Skip navigation

Category Archives: OS X

Mountain Lion, AirPlay, Screen Captures & DRM

I’ve been wanting to post this entry for a while, but I didn’t have the opportunity to compel an extra pair of hands to assist with some necessary, salient portions of it until tonight.

For those who were hoping Mountain Lion’s AirPlay would be a revolutionary step in the “your content, wherever you want it” battle, I fear you may be in for a bit of a disappointment. Quite by accident, I stumbled upon some eerie signs that location-aware video DRM will be alive and well as an integrated part of Apple’s forthcoming release of Mountain Lion.

Since I have a shiny, new 1080p Apple TV and a device capable of running Mountain Lion, I’ve been experimenting with the awesomeness that is AirPlay. Despite claims to the contrary, most of the time routing MacBook Pro Desktop video & system audio to the tiny black box of happiness works flawlessly (even more so since the recent Apple TV update). It’s been a treat to be able to play owned-backup copies of my favorite samurai videos (I should buy stock in Criterion) with subtitles via VLC.

However, on a lark I tried to play one of my Avengers : Earth’s Mightiest Heroes episodes (we subscribe via iTunes) using QuickTime Player and, much to my chagrin, discovered that there lies within the heart of the tame Mountain Lion, a DRM beast.

The easiest way to show this is with what happens when I try to take a fullscreen snapshot with Skitch as I’m playing the DRM-laden episode:

I managed to get #3 to help me record a video (albeit crappy) of what happens when I try to route the Desktop video to the living room TV via AirPlay: (youtube link)

In case it’s not obvious, the video plays fine on the Desktop (in QuickTime) prior to the AirPlay route, but goes equally as blank when the AirPlay device is chosen, yet reverts to playing when AirPlay is disabled.

This means the API hooks are there to prevent DRM-laden content from being used with AirPlay (or snapped via screen capture) and that, in turn, means your hopes of AirPlaying Hulu, Netflix and Amazon Video content may be dashed despite all of those services working now (in the betas).

Video is the last content area to understand the need to be open. Amazon & Apple sell untainted music and even Tor is going DRM free (joining #spiffy folks like O’Reilly Media).

I own that episode of The Avengers yet am not able to do with it as I please. Yes, I could have streamed it over the Internet from iCloud to the Apple TV or even routed it via the local iTunes to the Apple TV, but I wanted to use QuickTime (though, just for a test). What’s to stop Apple or other companies from requiring a special streaming license if you want the ability to use AirPlay or just disabling it altogether in favor of forcing you to use something as horrific as Google TV (full disclosure, I own a Logitech Google TV box, too)?

Combine these restrictions with the inevitable “you will only be able to use Apple-authorized apps in Mac OS” in a post-Mountain Lion release and your hopes of using VLC (or any other player that will not conform to draconian rules) to bypass this silliness will be equally as dashed as your naive AirPlay ones. If there’s no guarantee you’ll be able to get your content to the screen of your choice, why would you choose to remain legal (moral arguments notwithstanding)?

I hope, in the long run, Apple manages to figure out an sane, amenable solution to this silliness. In the meantime, I’m going to pop in a DVD and crank through some Godzilla flicks. At least I can be fairly certain that should work for quite a while longer.

Street sign photo via jbonnain

Angry Birds Keynote Theme

If you went to SOURCE Boston this year (2012), attended my security awareness talk and liked the Angry Birds theme to the slides, here’s a copy of the Keynote theme (it’s not really a true Keynote theme as there are divergent slides I’ve included). Here’s a sample:

You’re going to need the “Feast of Flesh BB” font (local source) by Blambot Comic Fonts & Lettering if you want to keep consistent with the Angry Birds lettering on various slides.

You can also grab my talk slides at the conference site or from my local archive.

BTW: In the event you’re also looking for a shortcut method of making some of the font-effects in the slides, I strongly suggest using some of the font manipulation tools in Microsoft Word if you don’t have more expensive tools like Adobe Acrobat kicking around. You can do some really cool things in Word, save as PDF, crop in Preview and import into Keynote or Photoshop with great results.

UPDATE: I forgot to include the MP3 of the theme song which I played as part of a transition from “blah” slides to the Angry Birds title slide. (Original files over at the Angry Birds Nest).

Getting Homebrew Working in Mountain Lion Developer Preview 2 with Xcode 4.4 Developer Preview 2

Work & home chaos has me a bit behind in the “ThinkStats…in R” posts, but I “needed” to get some of the homebrew kit working in Mountain Lion Developer Preview 2 (to run some network discovery tools while waiting for #4’s surgery to be done at the hospital).

Keying off the great outline by @myobie (read that first), I managed to get (at least what I needed working) everything cranking for homebrew with the Xcode 4.4 Developer Preview 2 for Mountain Lion.

  1. Grab the Xcode 4.4. Developer Preview 2 from the Mac Dev Center “Mountain Lion” section and put it in /Applications
  2. Install the Xcode Command Line Tools via: 
    Xcode→Preferences…→Downloads→Components
  3. Use xcode-select to tell the system which Xcode to use: 
    xcode-select -switch /Applications/Xcode.app/Contents/Developer
  4. Grab & install XQuartz 2.7.1
  5. Start brewing!

After performing those steps, I was able to force an update install of nmap that worked perfectly. As @myobie points out, it’s important to add the --use-gcc option to your brew installs if you experience anything behaving weirdly without it.

Drop a note below if you discover any other necessary tweaks for certain homebrew operations in Mountain Lion Developer Preview 2.

Two Alfred Extensions For Retrieving IP Address Information

I’ve been an unapologetic Alfred user since @hatlessec recommended it and have recently been cobbling together quick shell scripts that make life a bit easier.

The following ones – lip & rip – copy your local & remote IP addresses (respectively) to your clipboard and also display a Growl message (if you’re a Growl user).

Nothing really special about them. They are each one-liners and are easily customizable once you install them.

Download: liprip.zip

Three Resolutions For Mac OS X Users

In 2011, we saw a large increase in web site exploits that exposed private user data as well as a breakdown in the trust of SSL (for various reasons) and the introduction of real malware on to the OS X scene. If there were just three things I could ask Mac users to do in 2012 to help protect themselves (‘cuz if your a Windows user it’s been game-over for years for you already) these are what they would be.

Secure & Diversify Your Web Credentials

Just like companies have lost paper files—and then laptops—containing private data, web sites have and will continue to leak your information like a sieve. While you should choose carefully which ones you let have very sensitive data (like credit card numbers, government id numbers and health information), you really do need to ensure that you at least use different and “strong” passwords at each site you have an account at to avoid having hackers replay your credentials at other sites.

The easiest way to do this is to use a utility like 1Password (@1Password & usually $50 but is on sale for $30 for a short time) by AgileBits which works with practically every browser and will let you create and use diverse passwords at the click of a button. It even works on your mobile device, so you don’t have to worry about remembering the (necessarily) ugly passwords they end up creating. You can even use 1Password to store secure notes to yourself (say, in the event you need to use complex credentials on systems you cannot install 1Password).

By using 1Password, you will avoid being the in the 60-70% of users who have their credentials stolen and have to worry or scramble because they used the same ones on an array of popular web sites. Windows users can also take advantage of this tool (and there’s a bundle price if you need it for both platforms).

You can do this without 1Password (e.g. keep a text file or spreadsheet in a secure disk image), but the ease of use is worth the price of 1Password. If you do decide to use a more manual approach, generating secure passwords with tools like this one will also help you be a bit more secure than your brain’s “random” sequence generator.

Know What’s Going On With Your System

While the Mac App Store can help ensure you aren’t loading “bad apps” onto your system, the advent of web-born malware for the Mac was seen for real this year and 2012 may prove to be the year we see the Mac becoming more of a target. There’s no guarantee that Mac App Store apps are non-malicious and you really have no idea what the ones you download from third-party sites contain, even if they do the task you want them to. Some apps that you “know” you trust may be sending out “phone home” signals or other non-user-initiated or informed-of Internet communications with unknown payloads.

This is where a cool little utility called Little Snitch (@littlesnitch and $30) by Objective Development can really help open your eyes as to what applications and processes (programs you may not be able to “see” easily without tools like the Mac Activity Monitor app) are trying to do on your network. Their own information page says it better then I could paraphrase:

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware.

Again, you could monitor your Mac firewall logs by hand with the OS X Console application and tweak your own firewall rules, but Little Snitch won’t forget to watch out for you.

Secure Your Public & Untrusted WiFi Connections

While Facebook, Twitter, Gmail and other sites have SSL (https) options (some using it by default), you really need to take control of your own transmission security when not on networks you trust. Why? Well one example is that you may be at a restaurant (as I was with my kids in November) where they terminate all SSL sessions at their border gateway (meaning they could read all the data that should have been encrypted). You also cannot be sure when Facebook is going to mindlessly toggle their SSL settings or when a Facebook application causes the SSL settings to be disabled. Even though SSL is relied upon by pretty much everyone to “just work”, it’s not a given or a panacea.

When on unfamiliar, public or other untrusted networks, it’s truly necessary to take control of the encryption as best as you can and use some type of Virtual Private Network : VPN : setup. While running your own is the only real way to know what’s happening at the VPN termination point, there are reputable services out there who can provide security and that you should be able to trust (at least better than SSL in a Starbucks). One of them—and I believe the most user-friendly one—is Cloak (@getcloak and FREE to $8-$15/month) by Bourgeois Bits.

Once installed, Cloak will detect when you’re on a public WiFi connection and automatically kick in a VPN session. You can start up a VPN session at any time with a single click in the OS X menu bar and also define more granular rules (if you want to). With Cloak, you have no excuse to not take an added measure of security when you’re out and about with your Mac.

You could do this for free (provided you trust your home Internet provider) with many modern routers or even a simple Linux/BSD or OS X box providing VPN services, but it would still not be as simple as using Cloak.

With these three simple steps/apps (less than $100), you will be far less at risk than you (probably) currently are as you run naked & blind across the internet with your password stapled to your forehead.

If you have any suggestions for similar/competing tools or have additional resolutions you think would be helpful to Mac users (or any computer user), drop a note in the comments.

A Fully Operational OS X dbClone

Spent some time today updating the missing bits of the OS X version of the Dropbox cloner I uploaded last night. You can just grab the executable or grab the whole project from the github repository.

The app can now backup/restore of local config, clone dropbox configs to a URL/file and also impersonate a captured Dropbox config.

Use it all at your own risk. As stated in the original post, all comments, bugs, additions, fixes etc. are welcome either here or at github.

dbClone “hack” for OS X

UPDATE: Check out the newer post on additional features.

There has been much ado of late about Dropbox security with one of the most egregious issues being how easy it is to surreptitiously “clone” someone else’s Dropbox by obtaining just one piece of data – the host id – from the Dropbox SQLite config.db.

Moloch built a Windows & Linux impersonation/cloning utility in Python that was/is meant to be used from a USB/external volume. The utility can save the cloned host id to a local file and also has the capability to use a simple HTTP GET request to log data to a “mothership” web site.

Since many Dropbox users use OS X (including me) I didn’t want them to feel left out or smugly more secure. So, I set about creating a native version of the utility.

This release is not as feature-rich as Moloch’s Python script but it won’t take much more effort to crank out a version that duplicates all of the functionality. “Release early. Release often.” as the kids these days are wont to say.

You can find the source at its github repository. When building it or just downloading & running the executable (see below), you should heed the repo’s README and take care to change the following items in the application’s Info.plist property list:

  • MothershipURL – this is the URL of the remote host you want to store the cloned info to. It defaults to somesite.domain/mothership.php to avoid accidentally sending your own Dropbox data to a remote host. PLEASE NOTE that you will need to get the mothership.php script from the original Windows/Linux code distribution as I have not asked for permission to distribute it here. You can grab the original dbClone.rar directly from here: dl.dropbox.com/u/341940/dbClone.rar (I love the irony of it being hosted on Dropbox itself).

    ALSO NOTE that there’s no need to modify the application’s property list if you don’t mind typing in a URL each run. I eventually plan on making this a separate property list file that allows for multiple URLs so you can select it from a drop-down (and still type a new one if you like).

  • LogFilenamejust include the filename you want to use when storing the cloned info locally if you do not like the default (it’s the same as Moloch’s – "GroceryList.txt"). It defaults to the top-level of the mounted volume (the original Linux & Windows dbClone was meant to be run from a USB/external volume) or "~/" if running it on your boot drive.

You can use the property list editor(s) that come with Apple’s Developer Tools or use vim, TextEdit, TextWrangler (or your favorite text editor) and modify these lines appropriately:

[code]
<key>LogFilename</key>
<string>GroceryList.txt</string>
<key>MothershipURL</key>
<string>http://somesite.domain/mothership.php</string>
[/code]

If you do use the “backup” option, the current naming scheme is "backup-config.db" and it”s important to note that the program will not attempt to overwrite the file. I may change that behaviour in an upcoming release.

I tested the build on OS X 10.6.7 but the Xcode project is set to build for compatibility with 10.5.x or 10.6.x. Feedback on behaviour on other systems would be most welcome.

If you just want the executable, grab the zip’d app and give it a go.

Any and all feedback is welcome (via github or in the comments).

Remote Assistance/Information Gathering Aid – SupportDetails

I’m putting together a computer & online safety presentation for an upcoming talk at a senior center in Portsmouth (NH) and came across Support Details in my information hunting trek. This site makes it dirt simple to get basic information from whomever you are providing remote support to (a task I’m sure many of us have to do on occasion). I suspect it could also be handy to a developer who wants to double-check client settings. If you’ve ever tried asking someone what their IP address is or even what browser they are using, you know how helpful it might be if you could find out simple information quickly and painlessly.

Support Details collects data on the following system/browser elements:

  • Operating System
  • Screen Resolution
  • Web Browser
  • Browser Size
  • IP Address
  • Color Depth
  • Javascript
  • Flash Version
  • Cookies
  • User Agent

Support Details | Tech Support Management

Both Windows and OS X provide internal utilities to do full screen sharing – and more – for remote assistance if you’re on that same platform. There are third party services such as GoToAssist and Copilot that enable remote support across platforms. While Support Details does not even come close to either types of interaction it does provide basic data to help you triage where to go next…and, it’s free.