Skip navigation

Mobilized

Syndicate content
Tips for your mobile life and work
Updated: 1 hour 56 min ago

Heartbleed: What you need to know

Wed, 2014-04-16 08:35

 No doubt you’ve heard about the Heartbleed bug affecting countless websites and devices over the past week. Reports of the bug are many, yet information about how it works and what you can do to protect yourself can be difficult to extract from the widespread media response. Here we’ll take a brief look at what Heartbleed is, how it works, and what you can do.

Not a virus, not a breach… so what’s in a bug?

Some of the confusion around Heartbleed is related to the semantics of computer security. If you have owned a personal computer in the last decade, you’re likely familiar with computer viruses that affect your computer’s performance by embedding themselves in your device’s Operating System (i.e. Windows, OSX, etc.) Major data breaches have also made it to the front page of news outlets more frequently in recent years as hackers target user information stored online. In December 2013, Target announced a breach where millions of credit card numbers were stolen. Sony had a similar breach back in April of 2011 where over 77 million accounts were compromised.

Heartbleed is neither a virus, nor a major breach. Unlike a virus, there was no software written with malicious intent. And yet, unlike a major breach, this was not a planned, organized effort to gain access to information. It is actually a flawed piece of code in OpenSSL.

SSL stands for Secure Sockets Layer, a computing protocol designed to encrypt and protect information. This technology was developed so that information could be sent and received privately, without tampering. OpenSSL is just one implementation of the SSL technology, and it can be used to protect data transmission on websites, email servers, chat servers, virtual private networks (VPNs), and more. You may notice a lock icon (see image to right) followed by https:// in your web browser’s address bar when you visit an encrypted website. The s is short for secure and these both signify that the connection is encrypted. Not all websites use encryption, and not all websites employ OpenSSL to achieve encryption. Still, roughly half a million websites use the OpenSSL version that is vulnerable to the Heartbleed bug according to Netcraft’s April 2014 Web Server Survey.

What’s the danger?

So where exactly does this vulnerability occur in OpenSSL? That is as humorous as it is terrifying. Here’s the vulnerable code:  “memcpy(bp, pl, payload);”

Did you catch that? Let’s look a little closer.

Heartbeat to heartbleed

Heartbeat is a term used to describe a connection check done between a server and a client. For context, imagine you are connecting to a server (i.e. a website). The client (you!) will send a heartbeat message to the website, and the website will send it back to you. This response notifies the client (again, that’s you) that the connection is still open and functional. The heartbeat message is useful because it prevents data from being transmitted when the connection is lost, and unnecessary connections can be closed.

If you look again at the vulnerable code “memcpy(bp, pl, payload,)” that’s the heartbeat. The payload part of that code can be manipulated to ask servers for extra information (e.g. usernames, passwords, and other information that was supposed to stay encrypted.) That means a hacker could use the common heartbeat function with a website you’ve visited in the past and exploit the Heartbleed bug to pull back extra data — data that could contain your sensitive information!

The web comic XKCD came out recently with a informative — and humorous — visual take on it. Gizmodo has a far more detailed, but still very understandable, technical overview of the issue.

What should I do?

It is recommended that you change your password on affected sites after they have been patched. Changing your password does not address the underlying vulnerability, so be sure websites have implemented the fix before you make the change.

Mashable has compiled a useful “hit list“ of popular sites where you can verify whether or not you should change your password. Additionally, LastPass has created a tool where you can input a website URL for vulnerability assessment.

You can also review UCSF’s Heartbleed bug information where they mention UCSF MyChart, Mail@UCSF, and MyAccess sites are not vulnerable.

Is my phone or tablet affected?

Apple released a statement last Thursday that they are not employing OpenSSL as the method of authentication for their iOS and OSX platforms, or other “key web services.” You do not need to change your AppleID password unless you use the same password for another service that may have been compromised.

Google’s Android operating system has not employed OpenSSL since version 4.1.1, but Google web services which require login (GMail, Google Docs, etc.) were vulnerable to the bug. You should change your Google account password. Additionally, if you are running Android version 4.1.1, you should check if an update is available for your device.

So many passwords! How to keep track?

We all know the rules. Don’t use the same password twice, make them complex, and change passwords frequently. In the real world, managing so many passwords is incredibly difficult. Remembering these passwords on the go with your mobile device is that much harder.

There are, however, several password managers available that can help with this daunting task. The aforementioned LastPass is a very popular web-based password manager with free and premium options available. The premium option gives access to mobile applications at $12 a year. My personal favorite, KeePass, is an open-source application available on most platforms. You can gain mobile access to your KeePass encrypted database by hosting it in a Cloud Storage provider like Box, Dropbox, Google Drive, etc. LastPass, KeePass, and other password managers can help keep you safe by storing unique, complex passwords in a secure place.

Additional Information

The Heartbleed official site is http://heartbleed.com, and you can find some less technical information in this overview at Gawker’s Non-Geek’s Guide. WIRED  also has an eye-opening review of how this happened and the lesson we should learn from it. Be safe out there, folks.

No related posts.

Categories: Mobilized

A Review of Coursera for iOS

Thu, 2014-03-20 10:56

Within the last few months, Coursera — the online education platform that offers free classes from UCSF and other top universities — released a mobile app for both iPhone and iPad (iOS 7 only). Meant to supplement, not replace, the full desktop experience at coursera.org, the app offers basic features that make it easier to keep up with Coursera classes on the go. Use the app to:

  • view and sync video lectures
  • take course quizzes and other assessments
  • view the course syllabus for your class
  • search for and enroll in other Coursera classes

Easily Watch Video Lectures

The app’s main feature, watching video lectures, works very well. You can either stream the video content on the go, or sync the lectures for offline viewing.

There is a handy “next” button so that you can flip through lectures while in full-screen view, and you can even speed up or slow down the lecture speed while you watch.

To avoid heavy data usage via the Coursera app, you can (1) sync your lectures from a wifi connection and (2) turn off the app’s access to cellular data on your phone. To do this, visit your iOS settings page (Settings –> Cellular) and toggle off Coursera, as shown.

 

 

 

 

Room to Grow

The Coursera app does not currently support discussion forums or peer-assessed writing assignments, two important components in UCSF’s courses. To access these features, you still have to visit the full site at www.coursera.org.

It would be nice if the app integrated quiz reminders and other deadlines into the iOS Notification Center. Similar to the eBay app, which sends a push notification when an auction you’re watching is about to end, the Coursera app could notify you that your quiz is due in 24 hours.

I’d also like to be able to annotate video lectures as I watch them. Since the app doesn’t provide a way to contact the instructor or other students, it would be helpful to enter notes while viewing a lecture. Then, back at my computer, I could post my questions or comments to the class forum.

Lastly, a small complaint: upon searching the iPhone app for the full list of classes offered by UCSF, I noticed that neither “UCSF” nor “UC San Francisco” returned any results. I had to begin typing “University of California, San Francisco” to find the right page.

On the Horizon

According to Coursera’s Mobile FAQ, apps for Android and other devices are currently under development. The mobile team also plans to integrate in-video quizzes in a future release.

Overall, I’m finding this app well designed and useful for watching Coursera’s excellent content on the go. If you’ve tried Coursera for iOS, please share your thoughts in the comments.

Related posts:

  1. Inkling: iPad Interactive Textbooks With all the e-readers and tablets out there, e-books are...
  2. iPads in the Lab: interview with UCSF’s Chandler Mayfield CHANDLER H. MAYFIELD is the Director for Technology Enhanced Learning...
  3. Docphin on Android Looking for a tool to help you keep up with...
Categories: Mobilized

It Takes a Village: Building the NeuroExam Tutor App

Wed, 2014-01-29 18:12

The UCSF NeuroExam Tutor app seeks to solve a problem that has faced medical educators for decades: medical students are uncertain and timid when performing the neurological exam. Educators suppose that this is because of the complexity of the nervous system and the multitude of ways to investigate its functions. However, it is even more troubling that this insecurity continues into the careers of clinicians from most specialties. To address this problem, UCSF neurologists Susannah Cornes and Vanja Douglas proposed a gentle introduction to the neurological exam over the four years of medical school. This innovative approach could not have been realized without the partnerships that lead to the creation of an iPad app.

Features:

  • More than 60 high quality videos
  • In-depth descriptions of how to execute more than 50 different physical exam maneuvers
  • 6 interactive cases with real patient videos
  • Descriptions of 8 exam categories with explanations of terminology and grading scales
  • Quick reference flashcards for 6 common neurological complaints
  • Pearls and pitfalls from the master clinicians at UCSF

While many projects in medical education are carried out by a single motivated educator, increasingly, ideas cannot reach their fullest potential without a team. The NeuroExam Tutor team consisted of several doctors, myself lending the perspective of a medical student, and and the Technology Enhanced Learning team in the UCSF School of Medicine Office of Medical Education. The app team became truly inter-professional when we partnered with Bandwdth, a digital publishing firm with experience creating rich multimedia driven apps. Throughout the process, specialists in educational theory, interface design, videography, and programming were all tapped to make the multimedia NeuroExam Tutor app a reality. This partnership was productive, exciting, and drastically different from most collaborative efforts within the hospital.

He who studies medicine without books sails an uncharted sea, but he who studies medicine without patients does not go to sea at all. – William Osler

Our experience building this app highlights the fact that medical education is in a time of transition driven by the rising tide of technology and the availability of information. The “books” to which Osler refers are no longer just leather-bound tomes filled with yellowed pages. Today’s medical student is constantly bombarded by websites, apps, feeds and notifications that are the books of our age. Sounds, videos, and interactive problem solving activities promise to develop skills, as well as knowledge, as they guide students in the hospital and clinic. In developing the NeuroExam Tutor app, our aim was to create a resource that fulfills the role of the Osler’s books without forgetting that the ultimate goal is to improve the quality of patients’ lives.

I believe that the multi-disciplinary skills of the people involved in this project allowed us to tell the patient stories in a more engaging way. Students learn directly from the patients couched in those stories, and as a result, we capture some of the spirit of patient interaction and presence that Osler holds to be so fundamental.

In closing, I’d like to note that the NeuroExam Tutor project could not have achieved the goal of educating students while maintaining the primacy of the patient experience anywhere but UCSF. UCSF is a unique institution, insomuch as it embodies a culture of caring and respect for the patient experience, as well as an emphasis on fundamental knowledge and treatment. As medical education transitions to a curriculum that increasingly relies on technologically enhanced resources, UCSF is uniquely poised to imbue those resources with a human touch.

Related posts:

  1. iPads in the Lab: interview with UCSF’s Chandler Mayfield CHANDLER H. MAYFIELD is the Director for Technology Enhanced Learning...
  2. Inkling: iPad Interactive Textbooks With all the e-readers and tablets out there, e-books are...
  3. Apple Tackles Textbooks Apple made some big announcements yesterday at its Education Event...
Categories: Mobilized

BeyondPod: Podcasts for Control Freaks

Tue, 2014-01-14 14:55

BeyondPod is a popular Podcast/RSS manager for Android that, on the surface, works like you’d expect any application in this category to function. Find enjoyable podcasts, subscribe, listen, repeat. With a crowded, competitive field of podcast managers and podcatchers available for virtually every platform, BeyondPod distinguishes itself from competitors by offering users the ability to tweak and refine the individual user experience. The incredibly robust options and settings menus hiding underneath the primary user interface can be initially overwhelming, but the degree of customization offered by BeyondPod is exactly why it deserves to be on any Android user’s homescreen.

Find some Podcasts, Subscribe. Find More!

If you’re new to podcasts and are curious about what’s available, there are plenty of places to look. Apple’s iTunes Store is an amazing resource for discovering popular and trending Podcasts, as well as the lesser-known offerings unique to your interests. More recently, Stitcher has become a good resource as well.  BeyondPod has built similar functionality into their software, allowing users to discover, preview, subscribe, and listen to Podcasts all in one place.

On the primary interface an inconspicuous Add Feed button sits in the bottom-right corner and provides several ways of finding content you’ll enjoy. The Trending menu is always full with recent popular episodes and is a great way to find new content. Under Collections, podcasts are organized into providers, making it easy to view all offerings from a particular network, such as NPR, NASA, CNN, and more. Scrolling the menu ribbon to the left reveals categories such as News, Business, Comedy, Technology, Science & Medicine, Education, Culture, Arts, and the list goes on! BeyondPod will also recommend feeds based on feeds to which you are already subscribed. Finding relevant feeds via text search works brilliantly and is a great way to find content in a particular niche.

Once you’ve found a feed of interest, you can preview text, audio, and video before adding it to your subscription list. Feeds can also be added individually by URL, in bulk from OPML file, or via your Feedly account.

Listen Up!

The BeyondPod player is functional and intuitive, though admittedly lacking the kind of polish and design you get with apps from Stitcher Radio or PocketCasts. From a usability standpoint, however, it has all the buttons you’d expect in all the right places (i.e. play/pause, skip forward/back, advance track) as well as some unexpected gems.

From the player menu, you can also adjust the playback speed of a Podcast from 1x, 1.5x, and 2.0x speed to move through content at a variable rate. Don’t like those speed options? You can edit those presets in the playback settings. There is also a Sleep timer which will pause playback at a given interval of time, or at the end of an episode, allowing you to resume the playlist at a later time.

Organizing your playlist is straightforward and touch-friendly. Drag an item up or down on your playlist with the swipe of a finger. Holding your finger on an item for a second brings up a secondary menu where you can remove it from the playlist, delete the episode from your device, view episode notes, or share it via another external app on your device.

While well-thought-out, BeyondPod at times lacks style and polish.

Playlists can be composed of any combination of content downloaded to the device and content you intend to stream

 

 

 

 

 

 

 

 

 

 

Don’t like the internal player? You can set BeyondPod to default to external player software [e.g. MX Player, Winamp] for video, audio, or both.

Dive a little deeper into the settings and you’ll discover the SmartPlay feature. BeyondPod gives you the flexibility to create and organize your own podcast categories, and the SmartPlay feature lets you generate playlists effortlessly based on rules you create.

For example, a SmartPlay playlist can be built automatically from the most recent episode of every feed in my custom News category, then play the oldest episodes of a particular feed I’ve been neglecting.

In addition to the internal player, there are also Widgets to add to your Android’s homescreen and an optional lockscreen player, letting you seamlessly manage your playback. Similar to other audio players, you can also control playback via Android’s sliding status menu.

Settings Galore.

BeyondPod’s most outstanding feature is the robust settings menu. If there’s a variable within the application you’d like to tweak, it is very likely the BeyondPod developers have given you the option to do so.

Under General Settings you can define where Podcasts are stored (internal memory, SD card, or a custom path), set how feeds are displayed and sorted, change the default orientation of the App (landscape, portrait, automatic), and change the default page to display when the app is launched.

Player preferences gives you control over how episodes are downloaded or streamed, what actions to perform after playing an episode, custom skip forward/back intervals, and more. When you unplug your Android’s headphones, do you want playback to continue or stop? That’s an option! Are you on a limited data plan and only want to stream episodes on WiFi? That’s an option! Do you have a video podcast that you’d rather listen to while you go for a jog? No problem. If your earbuds, headphones, or bluetooth listening device has playback buttons, you can even define what each of those buttons does.

Feed content settings allow you to change the font size for episode information, change feed background defaults, open links in a browser of your choice. You can also define whether you’d like to attach audio and video files to episodes when you share them, or choose to just share the download links.

You can also change how episodes are downloaded. While updating feeds, you can define the application to download a user-defined number of  episodes automatically on WiFi, mobile data, or only on-demand. If local storage is an issue, you can also define how many files to keep within each feed and a maximum number of days old any episode can be before automatic deletion.

Improve. Always.

BeyondPod has been actively developed for years. I’ve been using it since Windows Mobile 5.0, long before Apple’s iOS and Google’s Android platforms distinguished themselves as the two major players in the mobile space. Though the app is entirely unrecognizable from those early days, the BeyondPod developers seem to always push forward with their product, continuously improving the user interface and adding features. Before Google Reader was discontinued, you could import feeds into BeyondPod with your Google credentials. In its stead, BeyondPod has now adopted Feedly as an option. Recent support for Google’s Chromecast has also been announced, allowing you to blast Beyondpod out to your television or other HDMI-equipped receiver. Beta features are available in the app as well, including an EpisodeSync feature that will synchronize the played positions for episodes across multiple devices.

Where it Falls Short

BeyondPod is a purely Android experience. While there is a really nice version optimized for Tablets, there currently is no variant for iPhone/iPad, OSX, Windows, Linux, or for the Web. And though EpisodeSync promises to someday perfectly synchronize your experience across multiple Android devices, that feature is still in beta and falls well short of the multiple-device, multiple-platform synchronization we often expect today.

The Bottom Line.

There is no lack of choice in the podcast app category (DoggCatcher, Stitcher Radio, Pocket Casts to name a few) and the actual content you consume will be the same regardless of the platform you choose. However, if the ability to customize and dial-in your settings matter to you, it is well worth the $6.99 cost to unlock all the Pro features. I don’t buy many mobile applications, and I rarely consider an application with a price over $0.99. But, the time I’ve spent customizing my BeyondPod experience has dramatically decreased the amount of time I spend managing playlists, files, and playback adjustments. That, coupled with BeyondPod’s continued support and development, has kept me a loyal fan for years.

BeyondPod acknowledges that each of us may want a slightly different experience, and it delivers personalization aplenty. This app really only performs one function – delivering video and audio podcasts to your eyes and ears – but it does it really well.

Related posts:

  1. Extra! Extra! RSS News Reader Apps Information overload. The concept is over forty years old, and...
  2. Replace Google Reader with NewsBlur — I Did! For a long time, Google Reader served as the hub...
  3. Google Reader Replacements Google Reader, a much-loved web-based and mobile-app RSS reader, will...
Categories: Mobilized