should and should not post online. It’s very simple:

If you wouldn’t say it out loud in the middle of Times Square in NYC, or wouldn’t want the photo to be posted to a billboard in that same location, don’t put it on any social network, sharing site, or comment page.

Think about that for a second. “My client is squeezing me out of every penny” – probably wouldn’t mind saying it out loud if it was true, and no client was identified.

“My client BigCompany is a bunch of assbags.” – I would definitely hesitate to say that in front of a ton of strangers. After all, the CEO of BigCompany might be standing behind me.

“My client is sleeping with my boss.” – that’s not coming out of my mouth unless the only person I want to hear it is the ONLY person in the room. I might say it on a phone call, may say it personally to someone, but would never say that surrounded by a large group of people I don’t know.

Same goes for pictures. I wouldn’t mind a picture of me at a trade show or professional event up on a billboard. Mildly embarrassing, but that’s about it. However, a picture of my birth certificate is something I definitely would *not* put on a billboard anywhere, but especially not on one seen by millions of people a month.

Social Media is like Times Square. You cannot control who hears or sees what you post. Even direct messages will be broadcast to the world if you make one mistake while posting or attach a picture to the DM. Never say or show anything on any sharing site that you don’t want your neighbors, your boss, your family, and/or the local criminal element to see or hear. Not even in a DM or private message, not ever.

Stay safe, and think before you post. Your credit score, employment and mental stability could very well be on the line.

Editor’s Note: The card shown at the top of this page is a “dummy card” that doesn’t belong to anyone and has invalid numbers, insignia and dates. This means that you can try to use it all you want, it won’t work, and it doesn’t belong to the author.

Miketalon.com Privacy Policy