MacLemon

Unixy on the fruity side

Fixing OpenSSH CVE-2016-0777, CVE-2016-0778 on OS X

CVE-2016-0777/CVE-2016-0778 affects all OpenSSH clients since 5.4 up to, and including, 7.1. This means that the Apple provided SSH of the following OS X releases is vulnerable:

  • OS X 10.7 (Lion): OpenSSH_5.6p1, OpenSSL 0.9.8za 5 Jun 2014
  • OS X 10.8 (Mountain Lion): OpenSSH_5.9p1, OpenSSL 0.9.8zc 15 Oct 2014
  • OS X 10.9 (Mavericks): OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
  • OS X 10.10 (Yosemite): OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
  • OX X 10.11 (El Capitan): OpenSSH_6.9p1, LibreSSL 2.1.7

You can easily check if you’re running an Apple provided, vulnerable version of OpenSSH by issuing the following command in a terminal. This checks the Apple provided OpenSSH binary!

1
/usr/bin/ssh -V

On OS X Yosemite you’ll get an output like this.

1
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011

Beware that you might not be using the Apple provided ssh(1) but a self-compiled one, like from fink, MacPorts or Homebrew for your client connections. This applies to all OS X Versions, even ancient ones on PowerPC.

To check which ssh(1) your shell is using use:

1
type ssh

I use the MacPorts provided SSH package which gives me this output:

1
ssh is /opt/local/bin/ssh

Until an update for a patched package is provided, I get this version string.

1
OpenSSH_7.1p1, OpenSSL 1.0.2e 3 Dec 2015

There is now an updated package which also includes the +hpn variant which will give you this version string.

1
OpenSSH_7.1p2, OpenSSL 1.0.2e 3 Dec 2015

Changing all your ssh_config files is still recommended, even if you have an updated OpenSSH package on your system since the Apple provided OpenSSH may not get an update for a long time or even at all.

To make sure your system is fully patched you have to apply the fixes to all ssh_config files used by all your ssh(1) binaries.

  • Apple OS X 10.7 - 10.10: /etc/ssh_config
  • Apple OS X 10.11: /etc/ssh/ssh_config
  • MacPorts: /opt/local/etc/ssh/ssh_config
  • HomeBrew: Not sure if this one is correct! /usr/local/etc/ssh/ssh_config
  • Fink: /sw/etc/ssh_config

These are the default locations used by the package managers, your path may differ if you’ve used a different $prefix for installation.

To find out which config file your ssh(1) binary is using, try this command, provided by @teilweise

1
strings $(which ssh) | grep ssh_config

To fix ssh(1) clients add these two lines to all ssh_config files with your favourite text editor under the general Host * section, or you might miss some hosts.

1
2
# Fixing CVE-2016-0777
UseRoaming no

Yes, one is a comment, but in a year or two you’ll be happy to know why you put that parameter there.

The UseRoaming parameter is undocumented and considered experimental. It’s quite astonishing that it is on by default. We’ll see if there are more of these undocumented parameters lurking in OpenSSH.

If you absolutely cannot change the system wide ssh_config file, since that requires root permissions, you must add this to your ~/.ssh/config under the global Host setting.

1
2
3
Host *
    # Fixing CVE-2016-0777
    UseRoaming no

If you do not already have a ~/.ssh/config file, just create one and make yourself familiar with man 5 ssh_config. You won’t regret that!

If you have connected to a malicious SSH server with one of the vulnerable versions you probably have lost private key material.
It’s recommended that you regenerate all SSH keys on your clients. This is a good opportunity to move away from older RSA keys to the newer Ed25519 keys, provided your endpoints already support that. (Available since SSH 6.5)

Further reading

CVE-2016-0777 (Mitre)
CVE-2016-0778 (Mitre)
OpenBSD Journal: OpenSSH: client bug
Theo de Raadt on openbsd-misc Mailing list
OpenSSH 7.1p2 Release notes
Qualys Security Advisory: Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

Updates

Update 1 (2016-01-14 19:49):

The path of ssh_config changed with OS X 10.11 (El Capitan). Thanks to @chrisridd for pointing me to it.

Update 2 (2016-01-14 20:16):

An updated OpenSSH Package to 7.1p2 is available from MacPorts. You still must apply the fix to the Apple provided SSH. If you’re using the openssh +hpn variant, you still need to wait for a patch or switch to the vanilla openssh package in the meantime.

Update 3 (2016-01-15 13:10)

Rainer Müller has updated the OpenSSH +HPN Variant for MacPorts in Ticket 144686.

Update 4 (2016-02-11 21:20)

Incorporated feedback by Stephen Dowdy

TLS FREAK Attack

Status of the TLS FREAK (CVE-2015-204) vulnerability on OS X and iOS.

This vulnerability allows a downgrade of encrypted SSL and TLS connections to insecure ciphers that can be broken to eavesdrop on your communication. This does not only affect web browsers but all applications on all versions of OS X and iOS.

Update 2015-03-09 At this time there is no software update available from Apple that fixes this vulnerability.

Apple has provided security Updates: * iOS 8.2 * Security Update 2015-02 for * OS X 10.8.5 Mountain Lion * OS X 10.9.5 Mavericks * OS X 10.10.2 Yosemite

All older releases of iOS and OS X will remain vulnerable forever.

Testing

You can learn more about the technical details and vulnerable websites as well as test any web browser by visiting https://freakattack.com/

Status of Web Browsers on OS X

Exploitable (Do not use these Browsers)

  • Safari (all versions available)
  • Opera 27.0.1689.76
  • Opera Next BETA 26.0.1656.8

All applications that use Apple’s “SecureTransport” for SSL/TLS connections which is pretty much everything you run on OS X including Mail, iTunes, App Store, Calendar, Address Book, etc.

Seem to be OK

  • Chromium 42.0.2292.0 (64-bit) (Canary)
  • Chrome 41.0.2272.76 (64-bit)
  • Opera 23.0.1522.77
  • Opera Next BETA 28.0.1750.15
  • Opera Next BETA 28.0.1750.36
  • Firefox 36
  • Tor Browser 4.0.4
  • Firefox Developer Edition 37.0a2 (2015-01-19) (Aurora)
  • Firefox Developer Edition 38.0a2 (2015-03-04) (Aurora)

Inconclusive

  • Chromium 38.0.2125.122 (290379)

Status of Web Browsers on iOS

Exploitable (Do not use these browsers)

This applies to all versions of iOS and Apps. Testing was done on iOS 8.1.3 with all apps on the current version available in the iOS App Store.

This vulnerability affects all apps on iOS that do not specifically take counter measures!

  • Safari
  • iCab mobile
  • Opera Mini
  • AirWeb
  • Built in browsers and web views in any app
  • 1Password integrated Browser

Seems to be OK

  • Chromium

Inconclusive

  • Onion Browser

Recommendations

Refrain from using exploitable browsers until Apple has released a Security-Update that fixes the vulnerability. Keep all 3rd party browsers updated. Contact your sysadmins and service providers to make sure other servers like mail, jabber, calendar, contacts, etc. have been patched as well!

If you have any other browsers tested, please contact me so I can add the details. Using Mastodon is fine as well!

OpenSSL Heartbeat CVE-2014-0160

To get more information on the effects of the heartbeat vulnerability in OpenSSL 1.0.1 - 1.0.1f see http://heartbleed.com/

A Diagnosis of the OpenSSL Heartbleed bug by @ex509.

Check your installed version with openssl version -a. OpenSSL 0.9.8 is not vulnerable. OpenSSL 1.0.2 betas and later branches may not have received a patch yet, be careful if you need to use these versions. (1.1, etc.) On Linux (for example Debian or Ubuntu) be sure to check the distribution for backports! You can get a hint if you’re facing a backport by looking at the build date. Anything newer than 2014-04-07 is a good candidate.

Sample output on OS X with MacPorts OpenSSL 1.0.1g:

1
2
3
4
5
6
OpenSSL 1.0.1g 7 Apr 2014
built on: Tue Apr  8 03:34:46 CEST 2014
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: /usr/bin/clang -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/opt/local/etc/openssl"

There are a few ways to test your TLS enabled service:

If you get an output of TLS server extension "heartbeat" (id=15), len=1 your server is likely affected.

Keep in mind that these test tools aren’t mature yet (obviously) and may report false positives or false negatives.

The use of forward secrecy ciphers seems to mitigate this mostly. Specific TLS sessions still may be affected if the session key has been leaked at that time. All recorded non-forward-secrecy traffic can be decrypted in retrospect.

Read the OpenSSL security advisory and if you like to dig into the code you can see the git diff of 1.0.1f - 1.0.1g.

Thanks to Julien Vehent (@jvehent) for the OpenSSL testing command.

Checking libraries

If you find libssl 1.0.1-1.0.1f anywhere you need to upgrade that library immediately!

OS X

The version of libssl used by OS X.

1
2
strings /usr/lib/libssl.dylib | grep "^OpenSSL "
OpenSSL 0.9.8y 5 Feb 2013

MacPorts

The version of libssl used by MacPorts.

1
2
strings /opt/local/lib/libssl.1.0.0.dylib | grep "^OpenSSL "
OpenSSL 1.0.1g 7 Apr 2014

any binary

You can check if any binary on OS X dynamically links against libssl

1
otool -L file

If you get a line about libssl you then need to check which specific version that OpenSSL library uses with the strings command as shown. If you do not get any libssl info but you know that a binary makes use of TLS/SSL then you need to check for statically linked libraries. Some binaries give you that info by passing --version | -v | -V as the only argument.

If you can recompile that binary update OpenSSL and link against that. If you don’t have the sourcecode to that software contact the vendor. If that is not possible as well, stop using that software now.

Where to go from here

Firstly update your OpenSSL to 1.0.1g or newer! Download the OpenSSL 1.0.1g source and its GPG signature and verify that signature. Check the public keys of Dr. Stephen Henson on the SKS Keyservers

1
2
gpg --recv-key D3577507FA40E9E2; gpg --list-sigs D3577507FA40E9E2
gpg --verify openssl-1.0.1g.tar.gz.asc

Then rebuild all the binaries on your machine that link against OpenSSL. Restart all services that use those binaries. When in doubt do a full restart.

Now the really fun part starts. Generate new keys for als SSL/TLS secured services. You may want to use this “opportunity” to upgrade your key length. Changing keys is necessary independently of your certificate authority in use. This also applies if you use self-signed certificates as the private keys themselves may be compromised.

Get new certificates for all the new keys and revoke the old certificates.

For secondary vulnerabilities see http://heartbleed.com/ and act accordingly. Yes, this likely means changing a lot of passwords (again), deleting cookies, invalidating OAuth tokens, etc.

Upgrading MacPorts

MacPorts already has an updated openssl package thanks to maintainer Markus W. Weißmann (mww).

1
2
3
port selfupdate
port upgrade openssl
port selfupdate #yes again

Check that your OpenSSL library is the correct one:

1
2
strings /opt/local/lib/libssl.1.0.0.dylib | grep "^OpenSSL "
OpenSSL 1.0.1g 7 Apr 2014

Then check for packages that depend on OpenSSL.

1
port depend openssl | cut -d " " -f 1

To upgrade all packages that depend on OpenSSL

1
port upgrade --force -s $(port depend openssl | cut -d " " -f 1 | awk 1 ORS=' ')

Then restart all services that you have just upgraded. This may for example be Apache or nginx.

Long term “fun” with this bug

A few ideas of devices that are likely to stay vulnerable for a long long time.

  • Firewall/plastic router web interfaces which rarely get updates if at all
  • Printers which get even less upates will be vulnerable for years to come
  • Tesla anyone?
  • any kind of appliance
  • especially embedded boxes
  • network switches
  • Your fridge
  • home automation systems
  • APIs that nobody ever looks at
  • iOS Apps that use OpenSSL

Thanks

@VividVisions Feedback on backports in Linux @ferebee Feedback on ambiguity of OpenSSL command line tests

Eday 2014

Sichere Kommunikation im Unternehmen

Sichere Kommunikation für Unernehmen bedeutet heutzutage Einsatz von starker Verschlüsselung. Das klingt kompliziert und es wird leider sehr viel falsch gemacht dabei. Wie sie die richtigen Technologien einsetzen gab es in meinem Talk zu sehen.

Es gibt die Slides meines Talks als PDF zum Runterladen. (SHA256: ee364b95b649b3fa6f92a6ca785a5ed744205fe5f34c8e6d9fbf90c17ce058f2)

Update 2014-03-13 Video

Die Video Aufzeichnung meines Talks „Sichere Kommunikation im Unternehmen“ ist nun verfügbar. (23'47")

Weiterbildung

Einzelpersonen können bei einer der vielen CryptoParty Veranstaltungen die korrekte Anwendung von Verschlüsselungstools einfach erlernen. In Wien findet dieses Event jeweils am letzten Montag eines Monats statt.

Für Unternehmen gibt es ebenfalls die Möglichkeit zur Schulung von MitarbeiterInnen, IT und Unternehmensführung.

Der IT-Administration sei die Lektüre des Whitepapers Applied Crypto Hardening empfohlen. Der Guide gibt konkrete Anleitungen zur Umsetzung von sicheren Konfigurationen für viele Serverdienste. Das österreichische Projekt rund um Aaron Kaplan vom CERT vereinfacht mit dem openSource Projekt die Implementation starker Verschlüsselung ganz enorm.

Server Tests

Diese Tests können von jeder Person, also auch von Ihren Kunden und Konkurrenten, vorgenommen werden. Alle Server die aus dem Internet erreichbar sind können getestet werden. Das trifft auf die meisten Server zu. Die Testergebnisse sind sehr leicht verständlich geben aber Fachkräften genug Detailinformation zur Fehlerkorrektur.

Sollten ein Server dort nicht mindestens ein „A“ als Bewertung bekommen besteht Handlungsbedarf. Alle Bewertungen die schlechter als ein „B“ sind deuten auf gravierende Sicherheitslücken in der Verschlüsselung hin.

Webserver auf korrekte Implementation von TLS Testen: SSLLabs Servertest.

Email Server auf TLS Testen: StartTLS

XMPP/Jabber Server TLS Testen: XMPP

OWASP Austria hat gute Richtlinien um ihre Webapplikationen auf Sicherheitslücken zu testen. Als Beispiel eine Demonstration von Cross Site Scripting. Falls die Lücke inzwischen behoben wurde gibt es auch einen Screenshot zur Dokumentation.)

Unterhaltsames aus Sicherheitslücken

Ein Kreuzworträtsel aus den meistverwendeten Passwörtern bei Adobe.

Full Disclosure

Ich bin Mitorganisator der CryptoParty Wien und Mitautor des Applied Crypto Hardening Whitepapers.

Building an SFTP Media Server for Auphonic on SmartOS

Estimated reading time: 10', implementation takes longer

Introduction

Auphonic is an absolutely great web service to post process just about any audio file you want to throw at it. It audiomagically improves recordings of spoken word and is very popular with podcasters for a reason. The service likes to get some support by donations via flattr, bitcoin, money transfer, credit card or even the evil PayPal. Auphonic is free to use and they’ll shut up and take your money if you want to support them.

To import your source files and to export processed audio, Auphonic supports many external services it can interact with. External services: FTP, SFTP, Dropbox, AmazonS3, YouTube, Archive.Org, SoundCloud, libsyn, WebDAV, blubrry
I like to use SFTP which is using SSH as transport including authentication and encrypted data transfers.

I wanted to use SmartOS as the server plaform. SmartOS is a hypervisor based on the Illumos project forked from OpenSolaris. You might wonder why I’m not doing this on OS X Server as you’d rightfully would expect from me. Chrooting SSH on OS X is quite a pain and SmartOS also uses ZFS which is not a filesystem available on OS X Mavericks at the time of this writing. (I consider MacZFS deprecated, OpenZFS not yet production ready and ZEVO is abandoned as well as incompatible with Mavericks.)

Preparing a zone

To begin, we’ll start with a fresh SmartOS zone. I went with the current base64 image. 10GB of storage looks ok to me and 128MB RAM seems plenty. zlogin to the fresh zone and update the package manager as usual.

1
2
pkgin update
pkgin full-upgrade

We’ll be using a separate user and group for auphonic to access the SFTP server, so let’s create those first.

groupadd auphonic

Of course the new user needs a home directory where the audio files shall be stored.

mkdir /home/auphonic

Then we add the user and also assign it to the group we created a moment ago.

useradd -g auphonic -d /home/auphonic -m -s /bin/false auphonic

Of course every user needs a good and long passphrase.

passwd auphonic

Let’s prepare the user’s home directory for SFTP chrooted access, which means we need it to be owned by root or sshd will refuse logins. Of course the auphonic user also needs access to the files which means it would need either be owned by or have group write permissions for auphonic. These requirements conflict each other which we need to solve by adding an ACL.

1
2
chown -r root /home/auphonic
/usr/bin/chmod A+user:auphonic:read_data/write_data:allow /home/auphonic/

The home directory should look something like this now.

1
2
3
4
5
6
# /usr/bin/ls -dV /home/auphonic
drwxr-xr-x+  3 root     root          10 Feb  8 15:10 /home/auphonic
          user:auphonic:rw------------:-------:allow
                 owner@:rwxp--aARWcCos:-------:allow
                 group@:r-x---a-R-c--s:-------:allow
              everyone@:r-x---a-R-c--s:-------:allow

Configuring OpenSSH

The preinstalled SunSSH does not support chrooting so we will use OpenSSH for the SFTP server. The OpenSSH package does have support for SMF, so we can comfortably enable, disable and restart the service with svcadm(1M).

1
pkgin install openssh

Before we can actually start and use OpenSSH we need to configure it and generate SSH host keys. Edit /opt/local/etc/ssh/sshd_config with your preferred $EDITOR. These are the things I configured:

Any port above 1024 and other than 22 should be fine. You don’t want to have a public internet facing SSH server running on port 22. This is not a security measure, it only keeps your logs cleaner.

Port 44938

We’re changing the sftp server to the interal one. Find the line that says

Subsystem sftp /opt/local/libexec/sftp-server

and change it to

Subsystem sftp internal-sftp

Since we will use a separate, chrooted user and group for the SFTP server we specify minimum privileges for that group as they don’t need to use a remote shell or otherwise convenient SSH magic. Changing the root directory to ~/ prevents the user from accessing anything else on the server outside their home.

1
2
3
4
5
6
Match Group auphonic
        ChrootDirectory %h
        ForceCommand internal-sftp
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no

Security considerations

Allowing root login and AgentForwarding is neither necessary nor recommended, so let’s turn that off by setting

1
2
PermitRootLogin no
AllowAgentForwarding no

Auphonic’s server will, for the forseable future, connect from one static IPv4 as Georg Holzmann confirmed. They cannot support IPv6 yet, which sadly is quite common in Austria. So we can restrict SSH logins to the IPv4 of Auphonic, the local LAN and other netblocks you expect your users to connect from.

1
2
3
AllowGroups auphonic
  #             auphonic.com,LAN          ,Other external
  Match Address 78.46.81.106,10.123.0.0/16,203.0.113.0/24

Generating host keys

OpenSSH doesn’t automatically generate host keys for us like you’re probably used to. So we need to generate our own keys. I will use RSA here and I prefer them to be rather long.

1
2
cd /opt/local/etc/ssh
ssh-keygen -b 8192 -C "Auphonic SmartOS" -t rsa -f ssh_host_rsa_key -N ""

After successful creation you’ll be presented with a shiny new fingerprint which you should make a note of as well as the key’s random art image.

Activating OpenSSH

Now that OpenSSH is installed, configured and secured we can finally turn off SunSSH and enable OpenSSH.

1
2
svcadm disable ssh
svcadm enable openssh

You can read the log output of sshd with tail -f $(svcs -L openssh) which should give you similar log output to this.

1
2
[ Feb 13 01:22:45 Executing start method ("/opt/local/lib/svc/method/sshd start"). ]
[ Feb 13 01:22:45 Method "start" exited with status 0. ]

Testing

From the command line we can now test the sftp connection. Keep in mind that you have to specify the non-standard port and also need to originate from an IPv4 address that is allowed to connect as configured above.

1
$ sftp -o "Port 44938" auphonic@example.com

Upon first connect you’ll be asked to confirm the host’s fingerprint which you remember from the step before.

Once you’re connected you can verify that chrooting works fine by entering pwd at the sftp prompt and then trying to cd / and pwd again. There shouldn’t be any difference. You can try uploading a file now if you like.

To be sure that you actually cannot get a shell from there try to ssh into the host which should end something like this.

1
2
$ ssh -p 44938 auphonic@example.com
This service allows sftp connections only.

Great, your OpenSSH server now allows sftp but no ssh logins authenticated by key or interactive password.

Configuring Auphonic external service

Login to your Auphonic account to create a new SFTP service then select “services” then “SFTP”. You’ll be presented with this form to complete. Add new SFTP service We’ll simply be filling out the fields. The display name is just what you’ll see as a source in your production so name it anything you like. The server hostname is the DNS name or IP number where Auphonic can contact your server. The port number is prepopulated with the standard ssh/sftp port 22 which we’ll change to 44938. The directory will simply be / since we’re chrooting anyway and / simply refers to the auphonic user’s home directory in this case. The username is of course auphonic and we’ll leave the password empty. When done it should resemble this screenshot. SFTP service form filled out

Befor you hit save, klick on the “Use public key authentication” text. You’ll be presented with the public key that Auphonic will use to connect to your SFTP server. Copy the whole text in that box, we need to add that to the authorized_keys on the server before we can save this service.

Back in the SmartOS zone, edit ~auphonic/.ssh/authorized_keys. In case the directory ~/.ssh doesn’t exist yet, you need to mkdir it. Paste the Auphonoc public key into the file and at the end of the line add a space and then yourAuphonicUsername @auphonic.com. That way you will know which public key belongs to whom should you have several public keys in there. This will happen if you use this server for multiple Auphonic accounts, each of which will give you a separate public key to use. You can also authenticate your users that way where you also should add a comment at the end so you know which key belongs to which user in case you need to revoke access at some time in the future.

Once you’re done adding the Auphonic public key and have saved the authorized_keys file you can hit save on the Auphonic website to add your external service. Auphonic will test the connection and balk at you in case something goes wrong. Only properly working server connections can be added. Configuring your firewall and probably necessary port forwardings are out of the scope of this article and are left as an exercise to you.

Configuring an SFTP client application

You’ll likely use a graphical application to upload source files, unless you’re like me and use sftp from the command line. Many people rightfully like to use Cyberduck. Setting up your connection there looks like this: Setting up the Auphonic SFTP server in Cyberduck You can use password authentication here if you like, but it would be better to use public key authentication here as well. Don’t forget that you have to add that public key to the ~/.ssh/authorized_keys file as well. Just like you did with the Auphonic public key.

That’s it, you’re done with your shiny SFTP media source for Auhonic. Have fun with your audio productions! If you found a bug in my guide, please contact me so I can fix them.

Erratum Zum Artikel „Internet: NSA-Skandal Schärft Sicherheitsbewusstsein“ in Der Presse Vom 2013-06-24.

Geschätzte Zeit die zum Lesen benötigt wird: 0'45" und 3'25" Video

Why is this in german?

This is my errata to an article in the austrian newspaper „Die Presse“ which is in german. To accomodate the audience of said newspaper these errata are in german language as well. If you want to know what the article is about you can try the automatic translation via Google translate and maybe see my errata in an automated Google translation as well, provided Google fixes their site to use https links as well. (It doesn’t at the time of this writing. 2013-06-24 13:35 CEST)

Erratum

Korrekturen zum Artikel „Internet: NSA-Skandal schärft Sicherheitsbewusstsein“ in der Print und Online Presse vom 2013-06-24.

„einer von zwei Veranstaltern“

Ich bin nur eine von vielen Personen die sich um die Organisation, die Veranstaltungen und die Inhalte kümmern.

Pull-Quote: „Wöchentliche Partys seit 2012“

Die CryptoParty Wien findet nicht wöchentlich sondern monatlich statt, jeweils am letzten Montag eines Monats.

„vermittelt wird nur Wissen, das für den Betrieb wichtig ist“

Nicht nur, aber vorrangig. Es ist nicht notwendig die gesamte Crypto-Mathematik verstanden zu haben oder selbst nachrechnen zu können um sie korrekt und sicher einsetzen zu können.

Mein Name

Mein Vorname ist Pepi. (Wurde korrigiert, danke.)

CryptoParty International

Das internationale CryptoParty Wiki findet sich auf https://cryptoparty.in/.

CryptoParty in Österrreich

Das österreichische CryptoParty Wiki findet sich auf https://cryptoparty.at/.

Ergänzung

Ein kurzes Video Interview mit Asher Wolf über CryptoParty und wie es dazu kam. (3'25", in englischer Sprache)

Technical Feasability: Apple “iWatch”

Estimated reading time: 07:25

Preface

This is the second part of the Apple “iWatch” article and covers the technical aspects of such a possible product. Read the first part if you’re interested in the pure speculation and design side of this fictious product.

Running out of Space
Picture: Running out of space (Pebble, Jawbone UP, Nike Fuelband)
Thanks to Aaron Parecki on Flickr, Creative Commons Attribution

Technologcal overview

Connectivity

A core feature of a personal device would be it’s ability to communicate with other devices. For example another quite personal device like a mobile phone. Bluetooth 4 low energy would be a suitable standard for such communication in many ways.

It was developed as an extension to the existing Bluetooth 4 specification for ultra low energy consumption. You wouldn’t want to have your devices' batteries drained all the time, would you? Some Bluetooth 4 LE devices can operate for months on a coin cell. This low consumption also is a benefit for companion devices and their respective power sources.

This technology is not suited for continuous data transfers like streaming audio to your headphones. It’s made for short burts to transfer small amounts of data. Like those taking place when sending a push message from your iPhone to be displayed on your personal device, for example an iMessage, location reminder or weather notification. Of course this would also work well for sensor data acquired by the device to be transferred to a phone or computer.

Another key aspect when displaying personal and possibly private data on a device is a secure communications channel. Bluetooth 4 LE allows for secure authentication between devices adhering to the ISO/IEC 15408 Common Criteria standard. So your private message should not end up being displayed on another person’s device.

Lastly Apple’s product palette already had support for this standard for quite a while. Particularly in the iPhone 4S and later models, the iPad since generation 3 (the larger form factor iPad with retina display) as well as the popular iPad mini. Cocoa, Apple’s collection of programming frameworks, also has support for CoreBluetooth with proximity information and profiles for many device classes including human input devices like keyboards and trackpads as well as medical devices and proximity sensing.

Sensors

A device you’re wearing all the time will be a great source of body function data. Provided it is connected to your body as much time as possible. Most of the current sport armbands are just an accellerometer/gyroscope and a tiny bit of storage to save sensor data for a few days and a battery. The nike fuel armband is an exception as it also has an LED display, allowing it to show the time. (Just like a watch.) Similarly the Fitbit One which is clipped to your belt instead of worn on your wrist. Other products like the Jawbone UP do not have a display at all. It is basically just sensors, a battery and a connector.

Jawbone UP
Picture: Jawbone UP
Thanks to Junpei Abe on Flickr - Creative Commons Attribution

Following the current trend of the quantified self such a device would be the ideal bodily data source. Of course motion tracking only would not be enough to be interesting to users. If that device is to be carried at all times on your body, you certainly want more sensors checking your body. You could have it measure heart frequency, blood pressure, skin conductivity (recoginzing if you’re sweating), blood glucose levels, etc. Many more things probably are possible to measure that way nowadays. Thus making the device not only interesting to those interested in aiding their fitness routine, but also helping those with diseases to improve their recovery or at least ease their chronic symptoms.

Fitbit one
Picture: Fitbit one, Packaging
Thanks to Tatsuo Yamashita on Flickr, Creative Commons Attribution

There are many bluetooth sports products on the market already, but they’re mostly simple ones like those already described.

Power Supply

You don’t want to take off your personal wearable device every night just to recharge it. This would make sensors less useful and also reduce the amount of body data captured. Times where it isn’t connected to your body need to be minimized. Current iDevices and even MacBook Air models show that the better part of their weight and volume is the battery. This would be true for a wearable device as well. This poses another challenge which is recharging said battery. All the currently available prodocts require you to take them off to recharge. Most devices will last for a few days. According to Martin Pittenauer the Pebble does get about 6 days of battery life. Not really a comfortable time span for a wearable device even though most of us have gotten accustomed to charging our smart phone every night. One solution to this problem could be inductive charging as well as intel’s resonance charging technology. Inductive charging is used in electrical tooth brushes for example and can be considered common these days. Resonance charging is a newer technology allowing to distribute power over a greater distance. This would be ideal to recharge your personal device while still wearing it. For example with a small bedside charger that you could just leave plugged in there.

Interaction

Users of the Pebble immediately notice that getting notifications is fine. But if you receive an email, that you just want to delete, you can’t do that. This clearly is a limitation of the device. Users certainly expect a wearable device to be able to fully interact with their smart phone or tablet device. It might as well be suitable as a remote control for a set-top media box. The black AppleTV has support for Bluetooth keyboards since firmware 5.2. This would pave the way for a wearable device being used as a remote control for your big screen. The 5th generations of the iPod nano had a (two finger) touch enabled display with the current 6th generation is even capable of multi-touch. Certainly the preferred and expected way of user interaction. Surely not enough space to provide a keyboard, but more than enough to provide a few custom buttons. Preprogrammed interaction to delete an email, reply to an iMessage with a premade message, pickup a call or anything your own app may need. Playback controls for your iPod sound like an obvious use case.

Processing Power

A small, thin and light wearable device can’t have a lot of processing power. It doesn’t need to actually if it can outsource expensive processing to the phone in your pocket. In fact, it would not really need a lot of CPU power. Apple has gained enough experience with ARM processors and embedded systems. Their iPod nano and Shuffle models show that they can sucessfully manufacture powerful systems with modest energy drain. ARM1176JZF-S CPU on the Raspberry Pi
Picture: ARM CPU used on the Raspberry Pi
Pepi Zawodsky (author)

A processor like the Samsung manufactured ARM 11 type CPU ARM1176JZF-S used in the Raspberry Pi would already have way too much processing power and memory. Something like in the 6th generation iPod nano would be more than sufficient and conserve power. But even that CPU might be too powerful for the needs of a wearable device. Something on the lines of an ARM Cortex M3 seems much more suited and is also the processor used in the Pebble Smartwatch.

Enclosure

A certain chique is exepected from all things Apple. The Jawbone UP and the Pebble, while being nice products, not really meet user’s expectations from Cupertino when it comes to industrial design. Their material is plastics and rubber which are more cost effective than more noble materials like an aluminum-unibody casing would be. On the other hand they serve a quite necessary purpose which is being water resistant or even water proof. A not to be neglected property of a wearable device. Spilled Piña Coladas over your arm or got caught in the rain? Your device should be able to cope with that easily. It is likely Apple’s Patent 20120055767 comes in handy for that which talks about the use of coatings to make electronic devices water resistant. Just like Apple Patent: 20130074305 which coves special manufacturing and welding processes for very flat enclosures.

Pure Speculation: Apple “Watch”

Estimated reading time: 05:30, plus Video 05:53

Disclaimer

This article is pure speculation. I neither have any sources inside Apple, Apples manufacturing partners or Apple’s supply chain nor do I consume the same drugs as stock market analysts do to gain their “insights”. I’m just collecting the rumours that are out on the interwebs and try to see if mixing and matching them creates anything interesting.

Due to the growing extent on the technical part of this rumored device I’ve decided to split this article into two parts so you can already enjoy my speculation while I’m still working on the tech aspects.

Preface

To be honest, I really have a hard time understanding the hype behind the Pebble. Their Kickstarter Campaign gained over 10 million $ in backers for a wristwatch with an e-paper display that can connect to a smartphone via bluetooth. But 68,929 backers can hardly be wrong, can they? So there certainly seems to be a market for a “smart” wristwatch. Pebble smart watch

Pebble Smart Watch, picture © by Hugo Bessa from his blog article about the Pebble (in portuguese language), used with permission

There even is a Software development kit available to build your own clock faces for the Pebble like this “Sideways” face by Dominik Wagner.

Pebble Sideways face

What is a wristwatch used for?

What are people using a wristwatch for today? Certainly the functionality to display a more or less linear time is not of the utmost importance anymore. There are clocks everywhere, on your smartphone, on your computer screen, at trainstations, airports, etc. Realtime clocks are everywhere these days, so just to read the time you don’t need a wristwatch anymore.

Another use case for a beautiful device charming your forearm is jewelry. So the wristwatch you carry is used as a status symbol or affiliation with a certain group, like the local yachting club or golf resort. Devices by companies like TAG Heuer or ROLEX, while being prescision instruments, are sold as lifestyle and prestige objects, their ability to display the time and date are secondary to being a status symbol.

Wrist watches are also used to show the love for technology. An example for this would be the Junghans Mega Series. They’ve got a DCF77 receiver which means it can set itself to the correct time. Junghans MEGA 1

Junghans MEGA 1 (1990), picture by Uhrenfabrik Junghans (Uhrenfabrik Junghans GmbH & Co.KG) [CC0], via Wikimedia Commons

It was followed within a year by a model with analog hands as well as solar powered model in 1995 which also sported a, back then recolutionary, ceramic enclosure. Junghans MEGA Solar Ceramic

Junghans MEGA Solar Ceramic (1995), Picture by MichaelDiederich at de.wikipedia CC-BY-SA-3.0, von Wikimedia Commons (If you have a better picture you’d like to contribute, please contact me)

Being solar powered means it never runs out of batteries. Likewise the SEIKO Astron which extends the functionality of the Junhans Mega series with a GPS receiver allowing it to set the correct timezone automatically. This creates it’s very own problem since time zones change ridiculously often so this watch would need a way to update time zone information as well. These are devices that are likely worn for the affection to the technology shown off and to some extent for their industrial design as trappings.

The Pebble watch falls into this technology geeky niche, and is rather not worn just because of its appearance. Certainly not for the materials used, since it’s made from plain plastic with some models sporting a paint job.

Understanding the Apple way

Apple does not simply make another product for an existing market. Apple has different ways of entering a market. One way is to essentially create the market from scratch like they did with the iPad. Of course there have been tablet-computer like devices before the iPad, but this class of devices didn’t have a relevant market volume. Another way for Apple to enter a market is to sidestep into an existing ecosystem like the mobile handset makers had to notice in 2007 when the iPhone was introduced. This was achieved by totally rethinking the existing range of devices. Back then the iPhone was totally different from almost every other mobile phone because Apple did not think of designing a new “phone” but a “communications device”. The term “communications device” is key to the approach Apple is taking. Designing a new “phone” would already constrain thinking about a future device. Jonathan Ive (Senior Vice President, Apple Design) did talk about freeing your thinking from constraints when designing new products.

Watch iJonathan Ive on Blue Peter on Youtube. (05:35)

Apple has the ability to tickle early adopters of geeky gadgets, just like the Pebble watch does. Though a ficticious device would have a more appealing industrial design and choice of material. Regarding market segment Apple has always chosen a top-down approach. They start at a high-price with a very focused product, then iterating over the functionality as customers respond with their desire. Though Apple doesn’t necessarily regard their customer’s wishes as relevant for product evolution.

But in the end, for something this complicated, it’s really hard to design products by focus groups. A lot of times, people don’t know what they want until you show it to them.
— Steve Jobs in Business Week, May 12, 1998

Approaching a new product

I’m certain that Apple would not even be starting to design “a wristwatch” for the reasons lined out. Honestly having no clue about the wristwatch market I still consider it to be sufficiently saturated with existing products and brands covering just about any timey-wimey fetish imaginable. Apple also would not only want to appeal to traditional buyers of status symbols or the geeky gadget afficionadi but create a device that would be of interest to a much broader audience.

Thanks and credits

These thoughts mostly came up during a prolonged talk with my dear friend Christian who does excellent Apple support work in the Graz/Styria area. We irregularly waffle and rant about all things Apple releated

Thanks to Hugo Bessa for giving me permission to use his wonderful photograph of the Pebble watch from his Análise: Pebble, o relógio inteligente blog article.

Save a Tree(1)

Estimated reading time: 3:30

Where are my files?

Do you know what’s on your storage devices? Well, of course you know, everything is there. Your whole life these days is stored on harddrives and USB thumbdrives or some kind of server. But what exactly is everything when your significant other or a user asks you if that precious file that supposedly was on the harddrive that just died actually was really there in the first place? This is where a tree comes in handy.

tree(1)

Meet tree(1) a handy utility that lists contents of directories in a tree-like format. For example the downloads directory of this site looks like this when listed by tree(1).

tree output of downloads/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
$ tree
.
├── J.mp.textexpander.zip
├── MacLemon.vcf
├── Unicode+Snippets.textexpander.zip
├── mlbackup-142-3.0.6.tar.gz
├── mlbackup-157-3.0.7.tar.gz
├── mlbackup-160-3.0.8.tar.gz
├── mlbackup-195-3.0.9.tar.gz
├── pepi.zawodsky.gpgkey
├── pepi.zawodsky.gpgkey.zip
└── tree.html

0 directories, 10 files

You could easily get the same level of insight with ls you rightfully think now. Unless, you start digging into deeper directory structures. For example your /Library/Application Support directory.

abbreviated tree output of Library
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
$ tree /Library/Application\ Support | less
/Library/Application\ Support
├── Aperture
│   └── Plug-Ins
│       ├── Edit
│       │   └── BorderFXEditPlugin.ApertureEdit
│       │       └── Contents
│       │           ├── Frameworks
│       │           │   └── IFImageView.framework
│       │           │       ├── IFImageView -> Versions/Current/IFImageView
│       │           │       ├── PrivateHeaders -> Versions/Current/PrivateHeaders
│       │           │       ├── Resources -> Versions/Current/Resources
│       │           │       └── Versions
│       │           │           ├── A
│       │           │           │   ├── IFImageView
│       │           │           │   ├── PrivateHeaders
│       │           │           │   │   ├── CGImageView.h
│       │           │           │   │   ├── IFImageBrowser.h
│       │           │           │   │   ├── IFImageObject.h
│       │           │           │   │   ├── IFImageView.h
│       │           │           │   │   ├── IFLayer.h
│       │           │           │   │   ├── IFLayerController.h
│       │           │           │   │   ├── IFLayerImage.h
│       │           │           │   │   ├── IFLayerImageMask.h
│       │           │           │   │   ├── IFLayerStack.h
│       │           │           │   │   ├── IFLayerTiltShift.h
│       │           │           │   │   ├── IFPreviewCanvas.h
│       │           │           │   │   ├── IFSelectionGuides.h
│       │           │           │   │   ├── IFSplitView.h
│       │           │           │   │   ├── MUPhotoView.h
│       │           │           │   │   ├── SelectionDefocus.h
│       │           │           │   │   ├── SelectionMarker.h
│       │           │           │   │   ├── SelectionMarkerBorder.h
│       │           │           │   │   ├── SelectionMarkerImage.h
│       │           │           │   │   └── SelectionTiltShift.h
│       │           │           │   └── Resources
│       │           │           │       ├── Info.plist
│       │           │           │       ├── ReferenceImage.tiff
│       │           │           │       ├── hud-edit_cancel-N.tiff
│       │           │           │       ├── hud-edit_cancel-P.tiff
│       │           │           │       ├── zoom_larger.tif
│       │           │           │       └── zoom_smaller.tif
│       │           │           └── Current -> A
│       │           ├── Info.plist
│       │           ├── MacOS
│       │           │   └── BorderFXEditPlugin
│       │           ├── PlugIns
│       │           │   └── SoftRectangleImageUnit.plugin
│       │           │       └── Contents
│       │           │           ├── Info.plist
│       │           │           ├── MacOS
│       │           │           │   └── SoftRectangleImageUnit
│       │           │           └── Resources
│       │           │               ├── Description.plist
│       │           │               ├── English.lproj
│       │           │               │   ├── Description.strings
│       │           │               │   └── InfoPlist.strings
│       │           │               └── SoftRectangle.cikernel

Now you get the idea why this can be quite helpful in determining the contents of a folder.

How about a nice list of your Podcasts in iTunes? Here we make use of the -N flag to output diacritic characters like the german umlauts (äöüÄÖÜ), instead of octal escaping them. The OS X Terminal as well as iTerm are well UTF-8 capable.

tree output of iTunes Podcasts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
$ tree -N ~/Music/iTunes/iTunes\ Media/Podcasts
/Users/pepi/Music/iTunes/iTunes Media/Podcasts
├── Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_
│   ├── 01 CHAT001 Woher kommen eigentlich diese Cocoaheads und was machen die so_ 1.m4a
│   ├── 02 CHAT002 AirPort Express, Xcode 4.0.2, Git Achievements, Pow.m4a
│   ├── 03 CHAT003 iOS 4.3.3 & Jailbreak, IRC, CodingKitchen Wien, BarCamp Graz, Mobile CouchBase, SuperPin, What License_, Git CheatSheet 1.m4a
│   ├── 27 CHW027_ D-Scrum_ Modernes IT-Projektmanagement auch für Freelancer und KMUs 1.m4v
│   └── CHAT000 Hallo Welt 1.m4a
├── Hot Cocoa
│   ├── Hot Cocoa 3_ The Coin Flipper.m4v
│   ├── Hot Cocoa 4_ CoreData - Part I.mp4
│   ├── Hot Cocoa 5_ Core Data - Part II.mp4
│   └── Hot Cocoa 6_ Intro to iPhone Programming.mp4
├── Learn By The Drop Videos
│   └── Creating An RSS Feed Using Views.m4v
├── Mac Power Users
│   ├── Screencast_ OmniFocus Ninja Tricks (Part 2 of 3).m4v
│   └── Screencast_ OmniFocus Ninja Tricks (Part 3 of 3).mov
├── MacBreak Dev
│   ├── Checking Applications with Instruments.mov
│   ├── Data Structures within Core Data.mov
│   ├── How Properties and Core Data work together.mov
│   └── What is DTrace_.mov
├── Unknown Podcast
│   ├── 9) Cathy Shive on Design.mp3
│   ├── Chatting with Sofa.m4a
│   ├── Indie Support with Kirby Turner.mp3
│   ├── Jiva Devoe.mp3
│   └── NSBrief_11_Appsterdam.m4a
└── iOS Programmierung (iPad, iPhone, Xcode, objective-c)
    ├── Die ToDoList (Podcast 004).mp4
    ├── Macoun 2012 UICollectionView (Podcast 036).mp4
    └── iOS-Hybrid bzw. iOS-UniversalApp (Podcast 003).mp4

7 directories, 24 files

A trip down the memory lane for those who have seen the old BBS days with an Acoustic coupler or analog modem. Back in those days, and even in the early days of the internet many FTP servers had an index file for you to download locally. Search functions did not exists and connection speeds were slow, so you just downloaded a full file tree and searched through that one locally. Such a listing can be created with tree(1) as well.

tree output of Podcasts in FTP archive style
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
$ tree -Nifh ~/Music/iTunes/iTunes\ Media/Podcasts
/Users/pepi/Music/iTunes/iTunes Media/Podcasts
[ 238]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_
[2.0M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/01 CHAT001 Woher kommen eigentlich diese Cocoaheads und was machen die so_ 1.m4a
[1.4M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/02 CHAT002 AirPort Express, Xcode 4.0.2, Git Achievements, Pow.m4a
[2.1M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/03 CHAT003 iOS 4.3.3 & Jailbreak, IRC, CodingKitchen Wien, BarCamp Graz, Mobile CouchBase, SuperPin, What License_, Git CheatSheet 1.m4a
[457M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/27 CHW027_ D-Scrum_ Modernes IT-Projektmanagement auch für Freelancer und KMUs 1.m4v
[ 75K]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Cocoaheads Austria - Die freundlichste Entwickler Gemeinschaft für Mac OS X und iOS_/CHAT000 Hallo Welt 1.m4a
[ 204]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa
[ 98M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 3_ The Coin Flipper.m4v
[ 25M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 4_ CoreData - Part I.mp4
[ 20M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 5_ Core Data - Part II.mp4
[ 32M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Hot Cocoa/Hot Cocoa 6_ Intro to iPhone Programming.mp4
[ 102]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Learn By The Drop Videos
[ 19M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Learn By The Drop Videos/Creating An RSS Feed Using Views.m4v
[ 136]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Mac Power Users
[146M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Mac Power Users/Screencast_ OmniFocus Ninja Tricks (Part 2 of 3).m4v
[158M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Mac Power Users/Screencast_ OmniFocus Ninja Tricks (Part 3 of 3).mov
[ 204]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev
[ 39M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/Checking Applications with Instruments.mov
[ 41M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/Data Structures within Core Data.mov
[ 64M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/How Properties and Core Data work together.mov
[ 57M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/MacBreak Dev/What is DTrace_.mov
[ 238]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast
[ 18M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/9) Cathy Shive on Design.mp3
[ 27M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/Chatting with Sofa.m4a
[ 47M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/Indie Support with Kirby Turner.mp3
[ 49M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/Jiva Devoe.mp3
[ 50M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/Unknown Podcast/NSBrief_11_Appsterdam.m4a
[ 170]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)
[153M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)/Die ToDoList (Podcast 004).mp4
[262M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)/Macoun 2012 UICollectionView (Podcast 036).mp4
[ 97M]  /Users/pepi/Music/iTunes/iTunes Media/Podcasts/iOS Programmierung (iPad, iPhone, Xcode, objective-c)/iOS-Hybrid bzw. iOS-UniversalApp (Podcast 003).mp4

7 directories, 24 files

I’ve included -h in this example to also give me a human readable size information in addition to the full (unescaped, unquoted) path to each file. There are flags to adapt the output to your liking.

With a rather large fileserver, like for a small office, that tree file can grow substantially. My tests have shown that a (probably non-typical) 1TB office server sharepoint with 369910 directories and 1285341 files took up 346MB which boiled down to just 17MB when compressed with gzip(1). So this is quite well suited for archiving over time.

The last example I want to show you is a nice file listing for a webserver. So here is this server’s download directory index as somewhat nice HTML created with tree(1).

tree output of downloads on this server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <meta name="Author" content="Made by 'tree'">
 <meta name="GENERATOR" content="$Version: $ tree v1.6.0 (c) 1996 - 2011 by Steve Baker, Thomas Moore, Francesc Rocher, Kyosuke Tokoro $">
 <title>MacLemon downloads</title>
 <style type="text/css">
  <!--
  BODY { font-family : ariel, monospace, sans-serif; }
  P { font-weight: normal; font-family : ariel, monospace, sans-serif; color: black; background-color: transparent;}
  B { font-weight: normal; color: black; background-color: transparent;}
  A:visited { font-weight : normal; text-decoration : none; background-color : transparent; margin : 0px 0px 0px 0px; padding : 0px 0px 0px 0px; display: inline; }
  A:link    { font-weight : normal; text-decoration : none; margin : 0px 0px 0px 0px; padding : 0px 0px 0px 0px; display: inline; }
  A:hover   { color : #000000; font-weight : normal; text-decoration : underline; background-color : yellow; margin : 0px 0px 0px 0px; padding : 0px 0px 0px 0px; display: inline; }
  A:active  { color : #000000; font-weight: normal; background-color : transparent; margin : 0px 0px 0px 0px; padding : 0px 0px 0px 0px; display: inline; }
  .VERSION { font-size: small; font-family : arial, sans-serif; }
  .NORM  { color: black;  background-color: transparent;}
  .FIFO  { color: purple; background-color: transparent;}
  .CHAR  { color: yellow; background-color: transparent;}
  .DIR   { color: blue;   background-color: transparent;}
  .BLOCK { color: yellow; background-color: transparent;}
  .LINK  { color: aqua;   background-color: transparent;}
  .SOCK  { color: fuchsia;background-color: transparent;}
  .EXEC  { color: green;  background-color: transparent;}
  -->
 </style>
</head>
<body>
  <h1>MacLemon downloads</h1><p>
  <a href="https://maclemon.at/downloads">https://maclemon.at/downloads</a><br>
  ├── [1.4K&nbsp;Jan&nbsp;17&nbsp;16:32]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/J.mp.textexpander.zip">J.mp.textexpander.zip</a><br>
  ├── [&nbsp;29K&nbsp;Jan&nbsp;17&nbsp;15:52]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/MacLemon.vcf">MacLemon.vcf</a><br>
  ├── [2.8M&nbsp;Jan&nbsp;17&nbsp;16:34]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/Unicode%2BSnippets.textexpander.zip">Unicode+Snippets.textexpander.zip</a><br>
  ├── [1.8M&nbsp;Feb&nbsp;21&nbsp;&nbsp;2011]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/mlbackup-142-3.0.6.tar.gz">mlbackup-142-3.0.6.tar.gz</a><br>
  ├── [2.9M&nbsp;Mar&nbsp;&nbsp;7&nbsp;&nbsp;2011]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/mlbackup-157-3.0.7.tar.gz">mlbackup-157-3.0.7.tar.gz</a><br>
  ├── [3.5M&nbsp;Mar&nbsp;28&nbsp;&nbsp;2011]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/mlbackup-160-3.0.8.tar.gz">mlbackup-160-3.0.8.tar.gz</a><br>
  ├── [3.5M&nbsp;Mar&nbsp;22&nbsp;&nbsp;2012]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/mlbackup-195-3.0.9.tar.gz">mlbackup-195-3.0.9.tar.gz</a><br>
  ├── [1.7K&nbsp;Sep&nbsp;24&nbsp;&nbsp;2009]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/pepi.zawodsky.gpgkey">pepi.zawodsky.gpgkey</a><br>
  ├── [1.9K&nbsp;Jan&nbsp;17&nbsp;15:35]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/pepi.zawodsky.gpgkey.zip">pepi.zawodsky.gpgkey.zip</a><br>
  └── [&nbsp;&nbsp;&nbsp;0&nbsp;Mar&nbsp;18&nbsp;&nbsp;2:36]&nbsp;&nbsp;<a href="https://maclemon.at/downloads/tree.html">tree.html</a><br>
  <br><br>
  </p>
  <p>

0 directories, 10 files
  <br><br>
  </p>
  <hr>
  <p class="VERSION">
       tree v1.6.0 © 1996 - 2011 by Steve Baker and Thomas Moore <br>
       HTML output hacked and copyleft © 1998 by Francesc Rocher <br>
       Charsets / OS/2 support © 2001 by Kyosuke Tokoro
  </p>
</body>
</html>

You can see what the output looks like on the web at /downloads/tree.html. Certainly beats the standard Apache directory listing aesthetics and it can be further customized by adding some CSS.

For a full list of customisation options for output see man 1 tree as usual.

tree is not a standard command that comes included with OS X but is available from most popular package managers like port(1) or build your own from source.

Please don’t print this blog post, save a tree!

Home Screen Optimisation

Estimated reading time: 3:35

What’s on your homescreen?

I’m regularly thinking about optimising my workflows in the hope to increase my prodctivity. (Or at least to make procrastination more effective.) I don’t want to spend a lot of time hunting for an App I regularly use. Some apps I want to have available immediately, even though I don’t use them often.

This is what my homescreen looked back in spring of 2011 on my iPhone 4 running iOS 4.3.x.
My iPhone homescreen in spring 2011

It was arranged to carry most of the apps I used regulary back then. I just empirically put there what I felt belonged there.

Fast forward to Spring 2013.

Quite a lot has changed since then. I’ve upgraded from an iPhone 4 to a 4S and iTunes tells me that there are 509 way too many Apps on my pocket computer. Of course iOS 6 happened and many of the apps have received substantial updates. The background, surprising to myself as well, is still the same. So this is what greets me at the moment. My homescreen on an iPhone 4S

The present

So, what Apps do we see here, what do I use them for and why did I keep them in this precious space?

  • iCabMobile (Universal) In my opinion the best web browser available for iOS. (Includes an AdBlocker for example which you do not need here since I don’t put any ads on my website. How nice.)
  • /GSM - See below
  • Lift An attempt at Quantified Self and to force myself to build a few new habits. You’re welcome to cheer at my efforts to help my motivation. I’m MacLemon on Lift.
  • Trovebox A native client for the like named photo box platform. The source is available on Github and you can see a few of my photos and screenshots on my self-hosted instance. (Formerly named OpenPhoto)
  • Photos (Standard iOS App)
  • Calendar (Standard iOS App)
  • Reminders (Standard iOS App)
  • Clock (Standard iOS App)
  • Notes (Standard iOS App)
  • Simplenote All my note taking goes in here. I sync to my Mac with the simplenote.com Webservice. On the Mac this is complemented by the excellent nvALT.
  • Maps (Standard iOS App)
  • Saver Super simple capturing of my expenses and a little budget info. Helps me keep track of my spending.
  • Light The omnipresent flashlight app. As simple as it is, it comes in handy every now and then.
  • Wann Gives me the next public transport arrivals in my vicinity. This is actually a beta version by subzero for testing the data in Vienna/Austria. Sadly this cannot yet be released since the Wiener Linien do not release their schedule and realtime data as OpenData.
  • Camera (Standard iOS App)
  • Camera+ A quite good camera app that allows a lot more settings than Apple’s stock app. I’m currently testing ProCamera which is likely to become my main photo taking app in the future.
Dock
  • OmniFocus A powerful Getting things done methodology TODO list application which syncs all my OS X and iOS devices via my private server.
  • Tweetbot My former Twitter Client of choice.
  • ProCamera Currently my main photo taking app. I do take a lot of too many pictures and I want a camera app to support me in doing that.
  • Instacast 3 I’m a total Podcast addict, therefor I don’t get by with Apple’s iPod or Podcast apps for my listening needs. Instacast 3 does the job of managing my subscriptions exceptionally well and also does support triple speed playback.
/GSM

Not really a good name for that folder, I totally agree. Why are those Apps tucked away anyway? Because I really don’t make that many calls. In fact I hate phonecalls more than email.

Contents of the GSM folder on my homescreen

  • Phone (Standard iOS App)
  • Messages (Standard iOS App)
  • Prowl Mostly for push messages from a multitude of servers.
  • CloseBy Shows all my contacts on a map. Not sure if I’ll keep that one since it’s temporarily in here for testing.

The Future

I agree that many things are awry here and this is why I’ve decided to do something about it and analyze my actual app usage to get a better feeling for what should be on my 0th home screen.

Over the next few weeks I’ll be collecting my daily app usage to determine which apps I use on a daily basis and which are less often in use. With that gained statistics I hope to gain enough insight to rearrange my homescreen in a more efficient way. Stay tuned!