Kibbles & Bytes Blog

  • Diagnosing & Treating Bash "Shellshock"

    OS X is a descendant of a long lineage of UNIX operating systems, from which it inherits its incredible stability and enhanced security. However, the past two weeks have uncovered numerous bugs in a core piece of software relied on by many UNIX operating systems, OS X included: bash (Bourne-again shell). It turns out that these bugs have been very long standing and can be exploited in numerous ways to provide unchecked access to a computer (in some cases remotely) with an afflicted version of bash installed. Due to the surprise and scope of this vulnerability, many have dubbed it “Shellshock”, in reference to the combat fatigue experienced by soldiers, but it’s really not a fair comparison to the effects of war.

    A “shell” is a program that interprets and acts on textual commands either entered directly by a user at a terminal (or using a virtual terminal like the Terminal app found in /Applications/Utilities on OS X) or from a file containing one or more commands to be run automatically (sort of like a player piano, if that’s even a useful analogy anymore.) Bash is a very common shell program and is the default on many UNIX operating systems, including OS X (as of Mac OS X 10.3 Panther). If you’ve ever opened up the Terminal app and run a command in the last decade, you’ve used bash.

    I personally write a fair number of scripts in the bash language to automate various processes on my computers and servers, primarily because it so ubiquitous. It may be partly because I’m a bit of a masochist, but–as a server admin–I also find it helps me perform tasks more efficiently when working in Terminal since it is the default. Needless to say I immediately started investigating the bugs, the attacks, and testing OS X workstations and servers.

    Fortunately, without very specific custom configuration, OS X is not vulnerable to remote attacks through the afflicted version of bash, as echoed in the following statement from Apple (“given to Jim Dalrymple of The Loop”:http://www.loopinsight.com/2014/09/26/apples-statement-on-the-unix-bash-vulnerability/):

    bq.”The vast majority of OS X users are not at risk to recently reported bash vulnerabilities. […] With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.”

    None of the OS X 10.6 Snow Leopard through OS X 10.9 Mavericks systems I tested were vulnerable to remote attacks, however, all versions were susceptible to local attacks. The bugs are such that malicious commands can be inserted into “environment variables” (just what they sound like, data that exists in the environment in which individual shell scripts are run and therefore can be accessed by many scripts) and will be automatically executed upon any bash command or script being run. Not good. Since there are multiple bugs, there are different ways to test for each, but I find running the “‘bashcheck'”:https://github.com/hannob/bashcheck script to be very convenient way to test for all of them at once.

    The bash developers and community have worked feverishly to investigate and fix these bugs. Apple has released “OS X bash Update 1.0” which includes fixes for the initial pair of bugs, but it unfortunately does not address subsequent bugs. As a further inconvenience, Apple does not provide this update via Software Update or the App Store, so you must download & install the appropriate update for your version of OS X:

    “OS X bash Update 1.0 – OS X Lion”:http://support.apple.com/kb/DL1767 (10.7)
    “OS X bash Update 1.0 – OS X Mountain Lion”:http://support.apple.com/kb/DL1768 (10.8)
    “OS X bash Update 1.0 – OS X Mavericks”:http://support.apple.com/kb/DL1769 (10.9)

    For those of you running Mac OS X 10.4 Tiger through 10.6 Snow Leopard on much older Macs, the developers of “TenFourFox”:http://www.floodgap.com/software/tenfourfox/ (an open-source version of the Firefox web browser specifically for older PPC & Intel Macs), provide “a download along with detailed instructions to install a version of bash that fixes all the known vulnerabilities at this time”:http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html. It does require command line experience, so is not for the faint of heart. The updated version provided by the TenFourFox team can also be used on OS X 10.7 Lion through 10.9 Mavericks and actually installs the very latest 4.3.x version of bash as opposed to the older 3.2.x version that Apple includes by default (and provided the partial fix for). This newer version of bash also has some benefits that programmers might enjoy, but it comes at the risk of possibly being downgraded by a future OS X update from Apple.

    If you never use the Terminal app, I’d suggest you at least apply the appropriate version of “OS X bash Update 1.0” and any future updates that Apple might release to fix the additional vulnerabilities. For those of you who use Terminal with any frequency, you’ll want to proceed with caution and weigh the pros & cons of relying on Apple’s partial update or manually updating to the latest version of bash for your particular use.

  • _Hello friends,_

    This is Hapy, filling in for Don this week who is out in Cupertino meeting with some of the Apple bigwigs to plan for the next quarter. It is definitely peak foliage here in Vermont, which means lots of tourists, lots of road construction, and the sounds, smells, and sights of autumn! There is one particular sound of autumn which I love the most, and that is the crack of a maple baseball bat on a ball, as the Major League Baseball teams enter the playoffs. My favorite team, the San Francisco Giants are back in the thick of it this year, hunting for their third World Series victory in five years. If you find the regular season baseball to be a bit of a slow game, the tension which builds with every pitch and every swing of the bat in the playoffs turns the game into something completely different. The Giants are facing off against a tough Washington Nationals team tonight in game 1 of their series. In honor of the black and orange colors of the Giants and the Orioles, I am giving away the Hammerhead Jacket Case for the iPhone 5 in orange only for just a penny this week.

    “*See this AMAZING deal here!*”:http://www.smalldog.com/wag900001588/kibbles-and-bytes-exclusive-orange-jacket-case-for-a-penny

    We have a fantastic set of articles for you this week covering the Shellshock vulnerability, a solution for disappearing scroll bars, extensions in iOS 8, and a special offer for new Consulting clients.

    Thanks for reading and being a Small Dog supporter, and GO GIANTS!

  • Sign Up!

    Click on the link below for a full overview and to register. Registration will open Saturday October 4th at 9am Please note that there are limited tickets available and have been selling out very quickly.

    Contact us with any questions via the Eventbrite page.

    Register for the event here!

  • Mike will provide an overview of the features that iCloud offers and how to set it up on your device.

    Topics will include: Learning how to share your music, movies, apps and books between all of your devices; iCloud photo sharing; starting a project in Pages, Numbers or Keynote and picking up right where you left off on another device and setting all of this up on your iPhone, iPad, iPod touch, Mac, and/or PC!

    __Note: iCloud requires iOS 5 or later on iPhone 3GS or later, iPod touch (3rd generation or later), iPad, or iPad mini; a Mac computer with OS X Lion v10.7.5 or later; or a PC with Windows 7 or Windows 8 (Outlook 2007 or later or an up-to-date browser is required for accessing email, contacts, and calendars). Some features require iOS 7 and OS X Mavericks. Some features require a Wi-Fi connection.__

  • What We'll Cover

    !http://blog.smalldog.com/images/4034.png!

    !http://blog.smalldog.com/images/4035.png!

    !http://blog.smalldog.com/images/4036.png!

  • Tech Talk 101 Series: "An Introduction to iCloud"

    Join us *Wednesday, October 8th, from 7-8pm for “An Introduction to iCloud,”* the next installment in our *__free__* Tech Talk 101 Series. Held in our South Burlington, VT store, these easy-to-follow courses will cover a variety of topics and are designed to help you make the most of your Mac and other devices!

    Michael Scott Duplessis (Macintosh Consultant, Apple Certified Support Professional, and Star Trek aficionado) will present a run through of iCloud and its features during the hour-long session, with ample time for questions.

  • Tech Talk in South Burlington

  • Great Hands Free Options!

    We have several options available in all of our retail stores for hands-free freedom while traveling down the road! Our retail staff have been eagerly testing many of these devices and are ready to help you make the right choice on the solution that will best suite your needs and your budget.

    “Jabra Tour”:http://www.smalldog.com/product/86015/jabra-tour-bluetooth-in-car-speakerphone-black **$69.99**

    This device is a staff favorite!

    “Jawbone Era”:http://www.smalldog.com/product/86040/jawbone-era-bluetooth-earpiece-silver **$99.99**

    We know that many people need the freedom to be hands-free not only in their car but on the go as well! The Jawbone Era has amazing clarity and ease of use and is extremely comfortable to wear.

    “Plantronics Earset”:http://www.smalldog.com/product/86014/plantronics-m25-earset **$34.99**

    You don’t have to break the bank to be hands free!

    “Belking CarAudio Connect with Bluetooth”:http://www.smalldog.com/product/85667/belkin-caraudio-connect-aux-with-bluetooth **$79.99**

    Route your calls, streaming music, and iTunes playlists through your car speakers!

  • A Different KIND of Business

    Customers can shop at many different places for the products we sell. You could go online or shop at a big box store and probably find most of the products we offer at a lower price. So what’s the difference? Why should anybody buy from Small Dog if the big box has it for $20 less? The answer is simple: Here at Small Dog you aren’t just buying a computer, you are supporting your own community as well. While we may not be able to compete with some of the prices offered by big box businesses, what we can’t match in price we certainly make up for with charitable donations and support of our local communities.

    For the month of October, Small Dog Electronics is continuing its charitable giving and commitment to its triple bottom line of People, Planet and Profit by supporting **Domestic Violence Awareness Month.** Domestic violence is a serious problem that, regrettably, is often overlooked in today’s society. Although recently more people have been taking a stand due to the media attention surrounding the NFL and other high profile stories. This is especially the case since the shocking details of the now infamous Ray Rice incident were released to the public eye. The fact remains that these people are real victims and they deserve better than to be swept under the rug for somebody else to deal with. Small Dog Electronics, wants to bring this issue to the forefront of everyone’s mind by raising awareness and generating support for the organizations responsible for the outreach and care for these victims. We are extremely excited to be able to support such a wonderful cause and three amazing shelters/organizations in our communities. Shopping in any of our stores will support a local organization for that store:

    **Waitsfield and Burlington:** “**Women Helping Battered Women**”:http://www.whbw.org/
    **Rutland:** “**Women’s Network and Shelter**”:http://rcwn.org/
    **Key West:** “**Domestic Abuse Shelter Inc.**”:http://www.domesticabuseshelter.org/

    When shopping this October remember that the money you could save by shopping elsewhere can instead be donated to a great cause in your local community. With the purchase of a new computer, iPad, Beats headphones, Otterbox cases, and more we will donate $15-$50 of every purchase! However, if you do up end up shopping with one of our competitors, we urge you to please consider donating to your local shelter/organization on your own. These are good people that need our support in order to help others in need.

    “**See more information here**”:http://www.smalldog.com/domestic-violence-month/domestic-violence-month

  • Tech Talks!

    Over the past 2 months, we’ve been hosting a series of free basic courses on a variety of subjects. Our Tech Talk for the month of September was focused on iCloud, and the month before that was all about iPhoto on the Mac. Moving forward, we have lots of great subjects to tackle, but we’ll start with a repeat of iCloud for the month of October, in case you missed it. If you attended one of our recent discussions, and have follow up questions, feel free to reach out to our consultants to schedule a personalized, one-on-one lesson at one of our retail stores, or in your home:

    **1-802-497-7171 x 515**
    “**consulting@smalldog.com**”:mailto:consulting@smalldog.com

    Our founding Tech Talk instructor’s name is “**Nate Poirier**”:http://blog.smalldog.com/authors/nathanpoirier. If you’ve ever visited our South Burlington store, you may know him, or maybe you’ve heard of Nate’s legendary lessons. For the past few years, Nate has been one of Small Dog’s shining stars, and conducts most of the South Burlington in-store lessons. His personal interests are seemingly limitless, but do include Apple Products, Digital Photography, Astronomy, and anything that flies and has a remote control. For all these topics and more, you can bring your questions and curiosities his way at the South Burlington store. To schedule an appointment with “**Nate**”:mailto:nathan@smalldog.com, call 802-862-1316 and dial extension 515.

  • Welcome Darek Ashe!

    We would like to welcome Darek Ashe to the team at Small Dog Key West!

    Darek was born in Key West and is thus an official “conch”. He has been serving the community in retail sales and customer service for over 15 years and we are excited to have him here at Small Dog. He has an extensive background with AT&T wireless and with Apple just launching the new iPhone 6 and iPhone 6 Plus our customers are in excellent hands with Darek! Darek’s passion is learning about new technologies and loves to share this knowledge with his customers.

    Darek has a beautiful family with his wife and 2 children and spends his off time enjoying his family and the Keys community.