Tag: Geek Stuff

Kindle 2.5 Firmware Details

Well it looks like Amazon is going to be pushing out another firmware update to the Kindle (well they are now to “select users” but everybody should get it towards the end of may). The new features look pretty cool.

First the Kindle will finally have a mechanism for organizing books into collections. For me this is probably the best new feature listed on the site (yes I’m easy to please). The problem I currently have is that there are so many books on my Kindle I have to go through five pages just to find the one I’m looking for.

The second coolest feature is the ability to zoom and pan in PDF documents. This may not be that big of an issue for the Kindle DX but the little Kindle doesn’t do well with PDFs unless you put it in landscape mode. The main issue is the Kindle scales the PDF to fit the screen so if it’s a large (as in physical space no file size) PDF the text will be scaled down to a point of being unreadable.

Password protection is also being added to the Kindle. Pretty simply although the Kindle is one of those devices I never really felt a need to password protect. Alas it’s nice to see the feature is there should I change my mind.

Amazon lists more fonts but the description states “enjoy two new larger font sizes…” To me that’s not really adding new fonts, just increasing the maximum size of the ones on there. Seeing as I always have the font size on my Kindle set to the absolute lowest this won’t concern me. They also mentioned improved font clarity which I won’t know what to think until I see it.

Finally the Kindle is going to be getting its social networking on. This will be a wholly useless feature for me but probably a bigger one with you social media addicts out there. You will be able to share passages from your books on Facebook and Twitter. Likewise you’ll also be able to see what passages people find most popular.

It should go without saying (since this was the case with the last firmware update) that if you still have a first generation Kindle you don’t get to come to the new firmware party, sorry.

Overall it sounds like a pretty solid update. Now if Amazon would just hurry up and approve me for their beta Kindle developer program I’d be in very good shape.

Once Bitten Twice Shy

I’ve mentioned from time to time here about my fascination with Palm and their products. I still think WebOS is probably the best mobile OS out there (via playing with the major platforms through emulators and a little hands on time with devices). I’ve been saying I’m going to get a Pre at some point but have been holding out as of late because Palm is in complete disarray. Well the developers of one of my previously most used Palm applications, DataViz, has made a recent annoucement:

We are continuing our efforts to work with Palm to clear the path for a full editing version of Documents To Go. However, given the current environment at Palm, as well as the necessary collaboration with the device manufacturer that is required to bring an app like ours to a platform like webOS, our Documents To Go editor product for webOS is essentially at a standstill.

As soon as we have any additional information, we will inform you immediately.

Thanks for your passion surrounding our solution.

I bring this up because a history lesson is required. Not only is Palm in financial trouble they also have a history of screwing developers over. A few years ago Palm introduced what would have been the first netbook, the Foleo. It was a very small laptop-like device that synced up with your phone (and didn’t have much functionality without your phone). It was a neat idea honestly and I was planning on getting one upon release.

Developers worked on applications to release on the Foleo. Quit a bit of time and money was spent by developers to make sure their applications were ready for the fast approaching release date. Then at the last minute (a few days before the scheduled release) Palm cancelled the Foleo. That was it, nothing to see everybody, move along.

Their reasoning was sound (although way too late). They were working on what would become WebOS at the time. The Foleo operating system, although Linux based, was completely separate from their upcoming WebOS. Palm decided a unified user experience (in other words only putting time and resources into a single operating system) was the way they should go. They promised a Foleo II running their new platform at an unspecified future date which never game.

This story is important to bring up because it shows why developers are skittish to dump money into developing Palm software. Not only is the future of the company uncertain but they still remember getting screwed over big time from the whole Foleo debacle. Developers are none too happy when a platform developer pulls the keyboard out from under their tired coding finger tips.

So the strike against Palm is two fold at this point. They aren’t making money and their still in an untrusted position with developers who remember what happened those short few years ago. I think these two things are going to haunt Palm for many years (if they survive that long) to come.

Barnes and Nobel Nook Firmware Update

I absolutely love my Kindle. But I like to keep up on what’s going on with other e-readers. Well Barnes and Nobel introduced a rather interesting firmware update for their Nook. The firmware includes a basic web browser, games (chess and sudoku), and the general performance enhancements. But the really cool feature in my not so humble opinion is called read in store.

What this does is allow you to browse through entire books when in a Barnes and Nobel store. This feature makes sense as Barnes and Nobel marketed the Nook as a mechanism to get people to come into their stores. But it also seems kind of gimmicky to have a feature on a device rely on where you happen to be. Of course there are restrictions. Although you can browse entire titles you can only do so for one hour per day (whether that’s an hour per title or an hour for the feature use period is not made clear). Still it’s nice to see they’re throwing features in. Now if they could just build a device without that bloody LCD screen.

Update 2010-04-23 13:14: It appears that the new web browser only works with Wi-Fi, not the build in 3G card. This is a direct contract to the Kindle web browser which works on 3G (as it doesn’t have Wi-Fi). This really seems like a stupid limitation if you ask me.

The Stuff People Agree To

Have you heard of an end user license agreement (EULA)? You probably have. It’s a contract you agree to when you install most non-open source applications. Most people just click “I Accept” and move on with their lives without reading it. Of course sometimes the damndest things are agreed to like the Immortal Souls clause inserted by a online shopping site to make a point:

By placing an order via this Web site on the first day of the fourth month of the year 2010 Anno Domini, you agree to grant Us a non-transferable option to claim, for now and for ever more, your immortal soul. Should We wish to exercise this option, you agree to surrender your immortal soul, and any claim you may have on it, within 5 (five) working days of receiving written notification from gamesation.co.uk or one of its duly authorised minions.

Well Sony, no stranger to being complete asshats, an interesting clause in their EULA (I bring it up now because people started talking about it but this has been in the EULA for some time):

From time to time, SCE may provide updates, upgrades or services to your PS3™ system to ensure it is functioning properly in accordance with SCE guidelines or provide you with new offerings.

Some services may be provided automatically without notice when you are online, and others may be available to you through SCE’s online network or authorized channels. Without limitation, services may include the provision of the latest update or download of new release that may include security patches, new technology or revised settings and features which may prevent access to unauthorized or pirated content, or use of unauthorized hardware or software in connection with the PS3™ system.

Additionally, you may not be able to view your own content if it includes or displays content that is protected by authentication technology. Some services may change your current settings, cause a loss of data or content, or cause some loss of functionality. It is recommended that you regularly back up any data on the hard disk that is of a type that can be backed up.

Translated in to standard English it means Sony can push updates out to your system without requiring you to accept it or having to notify you that they’re doing it. If the update bricks your system that’s your problem and you’ll have to pay to get it fixed. Likewise they can erase any data on your system they please without notification and giving you no recourse.

Of course I’m just using Sony as a punching bag at the moment because their asshats. In truth many companies have similar clauses in their EULAs. Which is the point I’m trying to make here. Most people have no idea what they’re agreeing to when they click that “I Accept” button on the EULA window.

Let’s bring up another example, iTunes. Did you know that you can’t use iTunes to develop, design, manufacture, or produce missiles, or nuclear, chemical or biological weapons? Well you can’t because you agreed to the EULA.

What I’m really trying to drive home is this, read every contract you sign and every EULA you agree to. The shit that gets snuck in is absurd. It’s shit like this that pushes me towards free open-source software more and more every day.

A Shotgun For All Your Maverick Reploid Hunting Needs

The Firearm Blog let us know the solution has finally arrived for the rash of violent Reploid uprisings that have been happening recently. They are calling it the Maverick Hunter after the government sanctioned anti-Maverick task force. Maverick Hunter [the task force] representative Dr. Cain has this to say:

Although I understand peoples’ desire to have a means of defending themselves against the Mavericks, I must also urge caution. Reploids are incredibly powerful and humans should avoid head on confrontations. I also feel that Mossberg is providing a false sense of security with their new Maverick Hunter shotgun as I don’t see how a shotgun of any sort could reliably destroy a rouge Reploid.

Likewise famous Maverick Hunter X had the following to say:

Seriously? A shotgun? To fight Mavericks?! See this gun on my arm? Yeah it’s an energy weapon that first plasma. It’s not a shotgun because they can’t reliably penetrate the metal exoskeleton that Mavericks are constructed out of. This product is wholly irresponsible to advertise in this manner.


X has helped suppress no less than 8 Maverick uprisings.

Mossberg could not be reached for comment.

Hello Kettle, This is The Pot Calling

If you’ve been paying any attention to the iPhone/iPad Flash pissing match you know it’s rather stupid. On one hand Apple is refusing to allow Flash on to their device because it could create competition to their app store ruin the battery life of their device. Adobe feels they have some kind of right to have their software placed on Apple’s platform. Well Adobe has claimed to quit attempted Flash development for the iPhone/iPad (I can’t say I blame them considering Apple went so far as to say you can only use Apple approved tools to develop for the iPhone/iPad now):

“As developers for the iPhone have learned, if you want to develop for the iPhone you have to be prepared for Apple to reject or restrict your development at any time, and for seemingly any reason,” Chambers said. “The primary goal of Flash has always been to enable cross browser, platform and device development. The cool Web game that you build can easily be targeted and deployed to multiple platforms and devices. However, this is the exact opposite of what Apple wants. They want to tie developers down to their platform, and restrict their options to make it difficult for developers to target other platforms.”

I honestly thought the point behind Flash was to waste my laptop’s battery through absurd CPU usage. But Mr. Chambers is correct in that Apple’s goal is to lock you into their platform while preventing easy cross-platform development that would make it easier for their customers to jump ship. It’s the same thing most software companies have been doing since the dawn of pay-for software. Of course the pot decided to call the kettle black:

In a response, Apple indicated its preference for a variety of up-and-coming standards that collectively compete with what Flash can do.

“Someone has it backwards–it is HTML5, CSS, JavaScript, and H.264 (all supported by the iPhone and iPad) that are open and standard, while Adobe’s Flash is closed and proprietary,” said spokeswoman Trudy Muller in a statement.

H.264 is not an open standard. People who wish to use H.264 are required to license the technology. Furthermore although the web browser on the iPhone/iPad uses HTML5, CSS, and JavaScript the applications themselves are not written using those technologies. Adobe was not only trying to get web based Flash onto the iPhone/iPad but also trying to make technology that ported Flash applications to a format that could be utilized on the iPhone/iPad which is a close platform.

Either way this debate really is stupid. Apple has no obligation to allow anything on their device they don’t want to allow. Likewise you are not obligated to purchase and use Apple’s phone/tablet if you don’t like their rules (which is why I don’t have an iPhone or iPad).

Firefox For The Truly Paranoid

A while back I mentioned that I dropped Google Chrome and returned to Firefox. My reasoning revolved around features unavailable in Chrome which was available in Firefox through extensions. Well the two features I wanted most have been added in a previous build of Chrome: the ability to block all scripting except for pages I white list, and better cookie management. Yes I’m still on Firefox. Why? Because Chrome’s script blocking and cookie management features are severally lacking in my opinion.

In Chrome’s advanced settings you can chose to block all scripting and cookies from sites not on your white list. This is exactly what I want as scripting is the defacto method of exploiting a computer these days and cookies are tools for spying on sites you visit. The problem is Chrome’s interface for it’s script blocking sucks. If a site has scripts that are being blocked an icon appears in the address bar. If you click on this icon you have two options: keep blocking scripts or white list the sight. NoScript on Firefox gives a third option I’m very fond of, temporarily allow scripting. I only white list sites I trust and visit frequently. But oftentimes I find myself visiting websites that require scripting to be enabled in order to gleam information from. In this case I temporarily allow scripting, get the information I need, and know that scripting will be disabled automatically for that site when I close my browser. It’s a great feature.

Likewise NoScript blocks more than scripting. It also notifies you of things like attempted cross-site scripting attacks, forces cookies from an secured site to be sent via HTTPS, and blocks all plugin components like Flash movies until I give my expressed go ahead. But Firefox has some other features available via plugins that I can’t replace via Chrome because frankly Chrome’s extension support sucks. In Chrome an extension can’t block items from being downloaded when you view a page. For instance if you install Adblock in Chrome the advertisements from any websites you visit will always be downloaded but Adblock will simply hide them through the use of CSS. Firefox on the other hand gives extension developers granulated control. For instance if I set NoScript to block scripting on www.example.com no JavaScript files will be downloaded when I navigate to www.example.com. Likewise Flash advertisements will not be downloaded unless I enable scripting and click on the individual Flash item.

Overall Chrome is more secure than Firefox’s default installation. In Chrome everything runs in a sandbox which means in order to exploit the browser you must exploit its rendering engine (WebKit) and it’s sandbox. Using the right extensions in Firefox I can ensure no potentially malicious scripts are even downloaded to begin with. An ounce of prevention is worth a pound of cure. Ensuring malicious code is never even downloaded in the first place is a better security option than downloading the code and depending on the sandbox to prevent anything bad from happening. Ideally having both abilities is the best option which Chrome allows for JavaScript but again it doesn’t check for other potential malicious content like NoScript does.

So yes Firefox is a much slower browser that is a big on resources. But the power extension developers have in Firefox means you can make the browser extremely secure whereas in Chrome you can’t enhance its security outside of methods Google allows. Due to this I’m still on Firefox and will be for the foreseeable future. Since I’m here I thought I’d let everybody know what security related extensions I’m using.

NoScript: I love this extensions. I will go so far as to say this extension is the primary reason I’m still using Firefox. What it does is blocks all scripting on all websites unless you add said site to your white list. You can add a site to your white list either permanently or only temporarily if it’s a site you don’t plan on visiting again. It complicates web browsing and therefore isn’t for everybody (or even most people I’d venture to say). As a benefit most of those annoying flashing advertisements get blocked when using NoScript. This extension is constantly being updated with new security related features.

CookieSafe: Cookie safe is a plugin that allows you to managed website cookies. There are three options available for each web site. The first, and default settings, is to block cookies all together. The second option is to temporarily allow cookies (they will be wiped out upon closing your browser) and the third option is to add the website to your white list which will allow cookies for that domain. The plugin only allows cookies from specific domains meaning you don’t have to worry about third party cookies getting onto your system (although this feature is available on most major browsers the implementations generally suck).

Certificate Patrol: I’ve mentioned a research paper I’ve read recently that talks about SSL security and it’s ability to be exploited by governments. Although there is no sure fire way to detect and prevent this kind of exploit you can strongly mitigate it. Certificate Patrol is an extension that displays all major certificate information for a secure web page the first time you visit it or when the certificate changes. So when you visit www.example.com the certificate information (we’ll assume it’s a secure site) will be promptly displayed by Certificate Patrol the first time you navigate your way there. If the certificate changes when you visit the site again the new certificate information will be displayed including what has changed. One mechanism to catching a certificate is looking at the issuer. For instance Internet Explorer trusts the root certificate for the Hong Kong Post Office. If you visit www.example.com and Certificate Patrol notifies you that the certificate has changed and the new one is provided by a different root authority you know something could be up. If the site’s certificate was previously provided by VeriSign and the new one is provided by the Hong Kong Post Office you know something is probably fishy. This could point to the fact the sight is not actually www.example.com but a site made by the Chinese government in order to capture information about dissidence who visit www.example.com (obviously some DNS spoofing would be required to redirect visitors to their site as well).

Those three extensions help mitigate many common web based attacks. This post is not to say none of this can be done in Chrome though. For instance you can manually check for certificate changes in Chrome but you will have to do it every time you visit a site to see if the certificate changed or not. Certificate Patrol simply automates that task. Likewise you can block cookies and scripting in Chrome but the interface to do either is more cumbersome than using CoockieSafe and NoScript.

Personally I value security over performance and that is why I’m still sticking with Firefox.

New MacBook Pros Released

Well in one fell swoop my laptop went from top of the line super computer to… wait a minute my laptop was never the top of the line model. Anyways Apple has released new models of their MacBook Pro series of laptops. The main changes are new processors (Intel i5 and i7), new graphics cards (nVidia GeForce with better power management), and tout better battery life.

Overall it doesn’t look like any external changes were made (obviously no easily swappable battery because Steve Jobs hates seams). Hopefully they get the hard drive performance corrected in the new models (that’s the only but rather annoying issue I’ve had with mine).

I continue this love hate relationship with Apple. Seriously I really like their computers and the old iPod hasn’t failed me yet. It’s just everything else they make seems to be an adventure into locking people into their platform as tightly as possible while giving both users and developers roughly the same freedom as a dictatorship.

Update 2010-04-13 10:26: I missed a rather major feature that has been thrown in. On the 15″ MacBook Pros you now have the option of getting a higher resolution screen (1680×1050 instead of 1440×900). I’m always looking for more screen real estate (I seriously never close any application I have running which means I like lots of RAM and lots of screen space). It’s not worth the cost of getting a new laptop for me but it’s worth the extra $100.00 if you’re buying a new laptop.