Starbucket Mac OS
Starbucks has released the Pistachio Latte nationwide as part of its winter 2021 menu. The drink features “cozy flavors of sweet pistachio and rich brown butter paired with espresso and steamed. Concern #4: That Starbucks is recording my daily patterns e.g. Which Starbuckses I go to and when, and selling it to the highest bidder. Concern #5: Retailers are sharing this information, so that if someone with a given MAC goes to Starbucks, that same MAC is tracked in other stores that the shopper happens to pass by e.g.
| Click here to return to the 'Secure your internet connection at Starbucks' hint |
One also needs to make sure that the 'Pass Argument' dorp-down in Automator has the value 'as arguments' rather than 'to stdin' in order for this to work as advertised.
I did this a few weeks ago. It took a few minutes to get the tech to understand exactly what I was asking for; but after he figured it out he read a list of instructions to me that were easy to follow (they should just post them on their support site).
The secure connection works great at the Starbucks I usually visit. I find it a bonus that I don't have to use my browser to connect. I love that Windows users have to download their connection software - I've never liked ISP connection software! However, I've had connection problems at one location and had to resort to the old unsecure method.
I was going to slam using a merchant's wifi without supporting their business. I love Starbucks but hate that their wifi isn't free access. So, did they go paid because of all the freeloaders or are their freeloaders because it's paid? Hmmm.
Neither actually - I've had their HotSpot service from before T-mobile purchased it (mobilestar or something was the previous owner?). It was back when people thought they could make a business out of providing wifi and Starbucks can actually continue to get away from it because its, well, Starbucks.
Though I usually have a cup of coffee I feel no obligation to - paying for the wifi access is all the purchase I need to justify my presence.
Oh and the setup works fine and a great tip - nice to have that added level of security.
do you use encryption on your home wifi? why? i bet you do, and this hint exists for the same reason ... yes, using SSL and such when sites provide them is a good idea.
do you use encryption on your home wifi? why?
Yes, because when using encryption, every client device needs a huge numeric key just to connect. That makes it much more difficult for unwanted people to use my network. This unintended side-effect of authenticating connections is why I use WPA or WEP. The fact that it's also encrypted is a nice bonus, but it's practically irrelevant (unless I'm transferring something private between machines in my house over an insecure file sharing protocol, which is rare).
I also didn't mean to imply that there's no value to this hint. This may be a way to protect your T-Mobile credentials and prevent others from abusing your account. Another commenter said that this allowed you to connect without a web browser, and that alone probably makes it worthwhile.
This is also the way I log into the free Earthlink City Wide service in New Orleans, As they only offer Windows software...
All you've done is recreated in part what the connection manager does. The T-Mobile Connection Manager superior for novices because it has a built-in Wi-Fi scanner, has 1-click login, and lets you know when you are connected to a T-Mobile Hotspot.
The only way to be more secure is to use SSH. Use it right after you authenticate yourself on the network. Here's an example of what I do:
ssh -D 8080 -f -C -q -N username@server address
Then you select 'Socks Proxy' in the 'Proxies' tab under the active network interface inside the Network Settings. For the Proxy address, type in 127.0.0.1 and for the port type in 8080
Here's page that explains it very well, cause hey, someone already explained it so I don't have to http://macapper.com/2007/05/22/advanced-os-x-secure-tunneling-via-ssh
If anyone thinks that this isn't a better solution just try running 'tcpdump' or 'wireshark' and see all the nice packets flow by in plain text.
SSH can be cracked as well but to the casual observer you'll be free to download your pron in privacy.
Nothing is 100% secure but for now, SSH is your best strategy.
The way to avoid this is to set up Squid on the SSH server you are connecting to, then tell your browser to use a proxy of localhost at 3128(Squid's default port). If you can set up and connect to an SSH box, then you can set up Squid. Not too hard to configure at all, and as a result all of your traffic to the web is truely hidden.
It is important to understand exactly what is going on here and why this actually works.
802.1x does not encrypt your traffic. It is a secure (in the case of TTLS anyway) protocol that authenticates you to the network. In the case of 802.11 networks in addition to authenticating your access to the network they will also negotiate a pairwise master key (PMK) which in a properly configured network will be unique between the access point and your computer. This key is then used to encrypt the traffic with WPA. This key in conjunction with WPA is what protects your traffic from being observed by other wireless users -- either unauthenticated users with no keys or authenticated users with different PMK's. It is worth noting that your traffic could be intercepted and later decrypted if the PMK you are using can be discovered or brute-forced.
Once your traffic hits the wired network though, it's in the clear. I highly doubt that T-Mobile is going through the truble of maintaining 802.1x authentication on all of its wired infrasturcture much less running transport mode IPSec on it. Obviously you still need to take the precautions of using SSL/SSH and avoiding insecure protocols but secure authenticated access to wireless networks is still critical in the scheme of things.
Welcome to the CELS home for Mac OS.
If you are interested in sharing information with other MCS Mac users, have questions that other Mac users might be able to answer, or want updates about the evolving CELS Mac environment, please subscribe to the MCS e-mail list mac-users. To subscribe, visit the subscription management page.
If you don't want to receive mac-users e-mail, but would occasionally like to check postings to the list, you can subscribe, but choose no mail delivery as an option. That allows you to view the archive at https://lists.mcs.anl.gov/mailman/private/mac-users/.
- 2Documentation
- 2.2Securing a Mac
Mac OS X Software
NOTE: If you are not in CELS, you must contact your own IT support to install this software.
Argonne licensed software can only be installed on Argonne owned machines.
You may need to be on an internal network to download these packages:
- Eracent: required for installing Adobe, Parallels or Microsoft products. Recommended for all machines.
- Adobe Acrobat Professional
- The Lab has a site-wide agreement with Adobe for their software. For any Adobe product, please see your respective Help Desk for installation.
- Parallels
- The Lab has a site-wide agreement with Parallels. Please see your respective Help Desk for installation of Parallels.
- Microsoft Office 2016
- Licensed per computer. First install the 'Installer' package, then the 'Serializer' to activate it. Also, install the Eracent package and then E-mail help@cels.anl.gov to notify us you've installed it.
- Avast Mac Security (External Link)
- Cisco Systems VPN Client
- You must request access to the VPN. E-mail help@cels.anl.gov to be added.
- Mac (backup) Client, documentation *(External Link)
- Send an email to systems@mcs.anl.gov to have a TSM account set up for your machine.
- LibreOffice.org Free alternative to Office.
The following packages are not available for general download, and are purchased on an as-needed basis. Contact systems@mcs.anl.gov if you wish to order a copy.
- iWork
- VMWare Fusion
Documentation
Printing
See Printers/Mac_OS_X
Securing a Mac
We recommend the following best practices for securing you Mac.
Install the latest Mac OS patches and security updates
Starbucks Mac Os Download
Apple releases patch and security updates regularly. New vulnerabilities are often the target of attackers. We recommend that you apply Apple patches and security updates as soon as they are released. When critical security updates are released we will notify all MCS users; for less important updates we will notify individuals subscribed to the mac-users e-mail list.
Starbucks Mac Os Update
Disabling services/Enabling the Mac firewall
When on potentially hostile networks you should disable all unnecesary services and enable the Mac OS firewall. The MCS network, or your home network if it sits behind a NAT, would not be considered hostile. Starbucks or any other public WiFi is generally considered hostile.
From the 'Sharing' System Preference, disable all unneeded services.
In the 'Security and Privacy' Preference Pane,
- In the FileVault tab, turn FileVault on
- In the Firewall tab turn the Firewall on
- In the Firewall Options button, block all incoming connections (top checkbox).
If you need to share, only enable the necessary services or ports while you are actively using them.
Starbucks Mac Os Catalina
Consider AntiVirus software
To protect your Mac from e-mail viruses you should not open attachments unless you know the sender, were expecting that attachment, and you know what it is. If you receive an unexpected attachment from someone you know, you should confirm that they intended on sending it before opening it.
For extra security, you can also install Avast Antivirus, available on the Mac Software page. It will detect and neutralize infected e-mails and disk images.
Argonne also provides McAfee antivirus for lab-managed machines. Contact help@cels.anl.gov to get it installed on your machine.
Starbucks Mac Os X
Apple Mail configuration
See Mail/Mail
Links
Apple
News
Other
- Fink - Unix software for the Mac
- MacPorts - Like Fink, but different. Formerly known as DarwinPorts.
Starbucket Mac OS