Tag: Technology

The Stuff People Agree To

Have you heard of an end user license agreement (EULA)? You probably have. It’s a contract you agree to when you install most non-open source applications. Most people just click “I Accept” and move on with their lives without reading it. Of course sometimes the damndest things are agreed to like the Immortal Souls clause inserted by a online shopping site to make a point:

By placing an order via this Web site on the first day of the fourth month of the year 2010 Anno Domini, you agree to grant Us a non-transferable option to claim, for now and for ever more, your immortal soul. Should We wish to exercise this option, you agree to surrender your immortal soul, and any claim you may have on it, within 5 (five) working days of receiving written notification from gamesation.co.uk or one of its duly authorised minions.

Well Sony, no stranger to being complete asshats, an interesting clause in their EULA (I bring it up now because people started talking about it but this has been in the EULA for some time):

From time to time, SCE may provide updates, upgrades or services to your PS3™ system to ensure it is functioning properly in accordance with SCE guidelines or provide you with new offerings.

Some services may be provided automatically without notice when you are online, and others may be available to you through SCE’s online network or authorized channels. Without limitation, services may include the provision of the latest update or download of new release that may include security patches, new technology or revised settings and features which may prevent access to unauthorized or pirated content, or use of unauthorized hardware or software in connection with the PS3™ system.

Additionally, you may not be able to view your own content if it includes or displays content that is protected by authentication technology. Some services may change your current settings, cause a loss of data or content, or cause some loss of functionality. It is recommended that you regularly back up any data on the hard disk that is of a type that can be backed up.

Translated in to standard English it means Sony can push updates out to your system without requiring you to accept it or having to notify you that they’re doing it. If the update bricks your system that’s your problem and you’ll have to pay to get it fixed. Likewise they can erase any data on your system they please without notification and giving you no recourse.

Of course I’m just using Sony as a punching bag at the moment because their asshats. In truth many companies have similar clauses in their EULAs. Which is the point I’m trying to make here. Most people have no idea what they’re agreeing to when they click that “I Accept” button on the EULA window.

Let’s bring up another example, iTunes. Did you know that you can’t use iTunes to develop, design, manufacture, or produce missiles, or nuclear, chemical or biological weapons? Well you can’t because you agreed to the EULA.

What I’m really trying to drive home is this, read every contract you sign and every EULA you agree to. The shit that gets snuck in is absurd. It’s shit like this that pushes me towards free open-source software more and more every day.

Hello Kettle, This is The Pot Calling

If you’ve been paying any attention to the iPhone/iPad Flash pissing match you know it’s rather stupid. On one hand Apple is refusing to allow Flash on to their device because it could create competition to their app store ruin the battery life of their device. Adobe feels they have some kind of right to have their software placed on Apple’s platform. Well Adobe has claimed to quit attempted Flash development for the iPhone/iPad (I can’t say I blame them considering Apple went so far as to say you can only use Apple approved tools to develop for the iPhone/iPad now):

“As developers for the iPhone have learned, if you want to develop for the iPhone you have to be prepared for Apple to reject or restrict your development at any time, and for seemingly any reason,” Chambers said. “The primary goal of Flash has always been to enable cross browser, platform and device development. The cool Web game that you build can easily be targeted and deployed to multiple platforms and devices. However, this is the exact opposite of what Apple wants. They want to tie developers down to their platform, and restrict their options to make it difficult for developers to target other platforms.”

I honestly thought the point behind Flash was to waste my laptop’s battery through absurd CPU usage. But Mr. Chambers is correct in that Apple’s goal is to lock you into their platform while preventing easy cross-platform development that would make it easier for their customers to jump ship. It’s the same thing most software companies have been doing since the dawn of pay-for software. Of course the pot decided to call the kettle black:

In a response, Apple indicated its preference for a variety of up-and-coming standards that collectively compete with what Flash can do.

“Someone has it backwards–it is HTML5, CSS, JavaScript, and H.264 (all supported by the iPhone and iPad) that are open and standard, while Adobe’s Flash is closed and proprietary,” said spokeswoman Trudy Muller in a statement.

H.264 is not an open standard. People who wish to use H.264 are required to license the technology. Furthermore although the web browser on the iPhone/iPad uses HTML5, CSS, and JavaScript the applications themselves are not written using those technologies. Adobe was not only trying to get web based Flash onto the iPhone/iPad but also trying to make technology that ported Flash applications to a format that could be utilized on the iPhone/iPad which is a close platform.

Either way this debate really is stupid. Apple has no obligation to allow anything on their device they don’t want to allow. Likewise you are not obligated to purchase and use Apple’s phone/tablet if you don’t like their rules (which is why I don’t have an iPhone or iPad).

Firefox For The Truly Paranoid

A while back I mentioned that I dropped Google Chrome and returned to Firefox. My reasoning revolved around features unavailable in Chrome which was available in Firefox through extensions. Well the two features I wanted most have been added in a previous build of Chrome: the ability to block all scripting except for pages I white list, and better cookie management. Yes I’m still on Firefox. Why? Because Chrome’s script blocking and cookie management features are severally lacking in my opinion.

In Chrome’s advanced settings you can chose to block all scripting and cookies from sites not on your white list. This is exactly what I want as scripting is the defacto method of exploiting a computer these days and cookies are tools for spying on sites you visit. The problem is Chrome’s interface for it’s script blocking sucks. If a site has scripts that are being blocked an icon appears in the address bar. If you click on this icon you have two options: keep blocking scripts or white list the sight. NoScript on Firefox gives a third option I’m very fond of, temporarily allow scripting. I only white list sites I trust and visit frequently. But oftentimes I find myself visiting websites that require scripting to be enabled in order to gleam information from. In this case I temporarily allow scripting, get the information I need, and know that scripting will be disabled automatically for that site when I close my browser. It’s a great feature.

Likewise NoScript blocks more than scripting. It also notifies you of things like attempted cross-site scripting attacks, forces cookies from an secured site to be sent via HTTPS, and blocks all plugin components like Flash movies until I give my expressed go ahead. But Firefox has some other features available via plugins that I can’t replace via Chrome because frankly Chrome’s extension support sucks. In Chrome an extension can’t block items from being downloaded when you view a page. For instance if you install Adblock in Chrome the advertisements from any websites you visit will always be downloaded but Adblock will simply hide them through the use of CSS. Firefox on the other hand gives extension developers granulated control. For instance if I set NoScript to block scripting on www.example.com no JavaScript files will be downloaded when I navigate to www.example.com. Likewise Flash advertisements will not be downloaded unless I enable scripting and click on the individual Flash item.

Overall Chrome is more secure than Firefox’s default installation. In Chrome everything runs in a sandbox which means in order to exploit the browser you must exploit its rendering engine (WebKit) and it’s sandbox. Using the right extensions in Firefox I can ensure no potentially malicious scripts are even downloaded to begin with. An ounce of prevention is worth a pound of cure. Ensuring malicious code is never even downloaded in the first place is a better security option than downloading the code and depending on the sandbox to prevent anything bad from happening. Ideally having both abilities is the best option which Chrome allows for JavaScript but again it doesn’t check for other potential malicious content like NoScript does.

So yes Firefox is a much slower browser that is a big on resources. But the power extension developers have in Firefox means you can make the browser extremely secure whereas in Chrome you can’t enhance its security outside of methods Google allows. Due to this I’m still on Firefox and will be for the foreseeable future. Since I’m here I thought I’d let everybody know what security related extensions I’m using.

NoScript: I love this extensions. I will go so far as to say this extension is the primary reason I’m still using Firefox. What it does is blocks all scripting on all websites unless you add said site to your white list. You can add a site to your white list either permanently or only temporarily if it’s a site you don’t plan on visiting again. It complicates web browsing and therefore isn’t for everybody (or even most people I’d venture to say). As a benefit most of those annoying flashing advertisements get blocked when using NoScript. This extension is constantly being updated with new security related features.

CookieSafe: Cookie safe is a plugin that allows you to managed website cookies. There are three options available for each web site. The first, and default settings, is to block cookies all together. The second option is to temporarily allow cookies (they will be wiped out upon closing your browser) and the third option is to add the website to your white list which will allow cookies for that domain. The plugin only allows cookies from specific domains meaning you don’t have to worry about third party cookies getting onto your system (although this feature is available on most major browsers the implementations generally suck).

Certificate Patrol: I’ve mentioned a research paper I’ve read recently that talks about SSL security and it’s ability to be exploited by governments. Although there is no sure fire way to detect and prevent this kind of exploit you can strongly mitigate it. Certificate Patrol is an extension that displays all major certificate information for a secure web page the first time you visit it or when the certificate changes. So when you visit www.example.com the certificate information (we’ll assume it’s a secure site) will be promptly displayed by Certificate Patrol the first time you navigate your way there. If the certificate changes when you visit the site again the new certificate information will be displayed including what has changed. One mechanism to catching a certificate is looking at the issuer. For instance Internet Explorer trusts the root certificate for the Hong Kong Post Office. If you visit www.example.com and Certificate Patrol notifies you that the certificate has changed and the new one is provided by a different root authority you know something could be up. If the site’s certificate was previously provided by VeriSign and the new one is provided by the Hong Kong Post Office you know something is probably fishy. This could point to the fact the sight is not actually www.example.com but a site made by the Chinese government in order to capture information about dissidence who visit www.example.com (obviously some DNS spoofing would be required to redirect visitors to their site as well).

Those three extensions help mitigate many common web based attacks. This post is not to say none of this can be done in Chrome though. For instance you can manually check for certificate changes in Chrome but you will have to do it every time you visit a site to see if the certificate changed or not. Certificate Patrol simply automates that task. Likewise you can block cookies and scripting in Chrome but the interface to do either is more cumbersome than using CoockieSafe and NoScript.

Personally I value security over performance and that is why I’m still sticking with Firefox.

In Security the Key Phrase is Trust No One

Last month I posted a story about an interesting Windows security issue dealing with how the operating system handles SSL root certificates. After reading the linked research paper I’ve started scrounging the sourced information within and I must say the phrase trust no one is made very apparently. The paper cites several stories dealing with government entities coercing private companies into allowing bypassing in place security measures to allow surveillance. Lets look at a few of these stories.

The first one relates to an online e-mail service called Hushmail. According to Hushmail’s own site:

Every day, people around the world send billions of emails. The vast majority of these are transmitted without using any form of encryption. When you send an email without encryption, it can be monitored, logged, analyzed and stored by your employer, your internet service provider, or worse – a hacker
….
Hushmail keeps your emails private by encoding each message using encryption. Encryption is a way of transforming a message so that it is unreadable to anyone but the sender and its recipients. Hushmail makes encryption seamless and transparent – we encrypt your message automatically before it is sent, and then restore it back to its original form when the recipient reads it.

And from another section on their site:

In some countries, government sponsored projects have been set up to collect massive amounts of data from the Internet, including emails, and store them away for future analysis. This data collection is done without any search warrant, court order, or subpoena. One example of such a program was the FBI’s Carnivore project. By using Hushmail, you can be assured that your data will be protected from that kind of broad government surveillance.

You’ll notice they chose their wording very carefully. They imply their service will prohibit government surveillance but only so long as it’s warrantless. That page also describe in detail the fact that they will surrender information upon lawful request. Of course there is a reason they disclose this information now:

Zimmermann, who sits on Hushmail’s advisory board, spoke to THREAT LEVEL after we published a piece contrasting the site’s promises that it had no access to the contents of customers’ encrypted emails stored on their servers with a court case showing that the Canadian company turned over 12 CDs of readable emails to U.S. authorities.

At one point Hushmail advertised itself as not being able to access user’s e-mails. Of course they eventually turned over 12 CDs worth of customer e-mails and then backtracked. Mr. Zimmermann makes a very good point that everybody should realize:

“If your threat model includes the government coming in with all of force of the government and compelling service provider to do things it wants them to do, then there are ways to obtain the plaintext of an email ,” Zimmermann said in a phone interview. “Just because encryption is involved, that doesn’t give you a talisman against a prosecutor. They can compel a service provider to cooperate.”

It should go without saying that if the company can get access to the plain text of the e-mails stored on its servers then somebody else can as well. Needless to say even if an online service proclaims they securely store your data and it can not be accessed that is not usually true. The only secure option is to encrypt the data while it’s still on your machine and then send it out. For instance I backup much of my data to an online store service. Before the data leaves my system it’s put into a TrueCrypt partition. Only I have the key to decrypt the partition so even if a government entity forced my storage provider to hand over my data there is no way for that provider nor the government to decrypt it (obviously I mean before I die, they could brute force the key but it would take practically a century and I doubt I’ll still be alive when they find out my encrypted partition contained nothing important nor incriminating).

So that’s one example that was cited in the paper. The next one is even more insidious in my opinion but has a happier ending. I’m sure everybody who is reading this is at least familiar with OnStar. It’s an in vehicle service provided with Government General Motors produced vehicles. It allows such services as calling somebody via the press of a button or getting help in an emergency. It also allows law enforcement personnel to track and find the vehicle should it get stolen. To do it’s services there are two things that it needs: The ability to output vocal data which is provided by the car’s stereo system, and a microphone so you can communicated with OnStar employees.

People buying GM cars see this services as a convenience but government sees it as something else, a mechanism of spying on the citizenry:

The court did not reveal which brand of remote-assistance product was being used but did say it involved “luxury cars” and, in a footnote, mentioned Cadillac, which sells General Motors’ OnStar technology in all current models. After learning that the unnamed system could be remotely activated to eavesdrop on conversations after a car was reported stolen, the FBI realized it would be useful for “bugging” a vehicle, Judges Marsha Berzon and John Noonan said.

Yes the FBI decided OnStar was a great service. You simply flip on the microphone remotely and you can monitor conversations taking place inside the vehicle. Great! Fortunately after doing this the courts decided it was a no-no:

In a split 2-1 rulingthe majority wrote that “the company could not assist the FBI without disabling the system in the monitored car” and said a district judge was wrong to have granted the FBI its request for surreptitious monitoring.

But not for the reasons you’re thinking:

David Sobel, general counsel at the Electronic Privacy Information Center, called the court’s decision “a pyrrhic victory” for privacy.

“The problem (the court had) with the surveillance was not based on privacy grounds at all,” Sobel said. “It was more interfering with the contractual relationship between the service provider and the customer, to the point that the service was being interrupted. If the surveillance was done in a way that was seamless and undetectable, the court would have no problem with it.”

See in order to activate the microphone remotely without the vehicle occupants knowing OnStar’s recovery mode had to be disabled. This presented a violation of the service agreement between OnStar and the vehicle owner:

Under current law, the court said, companies may only be ordered to comply with wiretaps when the order would cause a “minimum of interference.” After the system’s spy capabilities were activated, “pressing the emergency button and activation of the car’s airbags, instead of automatically contacting the company, would simply emit a tone over the already open phone line,” the majority said, concluding that a wiretap would create substantial interference.

Personally I don’t trust any system in my vehicle that can be remotely activated and for good reason. Having a remotely activated microphone in your vehicle is just asking to be eavesdropped on. This also includes cellular phones but Tam pointed out a simple solution for that.

The final cited source I’m going to bring up from that paper (seriously go read it [PDF]) deals with RIM’s Blackberry phones. In this case the problem wasn’t related to RIM but a cellular phone carrier who cells their devices. I know the United Arab Emirates aren’t known for their love of basic human rights but when you get carriers to install spyware on phones to monitor all users of Blackberry devices that’s simply shitting all over privacy.

Details on the spyware application itself can be found here. Although the spyware did appear to be actively monitoring peoples’ communications by default it was capable of being remotely activated at any time. Of course the expected activation would be done by law enforcement personnel but anything they can activate a resourceful malicious hacker can activate. Now I do want to make it clear RIM didn’t have any knowledge of this and did release the following public statement:

In the statement, RIM told customers that “Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone”.

It adds that “independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server”.

This was a case of the UAE government getting a local carrier, Etisalat, to cooperate and install the spyware. The scariest thing here is the software wouldn’t have even been noticed if it wasn’t for the fact it was poorly coded and causing phone instabilities. Needless to say the phrase trust no one is very relevant everywhere in the world.

These stories exemplify that security is something you need to take into your own hands. You can’t expect other people to do it nor can you expect your government to do it. Nobody is going to protect your life, property, or privacy except you. This requires you obtain pertinent knowledge on the technology you use. Take time to understand the technology and devices you use in your everyday life and try to come up with ways those things can be used against you. Once you realize how those things can be used you can develop countermeasures.

New MacBook Pros Released

Well in one fell swoop my laptop went from top of the line super computer to… wait a minute my laptop was never the top of the line model. Anyways Apple has released new models of their MacBook Pro series of laptops. The main changes are new processors (Intel i5 and i7), new graphics cards (nVidia GeForce with better power management), and tout better battery life.

Overall it doesn’t look like any external changes were made (obviously no easily swappable battery because Steve Jobs hates seams). Hopefully they get the hard drive performance corrected in the new models (that’s the only but rather annoying issue I’ve had with mine).

I continue this love hate relationship with Apple. Seriously I really like their computers and the old iPod hasn’t failed me yet. It’s just everything else they make seems to be an adventure into locking people into their platform as tightly as possible while giving both users and developers roughly the same freedom as a dictatorship.

Update 2010-04-13 10:26: I missed a rather major feature that has been thrown in. On the 15″ MacBook Pros you now have the option of getting a higher resolution screen (1680×1050 instead of 1440×900). I’m always looking for more screen real estate (I seriously never close any application I have running which means I like lots of RAM and lots of screen space). It’s not worth the cost of getting a new laptop for me but it’s worth the extra $100.00 if you’re buying a new laptop.

On iPhone OS 4.0

I’m sure almost everybody here has heard that Apple unveiled iPhone OS 4 yesterday. If you didn’t I’m surprised being it was “the news.” Anyways I’m here to give my initial and patented cynical overview of it.

All in all Apple claims to have added seven new major features. In reality I only give a shit about two of them. The first finally corrects one of my biggest gripes with the iPhone, lack of multi-tasking. Well it sort of fixes it. iPhone OS 4.0 finally introduced multi-tasking for third party applications. Let me rephrase it introduces a rudimentary form of multi-tasking for certain third party applications. Instead of doing like Palm and Google with their respective operating systems Apple has going the route of ancient Palm OS. Ancient Palm OS allowed some things to run in the background. They called it threading. The main two items that could be run in the background were open network connections and sound. This was accomplished by calling an operating system provided service. And that’s exactly what iPhone OS 4.0 does. It introduces seven services for running background tasks. My problem is the services appear to be very specific instead of generalized.

Like Palm OS of yesteryear the iPhone has a service for sound. It also provides a background service for location (GPS), a mechanism for applications to provide notifications when they’re not running, and a VoIP services (there are a few others but they’re mostly meaningless to me). There is no generic networking background service though. This means Skype can run in the background so you can take calls. But if you write an IRC client it will not be able to run in the background meaning you’ll get disconnected when you change to another applications (unless one of the mentioned services can be shoehorned into a generic networking services). That severely limits the application possibilities again. Apple proves yet again that they can offer a feature available in other operating systems for almost a decade while spinning it as something unique, new, and innovative. I’m not impressed but it’s certainly better than what they’ve had in the past (nothing).

The final note about multi-tasking is if you have an iPhone previous to the 3GS you won’t get it. Sorry Apple has decided previous models of the iPhone don’t have the required hardware even though jailbreakers have been multi-tasking on every iPhone model that has ever existed. It’s nice to know you’re loved right? Nothing makes me happier than companies denying features based entirely on the fact that they want you to buy a new product.

Let’s talk the other feature I took notice of, iAd. Apple has pretty much included adware directly into the OS (much to the bane of many like myself who avoid getting a system infected with adware). This is a feature that can be included in applications and allows easy advertisements. Apple controls the actual adds so the developer simply collects a paycheck from it (they get 60% while Apple keeps 40%). All in all I’m not as hysterical as many are about this feature. Currently many free applications already have advertisements in them so not much is changing. My main issue is since it’s easy to implement advertisements in an application more and more developers will be doing it (I had advertisements in my applications, if you want to make money just sell the damned thing). But my biggest fear is advertisements will start being included in pay applications (to offset the “subsidized price” of $1.99 of course). Not that big of an issue overall as you can just avoid applications with advertising in them.

The real problem with iAd in my opinion is how it makes the product feel cheapened. Let’s face it nobody likes adware getting onto their computer (as evident by applications like Adaware existing who’s sole purpose is to remove adware). So knowing an advertisement service exists inside of the operating system itself just makes the entire system feel chintzy. It’s a psychological thing but alas it’s what it is.

Overall iPhone OS 4.0 is an improvement but not nearly as good of one as I was hoping.

On The FCC Vs. Comcast Case

A while back the FCC brought down the hammer on Comcast telling the not-loved-by-anybody company they could not throttler or filter traffic. Well the courts decided that the FCC didn’t have that authority so Comcast is free to go back to their games again. This has been a major topic of discussion with geeks as of late because it pretty much rips the teeth right out of the idea of net neutrality. Or does it?

The Internet is an interesting creature. It’s predecessor was created during the Cold War as a mechanism to ensure the country didn’t have a single vulnerable point in it’s military communications network. The idea was to create a decentralized system that couldn’t be taken down by one or a handful of nuclear strikes, thus allow us to coordinate a counter-attack. Eventually this research lead to the public Internet that you’re using right now.

From the get go the government has been involved in the Internet. Likewise most of the major ISPs are companies that evolved from the breakup of Ma Bell which was a government sanctioned monopoly over all telecommunications in the country. Needless to say the entire system is infected with government interference. Until a short while ago the rules dictated to the ISPs was they had to allow all traffic to flow across their network without prejudice. This mean they could not throttle traffic crossing their lines that was emitted by or destined to another ISP. These ISPs also couldn’t throttle or filter traffic in any way. Now that this is no longer the case people have been clamoring for the government to enforce net neutrality again.

A lot of people are stating how scary it is to think about these companies have the power to filter traffic and how the only solution available to us is for the government to make laws that prevent this. You know what I find scarier? The government have more control over the Internet. Why? No current representative that I’m aware of has a background in technology, specifically networking. Likewise the government always managed to find the least qualified people to head committees and regulatory groups. Remember, “The Internet is a series of tubes” Ted Stevens from Alaska? Guess what. He was in charge of Internet regulation.

Do we really want people like this making laws that will regulate the Internet? I don’t. But I’m also a fan of net neutrality so what could possibly be done to ensure the Internet stays neutral while the government stays out of it? There are actually several options available.

In order to setup an ISP you need two items controlled by private entities. The first is a block of IP addresses while the second item is one or more domain names. Both of these are controlled by a private company called the Internet Corporation for Assigned Names and Numbers (ICANN). A potential option available would be for ICANN to require ISPs to agree to a series of rules that would in essence be net neutrality. If the ISPs won’t sign the agreement ICANN simply won’t allocate IP addresses or domain names. Simple. If an ISP really doesn’t want to play by these rules they can create their own Internet (you can create multiple global networks separated from one another thus having multiple Internets) and of course nobody will use them.

I’m not suggesting this saying it’s the right solution. This suggestion is being made as a potential mechanism of enforcing net neutrality while also keeping morons government out of the equation. But the idea of putting an entity who put Ted Stevens in a situation to made any regulations on the Internet is frightening.

On The Collateral Murder Video

I’m sure everybody has seen the video of the Apache helicopter crew shooting a group of civilians and two reporters. I wasn’t there so I’m no going to comment on the even itself, I’ll leave that to people who want to argue about that. But an interesting point is brought up by Bruce Schneier. The following was stated on the WikiLeak Twitter stream:

Finally cracked the encryption to US military video in which journalists, among others, are shot. Thanks to all who donated $/CPUs.

Bruce’s question is simple:

Surely this isn’t NSA-level encryption. But what is it?

So WikiLeaks is saying the Collateral Murder video was encrypted upon receipt. They rented “super computer time” to break the video encryption. So what the Hell scheme was used to break the encryption? Although Wikipedia is far from a valid source of information I’m going to link to the article on AES encryption because it gives a good overview. Specifically this part:

The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used to protect classified information:

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.”[8]

So considering this video was classified it would most likely have been encrypted using AES. There are some attacks currently available against AES but none of them allow breaking in a reasonable amount of time (depending on the implementation of AES used of course). Of course there is the possibility that the video was encrypted using a poorly chosen key and the WikiLeaks people simply performed a brute force attack against the video. It would seem idiotic that somebody would both encrypting this video using a strong encryption algorithm but not both using a good key. Then again this is the government we’re talking about and they are known for incompetence.

I would like to hear from WikiLeaks what method was used to encrypted this video. It would be interesting to find out not only what algorithm was used but also if the video was encrypted by the military, other government personnel, or the person who leaked the video.

The iPad

Being a world renounced technology pundit… wait scratch that. Being a geek I get asked about various technological doodads and gizmos quite often. Since the iPad is the current hot tech device I’m getting asked my views on it. Because of my inflated ego and perceived self worth I’ve decided reads of this site (both of you) may be interested in my views on the device. So here it is.

First let me start by saying I don’t have an iPhone or iPod Touch. Coincidentally I also don’t have an iPad therefore this post is going to be my views based upon the published specifications and my person beliefs as a computer scientist (note that’s the only credential I’m going to be using because I have no other credentials related to this). I do have the development tools for the iPhone installed on my computer and have written test applications for the platform and most of the time I view a platform based on my development experiences. I have played with physical iPhones but have yet to hold an iPad. There that’s straight up and honest. My opinions may change based on exposure to the physical device at a later date and if that is the case I’ll post my revised ides.

A final note is I’m basing this post on the iPad in its stock configuration. I realize that is has already been jail broken and thus additional functionality exists. I don’t like messing with such things and if I need to jail break a device to make it useful to me I generally just get a different device.

First and foremost I’m going to mention my gripes with the iPhone (the validity of which will be made clear in a few paragraphs). The biggest one for me is third party applications can’t multi-task. If you don’t know what that means it is a pseudo-fancy way of saying multiple third party applications can not run at the same time. So if you have an IRC client you can not allow it to run in the background while you open the Pandora application meaning you’ll miss any messages sent to you during your time outside of the application. This is a huge issue for my uses. I often have an AIM client (don’t laugh, it’s what the majority of my friends use), IRC client, and various other programs open and running at the same time on my laptop. Likewise on my phone I have ran my AIM client while doing other tasks (yes the old Palm OS had some limited multi-tasking capabilities including network connections continuing to run in the background). Not being able to get messages sent to me using these clients while I’m doing other things is a huge strike against the device.

Another issue I have with the iPhone is the fact you can only install applications Apple has blessed. Their process of blessing applications is fairly random and they haven’t published exact specifications stating what will and will not get approved. They have mentioned some things but other things they seem to make up on the spot. I don’t like a third party having this kind of control over a device I have purchased. If I want to install a shitty application that will break my phone I should damn well be able to do so.

Third the battery in the iPhone is not easily user replaceable. Yes Apple will replace the battery should it become weak at a nominal charge but that doesn’t do anything for me when the battery runs out of juice while I’m on a trip and I need to swap in a fresh one. I have a spare batter for my current phone specifically because of this scenario. I want the ability to swap batteries when the one in my phone is completely discharged after a long phone conversation. Likewise I’m a big fan of self-servicing my electronics. My the fan in my old laptop died I bought a new one and installed it myself. I could do this because the case could be opened easily while the iPhone isn’t built in a manner that allows easy service. It’s a disposable device, when it breaks you’re just expected to replace it. I hate this idea.

I also hate AT&T which is the only United States carrier who has the iPhone. This is a non-issue for the iPad so it’s irrelevant to this post though.

Those are the big ones. Beyond that I haven’t much against the iPhone. But that brings up the first issue I have with the iPad. It doesn’t correct any of these issues I have with the iPhone. The iPad doesn’t multi-task and any application you want to install must be blessed by Apple. Also like the iPhone the iPad battery is not user replaceable which just pisses me off.

With that said the iPad does have one option available to it that I like. You can sync up a Bluetooth keyboard to the iPad giving you the ability to do actual typing on it. Combined with the size and portability of this device that means the iPad should be fairly proficient for writing tasks. This means you could theoretically bring an iPad in place of a laptop if you needed to write reports or blog posts. Of course the iPad lacks many tools (virtual machines and development tools mostly) I require for day to day tasks and hence would not be a laptop replacement for me. But that’s my uses and I don’t think most people require the same tools I do therefore the iPad is a potential laptop replacement. Most people outside of the computer science field I know would be able to function a week on the features available on the iPad.

Now the part I really like about the iPad, it’s simplistic interface. Once again this isn’t something for me personally but for people I know. The iPad would be the perfect computer for my grandmother. My grandmother knows nothing about computers. While trying to show her how to run one I noticed several things. First she always tries to touch the icons on a screen to open an application. She doesn’t get the interaction between the touch pad on a laptop and the pointer on a screen. A touch screen device would be perfect for her which is exactly what the iPad is. She doesn’t touch type, instead she has to hunt and peck for keys on a keyboard. Due to this she really gains no benefit from a physical keyboard since the main benefit is speed. An onscreen keyboard would be ideal for her uses (especially if you could sort the keys in alphabetical order instead of using the QWERTY layout). By default the iPad has a web browser which is pretty much all she needs or wants. She has no interest in third party applications at all. Of course a JooJoo would fit this use case well except for the fact it’s larger and heavier while my grandmother doesn’t have the best ability to hold a heavier device up for very long.

Overall I think the iPad is perfect for those wanting to use basic Internet functionality (web browsing, e-mail, etc.) but have no experience nor interest in computers beyond that. It’s simple and basic which is exactly what many people want.

As an e-reader I think the iPad suffers from the same flaws as any portable computer, the screen. The reason I love my Kindle is because the screen is something I can look at for hours on end and use outside in direct sunlight. Yes when the weather is nice I like to take my reading outside to places like my little deck or park benches. The iPad screen is highly reflective. Apple did that because it makes colors look much richer but it also comes at the price of being almost unusable outdoors. My laptop has a glossy screen as well and using it with any light source behind you can suck pretty hard. Finally the iPad is a bit on the large side for an e-reader in my opinion (I love the Kindle’s size, especially when I’m sitting on an airplane). Without an e-paper display I can’t imagine replacing my Kindle with an iPad. Of course somebody will bring up that I can’t view color illustrations on my Kindle to which my replay is, I don’t care. Truth be told through most of college I obtained international editions of my required text books. These are the same books you buy in campus book stores except they are not hard cover and they only have black and white illustrations. I never encountered an image or diagram in a book where I though, “Hey I wish this was in color.” And most of my reading involves novels and technical manuals which are mostly text and therefore don’t require color. If your main reading material are things like comic books I can see where having a device with a color screen is going to be a huge plus and in that case the iPad will fit the bill.

The iPad seems to also be a great portable movie player. The screen is large enough where you could watch a movie on it while still being small enough to have sitting out on an airplane or bus. If the screen is anything like the iPhone’s it’ll be plenty good for displaying good video. I think it’s too large to be an effective portable music player though. But most cell phones have this functionality built in. Having the larger screen the iPad offers is no benefit for playing music so most people will probably continue doing that on their phones (or MP3 player as in my case).

Overall I think the iPad is a great device for many use cases. None of them happen to be my use cases and therefore it doesn’t really fit me. The price seems to be in line with other similar devices although with how much more expensive it is than many netbooks in addition to have less features I’d say it’s not a good price point. For the most part my feeling towards the iPad is that it’s a solution in search of a problem. It’s too large to be as portable as a phone but tool limited to be a laptop replacement for many people.