Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.



Pick an apple! 
Remove Excess Audio/Video from a Pear Note

If you ever find yourself in a situation where you used Pear Note to record a class or meeting, then forgot to stop the recording and ended up with an extra few hours that you didn't want, don't worry. You can crop off the extra recording. Just move the playhead to the end of what you want to keep, then select Crop Recording From Here from the Edit menu.

Visit Useful Fruit Software



Related Articles



Pondering Cybersecurity in the Real World

Send Article to a Friend

About five minutes into U.S. Secretary of Homeland Security Janet Napolitano’s speech to a large banquet hall full of security professionals, watching her over the plated tiramisu I was socially restrained from eating, I was struck by the mental image of 2,000 Dobermans sitting patiently in rows, each with a doggie treat balanced on its nose.

The speech was long and unilluminating, and the tiramisu tasted like it came out of the world’s largest Sara Lee box, but even bad tiramisu is better than no tiramisu.

Napolitano was addressing the combined conventions of ASIS and ISC2, which aren’t officially acronyms, but which focus on generalized security issues and information security respectively. My press pass admitted me to a dizzying and somewhat chilling range of talks and panel discussions; for example, one afternoon’s “Security in the Cloud” was counter-programmed against “Analyzing Verbal Statements” and “Mass Homicides in the Workplace.”

I’ll freely admit: it’s odd to be at this conference. On the one hand, any number of private companies and governmental organizations have serious security concerns, and you would expect (and want) professionals in the industry to band together to share best practices or take certification programs. On the other hand, the category list of the exhibit floor reads like the signs at the Post-9/11 World OfficeDepot: Access Control, Biometrics, Blast Mitigation, Bullet Resistant Systems, Citywide CCTV, and so on. Browsing through the catalog, I found a full-page ad encouraging exhibitors to advertise in two security trade periodicals in India — “a US$1 billion... huge opportunity.” This is why I’m opening with coverage of how the security industry talks to itself, with the impressions I got from Napolitano’s speech.

By way of introduction, suppose you asked a Mac expert, “Hey, how safe is my hard drive?” Almost all of us will say, “Extremely reliable,” especially if we’ve been around long enough to remember Jaz cartridges, floppy disks, or even punch cards. But we experts will all immediately add, “but be sure to back up regularly, preferably in several different ways.” That’s because the expert is considering everything ranging from hardware crashes and firmware malfunctions to theft and fires.

A file on a hard drive or SSD can be rendered unreadable by a cosmic ray from outer space. Yes, really (PDF). When dealing with that kind of problem, security experts develop a healthy sense of paranoia, and that’s what you pay them for, so you can take just the sensible precautions and get on with your life.

Now ramp that up so instead of dealing specifically with computer security, you’re approaching all kinds of security threats, including small arms and large conventional explosives. It’s natural to want to have experts in society whose job it is to protect against these attacks, and to have well-informed laypeople know what to do in the event of trouble. But at the same time, it’s smart to be aware of whether assessing everyone as a potential threat can lead to the sort of professional paranoia that computer experts have about cosmic rays and electromagnetic fields.

This brings me to Napolitano’s speech. I’m on record criticizing political speeches to expert communities (see “CFP 2011: Shine On, You Crazy Senator!,” 16 June 2011), and here I was disappointed by more of the same: congratulating the audience on being themselves, without discussing the topic at an expert level. Public-private partnerships are crucial to the nation’s security, and the assembled experts in the room are an important part of that. The Department of Homeland Security (DHS) is working with private companies and nonprofit organizations to protect national infrastructure and promote cybersecurity. The DHS Computer Emergency Response Team (CERT) responded to over 100,000 incidents last year and issued over 5,000 alerts.

Napolitano opened her speech by calling cybersecurity “one of the most” important issues facing the nation, but closed in a less-qualified way, saying (I’m forced to paraphrase here) that these virtual attacks are the biggest threat we face. As I see it, there are three ways we can respond to such a statement.

First, we can be very scared by this — surely our biggest threat must be countered by the public and private groups who protect us — and we can invest large amounts of time, money, and resources into protection.

I’m not going to argue against this — but at the same time, some problems shouldn’t be solved with billion-dollar hardware. The best encryption in the world won’t help you when you don’t bother to use it at all. Critical infrastructure attacks over the Internet are up 17-fold — to which one might justly reply, “Wait, why exactly is a power grid control system connected to the Internet at all, rather than being isolated on a private network?”

More to the point, without some details about the 160 attacks on “critical infrastructure” in 2011, it’s impossible to evaluate whether the solution is stronger hardware, better training, or advanced deep-breathing relaxation techniques. Some Internet attacks are the equivalent of trying a door handle to see if it’s unlocked. These might be targeted against millions of computers in numeric sequence, and happen to include “critical infrastructure” only by accident.

Or an attack could be directed at specific targets with dozens of distributed expert criminals trying to crack into a particular control system. That’s a different kettle of “phish.” I think Napolitano’s subtext is to say that CERT’s 100,000 incidents are in this category, and we should all be very, very worried. But the track record of several administrations is to lump both meaningless and terrifying attacks together into the biggest possible number, which leaves me skeptical of sweeping statements about the risks we actually face.

Second, we can give some thought to what private resources we need to increase, and whether it’s a weakness in our national security that the general population isn’t educated on these issues. Napolitano cited the “If You See Something, Say Something” program, which has alerted the public to report suspicious behaviors to the police, without providing much training on what an expert would deem suspicious. Anecdotally, I’ve seen a large bag left unattended by a passenger for over 20 minutes in front of one of those “Say Something” videos on an endless loop at a major train station, and I’ve had a dispiriting interaction with the Amtrak police at that same station when my own bag was stolen a few months later.

Not to put too fine a point on it, but when half of your neighbors think bad weather can affect iCloud, there’s also some basic education necessary before we can secure the millions of computers being used for crucial everyday activities. Most of the increased security we’re enjoying today comes from the simple design decision to make higher security the default in new operating systems; likewise, a lack of security in a common protocol like Wi-Fi leaves many people vulnerable. Few people are aware that anything they send or receive over their corporate email system is legally owned by their employers, or can be read by the IT department pretty much whenever, even if the corporate encryption strategy protects against outsiders.

Personally, I’m more encouraged by security that stems from widely disseminated education. We can (and should) spend the next 20 years improving our anti-spam methods to near-perfection, but if you know basic English business grammar, then you can spot today when that email purporting to be from PayPal wasn’t actually written by someone at PayPal.

Third and finally, there’s one major response we can have to “our biggest threat is cyber attacks,” and that is wild cheering.

I rarely make friends by saying this, but the biggest revelation I had after 9/11 was just how powerful and safe people in Western nations actually are. The most significant attack on the United States since Pearl Harbor was emotionally devastating, but we got through it, and we were back to some semblance of normal far faster than many people would have predicted. All of our societal changes to the new post-9/11 normal were of our own choosing — and it’s past time we had a more complete and open debate about which of these actually make us safer.

I grew up during the end of the Cold War, and learned military strategies involving nuclear weapons that would cause deaths in the tens or hundreds of millions. The United States has faced non-nuclear existential threats in at least three wars. Compared to the experience that most adults over 40 have lived through, or what a sixth-grader should know about history, terrorism doesn’t come close as a danger to who we are or what we value. Contrast that with the daily experience of many people in the rest of the world; as an Argentinean friend once told me, “I can always tell who’s American when I travel; they’re the ones who will walk up to a police officer to ask for directions.”

If the biggest threats we face are to our data, then we should take a moment to enjoy the security of our persons. Certainly, when the way we use data affects our physical security (whether we’re talking about the power grid or air traffic control), that’s a problem we need to fix — but let’s focus on whether that lack of security is caused by incompetent or inattentive management before we blindly hand more money to the managers.

Quoting Bruce Schneier: “More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.” The same applies when our worst fears are Internet-based and Internet-restricted. Let’s pay the experts to be paranoid on our behalf, so we can live differently.


READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <>
Special thanks to karen spitzer, Sanford Fitzig, Hylke Tromp, and Andy
Suhaka for their generous support!

Comments about Pondering Cybersecurity in the Real World

Dwayne Melancon  2012-09-14 07:24
Great perspective, Jeff. I also attend a lot of these types of events and often hear from Fed officials during them. My frustration is that a lot of orgs (Fed or commercial) get freaked out by the hype, but don't actually make meaningful changes in their practices to better mitigate risk or become more resilient in their capabilities.

Posturing doesn't help - prescriptive guidance and tools do, as well as info sharing about strategies & techniques (vs. just telling me more about the threats alone). Risk is always subjective and context-driven, but articulation of risk should drive response and decisions - not just hand wringing and worry. I appreciate you bringing this up (and love the image of the Dobermans!).

BTW - this week, I heard form Mark Weatherford (who works for Napolitano) and he had more meaningful content than I usually see in those kinds of addresses. There is hope.
Abelle  2012-09-14 11:28
Well written article! Refreshing and informative, kudos :)
Brian Steere  2012-09-18 03:24
I am very glad to read this article. Thankyou.

I feel the mentality which the article points toward, is much more pervasive than might seem so - just as those who unconditionally trust that all the security policies and measures that are being implemented are in FACT serving their true interests.

The story of Chicken Licken whose fears escalate in the telling, leads to the manipulation of those caught up in fearful perceptions by Foxy Loxy. This is so much the case that fear and false hopes that can be used to generate fear, are at the root of the psychology of our economy (sic).

Education is more than information. It is expressing a wisdom and discernment that has a sense of the needs of the part in relation to the whole. contd:
Brian Steere  2012-09-18 03:28
Programming the mind is a war that is largely invisible in our world, and we open to a world of information believing we can discern the chaff from the wheat. But a selfish or uneducated intent, using ingenuity and backed by power of wealth and influence implicity seeks to catch the identity and herd it where it is programmed to 'want' to go.
This gives rise to a completely different kind of system than one of educated responsibility - and the rate of technological expansion and dependency means this is happenning now and not in some near future. I am sounding alarm - not as a call to fear, but to simply bring attention present.

It is not enough to personalize the situation in terms of individuals and corporations or alliances of such - but to identify the program or mind that is at work as it is - and not as it presents itself. This is like undrawing the curtains around the Wizard of Oz. He could no longer pretend to be the Great Wizard of Oz - once innocently exposed.
Brian Steere  2012-09-18 03:29
I say innocent - in that the exposure occurs through a persistent willingness for true communication and not out of revenge, grievance and judgement - though these urges may arise as part of our programming.

Seeing our 'lower' minds as programmable is hardly new - and yet the wish to simply play the game of believing our 'self' as we personally define it runs deeper than we perhaps like to admit. Yet to observe the program (the thinking) that is running, is the only real freedom, for it is outside the box of what the thinking itself dictates. Therefore in the midst of a difficulty, we may suddenly catch ourselves (in act) own our mind and thus release what isn't working. This is experienced as insight, illumination, an impulse of communication or of a desisting of reaction in which a practical and encouraging outcome replaces a painful or conflicted situation.
Brian Steere  2012-09-18 03:33
I apologize for posting 3 times the quota in one go. The issue is of course close to my heart - and the basis of such education is rarely given voice.

Thankyou for your attention