 Hi folks, this is Bart Busch at Guest Hosting and Dino Silicast, Apple Podcast at www.podfee.com. A technology geek podcast with an every sus-like Apple bias. Today is Sunday, January 22nd, 2023 and this is show number 924. Well, Allison and this entire community rock so much that even though I'm the guest host today, you're actually going to be hearing surprisingly little from me. I have one normal segment and I have a solo version of Security Bits and all the rest is from you amazing people. We have so much to get stuck into. So actually, just you know, she's only just gone and I'm the first time guest hosting, but anyway, in case you're getting lonely without Allison, I figured we'd start by playing a recording that Allison sent in, which is and I'm still using it, which is very much going to be a theme for this show. Hi folks, I wanted to weigh in on the I'm Still Using It game with a little iOS app that I've had on my iPhone for over a decade. It's called Make It Big. And while it's not an app I use all the time, it's an app that I want at my fingertips when I do need it. I can tell you the exact day I started using big words. It was July 5th, 2012. I was suffering one of my bouts of laryngitis like I did a couple of weeks ago and the awesome Melissa Davis, also known as the MacMommy, sent me this email. She wrote, I recently had laryngitis for two weeks. Not only was it painful, but an even bigger challenge during our summer vacation while traveling with my two young kids to visit family and friends with even more children. This app became invaluable for me during that time. I was able to communicate with people using this on my iPhone and iPad. I had to carefully choose my words when trying to talk to my six-year-old who is just learning to read, but that was a great exercise. Big words is a must-have tool on all your devices. Well, I read that and I put big words on my phone. Now, this is a classic case of an app that does one thing and does it well. Its entire job is it types big words on white text on a black background on your iPhone screen. As you type more and more text, the font size shrinks to fit it all on screen. If you turn your iPhone to landscape, it increases to fill that larger space. That is literally all big words does. Well, I only need big words for laryngitis once a year or so. It's also another category of problems. Have you ever been next to someone at a stoplight and you want to tell them that they have a flat tire? Or maybe their brake lights aren't working? Type flat tire into big words and hold it up to the window and just hope they notice you're doing it. And while big words is great for those emergency situations, I've used big words for other things that are fun. When I get to meet people in real life who maybe Bart and I both know from the interwebs, I like to pose with these people with a sign that says hi Bart. Before big words, I would have to find a piece of paper and write it out with a marker like an animal, but with this little app, I can type it in and hold up my phone while someone else takes the photo. We used big words to say hi to Bart and then later to Tom Merritt just last year when Steve and I got to meet Bodie Grimm in real life. When Barry Falk did one of his surprise visits to our house in 2018, we did a hi Bart sign with big words for a photo. A few years ago, a friend of ours was coming to the end of his days on Earth and it wasn't safe for us to go visit him. So Steve and I used big words to tell him that we loved him. We sent a photo of us holding up the phone and sent it to his son to show to him so he'd know we were thinking of him. Evidently, it gave him a smile. Now, while the simplicity of big words is just what I need, it hasn't been updated in seven years, so you may want to check out a nearly identical but slightly more capable app called Make It Big. If we go back to our emergency scenario, let's say the other people are not paying attention and didn't notice you holding up your phone, telling them they have a flat tire. With Make It Big, you can shake your phone and the text will flash between the original white text on black to black text on white. In the preferences, you can even set the speed of flashing to something you hope they'll notice. Now, if you don't like Helvetica new on black, you can change the font along with the text color and background. Now, how much would you pay? No, wait. Make It Big is also free. Another enhancement to Make It Big over big words is that you can keep a list of the past things you've written in Make It Big. This could be a handy place to store a list of emergency things you might want to show more quickly, and I would keep a copy of it saying, Hi Bart, because I do it so often. Make It Big and the original big words are handy little free apps that do what I need them to do, and I suspect at least one of them will live on my phone for the foreseeable future. Thank you for sharing that with us, Allison, and saving me a little bit of recording work. Now, the other star of Allison's trips away is Alistair Jenks, who shares the hosting duties with me. Normally, I get to go second, but this time I'm going first. But Alistair is such an amazing content creator that not only does he make loads of content for his own show, he almost always has some extra for me, and even though I'm going first, he still has some extra for me, so Alistair is also joining the I'm Still Using It part. The date was 1st of August 2006. I walked into The Rock Shop in Wellington and said to one of the staff, I want a microphone to record my voice to a computer for a podcast. That staff member didn't skip a beat. I thought the word podcast might be a sticking point, but no. I let him know my approximate budget, and he started explaining various products to me, covering different options and price points. Every step of the way, he made suggestions, answered my questions, and let me make the decisions. I walked out with an AKG D88S Dynamic microphone, with included XLR cable, a Behringer UB502 mixer, and a suitable cable to connect the mixer to my PC. The mixer's only role was to act as an XLR interface to my PC. I still have a copy of the receipt. Adjusting for inflation, the microphone was about 145 New Zealand dollars, and the mixer about 172 New Zealand dollars, or around 200 US dollars in total. The entire setup survived until 2016, when I needed to replace the cable from the mixer to the computer, as my new 2015 iMac had no line in port. This was achieved with the diminutive Behringer UCA222 U-Control USB interface. Finally, in February 2022, I retired the mixer when I bought an Elgato Wave XLR USB interface, to which I now directly connect my trusty AKG D88S microphone. It is also with noting that I have had three different mounts for the microphone over the years, originally a simple stand, followed by two different boom arms, the latter of which has its own integrated XLR cable. This means the microphone itself is the final surviving component from 2006. At 16 years in counting, I'm fairly sure this is my longest-lived piece of tech, certainly in continuous use. How good is it? You be the judge, because you're listening to it right now. Thank you very much for sending that in Alistair, and best of luck with your show next week. Well, since everyone is talking about all the cool stuff they're still using, I thought I'd join in the party as well. So another I'm still using it, but this time it's especially one from me. Well, I hinted that I might have three I'm still using it, that make one consistent story, and Alison basically told me to hijack the format and record one, so, well, here I am. So my day job has changed in many ways in recent months, so I've transitioned away from being a vanilla sysadmin to being a cybersecurity specialist. But something that hasn't really changed very much as my role has changed is the fact that I still need to connect to our fleet of hundreds of servers of all kinds, really. And outside of work, well, I'm still the same nerd I ever was, so I still connect to just as many services and services to support my various nerd hubbies, podcasting, blogging, coding, all that stuff. So basically, connecting to remote computers isn't something I do a few times a week or a few times a day. It's something I do a few times an hour. So if a remote connection app makes me a little bit cranky, that crankiness gets amplified a lot. So because of the fact that, you know, an app that makes me a little bit cranky that I use all the time will make me very cranky all the time, I spend years jumping from app to app. But as everyone else was talking about that I'm still using it, I realized that I haven't been jumping from app to app. Sometime about five years ago, I actually seem to have managed to find all of the apps I need. And I haven't been jumping out. I have just been happily continuing to use the same three apps. And if anything, you know, the apps have continued to improve their own active development. And I'm just liking them more and more. So basically what I need to do is I need to do Windows and Modesta. I need to do secure shell for remote terminals. And I need to do follow transfer. And I have an app for each of those three problems to be solved. And I'm still using all three of them. So I'm going to go in reverse chronological order. So I start with the one I discovered the most recently, which also happens to be the one that while I do love it, I'm least in love with it. And I get to end on the one I've been using for absolutely the longest. So there's links in the show notes, but basically it's Microsoft Remote Desktop. That's the first one, which is free in the Mac App Store. Then the second one is called Core Shell, which is free in the Mac App Store with an optional in-app upgrade to get premium features, which is 12 euros a year or 36 euro for four years. And then the other one is Transmit, which you buy from the developer themselves. Okay, for $45. So let's start with Microsoft Remote Desktop. So I use this app every day, assuming you redefine daily to mean Monday to Friday, or the work week, because in my personal life, I don't use Windows, period. It's just not something I do. So I have absolutely no need in my personal life to connect to Windows Desktop. Right, Windows App interfaces. But in work, I have a Mac as my primary machine, which is fantastic, but I do need to run Windows apps. I need to test things on Windows so that I can document them, or so that I can troubleshoot issues so that I can see what people are seeing. And of course, one of the things I help do is to manage a large Windows domain and a pretty substantial fleet of Windows servers. So connecting to Windows Virtual Machines, that's something I do a lot. I also arguably do have a Windows PC at work. It just happens to be completely virtual and even the cloud, which means that the only way I ever access that Windows PC is actually through, over the remote desktop protocol, through Microsoft Remote Desktop app. So early in my time as a Mac user, I think my biggest, one of my biggest gripes was the fact that there just wasn't a good option for remote desktop protocol. The RDP clients on the Mac were horrible. There was an official client from Microsoft, who was a crash-happy mess. And then there was an open-source container called CORD with a lowercase o. And it was robust. It just didn't have any features. So either you could have a robust app that didn't do very much, or you could have a very feature-rich app that crashed all the time, but in result, much cranked it. Thankfully, Microsoft... I'm going to assume Sachin Adela had something to do with this when Microsoft suddenly decided to embrace, like, you know, everyone everywhere. They threw out the code for their official remote desktop client from Mac, and they started it from scratch. And they built what has matured into really a quite fantastic remote desktop app. And you get it in the Mac app store, and to be honest, it just works. Now, I did say that this is the one I'm at least in love with, and the only really gripe I have with it is that the setup for adding a new machine, a new connection machine, eh, it could be nicer. But it's not bad, and it does keep getting better. I think probably my biggest gripe is that every time you make a new shortcut or basically add a new PC entry, it defaults to ticking what I think is one of the most annoying tick boxes, which is start in fullscreen. Which means that unless you're paying close attention and you go over to the second tab and you untick that tick box that's ticked by default, as soon as you try to connect to your remote desktop, it creates a whole new window, and it does that spaces thing where it makes a new fullscreen window as if you're in an iPad or whatever on your Mac. No, the whole magic of remote desktop is that I get to have a computer in a window, so give it to me in a window. Anyway, minor gripe. So, if I'm a bit cranky about the setup interface, why do I like the app? Well, obviously you don't set up new things all the time. The biggest thing is it just works, right? It doesn't crash, it just works reliably. So I can get to as many Windows computers as I need to, and they just appear on my Mac as a window. And the latest versions of Windows are smart enough to cooperate with their remote desktop client to upscale the resolution to give you retina support, so you get the Windows desktop perfectly smooth and on all pixels. And basically the graphics driver that powers this view into Windows is smart enough that if you resize the window on the Mac, it gets sent through to the Windows end as resizing the resolution of the pretend screen, and it will always match perfectly. So you don't have this annoying scroll thing that happens when you use Apple's own remote desktop client to connect to Macs remotely. The start menu will always be in the right place. Basically, what you see in your window will always behave as if it was a monitor screen of that size. No scrolling or anything. It's just fantastic, and it happens pretty much instantly when you resize the window. So it's just perfect. If I pop my security hat on, then one of the nice things is that you can define in the settings area one or two accounts that you would use all the time. So for me, that would be my not elevated Active Directory account and my elevated Active Directory account is the principle of least privilege. You do not use your admin credentials unless you're doing admin work. So for day-to-day stuff, I'm connected as normal me, but some of the servers I need to connect to is admin me, and so I have both of those accounts saved. And when I'm setting up a new shortcut, I just say which account to use. And all the passwords are stored in the macOS keychain. So they're all nice and safe. In terms of usability then, this Yoke has some serious power features that make my day-to-day life so much easier. So in no particular order, the features that just make my life easier all the time are that it seamlessly synchronizes the clipboard between my Mac and Windows. So when I have to think about what window I'm on is on what computer, I just copy and paste between, you know, Mac, you know, tech-ded it on the Mac and a edge inside the Windows Virtual Machine or whatever. I just copy and paste from anywhere to anywhere. It just works. It just synchronizes the clipboards. And very, very heavily related to not having to think about it is the fact that the Microsoft Modest Appliant magically remaps the Mac keyboard shortcuts to the equivalent Windows ones. So when I type command C on the Mac, what Windows hears is control C. So if you combine that clever remapping with the clipboard syncing, what you get is just you can just command C anywhere, whether it be on the Windows end of the Mac end and I can command V anywhere, whether it be on the Windows end of the Mac end, then it just works. And it's so seamless, I completely forget to think about it. And that is the kind of magic you just kind of got to love. The other magic that just blows my mind is that I can drag and drop files between the Finder on my Mac and a file explorer window on Windows. What? How is that even possible? Well, I can imagine how it's done under the hood, but that's just cool. I just drag and drop a file from the Finder into Windows Explorer. And it just works. Now, you just want to send one file. That's perfect. But if you need to send more than one, you can actually, as part of your setup of the shortcut, the connection details basically to the remote Windows PC, you can map any folder on your Mac through to the Windows machine. And it'll appear on the Windows machine as a network drive. And you can also map them through as Read Only, which is fantastic. I actually do that a lot. So I like to run my Git client on my Mac, but if I'm using PowerShell or whatever to interact with Active Directory, the code will be tested and running on the Windows machine. And so I'm going to be debugging on VS Code on my Mac and then trying it out on the Windows machine. And I'll just have the folder mapped through Read Only mode. And then I'll just have Windows PowerShell run the stuff I'm editing on the Mac in real time. And it just works. It's so nice. It's such a nice way to work. Anyway, the folder mapping I find really useful. OK, now that's what I use. But there's actually some other features that other people may find useful. I don't use these features because they're just not appropriate to me, but they're quite powerful. So there might be of help to others. So you can map your camera and your mic through to Windows so that the Windows machine, the remote Windows machine can use your local camera and microphone, which means I guess if you're using some sort of Zoom client or whatever, you can have it work through on the Windows machine. You can also route the sound from the Windows machine back to your Mac's audio so that any sounds played on the Windows machine will come out of your Mac, which is kind of cool. You can also map the printer on your Mac through to the Windows end so that Windows can print to your Mac printer. And you can also map USB devices from your Mac through to Windows so that Windows will actually see those USB devices and have to re-pload into its own USB ports. It's basically proxying USB. Never needed it, but darn cool idea and potentially very useful for if you have some sort of DRM dongle or something that used to be quite popular. It's just a cool idea. So if you need to use Windows from a Mac, go to the App Store and get the free client from Microsoft. It's the official one. It really does just work. So moving on to the second of my three apps, then, is Core Shell, which started off-life as Core SSH. And of the three, this is the one I use the most because I use it both at home and at work. All the time. I'm a keyboard junkie. That's just me. I just love the keyboard. I'm so much more efficient than the keyboard. Even when I'm using the GUI, I'm using keyboard shortcuts that jump around all the time. And one of the things I need more than anything else, I do need my Windows remote desktop and stuff, but what I need way, way, way, way more often is I need remote terminals. And in our modern security conscious world, what that means is I need a rock solid SSH client. I connect to hundreds of servers. So the UI for managing all of my list of shortcuts is really important to me. And I also need a good way to handle the SSH keys, the passwords for those SSH keys, and traditional SSH passwords for servers where I don't get to use keys. So when I was a Windows user, I actually used Putty for UTTY. It's a venerable, venerable Windows client, and I really liked it. Hindsight is a bit clunky, but I really liked it. And when I came to the Mac, I became very disillusioned with the choice of SSH clients and offer over here because basically what I love most about the Mac is it's amazing, you know, human-friendly UI sitting on top of a powerful, unique underbelly. So you might expect that the Mac would have amazing native UIs for SSH, but no! And what was available didn't do things the Mac way. There were basically icky ports of Linux things using all the Linux conventions and the Linux window chrome, and it just didn't work like a Mac app, it didn't behave properly on the Mac. I think probably a low point was that I was using a version of Putty, which is a Windows app that ran on X11 on the Mac because it was pretending to be Linux. Aw, horrible. Anyway, a lot of this stuff was the worst kind of four-geeks, buggy, clunky, crude wrappers around the basic SSH config file. Ugh, didn't like it. Made me cranky all the time. And finally, I came across true, blue, native Mac app was new when I discovered it. It was called Core SSH back then. And the app has matured into what is now called Core Shell, and I would say one of the, you know, things like the Finder and Mail that app on Safari, I'd say it's the app I spend the most time running on my computer, you know. It is right up there. If I put my security hat on, any password that Core Shell saves gets stored in the Mac OS keychain. It's fantastic. If you run the optional helper app, which allows it to, basically, the app is from the apps for the sandbox, so the helper app allows it to interact with stuff outside the sandbox in a controlled, safe way. And if you install the helper app, you can make use of the Mac's built-in SSH agent, and you can also use all of the config and stuff you have saved in your tiller slash that SSH folder, so you're known hosted on that kind of stuff. When it comes to defining your server connections, then they're easy to create, nice tagging support, and if you enable the premium features with the in-app purchase, you can even sync them across all of your Macs. It is really useful, especially now that I'm in a hybrid working environment where sometimes I'm in work sitting at home sitting on my MacBook Pro. So, you know, it's definitely nice. Sorry, Macbook Air. It's definitely nice to have that all just magically sync. But where the app really shines for me is its keyboard only use. And it's a pretty good reason I love the way it works with the keyboard is because I kind of sort of developed it. No, I didn't develop it. Basically, I was in the early betas when they switched from open, sorry, from core SSH to the core shell, and I gave lots and lots and lots of feedback of how the keyboard first user could get the most out of the app and basically all the suggestions I made were put into the real app. So, the app works just like I want because the app actually works like I asked, which is nice. So, if you do command n to open up a new window and you just start typing, so you haven't done a tab to move around or anything, you just start typing, focus will jump to the search box and as you type, immediately the servers in the server list will start to filter down and when you filter it enough that you see the server you want, you don't have to tab out of the search box, you just hit the down arrow and you start moving through the servers that are there until you get to the one you want and you hit the return key and in you are to your server. So, it's command n, type type, down, down, down, enter, or maybe no, if I type it off, I don't have to add any down, down, down, as I can just hit enter on the appropriate server if I filter all the way down to one. It's so cool. So, you just hit command D and it'll just duplicate. So, then you have another connection to the same server and you're ready to go. So, if I do a tail minus F on the log and it means I don't get my prompt back because I'm asking it to do a permanent tail, then I just hit command D and I go do whatever else I need to do. It's so useful. So, basically, this is the only SSHQB on any platform that has such good interface for us keyboard warriors and the other thing it has that I've never seen before is it has a nice GUI for setting every single possible option that the open SSH config file supports. It does it in a nice GUI. Now, some of our servers are a little bit esoteric and they need to have weird config settings set and normally that's a pain in the backside. Not with Corsale. You just go into the advanced view, you find the relevant setting and you pop in the value you need. It's so nice. I absolutely adore this app. Okay, so the last app then is Transmit. So remote terminals are great for sending commands but that doesn't get you to move data easily to and from your remote server. For that, you need a file transfer client and the dark old days, that used to be FTP for me, not for everyone else really. But today it's going to be the secure variant SFTP which is basically FTP over SSH. But actually in this modern cloudy world, we do actually also need connections to various cloud offerings. So for me, what I use today is secure FTP and Amazon S3 blob storage compatibility. Now I don't actually, I'm not an Amazon customer for their cloud services but so many vendors use Amazon's protocol that when I connect to backblaze from my B2 buckets where I back up all of my servers and things, that's done over the Amazon S3 protocol and the DigitalOcean CDN that actually hosts the media files for the Let's Talk podcast that's also accessed over the Amazon S3 API. So I actually spent a lot of time with transmit connecting over both SFTP and Amazon S3 even though I never connect to an actual Amazon server. Which is kind of cool. Anyway, transmit by panic is an institution on the Mac. It has been around for literally decade. It can also connect to a heckin' lot of different kinds of protocols. So I've already said that I use it for S3 and for secure FTP but if you create a new connection it will give you a little icon for all of the things it does support and the list is really long. I popped a screenshot into the show notes but I think some of the highlights would be Google Drive One, Drive Dropbox and you know Rackspaces even in there just looking at it. There was a lot of stuff. There was also Azure and Amazon and WebDav. It's full of useful, useful things. So transmit is on version 5 today and when I started using it it was on version 3 which I checked on Wikipedia and version 3 came out in 2005. Now transmit hasn't slowed down in its releases. Transmit has always been quite slow between releases because they put an awful lot of fit and polish into each release and then what you have is a really stable app that just gets small bug fixes and tweaks over the years and then they do a giant big lot of work again. So if version 3 didn't come out until 2005 you know version 1 is like absolutely ancient. So I'm not exactly sure when I started using transmit. It had to be after 2005 because otherwise version 3 wouldn't existed and it had to be before 2010 which is when version 4 came out. But to be honest I'm pretty sure it's been a long time on version 3 so I think it's been at least a dozen years but probably way closer to 15 years that I've been using this app. And what I really like is that transmit is a proudly Mac app which means that whenever they do one of their rare releases they get caught up on all of the various new APIs Apple have made and so if Apple start to support automator wherever they'll make automator actions if Apple start to short cut sell make short cut things they just they always keep up with whatever it is Apple is doing they also rework the UI to match whatever is the current best practices when that version of the app comes out. So even though it's an old old app it feels modern because they put a lot of effort into keeping it modern which I find very pleasing. Like core shell and Microsoft remote desktop it stores all of your passwords in the macOS keychain and like core shell it can access the details in your ssh folder whenever you're doing stuff over sqrtp and it also supports syncing of connection settings between your Macs and even in fact if you're a user of some other other apps they have IDs and stuff it will sync your ssh details to the other apps from panic as well and I don't do that but kind of cool for people who do. Transmit does support your traditional to pay in ftp layout and has done like that's been the traditional ftp apps for so long but I prefer not to do that I just use transmit as a pretend finder window that just magically goes to remote server and I just drag and drop away and transmit is even smart enough that if you double click to open a remote file it will cache it locally open it with your app make your changes and then when you close when you save it it will actually sync that change up the server entirely automatically. Transmit just rocks. So basically you need to work with remote computers and if you share my love of native mac UIs and you bicker as drag and drop support why not try these three apps well now it's time to give my voice a little rest for a while and I'm going to throw over to Bruce from Tennessee who reviews a music based iPad app called 4Score with a callback to a guest Nacilla Castile guest hosted many many many years ago. Hi this is Bruce from Tennessee also known as use the data with some thoughts about working with sheet music on an iPad first of all what's the problem to be solved. The real problem is that I'm a geek who likes toys but we're not going to solve that problem here and I'm not sure that I really want it solved so for purposes of this article the problem is that I travel quite a bit but I also sing in a choir that travel means that I'm missing rehearsals and I'd like to be able to have my music with me while I'm traveling so that I can study it and practice I also like the idea of being able to mark my music up with a variety of different colors so that I can see things more easily but I also need to be able to erase those marks for the next person and I need to be able to change the marks when my director changes her mind about how she wants to present a particular piece of music now I could take the sheet music with me when I travel which would let me study the music but I'd want some sort of a digital keyboard and there are ways to do that but when I went on a choir tour to Scotland and England in the summer of 2022 about half of the musicians had moved to digital scores on their iPads the dominant app for this purpose is called Fourscore from Fourscore.co or from Fourscore LLC it's a universal app that runs on iPad, iPhone for those with really good eyesight and Apple Silicon Max the fully functional app is available for $19.99 US from the App Store there's also an optional $9.99 US per year subscription for Fourscore Pro that offers the ability to use face gestures to turn pages some additional menu shortcuts for moving around within your music library some additional tools for editing the underlying PDF scant music and a higher support priority for my needs the basic app is fine but this is such a cool and useful tool that I decided to go ahead and I'm paying for the Pro license as well Fourscore has been mentioned briefly on the Bart hosted episode of No Silla Cast back in 2015 episode 513 which included a chit chat across the pond interview with classical music blogger Bren Finnett I tried Fourscore 5 or 6 years ago and I liked it but having to do everything and the iPad was a bit annoying and it just didn't quite stick and at that point I had the 10 inch iPad which is just a bit small for the task for me on a 10 inch iPad the music is actually slightly smaller than on paper but I now have a 12.9 inch iPad Pro and that actually makes the music slightly larger than the paper for these almost 60 year old eyes bigger print is generally better after a bit of experimentation I like the DTTO or Ditto leather iPad case I link it in the show notes which runs about $22 US for the 12.9 inch version the Ditto case has a nice secure location for the Apple pencil a hand strap to help with holding the iPad and a very simple look that works for me so basically I scan my music to PDF and load it into Fourscore there's a few steps to doing that as most choral sheet music is an unusual size about 10.5 inches by 13 inches printed to up but with a bit of faffing about in preview on the scanned copy I get what I need and I'm able to easily import it into Fourscore if you're interested in the details of how I do that use the data in the no silicast slack reach out and I'll provide more details for music that have things like repeats that go back multiple pages or coders that jump forward lots of pages I can duplicate pages in that PDF and set things up so that the document just runs straight through with no back and forth that can be a whole lot easier than trying to bounce back and forth in a physical copy of the music once inside Fourscore it's very easy for me to mark up the music particularly with my Apple pencil there is quick access to four different pens and you can control the size and color of those pens when in the markup mode so I have a green pen to mark things up related to stylistic matters and help me find my line and multi-part scores I use blue to help me mark my pitch cues I use a white to cover up the scanning blotches and I use red for reminders about those mistakes that I keep making I find this much easier to work with than marking music in pencil particularly the way I use those blue markings to help me mark where the notes are in my tenor part and how those relate to any other parts in the score when not in markup mode a tap on the right third of the page goes forward one page a tap on the left third of the page goes back one page tap and hold in the middle of the page or tap with the Apple pencil to bring up the markup tools with Fourscore there are tools for creating set lists and managing multiple different libraries of music I've also happened to scan to my church's hymnal so I can easily create a set list for each Sunday which has the specific hymns for that week along with the anthem and any other music we might be doing all in the right order just tap between the pieces of music and go one to the other and I can manage a set list that has just the anthems in the right order for rehearsals I can add metadata to each piece of music including the genre, the composer, the key and some generic tags all of which make working with a large music library a lot easier Fourscore also includes a keyboard component so when I'm traveling I can switch over to that to work out a part that I'm just not hearing or play a chord to hear how my part fits in with the others if I've not made much use of it but there's also a feature that lets me attach an audio file to a particular score so if I have a recording of a performance of that piece of music it lets me listen to the music while working through the score there are ways to mark the time stamps in the audio file for specific points in score which gives it more power than just starting the music file in iTunes and popping over to Fourscore to follow along Fourscore can also sync between iOS and macOS using iCloud and I use this to do some library maintenance over on my Mac which has a larger screen and better keyboard that also gives me a backup of my music library since that synced copy is backed up with Time Machine and is in my offsite backup there are other things I haven't explored in Fourscore it's a tool designed with capabilities needed by professional level musicians which I'm not but it's also a very easy to use application that has added a fun geeky tech angle to my music hobby and yes holding a iPad is kind of heavy but so is a binder full of paper music particularly if one adds a hymnal to that so on the wait front it's about even for my particular application so I hope you found this interesting piece and may you find beauty in the world around you. Thank you very much Bruce and I'm still going to save my voice a little bit longer until I dive into a solo security bit I'm going to hand back to that absolute powerhouse of a content machine Alastair Day When we left our hero at the end of part 1 he I had a working set of controls for my nano leaf lights once I had my buttons working I decided I wanted to have some nice images to place on them to make the actions clear and which were nice to look at the icons provided as standard in the stream deck software are very limited so I decided to look at the third party icon pack add-ons which can be accessed through the stream deck app. When I looked there were 61 packs available but many even most were either geared towards particular applications like Adobe After Effects or followed some kind of theme like the horror icons pack I looked at a few packs and none were taking my fancy then I spotted a quartet of packs based on Apple's SF Symbols iconography If you pay attention to Apple's WWDC you may be familiar with these Apple's software and many third party applications on Apple platforms use these icons which are part of the Apple operating systems The 4 sets available for the stream deck comprise the 4 different colour styles offered by Apple I downloaded the monochrome and colour versions SF Symbols contains over 4000 icons so there are plenty to choose from and these were in fact still are my go to icons for initial setup however for my lighting buttons I wanted something much more representative of the devices themselves and of the subtle differences the buttons represent something that clearly shows the resulting light modes for this I decided I needed to create my own I have long opined that Photoshop is a poorly named piece of software I no longer use it but when I did I very rarely used it for photos what I used it for a lot was graphics work these days my choice is the Photoshop competitor Affinity Photo although in this case Affinity designer is the better tool the reason designer is better is that the graphics on the buttons need to be simple and clear and using vector shapes and tools is a better fit to achieve this if you own Affinity Photo it has enough shape tools to get by but for example you cannot combine shapes with boolean operations an operation I needed to get one of my key designs to look right after a little sleuthing I came up with a button size of 72 pixels square Affinity designer can actually size its documents in pixels which makes the final exports very simple you can also switch to pixel mode to get an idea of how the final result will look although they are only about 13mm square on the stream deck so you can get away without worrying about this as long as you don't use fine lines I won't bore you with how I created my designs they range from simple combinations of coloured squares that represent the nanoleaf canvas panels to more involved designs to represent my spotlights that hold the main three nanoleaf essentials bulbs if you have any skills with a graphics application I strongly recommend you have a go at creating your own in many cases the buttons will be more pleasing and more obvious in their function the next problem I decided to solve came in the form of my day job I currently work from home and doing so involves spending a fair amount of time in Microsoft teams I have a love-hate relationship with this application it is on the whole quite superior to what came before it in our company but at the same time it has a significant number of paper cut issues that bug me daily the first problem may not be the fault of teams but for whatever reason the mute button on my headset which had worked consistently for months I recently decided it sometimes wouldn't the light on the headset cord, the mute indicator in teams and whether or not anyone can hear me all seem to have a tenuous relationship such that I am never sure if I am muted or not if I use the headset button the solution is to use the mute button in the teams window but this can be hard to hit accurately and is next to other buttons I do not want to click by accident it does have a keyboard shortcut but that's a bit of a handful and only works if teams is the current application when I am on a call this is often not the case what if I could have a button on my stream deck that would mute and unmute teams no matter what while it is possible in macOS to send a key press directly to a specific application and this is something I will delve further into in part 3 I discovered a simple hack that did the job, mostly many applications will if already open respond to an open request by becoming the active application my mute button strung together 3 actions open teams delay for 50 milliseconds then press control command M the 50 millisecond delay was needed to give teams time to become the active application there is a caveat with this approach that I am fairly sure applies only to teams teams is special it doesn't have like most mac apps in that its response to being activated is not always to show its main window and accept input I've seen this even with a simple command tab key press where the menu bar will change to show teams as the active application but macOS does not switch to the only space that has a teams window some internet sleuthing suggests that this is caused by teams having an invisible window that it uses for call notifications I first tried this technique with another application and for that it worked without fail having got my mute button working mostly I set about finding other keyboard shortcuts in teams that I could place on my stream deck I added buttons for answering and hanging up calls sharing my screen and switching to 4 of the main areas calls, chat, activity and calendar those were all set up the same as the mute button just with different keyboard actions on each then I decided to try addressing another issue I have setting my presence status in teams when in the office I habitually lock my windows laptop as I leave my desk this is easily done on windows by pressing the windows key with L this also automatically sets my teams status to away when I'm working from home there is no need to lock my Mac and I'm not in the habit of doing so when I remember I manually set my status to away before leaving my desk and then inevitably forget to set it back to available when I return achieving the necessary clicks to change status is fiddly so I had learned how to do it via the keyboard pressing command slash invokes the command field of teams usually simply typing away or available or in fact just the first two letters of either and then pressing enter changes my status but I'd still quite often forget when returning to my desk the buttons I created to achieve this were quite similar to the earlier ones but with some extra steps as before they started with opening teams delaying for 50 milliseconds and then pressing command slash then I added another delay of 50 milliseconds to allow time for the command field to become active and finally added a text action to type the necessary text of either away or available the text action has a checkbox that I checked to make it press enter after typing the text so now, subject to teams responding like a normal application a single button press would set my status having two buttons on my stream deck seems to make me forget way less often except sometimes teams just stops responding to the command slash even if I type it myself a final button in this set is simply set to open teams in case I haven't already got it running for the icons I have so far just use SF symbols though I will eventually spend some time to come up with some more recognizable images at this point I still felt like it only scratched the surface of the things I could set on my stream deck to accomplish I mentioned previously about looking into targeting key presses directly to applications something I have since achieved but there are many other ideas to be delved into including presenting live information on buttons and having them react automatically to changes on my computer believe it or not part 3 barely touches on this aspect so there may yet be a part 4 thank you Alistair now I mean this to whether or not to make this confession but when I upgraded my studio at the end of last year to switch over to the Mac Studio and I bought a WaveXLR which is the interface you're listening to me talk to right now I also bought a stream deck because well it's exactly the same size and shape as the WaveXLR so it looks amazingly cool together and I figured it would probably be really useful I'm sure it is I just haven't had the time to actually set it up yet so I think being 2 out of 3 steps down Alistair's rabbit hole I think I'm inspired to actually get stuck in and start using it so maybe I'll actually make use of my investment shortly but anyway Alistair thank you for sharing and hopefully by the time I've heard your third installment I'll be shaken out of my place to see and actually start to use mine too alright folks well here we go another solo security bits which I always dislike doing because I also add so much value to this segment and it's going to do my best without her although thankfully it's actually been a very quiet 2 weeks security news for us so I'm actually going to spend a surprisingly large proportion of this recording on pallet cleansers but hey we can always use some more pallet cleansers right before we get that far though let's check in on some stories we have been following over the last while I'm sorry to say we need to revisit the last past land again and I'm sorry to say it gets worse so when last we spoke we knew that there were some people who had 5000 rounds of PBDFK2 well now we know that some people had just 500 rounds and then we found out that it got even worse there are people with one round of PBDFK2 that is nothing short of disgraceful there was also a brief false dawn when someone noticed in the white paper describing how last past works mention of server side additional rounds of PBKDF2 and my brain hurt that thought because I don't think you can do that in a meaningful useful way because anyway I don't think that works if you have into an encryption and it turns out it doesn't because that's not what that is doing those extra rounds of PBDFK2 were being used to create a key to protect effectively your account details for logging into the web interface they had nothing to do with protecting vaults the vaults are no more protected than we thought they are every bit as vulnerable as we feared if you want more details Steve Gibson does an excellent job digging into it all of this he also talks a bit about a last vault de-unfascator app which will look at the XML formatting of your vault and show it to you in pretty ways he also talks a bit about the iterations and some more thoughts on the aftermath of all this if you just want a good summary of everything that's happened Intigo really caught my eye their Mac security blog had a fantastic post by Justin Long going through timeline basically step by step everything we know that happened it's nice to see it all together it's a well done article so more follow up then from another story we haven't heard from in a while but we certainly talked about a lot was our friends Pegasus our friends the NSO group with their spyware app Pegasus well Pegasus was at one stage deployed against WhatsApp for it was deployed against iOS and Meta were very cranky about it being deployed against WhatsApp and they are trying to sue the NSO group and the NSO group like you can't sue us over that and they appealed it up to the US Supreme Court and the US Supreme Court went nah Meta can sue you just fine NSO group so WhatsApp's Pegasus suit shall continue fingers crossed for a good outcome there right I'm sorry to say we have no deep lives so we jumped straight to action alerts it was patched Tuesday we got patches from Microsoft and Adobe and you should apply them one of the Windows vulnerabilities is being actively exported in the wild so definitely patchy patchy patch patch and the other thing that's notable that this update that this is genuinely actually completely the end of Windows 7 so up until so this lot of updates contain one last set of patches for Windows 7 and there will be no more ever no matter how much money you throw at Microsoft there is no more Windows 7 support to be had and they haven't racking up the price on their extended support to try to push people off for years now it is finally over Windows 7 is gone Windows 7 was a really popular version of Windows people are sad to see it go Windows 8.1 is also gone they never even bothered offering extended support they're not going to they're just letting it die on schedule no extended support no carrying on so on my birthday Windows 8.1 died which I think is quite a nice gift so anyway there we go did patchy patchy patch patch if you're on Windows 7 Windows 8.1 upgrade upgrade upgrade moving us on then to worthy warnings this is not a happy section of the show turns out last pass aren't the only password manager with some bother but the difference is in the case of Norton life lock it wasn't a breach of Norton systems what we had here is a classic password stuffing attack this is where you get one of the 20 kabillion leaked password sets from the 20 kabillion breaches out there and you just give them a go you just try passwords leaked on one site on another site and if you do it slowly enough and perhaps using a botnet to spread out your queries so they come from lots of different IP addresses you can disguise the fact that you're trying lots and lots of passwords and not get noticed by the site that you're attacking that's what happened with Norton life lock so for most of December the attackers were slowly trying password using them on password combinations from various leaks and succeeding getting in and then downloading the user's full vault content they don't need to crack these vaults open like they did with the last pass it doesn't matter how many rounds of PBDFK2 there are because the baddies have a password so if you weren't okay I should back up a second and say that Norton have contacted all affected users so if you got an email from Norton you have to change all of your passwords everywhere all at once okay so I'm riffing off a movie name there you have to change all of your passwords and if you weren't contacted by Norton you got away with it but this does raise to the fact that this attack worked means that there are people who are using reused passwords on their password wall so your last password to rule them all is a password of reused elsewhere I mean in my early youth I used to scoff at such things and I even invented the term cyber Darwinism for this kind of nonsense these people will be taken out of the cyber gene pool by their own idiocy I'm a little bit less harsh these days people are naive, people don't know how to help people not scoff at them so in the spirit of healthfulness if you will insist on reusing passwords do not under any circumstances do so for your password managers password make that one unique if you have to reuse passwords elsewhere why you do if you have a password manager I can't comprehend anyways don't reuse that one whatever you do also if your password manager is kind of a web interface where 2FA is a thing turn it on that would have saved these users as well even if they'd reuse a password 2FA would have still used them save them so don't reuse your master password and turn on 2FA if it's relevant to your particular choice of password manager okay it has been the case for as long as I can remember that whenever there's a thing whether it be hurricane or earthquake or frankly anything that makes news the bad guys will try to profit off it well one of the things making news these days is chat gpt and we now have a little issue with basically fake chat gpt apps showing up in app stores looking for big door button subscriptions there was an example made the news on mac rumors was 7.99 per week was a subscription and it was a fake chat gpt app it shot up the app store charts which is a bad bad sign apple did pull it from the store but I mean just be careful chat gpt is a big hot topic be sure you're going to the actual chat gpt the bad guys trying to hijack the popularity of chat gpt to scam you out of your money be vigilant the next two stories have an American flag nest them and they're not good news so T-Mobile yet again have managed to lose their customers data this time they had a badly configured api end point and through the badly configured api end point a quote unquote bad actor stole the personal well frankly the customer records for 37 million customers now T-Mobile are very quick to point out that no payment data or social security numbers were leaked no they only leaked your name, your date of birth, all of your contact details and a whole bunch of details of your AT&T contract so basically enough to make an excruciatingly convincing spishing attack entirely automatically and there's so much information there that the guys over on naked security think this is actually a danger for identity fraud even though it doesn't contain a social security number they still think that there's so much information here that you could probably succeed in quite a few places to open stuff in another person's name so all I can recommend, I'm sorry to say is ever present vigilance don't click on links and emails be suspicious of all emails go straight to the website and login directly use saved details to contact support someone says that your account is about to be destroyed or whatever contact T-Mobile on the support number that you have in your address book that did not in any way come from the email and talk to a representative and figure out whether it's true or not it's true, they'll help you if it's not hey, no damage done because you've phoned them directly and I actually can't think of even an advice to give on this actually no I can, I'll just share Brian Krebs' advice if you're an American freeze your credit because the credit bureaus just leak your personal information like you wouldn't believe and they absolutely can end up costing you spectacular amounts through identity theft because they have all of the information to facilitate identity theft so Experian had a fairly major boo-boo in the web interface where you could basically get anyone's credit report anyone's credit report just by tweaking the URL a bit you go so far into the process you tweak the URL and then you get other people's credit report the mind bubbles how these companies are permitted to continue to hold so much such valuable data when they have demonstrated so clearly they are incapable being trusted with they are not competent why are they being allowed to hold this trusted data crunky crunky moving on to notable news President Biden of the United States has been busy he wrote an op-ed in the Wall Street Journal or urging Congress to act against big tech basically he had three points he wants there to be federal level privacy protections we have California level you know state and not just California other states doing it too but it's happening at the state level and the president quite rightly thinks it will be much better if that happened at the federal level because it will be one level playing field one set of rules for everyone it's just easier for finance it's easier for everyone to know their rights can't disagree with him on that one he also urged that argued that companies that have algorithms for boosting content should be responsible for what their algorithms do it's very different when you have a chronological order when people post stuff you can legitimately say that you are not doing anything editorial right you're just sharing a flow of data in chronological order that is to me a common carrier but if you have an algorithm that uses to boost some content above others that is editorial and it boggles my mind that anyone ever considered anything other than editorial somehow that choosing to boost content is like being a telephone company does not comport with my brain whatsoever and President Biden agrees that if you have algorithms you're responsible for what your algorithms get up to and you should have transparency into what your algorithms are actually doing again cannot disagree finally the one you obviously expected called for more antitrust to boost competition okay that will be nice sure finally some good news out of the European Union Europol had a foreign trade and basically in busted a multi-million euro investment scam so cameras arrested across four countries it was a big deal they got the baddies makes me very happy so we have no top tips we have no accent explainers we do have three interesting insights I thought I would share first Google like Apple continue to tweak the security features in each new version of Android and we've talked quite a few times on this segment about how Google are introducing iOS like features to do a really good job of locking things down and we've said very positive things about these new features unfortunately unlike an iOS when new features get to most people relatively quickly on Android these new features remain hypothetical for the vast vast majority of Android users so both companies released an OS sort of fall-ish of last year and on the Apple side three quarters of Apple users have moved over to the new OS and are getting the advanced security features just one in 20 Android devices have the new features that came with their latest OS that's 5% that's so much worse so the actual lived security of Android is much much lower on average because the technological enhancements don't make it out to people nearly enough I mean I'm disappointed in how low 74% is but well 5% I guess that should be easier on Apple another interesting one if you fancy sort of keeping informed about what's going on over on tidbits I should have remembered who the author was one of their excellent authors and I really do mean that did a giant big post with screenshots explaining basically the current trend in phishing so if you want to keep an eye on what's going on now have a read of the post that's fully annotated explains what's suspicious of each one and stuff it's really cool and I also like the title An Annotated Field Guide to Identifying Fish with a PH this is a fun title and now I'm going to rip off rip off? I guess it's like you rip off too I'm going to riff off yeah long running gag on one of my favorite science podcasts this weekend science or twists good news breaches are now so common that we can use them to test for bots if an email address isn't in the have I been pwned database it's probably a recently created bot so if you're selling tickets online or whatever you can check for botting us by checking whether or not the email address has been involved in a breach if it has sell them the tickets or whatever if it hasn't it's almost certainly a scalper which is really depressing that for an email address to be real it has to have been caught up in a data breach or rather if an email is real it probably has been almost certainly has been caught up in a data breach that is the thinnest of silver lining anyway nice work by Troy Haunt interesting blog post linked in journals no just because it's cool but very much related we have Palakanzas and basically it's a multimedia party here we have a smorgasbord of multimedia palette cleansing if you like images then I will recommend a specific astronomy picture of the day so Carl Sagan is famous for saying that we're all made of star stuff and as I will prove to you in this diagram I'm going to link you to that is in part true a whole bunch of the elements that make up the universe and us originate in stars but there's a heck there's a lot more going on than that so someone has done a full periodic table where each element is color coded to the appropriate percentages of where the element came from so the hydrogen is pretty much purely and totally from the big bang on the same stream of helium and a little bit of lithium coming out of the big bang but then things are to get way cooler as you go down the periodic table of elements so did you know for example that rhodium comes from merging neutron stars I did not or H was rhodium until I went and looked it up but anyway chemistry was never my strong suit I thought it was a fascinating welcome where the stuff in the universe actually comes from so link in journals if you prefer listening to things then I can highly recommend the latest series of the business movers podcast they are telling the story of Pixar and I kind of thought I knew the story of Pixar and I guess I knew the vague outline but there was so much more to it than I realized and this isn't Steve Jobs' Pixar this is all Pixar's history and yes Steve Jobs enters the picture sort of the end of episode one of four really and is pretty darn important in episodes two and three and then unfortunately and tragically is not in the last chapter but it's not there's so much more to Pixar than Steve Jobs and the Steve Jobs bit I knew because of Walter Isaacson's biography and stuff but learning about the rest was actually really fascinating so I absolutely thoroughly enjoyed this four part series so the link in the show notes is to part one if you enjoy it part two, three and four are available from Business Mover Seed and finally if you like long reads and I warn you these are long reads then I can highly recommend one single article which isn't too long a massive epic three part near novel both from Ars Technica so the slightly shorter long read is an article celebrating 40 years of the Lisa which is actually more revolutionary than the Mac was the Mac was basically the Lisa too it was really fascinating to learn about the history of the Lisa and how Steve Jobs basically in a fit of temper threw it under a bus and pushed the less capable less revolutionary water down version of the Mac and made it seem to be the revolutionary computer the Lisa really was one of the interesting sections is what could have been what if Steve Jobs had not thrown a temper tantrum and actually allowed the Lisa to evolve and develop into what it could have been it could have been a very interesting future for Apple but anyway I thought it was fascinating to read this one isn't too long if you have a lot of time I ended up accidentally burning an extra 100 calories on my morning walk because of this I read part 3 which is what actually came out this week to make sure it was good quality and that was of course part 3 so part 1 and 2 had been released 2 months ago and 1 month ago but part 3 was excellent so I finished part 1 and part 2 as well and my walk wasn't nearly long enough so I ended up doing laps of my housing development and I think I passed my own front door 12 times before I finally went in because I was determined to finish but anyway it is a 3 part series called A History of Arm so part 1 is building the first chip part 2 is everything starts to come together and part 3 is coming full circle it's absolutely fascinating and I sort of knew but half of this I knew about it when Arm was its own company and moving forward from there when the licensing model was the arm model and how that came to the Newton and then eventually to Nokia and then the iPhone and then back to the Mac I didn't know anything about how Arm got to be to the point where it was spun out how do you spin something out if it doesn't exist I learned all of that in part 1 and in part 2 it was absolutely fascinating so if you have a lot of time definitely recommend that 3 part 2 from Arm's Technica well I have rattled on for long enough all by Milo and himself I'm hoping I did an okay job of this I think 2 weeks or so Allison will be back so next time normal business will be resumed when we do our next check in on security bits but until then folks remember to stay patch so you stay secure well that's actually going to wind us up for this week if you like the content I created here please considering I should say this I always joke that I'm terrible about promoting myself so Allison wrote me this so this is I'm reading Allison's script in praise of my own podcasts which is kind of funny anyway I just let you a little peek under the hood here so with all that said this is going to wind up the show for this week if you like the content I created here please consider checking out my podcast you can follow me on twitter at bbushots and on mastodon at bbushots.com with no valves.social did you know you can email Allison at allisonatpodfeed.com anytime you like if you have a question or suggestion just send it over you can follow her on twitter at podfeed and you can find her on mastodon at podfeedatchaos.social want to join in the conversation you can join our Slack community which by the way rocks over at podfeed.com forward slash slack you can talk to me being Allison oh and me actually me being Bart as well and all of the other nasilla castaways remember everything good starts with podfeed.com you can support the show at patreon.com forward slash podfeed or podfeed.com forward slash patreon actually as well or with a one time donation at paypal.me forward slash podfeed or podfeed.com forward slash paypal if you want to join in the fun of the live show you're going to have to wait until Sunday February 5th when you can head over to podfeed.com forward slash live at 5pm pacific and join the friendly and enthusiastic nosily thanks for listening and stay subscribed