Technology: June 2009 Archives

Apparently Senators Schumer and Graham are upset enough about Iran's efforts to monitor it's citizens' Internet activities that they want to ban Seimens and Nokia from future contracts with the federal government. According to Graham...

"The Internet has proven to be one of the strongest weapons in the hands of the Iranian people seeking freedom and trying to chart a new destiny for their country. Companies that provide technology to the Iranian regime to control the Internet must be forced to pay a heavy price."

Why aren't the Senators going after NSA's activities in the Pinwale program with the same fervor? Or is it only wrong to meddle with the Internet when you're not the US government?

The Clear Registered Traveler program was a service that basically collected a bunch of information about you, ran a background check, then gave you a card that let you skip to the front of the security line at 20 airports around the country. Since Dulles International Airport was one of them, I signed up for the card a little over a year ago. I'd had good experiences with it, and renewed it for $179 in May this year.

Then on June 22nd, Clear abruptly announced that they were closing operations effective immediately. (News which I learned about via Twitter before I learned about it from Clear's customer service email. Viva la revolution!) The first order of business was to call American Express and dispute the charge from Clear. Clear has since announced that they won't be issuing refunds due to the "financial condition of the company". (In other words, they be broke.) This is why you should always use a credit card for purchases, kids. It's a lot easier to dispute a charge on a credit card than a debit card.

Anyway, the more disturbing thing about the Clear closure is that they have a huge amount of personal information about their customers - iris photos, fingerprints, names, addresses, social security numbers, credit card numbers, etc. It's really their most valuable asset - to a prospective purchaser or to a hacker. I reviewed their privacy policy again the day I found out about the closure, and it seems to indicate that they can't sell the data. But as this Wired article points out, the policy isn't explicit about what happens if the company is liquidated or acquired.

So now I'm wondering if I should try to get an injunction against them transferring all my personal information to a third party... Good luck with that, right?

My last smart phone - a Sprint Mogul - finally died a few months back. So I found myself facing the decision - to iPhone or not to iPhone? I decided to take the plunge, and Cindy and I ended up with two brand new iPhone 3G phones (a few months before the iPhone 3G S came out... of course....).

Since I'm not a Apple fanboy, I didn't automatically cream my pants when touching my iPhone for the first time. As a matter of fact, I quickly came to find it had a number of shortcomings compared to my several year old Windows Mobile based Sprint Mogul. I eventually did find some of the strengths of the iPhone as well. But now that the much anticipated iPhone OS 3.0 is out I'm more convinced than ever that iPhone is really just a well polished turd. Let me list a few reasons why before you Apple fanboys slash my tires...

1. You pay for hardware you aren't actually using. The iPhone 3G camera was capable of recording video. If you jailbreak it, you actually can record video. And yet even with the release of OS 3, video recording is not supported on the 3G. It is supported on the 3G S, but guess what? Same deal - the 3G S camera hardware could record HD video, but Apple only allows you to record VGA video.
2. Apple supplied apps look good, but actually have usability flaws. Bad usability flaws. Usability flaws that a college undergrad software engineer could find and fix. Two illustrations: First, mail account navigation is stupid when you have multiple accounts. To check the inboxes in my two accounts on my iPhone requires 6 taps after starting the mail app. In Windows Mobile, it took 2. This was a known complaint in OS 2 and nothing was done to improve it in OS 3. Second example, the new voice memo app. It looks really slick, and the developers even took the time to make the signal meter jump if you "tap" the picture of the microphone. But the damn record/pause/stop buttons are so small, I can't reliably hit them without concentrating on the screen. News flash, I want a voice memo app so I can record thoughts while driving, when I can't safely look at the screen to type. What I need is a big record/pause/stop button, not a artistic rendition of a mic that takes up 80% of my screen. Want to record a voice memo in Windows Mobile? All I had to do was hold down the memo button on the phone, listen for the beep and start talking.
3. Photo management is non-existent. This was another area that was desperately in need of work in OS 3 and got nothing. I can have folders for my photos, but I have to copy the photos to my laptop and organize them there then sync them back to the iPhone. What? Are you serious? Apple apparently spent a year working on cut-n-paste but couldn't devote a month to coding this functionality. So my Photos app continues to be nothing but a huge long linear stream of photos in a timeline. If I'm going to load them on my laptop, I'm not going to bother to organize them and sync them back to my iPhone. I'll just tag them and send them to Flickr, thank you very much.
4. No Task List. Again, I can only say "Seriously?" This is supposed to be a "business savvy" smart phone and you don't support a task list of some sort?
5. No file management and no business apps. So now I have a 16GB device, but I can't load files on it? Of course, I can always email my documents to myself and then open them in email. *cough* *hack* *cough* But even if I do that, I can't edit anything. Again, Windows Mobile has had a "Mobile Office" suite for years. It's not as powerful as the real thing, but at least I can put together a spreadsheet when I need to. Of course, for $99 a year, you can get Apple's MobileMe service which is reportedly going to start offering the ability to send files to your iPhone via the me.com website. But you still can't edit your docs...
6. No Adobe Flash for Safari. I was surprised it wasn't in the original iPhone, amazed it wasn't in the iPhone 3G and just stunned that it hasn't been added to OS 3. Please, someone at Adobe and/or Apple, get your heads out of your asses!

So, given that I have some major issues with the iPhone 3G, am I ready to chuck it out a window? Not really. Just like the iPod, the iPhone really has done some revolutionary and great things. It's just that those things aren't really technical! But here's an obligatory list of what I see as the iPhone's strong points, just to present a little balance to my opinion.

1. App Store. Part of what you have to admire about Apple is that they don't really sell products, they sell integrated systems. Before the iPhone, no one had a marketplace like the App Store. Personally, I think the slick integration of the App Store directly with the phone is the single biggest reason for it's success.
2. GPS integration. Other phones have GPS, but Apple really pushed the concept of integrated location awareness for both native apps and for third party development. Geotagged photos, Zagat To Go, and with iPhone OS 3 Safari extends the location awareness possibilities to websites and not just apps. Very cool.
3. Social media integration is really stellar. Not much I can do to explain this one - if you use social media (Facebook, MySpace, LinkedIn, Twitter) the iPhone has you covered.
4. Camera quality is really quite good for a phone. The Windows Mobile phones seem to have universally shitty camera hardware and the iPhone still takes mediocre photos at best, but it's a big step up from the Mogul.
5. Seamless data network usage. On the prior smart phones I've used, you had to connect the data network and disconnect it when doing Internet Stuff. Apple and AT&T really went the extra mile to make the network experience seamless on the iPhone.
6. Web rendering is excellent. Safari may not be perfect, but it does the best job of any mobile browser I've seen, bar none!

Should you buy an iPhone? Honestly, I'm not sure what else is on the market that would convince you not to. Blackberries didn't impress me and I haven't played with a Palm Pre enough to judge it. If you're a business user, you might want to at least shop around. If you're a social media or mobile game junky, stop wasting time reading blogs and just go buy one already.

So, one of the big attack modes in computer security these days is "phishing". Phishing is when someone induces a victim to disclose a username & password (or other important identity information) using something that appears to be a valid website. For example, someone might setup a fake Bank of America website, then email that link to thousands of people asking them to login and confirm their account. Even if only 1% of the recipients falls for the trick, the attacker gets access to hundreds or thousands of bank accounts.

One of the most important countermeasures to this attack is user education. Organizations have spent lots of money trying to educate users that they should never disclose their password to another site. Things as simple as never opening links from an email and verifying the "SSL Lock" icon on your browser are cornerstones to this process. But more importantly, users should never give their password to a site with the wrong URL. In our example above, if the link in the email goes to http://bankofamerica.com@geocities.com/~spammer/fake_login.html, the goal of user education is to get the user to stop and say "Hey, that doesn't look right...." In fact, social media pioneer MySpace spent a lot of time and effort combating these exact types of attacks through user education efforts on their login screens and banners.

That brings us to Twitter. There appears to be a whole universe of Twitter related tools and websites that ask you to use your Twitter username and password to access their services. This is a bad idea! First, in the specific instance, we are building up a huge body of websites with access to our Twitter accounts - a break in at any of them could result in massive compromise of Twitter accounts, regardless of Twitter's policies and security controls.

But more importantly, Twitter's importance to the "youngins" means that we're now raising a whole new generation of Internet users that are 1) vulnerable to exploitation because of their age and now 2) trained by prior experience that sharing their username/password with other sites is a good idea. Now, I'm not one of those people that will do anything "for the children", but this is still a scary prospect.

And before you pooh-pooh me, how many of you out there are using the same username and password for a lot of your social media sites, email accounts, Amazon, Etsy, etc.? I'd be shocked if most kids have strong passwords let alone separate passwords for all the different sites they use on a daily basis. So these phishing vulnerabilities are only going to be more important as time goes on. And the really scary thing - even if you and your kids are smart enough to avoid these pitfalls, the vulnerability has what we call a "network effect". Even if YOU aren't vulnerable, someone you're connected to probably is. And that can be just as bad. Think your 13 year old would never talk to strangers online? What about when his friend's account is compromised and some stranger is using that friend's Facebook or Twitter to talk to your 13 year old? Still feel safe? Think you would know better even if your 13 year old wouldn't? What if your best friend sent you a Facebook message to let you know that the party tomorrow is cancelled? How paranoid are you willing to be....?

What can be done? Well, for starters, Twitter should implement an API Key approach to programmatic sharing like the one used by Flickr (or some other well engineered security mechanism for sharing access). Then they need to lead the charge in educating users not to share their passwords with a site that doesn't end in "twitter.com". And parents, don't forget to spend some time with your kids - and not just explaining this stuff!