KickIdle.com Blog

So I posted my email address on twitter in an @-reply to someone, and a few minutes later I got this automated spam message…

from	Emails @ Risk <emails.at.risk@gmail.com>
date	Fri, May 7, 2010 at 3:18 PM
subject	Emails use in Twitter

Dear dthvt

We have found that your email is shared in tweets. We advise you to hide
your email from spammers by sharing email address as an image or hide it
behind a url.

Visit  us at : http://emails-at-risk.appspot.com?e=sbao to find how you
can do this.

Happy Twitting !!!
"2 million  emails are sent every second. About
 70% to 72% of them might be spam and viruses."

<sarcasm> Oh wow, thanks for the unsolicited email warning me about the dangers of unsolicited emails! I’ll definitely click that link you sent me! </sarcasm>

Eat shit and die.

With so many platforms out there for hosting content, it’s easy to wonder why I bother to run my own blog on my own server. But then the recent move by Apture to disable their “Live Editor” feature reminds me why it’s all worth while.

If you’ve never used Apture, it’s a set of scripts you can install on your blog (or website in general) and use to embed content like images or youtube videos on your pages. One of the neat features of Apture is that you could actually use their “Live Editor” to add content to your page after it was published. I never tracked down the exact mechanism, but the basic idea is that their servers store all the embedded objects for your page, and when your page gets loaded the Apture script automatically checks their server and then embeds the images, videos, etc. dynamically.

Long story short, if you use Apture’s “Live Editor” feature, those links, images, and videos only show up because a server owned by Apture tells them to. Apture’s recent email included the following tidbit:

If you previously added Apture links to your posts using the Apture Live Editor (triggered by hitting the “e” key on your keyboard and inserting links into previously published posts) they will continue to render on your pages. We will do our best over time to keep them rendering, but if you notice missing links please do not hesitate to reach out to us on Get Satisfaction or via email.

That sums it all up – if Apture were to ever go bankrupt or otherwise stop supporting your page via their server, your “Live Editor” images, videos and links would disappear. If you use their pre-publishing solution (where the links and objects are directly embedded in your webpage by you), this isn’t a problem. So I’m not saying to steer clear of Apture totally, just be aware of your risk.

This type of thing highlights the risk we all face to losing the content – whether that be pictures, videos, or blog posts. Make sure you understand the platform you chose to host your content, or you may get an email someday telling you that the site is going down and your content is going with it…

I passed my CompTIA Security+ certification on July 24th. For those of you not familiar with CompTIA, they offer certifications in a number of IT related subjects – Server+, Network+, Security+, etc. When you pass a certification, the testing center prints out a confirmation page for you to take home. Five days later, you can login to the CompTIA website and request your official certification letter with the fancy seal.

At least, you could before CompTIA’s database crashed. They’re apparently going to be down through the end of the month. That’s a pretty solid two months after I took my test. It’s also a complete joke! CompTIA should be embarrassed to so publicly lose access to their data like this. The company that certifies your IT people on how to manage systems apparently couldn’t be bothered to do it right in-house.

I emailed CompTIA’s press contacts for their input on this story, but got no response other than to confirm the phone number listed on their outage page.

Good job, CompTIA.

I really get annoyed by the fact that I can’t even look at an app on someone’s profile without granting that app access to my info. I want to read an “Interview” on a friend’s profile, but I can’t see what she answered without adding it to my own page. That’s just viral privacy invasion.

Of course, Facebook’s app platform allows any app to add stories to my newsfeed. So I can’t read anything I want to read, but I get spammed with bullshit about mafia wars, “You friend completed the blah blah blah quiz”, and fantasy farm league.

It’s like the perfect storm of stupidity… but it’s still better than MySpace.

Long distance relationships suck, but I have to admit that with cell phones, text messaging, Twitter, Facebook, TokBox and IM things are a lot better than the first long distance relationship I ever had. When I went to college and was dating my high school sweet heart, phone conversations cost $0.21 per minute, US Mail was the only way to write and we probably only talked three or four times per week.

Now, Cindy and I talk multiple times a day via text and cell phone. We can keep up with each other’s day via Twitter and Facebook. There’s hardly a time or place that we can’t reach out to each other and stay in touch, even when I’m much farther away than I was in college. As humans, we don’t tend to notice incremental change, but stopping to ponder how much communication has changed in 15 years really makes my mind boggle.

And that’s a good thing, because decreasing the cost of communication has all kinds of good effects. But the best effect for me is that I get the chance to find and love a girl like Cindy.

Latest techno gadget acquisitions:

• a Google Voice number
• Nikon D300 camera body

I have to admit that the Google Voice system is pretty awesome, but I find that I probably have a limited use for it. The biggest feature is that it can ring multiple numbers at once to find you wherever you are. This is great if you want it to try your office, home, and cell together to try to track you down. Unfortunately, I don’t have an office or a home number, so really all it does is forward to my cell. But there are some other neat features like automatic voice mail transcription to email that I’d like to try out.

The D300 on the other hand is a unqualified success, as I expected. Took some test shots with it tonight, and the focusing is fast and the 51 point auto-focus is a big improvement over the D200. The main reason I bought it though? Self-cleaning sensor! My D200 has had chronic problems with dust, pollen, and other stuff getting on the sensor. Hopefully the D300 signals the end of those problems. I’ll be taking it and the D200 to New York City next week. The D200 is going to be Cindy’s “training camera” while I get more familiar with the D300. So look forward to updated photos in the coming weeks!

Computer security can be an arcane subject, especial for the “uninitiated” who don’t know what phrases like “risk mitigation”, “threat profile”, and “single-loss-expectancy” are talking about. But a lot of computer security boils down to fundamental ideas about trust and security that we’re used to in the real world. This week at work I was handed a very frustrating example of these fundamentals.

In security jargon, we talk about “controls” – especially “technical controls” vs. “procedural controls”. Let me break that down into plain English for you. Procedural control basically means “we told someone not to do a bad thing, and we trust that they’ll listen to us.” Technical control means “we don’t have to trust someone, because the system won’t do the bad thing even if the person wants to.” In the security world, technical controls are almost always preferable, since they allow your organization to take someone’s trustworthiness out of the equation.

A simple real life example of these two types of controls are locks on doors. In some situations, for example college roommates who grew up together, locking doors isn’t necessary because the people involved are trustworthy. But in another situation, the exterior door on your apartment, you can’t trust the other people and you demand a reasonable lock to secure your living space. And in further extremes, like protecting weapons or biological agents, the people involved are trustworthy but the possible damages are so high that strong locks and other controls (guards, video cameras, fences, etc.) are required.

As you can see from the examples, just because the people involved are trustworthy doesn’t mean systems with lax controls are adequate. If the risk of damage is large, prudence demands that we design a system that “watches the watchers” so to speak.

The example from work wasn’t nearly as dangerous as biological agents. But it was all the more frustrating because I had pointed out the ease with which the operations team could implement better controls on their patching process just a few days ago. Then yesterday it came up that the swing shift operators had installed software patches on the wrong boxes – an error facilitated by the lack of technical control and the attitude from the operations leader that the problem was “reminding the swing shift guys they shouldn’t patch those machines.”

No, the problem is you aren’t even willing to learn from your mistakes and implement new controls even after you’ve been burned once…

Apparently Senators Schumer and Graham are upset enough about Iran’s efforts to monitor it’s citizens’ Internet activities that they want to ban Seimens and Nokia from future contracts with the federal government. According to Graham…

“The Internet has proven to be one of the strongest weapons in the hands of the Iranian people seeking freedom and trying to chart a new destiny for their country. Companies that provide technology to the Iranian regime to control the Internet must be forced to pay a heavy price.”

Why aren’t the Senators going after NSA’s activities in the Pinwale program with the same fervor? Or is it only wrong to meddle with the Internet when you’re not the US government?

The Clear Registered Traveler program was a service that basically collected a bunch of information about you, ran a background check, then gave you a card that let you skip to the front of the security line at 20 airports around the country. Since Dulles International Airport was one of them, I signed up for the card a little over a year ago. I’d had good experiences with it, and renewed it for $179 in May this year.

Then on June 22nd, Clear abruptly announced that they were closing operations effective immediately. (News which I learned about via Twitter before I learned about it from Clear’s customer service email. Viva la revolution!) The first order of business was to call American Express and dispute the charge from Clear. Clear has since announced that they won’t be issuing refunds due to the “financial condition of the company”. (In other words, they be broke.) This is why you should always use a credit card for purchases, kids. It’s a lot easier to dispute a charge on a credit card than a debit card.
Anyway, the more disturbing thing about the Clear closure is that they have a huge amount of personal information about their customers – iris photos, fingerprints, names, addresses, social security numbers, credit card numbers, etc. It’s really their most valuable asset – to a prospective purchaser or to a hacker. I reviewed their privacy policy again the day I found out about the closure, and it seems to indicate that they can’t sell the data. But as this Wired article points out, the policy isn’t explicit about what happens if the company is liquidated or acquired.

So now I’m wondering if I should try to get an injunction against them transferring all my personal information to a third party… Good luck with that, right?

My last smart phone – a Sprint Mogul – finally died a few months back. So I found myself facing the decision – to iPhone or not to iPhone? I decided to take the plunge, and Cindy and I ended up with two brand new iPhone 3G phones (a few months before the iPhone 3G S came out… of course….).

Since I’m not a Apple fanboy, I didn’t automatically cream my pants when touching my iPhone for the first time. As a matter of fact, I quickly came to find it had a number of shortcomings compared to my several year old Windows Mobile based Sprint Mogul. I eventually did find some of the strengths of the iPhone as well. But now that the much anticipated iPhone OS 3.0 is out I’m more convinced than ever that iPhone is really just a well polished turd. Let me list a few reasons why before you Apple fanboys slash my tires…

1. You pay for hardware you aren’t actually using. The iPhone 3G camera was capable of recording video. If you jailbreak it, you actually can record video. And yet even with the release of OS 3, video recording is not supported on the 3G. It is supported on the 3G S, but guess what? Same deal – the 3G S camera hardware could record HD video, but Apple only allows you to record VGA video.
2. Apple supplied apps look good, but actually have usability flaws. Bad usability flaws. Usability flaws that a college undergrad software engineer could find and fix. Two illustrations: First, mail account navigation is stupid when you have multiple accounts. To check the inboxes in my two accounts on my iPhone requires 6 taps after starting the mail app. In Windows Mobile, it took 2. This was a known complaint in OS 2 and nothing was done to improve it in OS 3. Second example, the new voice memo app. It looks really slick, and the developers even took the time to make the signal meter jump if you “tap” the picture of the microphone. But the damn record/pause/stop buttons are so small, I can’t reliably hit them without concentrating on the screen. News flash, I want a voice memo app so I can record thoughts while driving, when I can’t safely look at the screen to type. What I need is a big record/pause/stop button, not a artistic rendition of a mic that takes up 80% of my screen. Want to record a voice memo in Windows Mobile? All I had to do was hold down the memo button on the phone, listen for the beep and start talking.
3. Photo management is non-existent. This was another area that was desperately in need of work in OS 3 and got nothing. I can have folders for my photos, but I have to copy the photos to my laptop and organize them there then sync them back to the iPhone. What? Are you serious? Apple apparently spent a year working on cut-n-paste but couldn’t devote a month to coding this functionality. So my Photos app continues to be nothing but a huge long linear stream of photos in a timeline. If I’m going to load them on my laptop, I’m not going to bother to organize them and sync them back to my iPhone. I’ll just tag them and send them to Flickr, thank you very much.
4. No Task List. Again, I can only say “Seriously?” This is supposed to be a “business savvy” smart phone and you don’t support a task list of some sort?
5. No file management and no business apps. So now I have a 16GB device, but I can’t load files on it? Of course, I can always email my documents to myself and then open them in email. *cough* *hack* *cough* But even if I do that, I can’t edit anything. Again, Windows Mobile has had a “Mobile Office” suite for years. It’s not as powerful as the real thing, but at least I can put together a spreadsheet when I need to. Of course, for $99 a year, you can get Apple’s MobileMe service which is reportedly going to start offering the ability to send files to your iPhone via the me.com website. But you still can’t edit your docs…
6. No Adobe Flash for Safari. I was surprised it wasn’t in the original iPhone, amazed it wasn’t in the iPhone 3G and just stunned that it hasn’t been added to OS 3. Please, someone at Adobe and/or Apple, get your heads out of your asses!

So, given that I have some major issues with the iPhone 3G, am I ready to chuck it out a window? Not really. Just like the iPod, the iPhone really has done some revolutionary and great things. It’s just that those things aren’t really technical! But here’s an obligatory list of what I see as the iPhone’s strong points, just to present a little balance to my opinion.

1. App Store. Part of what you have to admire about Apple is that they don’t really sell products, they sell integrated systems. Before the iPhone, no one had a marketplace like the App Store. Personally, I think the slick integration of the App Store directly with the phone is the single biggest reason for it’s success.
2. GPS integration. Other phones have GPS, but Apple really pushed the concept of integrated location awareness for both native apps and for third party development. Geotagged photos, Zagat To Go, and with iPhone OS 3 Safari extends the location awareness possibilities to websites and not just apps. Very cool.
3. Social media integration is really stellar. Not much I can do to explain this one – if you use social media (Facebook, MySpace, LinkedIn, Twitter) the iPhone has you covered.
4. Camera quality is really quite good for a phone. The Windows Mobile phones seem to have universally shitty camera hardware and the iPhone still takes mediocre photos at best, but it’s a big step up from the Mogul.
5. Seamless data network usage. On the prior smart phones I’ve used, you had to connect the data network and disconnect it when doing Internet Stuff. Apple and AT&T really went the extra mile to make the network experience seamless on the iPhone.
6. Web rendering is excellent. Safari may not be perfect, but it does the best job of any mobile browser I’ve seen, bar none!

Should you buy an iPhone? Honestly, I’m not sure what else is on the market that would convince you not to. Blackberries didn’t impress me and I haven’t played with a Palm Pre enough to judge it. If you’re a business user, you might want to at least shop around. If you’re a social media or mobile game junky, stop wasting time reading blogs and just go buy one already.