Peter DeGroot, one of AshMUG’s leading technology experts and long-time user of 1Password, lifts the veil on this super password protection software. If your brain is taxed trying to remember upwards of 50 passwords, you’ll delight over this simple, low-cost solution.

All computer users generate passwords for specific sites on the Internet - whether it’s your bank, a shopping site, or your favorite social networking site. Remembering passwords has become a time-consuming, hair-pulling aggravation. 1Password, the award-winning keychain web browser software, is a creative, user-friendly, time-saving solution for our over-taxed memories. No more writing your password on a slip of paper you can’t find when you need it: 1Password’s high-security software “is” your memory.

Apple’s free iCloud service replaces MobileMe and provides a way for people to instantly synchronize contacts, calendars, photos, documents, music, and other kinds of data among their digital devices—especially Macs and iOS devices. But as many people have discovered, a great deal of complexity lies beneath iCloud’s friendly surface. In this presentation, veteran Mac author Joe Kissell explained what iCloud can do for you, how it differs from MobileMe, and how to deal with some of the most significant iCloud frustrations.

Though we were unable to record Joe’s presentation, we recommend Joe’s Take Control eBook “Taking Control of iCloud” which includes all of the information he presented, with a great deal more detail.

In addition, Joe recommends Apple’s website for iCloud information.

And for more information on the presenter, visit Joe’s website.

Exploration of the eRevolution: eReaders, eBooks, and ePublishing. Presenter: Steve Weyer, PhD, has served as a software developer for Stanford, Xerox, HP and Apple, and is currently an OLLI instructor at SOU.

Steve’s presentation is available at his website:  http://communicrossings.com/ashmug-e-books

For example, if I wanted a sentence to be bold or red I could do this:

<p><b>This part is bold.</b></p>

or

<p><font color="red">This is red</font></p>

The basic approach was to lay out our web page and then apply some styles or formats to it – much like a painter might draw a picture.

As early as the 1970s some programmers understood the importance of separating the content, or substance, of a document from the style. Early web pioneers saw the connection to web pages, but most of us developers were slow to realize the advantages.

Style Definitions

Rather than “painting” a style on each text or other element, we can define how different elements look. For example, I could decide that all my big headlines should be red. I can set this format just once and it will apply to all the uses of the headline tag.

This style looks like this:

h1 {color: #FF0000}

(the #FF0000 is a hex formula for the color red.)

And now anytime I have <h1>This is a Heading</h1>  that heading will be in red. And those instructions can apply to more than just appearance. They can lay out portions of the page to float to the left or right, or not be displayed until some action is taken, etc. As you read this post on the ASHMUG site the gray column to the right is defined by some style declarations, rather than being a fixed table.

Style Sheets

Style declarations can be stored in the header of a single web page, but the best way to use them is to create a separate file with nothing but style declarations. This is called a Cascading Style Sheet (CSS). Rather than a long list of style declarations at the top of each web page you can have the following:

<head>
<link type="text/css" href="mystyles.css" rel="stylesheet" />

...other header stuff...

</head>

So now the user’s browser finds the mystyles.css file, loads in the instructions, and displays the page. Once the browser loads this page, the information stays in cache, i.e. it is remembered, and saves time when other pages load with the same style sheet. The “cascading” part of the name means that it is possible to have several different style sheets, and that the ones following can inherit the style from the earlier sheet and modify a part of it.

Style versus Substance

This can make web page layout a lot more efficient – saving a lot of coding on a big, complicated page. The real power, though, comes in the mind set of separating out the content of the page, from its style or format. A developer can design a page, using style declarations like the one above, and then decide to change the format, by swapping in different styles.

Zen Garden – a masterful example of different styles. Visit the site, csszengarden.com, and then click on the various style choices in the right hand menu. Even though the page has the same content, the look and feel is entirely different.

This is helpful for more than people with different artistic sensibilities. You can apply different styles for regular browsers versus mobile devices. The web page can detect that a mobile device is being used and adjust the look and feel to accomodate the smaller screen. A visually impaired user can invoke a larger format style or one which works best with a screen reader.

Browser Wars

Today’s modern browsers follow the CSS rules laid down by various consortia fairly well. This wasn’t always the case. The biggest problems came from earlier versions of Internet Explorer (v5 and v6 in particular.) Microsoft and its browser decided to interpret the CSS rules differently, to favor the user experience under Windows. There is an ocean of virtriol spewed by web developers who have had to craft hacks and workarounds for older versions of IE, and today there are subtle differences still.

Learning the CSS Rules

The rules governing CSS are complex and sophisticated, and I can’t begin to teach them here. If you are designing a web page, an investment in a CSS manual would be a wise choice. Or you can do as I often do, and acquire or purchase web page templates that come with CSS style sheets. My favorite source is Project Seven – projectseven.com. They have both free tutorials and commercial templates for sale, and these adjust for idiosyncratic differences among browsers.

Of course, when I decided to write this, I didn’t have any real examples handy, but here are a couple of semi-plausible made-up ones.

_________________________________________________________________________________

_________________________________________________________________________________

 _________________________________________________________________________________

As web site users and web site owners/developers there are some steps we can take to help safeguard information. Today’s post focuses on the secure, encrypted communication offered by some web sites.

Some Background from the Web User’s Perspective

When we go to a typical web site, like ashmug.com, we are sending a simple message out through the Internet asking to display the ASHMUG web site. The ASHMUG web server sends us back the pictures and text and instructions that construct the page. If there is a simple form on one of the pages, like the form on the Contact Us page, any information we type into that form gets sent back to the server in the same way.

By default this exchange of information is in the open. If someone could “listen in” to the flow of information they could read and understand what is being said, including the information we type into the form. In many cases this is no big deal, since the information is generally known by the public anyhow.

If the information requested in the form is sensitive – such as a credit card number -  the web site can safeguard it by encrypting, or coding the information before sending it out over the “wires”.

Safari Icon - Encrypted

There are a couple ways to spot if this extra protection is present on a web page you are visiting. If you use Safari as your browser there is a little gray padlock in the upper right corner of your browser window. In some browsers you can also spot that the web page URL/address starts with https: . This indicates a secure page, while http: indicates an open or unsecure page.

Encryption Information in Firefox

If you use a recent version of Firefox , up in the address bar, just to the left of the page address is a box that displays the name of the site owner. Clicking on that shows more information about the encryption.

Let’s look at this information a bit more. There is a note that the site ownership is verified by GoDaddy.com. That means that GoDaddy has taken extra steps to verify the site’s identity, and has given the Intrade.com site a digital certificate supporting the verification.

If you see information like these two examples, then you can be pretty confident that the information on the form will go out on to the Internet in a safeguarded form – encrypted. That reduces, significantly, the chance that an eavesdropper can intercept and see your sensitive information.

This kind of protection is particularly important if you are viewing/using a web site through a public wireless hotspot, like at a coffee shop, the library, or on campus. Your communication in these public places is easier to catch and intercept. If you are home, connected to the Internet by a cable, or sitting behind a password protected wireless hotspot, the actual odds of someone intercepting your information are pretty slim. Still, it is good practice to expect a web site to secure the communication of important, sensitive information. And virtually all good web sites take this precaution. You’ll routinely see it used when shopping online, or banking, or a variety of other functions.

How Does it Work?

As a user you might be mildly interested in this. As an owner or developer of a site, this information is more important.

To offer a secure page and communication the web site needs to register with a security certificate company. There are many, including Network Solutions, GeoTrust, GoDaddy, and more. These companies ask to verify who actually owns/operates the site, and who the key contact is. They then issue a security certificate and a public key. The certificate helps display the kind of information on Intrade we saw above. This certificate is made available to browsers who visit the secure page. The public key is a very long, seemingly random assortment of numbers and letters. This key can be 100s of characters long.

The web site sends this public key to the browser. The browser uses the public key to convert the plain-language information into coded gibberish. If a bad person intercepts a communication that is encrypted, they can find out the public key, but that is not enough information to decrypt, or translate the gibberish into useful information. When the encrypted information  comes back to the web server, the server matches the public key to a private key stored on the server. Once the match is made, that private key can unlock the information and make it readable. No one can see that private key, and it is kept in a safe place on the web server.

If you are developing a web site and you want to safeguard the transmission of information, the first thing to do is consult with your web hosting service. They will probably have established procedures to help you get a security certificate, and to install it in your site. It will cost you an extra annual fee to renew the security certificate, and sometimes a one-time set up fee. The process for doing this on your own is pretty complicated, so make use of any service your hosting company offers.

Coding Notes for Your Web Site

Once you have the security things set up with your host, you need to tell the browser when to switch to secure mode. Let’s use the example of a contact form page, and imagine that you want the information on that form to be encrypted when it is submitted. So, we are on the home page of mydomain.com and you have a menu that includes the contact form page. Ordinarily you would link to contact.html, with some HTML like this:

<a href="contact.html">Contact Us</a>

We now need to change this to indicate a secure page. The new code might look like this:

<a href="https://mydomain.com/contact.html">Contact Us</a>

See the https:  in the code? For a regular link we don’t have to worry about http: or even the domain name – those are just assumed when linking within a web site. In this case though we are more specific and saving we want the Contact Us page to be displayed and used in secure mode.

So, now the user is taken to contact.html and the page is displayed in secure mode. Good.

The next step is to make sure the form on that page goes to a similarly safeguarded page. Maybe the form tag sends the information to getform.html.  That page might have some programming that takes the form information, and does something with it – save it or create an email with it. To be safe your form tag should look like this:

<form action="https://mydomain.com/getform.html" method="post">

...form fields go here...

</form>

One last step… Go to the HTML coding for that original form page and see if any of the images in particular are specified like this:

<img src=”http://mydomain.com/images/image1.jpg” />

This kind of coding should be changed to use secure functions, or else the browser will warn the user that some parts of the page are not secure. In truth this isn’t a security hole, but it will worry your user. So use either of these coding styles for your images.

<img src="images/image1.jpg" />    Your browser will assume the image should be retrieved securely.

<img src="https://mydomain.com/images/image1.jpg" /> This leaves no doubt

Very often we work with page templates where the heading and navigation menus are standard on all pages. That can mean that some images, like a logo, are displayed with the same code, page after page. Generally this isn’t a problem when these templates use the shorter version above, <img src=”images/image1.jpg” />. If this appears on a secure page the browser assumes the image should be retrieved securely, and otherwise not.

Why Bother?

This is actually a fair question. If you are contemplating a web site that will deal with sensitive, personal information it is a good idea to step back and ask yourself if you want to make the effort to secure the site, and also secure any information that you collect and store. Also, if you collect and store sensitive information you assume a legal risk or liability if that information is compromised. This is the beauty of services like Google Checkout (soon to be renamed Google Wallet) and PayPal, or the Yahoo Store. If you set up accounts with one of these services and can then send your site visitors to their secure pages, you can be more comfortable with your user’s security. These services spend tons of money perfecting their security set up. I know a guy who works for PayPal in the security area and he and his colleagues spend practically full time trying to anticipate hackers, and building mechanisms to foil them. Most of us don’t have the resources to match that. Working with a large, legitimate online shopping service is often the best route.

Marcia Bolsinga, AshMUG webmaster, provided some ideas and tips for creating your own website, and gave a demonstration of the free WordPress software for creating a blog or website. Click on the video icon to the left to see a video of the presentation.

Getting Started – Basic Website Tips/Tools:

• Blogs, Travelogues, Video/Photo Sharing, Marketing
• Template-based sites including WordPress.com, Google Blogger, Tumblr, Xanga
• Web Design and Development
• Domain Name
• Web Host
• Software  (Development/Desktop/Web-based)
• And more …

  Presentation:  Lion is Out of the Wild and Leaping onto Your Desktop

Hear the next generation Mac OS Lion roar …

Walk into the Lion’s Den with Todd  Derek of Derek Enterprises.  (http://www.toddderek.com/)

Derek introduced some of Lion’s new innovations and how this new OS X will change the way you interact with your Mac, including:

• System Requirements
• How to Upgrade to/Install Lion
• What is the new Recovery Hard Drive
• Why Update Software before Install

• Multi-touch Features
• Full-Screen Apps
• Mission Control
• Launchpad
• Revamps of Apple Mail, iCal and Address Book

In short, while not designed as malware like MacDefender was, this is an application that has caused significant problems with many people’s Macs, and is marketed and priced in what I consider a deceptive and unethical manner by the Russian developer, ZeoBIT.

It is advertised at $14.95 but you will find out after you buy it that that’s just for six months, then you have to renew. ZeoBIT is notorious for planting fake flattering reviews of MacKeeper on Web forums, including some reputable ones. There are also fake forums such as a web site claiming to be a review site for Mac software which has exactly one review on it; for MacKeeper. This review includes much misinformation including the patently false statement that “42% of Macs are infected with viruses” and other scare tactics.

If you want further opinions on MacKeeper, The Apple Support Communities discussion forums contain may threads about problems with this software and its developer. There is also some good documentation of ZeoBIT’s deceptive practices and lack of ethics in the blog post Beware MacKeeper. More importantly, this post also includes an extensive listing of free apps that accomplish everything that MacKeeper claims to do.

If you are tired of seeing the pop-up, pop-under and banner ads for MacKeeper everywhere, download and install the free Glimmerblocker in Safari. This will block most, but not all of them. I recently saw one on Snopes, a site dedicated to exposing and debunking fraud and misinformation on the web and in emails.  It seems ironic that they would accept advertising from a company with so many complaints about deception and unethical behavior.  Oh well, “When you see a situation you can’t understand, look for the financial interest”. And if it involves the French or a politician, you can add “cherchez la femme:”