Thu - July 20, 2006
PGP Appears to Suck
Well, it's official. It looks like newer versions
of PGP are just going to suck and there's nothing you can do about it. Their
ridiculous new email (sorry - messaging) system is here to stay. The official
word from a posting by Earle Lowe, a Dev Manager at PGP from June 11,
2006:Obviously there is a philosophical (and fundemental) disagreement about the nature of email encryption. The current technology was felt as clearly the best path forward for PGP as a software product. It solves numerous issues with integrating into the various email applications that people want to use. It supports PGP/MIME. It supports centralized policy management. It enables a much simpler experience for the user (we have not yet achieved this obviously). The list continues.
The way you want PGP to work where you actually see the ciphertext was and continues to be simply not possible in any number of email clients. The old architecture was neither maintainable nor extensable. As an example, Outlook Express, for all its obvious faults is a popular email client. Prior to PGP 9, the PGP rip-in for this email client was a significant amount of tricky code requiring substantial developer expertise (and was prone to break frequently - particularly with MS updates). PGP 9, on the other hand, has zero specialized code to handle Outlook Express. OK
- I can completely understand the problems with keeping up with email clients.
It's a pain in the butt. But removing security so it's easier for the end user?
What a dumb statement. Why not just remove all encryption from the product? That
will make it even easier. In fact, this is basically what they have now
anyhow.Their craptastic "easy to use"
messaging proxy defaults to settings so you don't have to change anything in
your email client to make it work. Seems like a convenient feature. All emails
could be encrypted/signed on their way out. Except if the proxy ever fails, that
email you just sent doesn't get
encrypted - it just gets sent because your
mail client doesn't know the difference. It just uses the same old settings it
always did. This failure mode is completely unacceptable. I can't even believe
they offer this as an option. Dumber than
hell.The really screwed up part about
this is that their proxy does fail for non-obvious reasons, mostly because it's
a pain in the ass to set up and get working properly, even with their auto
detection running. In my case, emails from one account went out signed, another
didn't - all because my SMTP port wasn't something they were expecting and were
trapping (and there is no way to change this either, apparently.)
My advice? Don't even think to use
this hunk of junk for email on the Mac (or anywhere else for that matter.) It's
not worth it. Stick to using GPG. It actually does the right thing, despite
lacking the nice key management front end. I didn't even test anything else in
their software. What other crap doesn't work or is broken in non-obvious
ways?I feel sorry for all those n00bs
out there running this crap and thinking they are secure in any
way.Update:
I posted to their forums about these concerns.
Despite tons of "views" no one has answered. Based on the posts they actually
answer on their forums, it looks like their target market has changed to be
those customers who think running something called "PGP" magically makes them
secure.
Posted at 09:21 AM Permalink
|
Wed - July 19, 2006
PGP For Intel Macs
PGP just released a beta version of PGP 9.5 that
has universal binary support. I used to use PGP back in the day on Windows, but
didn't really keep up with it, eventually moving on to GnuPG for my encryption
needs. However, after seeing the note about this new release, I thought I'd give
them another shot. I always loved their nice key management (something GnuPG
doesn't have a great front end for at the
moment.)
I was browsing through their
user's manual while downloading, and came across a paragraph titled "Memory
Static Ion Migration Protection" in the "Special Security Precautions Taken by
PGP Desktop " section. This thing goes on about how an attacker could
theoretically retrieve key or passphrase information from your machines memory -
after it's already been turned off - by reading the static charge left over from
memory that has had the same information stored for long periods. This is some
deep stuff here, and they go on about how they help to protect you against this
remotest of possibilities. Cool
stuff.
So the download finishes, and I
install the thing, import my keys from GnuGP, and go to send an email, and
realize that they've done away with the plugin model for mail, instead relying
on a network proxy that intercepts mail and encrypts and decrypts it
automatically, based on rules you set up. This works similarly to their
Universal Server product. So now Mail.app (and any other mail client) sends mail
to the proxy, where PGP will encrypt it. On the other side of things, incoming
encrypted mail is automagically decrypted and then handed to the email client.
Works OK (though with some pain trying to get everything set
right.)
Then I realized that all the
encrypted and signed email that I'd be receiving, would now be stored in
PLAINTEXT
in my freaking email folders, on a public IMAP server. In addition, there
doesn't even seem to be a way to turn this off or any alternate mechanism aside
from not using the email proxy portion of the product. This breaks about 90% of
the functionality that I use PGP for.
Without storing the encrypted/signed
version of incoming mail, I can no longer guarantee that someone hasn't messed
with it on the server. All that's left is some text pasted at the top of the
mail that says it was signed and verified at some point. No indication of what
that may have been, of course. At that point, someone could just as easily
change the contents to whatever they like, completely bypassing any security
that at one time existed.
This also
goes for sent mail - it's no longer stored in your sent folder encrypted - it's
sitting there in plaintext too. Still worse, there's no indication of what you
did to the email when you sent it. Did I encrypt it? Sign it? Who knows now -
that information is gone now that we're not storing the encrypted/signed copy of
the message.
And still worse, someone
could easily - MUCH TOO EASILY - forge a message that now looks like it's been
verified by the proxy, when it has, in fact, done no such thing.
They do still have a legacy mail
plugin that permits decryption of older emails that you may have received and
didn't pass through the digestive tract of their new product. But get this - on
the message boards someone was complaining that the plugin didn't successfully
decrypt messages from certain people. The response? "Oh, that plugin only works
with some message types. Use the
proxy."
What a
junker.
Yes, they protect you from some
arcane attack that requires an electron microscope and a clean room to make
work, but they'll happily decrypt and store your email in the most unsafe way
possible. What in the world were they thinking? This isn't even limited to the
new Mac product apparently - this is an across the board product line change
that screws everyone.
Posted at 01:30 PM Permalink
|
Tue - April 25, 2006
Free SubEthaEdit Licenses?
Well, maybe - in any case, they're cheaper than
the normal $30. BLOGZOT 2.0 on MacZOT.com has
SubEthaEdit from CodingMonkeys
up as their subject for today. The price basically keeps dropping by a nickel
each time someone blogs about it (like this!) or until 3000 copies are sold. If
it gets to be free, so much the better! All the bloggers get theirs at no cost.
Boo-ya. This amounts to MacZot and the Coding Monkeys giving away
$105,000
in free software.If you're not
familiar with SubEthaEdit
you're really missing out. It's got the best collaborative writing system in
existence, as well as being just a plain nice editor. If you've never taken
conference notes with five other people doing the same in the same document, you
haven't lived.Check it out and get
yours for cheap.
Posted at 03:35 PM Permalink
|
Tue - April 11, 2006
New MacBook Pro
I've now fully converted to running everything on
my new MacBook Pro. A few points:
1.
Rosetta
RULES: I
can't believe how seamless and fast it is. I can run Quake 3 (ok, not the most
recent thing, but still!) full screen with all options turned on, and I can't
tell the difference from my 1.67 G4 PB. I want to run some FPS benchmarks to see
what kind of penalty I'm getting.
2.
World of Warcraft: 80 FPS with most graphics options turned on. Enough
said.
3. You need 2GB of RAM. Period.
Don't even think of running without
it.
More in the coming
days.
Posted at 11:47 AM Permalink
|
Wed - August 24, 2005
Textpander Rules
Ever use TypeIt4Me? This utility has been
around for ages. Basically it allows you type abbreviations which are then
expanded into full words, phrases, etc. So instead of typing your full email
signature, you might just type fsig. You could even have the cursor repositioned
in the middle of the expanded text with a little work. Nice time saver.
Unfortunately, TypeIt4Me never really caught on with me - it was too slow, and I
found myself pausing while it expanded stuff and moved the cursor around. If you
typed while it was doing this, either the characters would be ignored or they
would get stuck in the wrong places. Very annoying for
me.But along comes Textpander. This
thing does what TypeIt4Me does and a whole hell of a lot more. It's blazing
fast. Text is expanded and the cursor positioned instantly. No delay, no stray
characters. Once you start using it, it just fits right in with your normal
typing. And get this - you can include images as well. Want a nice signature on
your documents? Just drop in an image along with your text and you're good to
go.And did I mention it's free? Well,
the developer asks for donations via Paypal. I'm going to kick him a few bucks
for this thing. It fixes all the problems of TypeIt4Me and does it with
style.Link to Textpander.
Posted at 10:47 AM Permalink
|
Wed - March 16, 2005
Why QuickSilver Sucks
I've always loved keyboard shortcuts. Using the
mouse for me is a last resort in most cases. To that end, I've used two "small"
utilities that help me navigate the huge number of files and applications that I
use on a daily basis. I started by using LaunchBar
v3, a commercial application that you can call up with a HotKey (usually
Command-Space) and enter an abbreviated name, hit Enter and launch or switch to
an app, open a document, Finder folder, etc. Cost me $20, but it worked
great.Along comes the new kid on the
block: Quicksilver.
It has a lot going for it, including some great graphical stylings, a very nice
plugin architecture, and best of all: it is free. It works pretty much like
LaunchBar, except it includes some new tricks. Use an abbreviation to find a
document, right arrow and select mail and it dumps it in as an attachment to
your favorite mailer. Nice. It has tons of stuff like this built in. So I
switched. And I used it for months. Slowly, however, I discovered it's dark
side: Slow and a memory pig.I was
getting irritated: My machine was running slower, I was swapping: I wanted to
launch Activity Monitor to see what craptastic app was killing me. I hit
Command-Space, and after a slight pause, up popped QuickSilver, and I started
typing actm, my custom shortcut for the aforementioned Activity Monitor.
Unfortunately, QS was responding so freaking slowly searching for what I wanted,
the pause between the t and m resulted in yet another search for something
starting with an "m", which gave me some random Word document and a whole
instance of MS Word running. This is the first of the two failings with QS:
searching, even under ideal conditions (on a 1.67GHz PowerBook) is ridiculously
slow. I found that I was adapting my typing speed to accommodate the poor
performance of QS.When I finally did
get Activity Monitor running, I discovered the second of QS's failings: It was
using more memory than ANYTHING ELSE IN
THE SYSTEM, INCLUDING PHOTOSHOP. It had over
160MB of resident RAM tied up. Not shared - this is specific to this app. That
was 16% of my system RAM dedicated to slowly searching for documents. This
pissed me off even more.I went and
downloaded the newest version of LaunchBar, 4.01. Installed it, and indexed
everything. It searches instantly. When you type, it reacts. No lag, even under
severe conditions. Yes, it doesn't do everything that QS does - but who the fuck
cares? After running for a whole day, memory usage was a reasonable resident
40MB. It still finds what I need right when I type, and I don't have to screw
around waiting for a "utility" to respond to my keystrokes. Yes - I paid the
$9.95 upgrade fee. The author of QS
would do well to spend a little time optimizing the search functions of his app.
Something is slowing it to a crawl (I even removed all the plugins to see if it
helped) and get rid of the massive memory leaks. Spend time doing this instead
of adding new incremental near-useless features. If I have to baby-sit a
utility, it isn't a utility.
Posted at 11:30 AM Permalink
|
Thu - March 3, 2005
Nice AMS Demo
I
just recently bought a new PowerBook. One of the new features Apple stuck in
these new beasts is what they are calling AMS - the Apple Motion Sensor.
Basically it appears to be some sort of accelerometer that can measure sudden
changes in movement and automagically park the hard drive heads before something
bad happens (like hitting the floor.)
However, it appears that it can also
measure the attitude of your machine. That is, it can tell how "tilted" a
machine is in all three axes. It uses this to unpark the heads when the machine
returns to being level. It also can be used to do some really cool stuff, as
this web site
demonstrates. On this page, Amit Singh gives us some programs that
retrieve the sensor values and do some cool things.
One is a small window with an
OpenGL-rendered PB that rotates in conjunction with you're rotating the physical
machine. Very, very cool stuff. Another is a bicycle wheel in a window. When the
PB tilts, the window itself rotates to keep it level relative to your (physical)
desktop. If you have one of these new PowerBooks, download the samples - there
is some cool stuff there to show your friends.
Posted at 02:22 PM Permalink
|
Mon - February 28, 2005
More T-Mobile Details
Wired currently has
an article that details what exactly was the fault of the T-Mobile
system, at least for some of the crackers - a quite common application called
WebLogic. In 2003, a vulnerability was found that would allow someone to read
and write arbitrary files. A patch was immediately issued, but apparently no one
at T-Mobile cared to actually apply
it.And so it goes. A cracker had
access to complete customer records, SS numbers, the whole schmear, because
someone didn't pay attention to patches coming from their vendors. This is
probably a good indicator of the pervasiveness of this problem however. If a
large company with a (presumably) huge IT department running their systems can
miss this, I wonder how many more open systems there are out there. With your
data on it. Just waiting to be cracked.
Posted at 09:16 AM Permalink
|
Sun - February 27, 2005
New PowerBook
So I finally gave in to the marketing hype and
went and got myself a brand new 15" PowerBook to replace my aging 1 Ghz. TiBook
from a couple of years ago. It was still working well, but with no 802.11g and
other niceties, it was time to move. I settled on the fully loaded 15"
w/superdrive, maxed memory (2 GB) and large hard drive. I skipped on the 128MB
of VRAM and dual link DVI. Despite being a factory-only option, I really can't
see myself needing the ability to hook up to a 30" flatscreen in the near
future.
So I went over the nearest
Apple store that had stock (in Denver) and plopped down some cash and walked out
with an expensive black box. When I got home, I had the best computer upgrade
experience ever. That migration tool that Apple now includes during setup
completely rocks. It got all my apps and data - everything, moved over and
completely running with only two exceptions - Stuffit needed reinstalling (and
it even warned me that I had to do that step) and I had to reinstall the dev
kit. Completely painless - I was up and fully running with all my stuff in under
three hours - including the transfer of 69GB of data over firewire.
Brilliant.
Posted at 01:46 AM Permalink
|
Tue - February 22, 2005
Popups/unders Getting Through Blockers
New "technology" from the advertising depths of
hell was released in the wild over the past couple of weeks. You know that nice
shiny pop-up blocker installed in your browser? Doesn't work anymore. Some troll
selling ad space has come up with some Javascript that bypasses most of these
filters resulting in - once again - a painful browsing experience.
Basic pop-up blockers work on the
principal that pop-up windows aren't allowed, unless they are the result of your
clicking. That is, unless you initiate an action (by clicking on a link/button)
pop-up windows aren't allowed to be displayed. Well, through some ingenious
trickery that will surely land the mystery-author in hell to be ripped apart by
HTML <blink> tags for all eternity, it appears that they are now adding
onclick handlers to some (or all) links so that when you click on something, ads
appear. Quite simple in theory - but annoying in practice. What's more, they are
doing this dynamically - a banner ad is navigating the DOM tree and adding these
handlers - so that even if the original page doesn't have these "features", they
get added by an advertiser.I want to
know who these assholes are. Why do they think that we somehow want to view
their crappy little ads for casinos, herbal Viagra, and whatever
product-of-moment they're hawking? I purposefully block these ads because they
are annoying, as do many people. Why would I suddenly want to purchase their
junk? Especially when they are annoying the piss out of me with their chosen
advertising method.These jerks should
rot in hell. In my opinion, they are no better than spammers - they screw around
finding loopholes to annoy people, in the hopes that enough gullible morons buy
their junk to make it worthwhile. The difference is that seemingly reputable
companies are being advertised here. For one, NetFlix seems to pop-up
(literally!) a lot. I'm never going back to their service because of this. They
have control over how they are advertising, and they don't seem to mind that the
services they are using are only one-step above the spam I get in by inbox every
day. So bye bye NetFlix.There are some
workarounds for certain browsers. For Firefox/Mozilla, there are plugins that
work on whitelisting and regex blocking of suspicious code and known offenders.
Unfortunately, this means going back to the bad old days of maintaining these
things, but that may be where we're
headed.Link to
MacFixit.com article about this. Good place for links to more
information.Link
to Slashdot article.
Posted at 10:01 AM Permalink
|
Fri - January 28, 2005
More PowerBook G5 Rumors
MacRumors.com has posted an update to the G5 PowerBook rumor. I'd
previously dismissed this as completely unfounded - that it was just a simple
typo on a web bug. But according to this
update, the French page for the Apple 17" Studio
Display shows the PowerBook G5 with DVI connector as a requirement for
use. Could be another typo. Could be
the real deal. Previous rumors have placed G4 PowerBook updates sometime next
week. Could we be really surprised? I still am not holding my breath. But
still...
Posted at 08:34 PM Permalink
|
Thu - January 27, 2005
A G5 PowerBook?
Oh, please let
this be true. I've been waiting for new revisions before replacing my
aging (but still going strong!)
G4...Link
to some Slashdot commenting.
Update:
As someone on Slashdot has pointed out, this was
probably just a typo - the fact that there was a web bug with the name
g5_powerbook on the view-tracking site doesn't mean much: any URL will do, it
always just returns a 1x1 GIF for tracking purposes. So someone, when updating
the Apple site probably just fat-fingered the name. Oh well - I'm still hoping
for some sort of update - even if it's just a faster G4.
Posted at 12:31 PM Permalink
|
Thu - January 13, 2005
Motley Fool Take on the Mac Mini
Check out this
article by Seth Jayson at The
Fool. In the intro to the article he claims that Steve Jobs and Apple
have officially jumped the shark
with the introduction of the iPod Shuffle and the Mac Mini. Now, coming from a
straight stock analysis viewpoint, it's hard to argue: Apple is ridiculously
overpriced both before and after MacWorld 2005. Anyone considering a purchase
would do well to smack their head against the wall
repeatedly.However, after some cogent
monetary analysis, he veers off into hazardous territory for even tech stock
analysts: Real technical evaluation of a product. Here, he comes up
way
short:The Mac Mini -- I'm pretty sure Minimac is something you get from Kraft -- is a cute little device. Yes, it cribs mercilessly from PC-based mini-ITX designs that have been around for over a year now, but it does put low-end Mac guts into a smaller, stylish little Mac package. Well,
let's forget for the moment that not only is it ridiculously smaller than nearly
all mini-ITX machines out there, it's also for the most part cheaper -
especially once you consider the thing has a 40GB drive and a slick slot loading
DVD player/CD-RW built in. He goes on to
say:Mac fans who've been sipping Steve's Kool-Aid have often claimed that price -- in addition to various Microsoft (Nasdaq: MSFT) conspiracies -- is the only thing keeping the masses from switching to their favorite brand, but take heed. Even if that were true, a quick online check shows you can get a comparable, full Dell (Nasdaq: DELL) system for $450. Comparable?
While puffing on the crack pipe, Seth seems to have forgotten that his $450 Dell
is:- In a full tower case
- Doesn't come with photo and video editing software (iPhoto and iMovie)
- Doesn't have a complete office suite (Appleworks)
- Doesn't have a functional browser (Safari - no, IE doesn't count)
- Missing email with full SPAM filtering.
- Comes with XP home
This
last point, the OS, is probably the best thing that sells the Mac Mini the most
besides the price. Sure, if this were a PC for $500 running XP, it wouldn't be
worth a damn. But when you have an OS that actually doesn't require some poor
sod to spend hours fixing his parents computer every few weeks,
that's worth
something, and apparently is totally lost on
Seth. He completely misses the boat on who this thing is targeted towards: those
that were thinking of switching, but price was a factor; for those who already
have machines, that this could be a viable drop-in replacement. He dismisses
this with one quick brain-dead sentence: "I think it's ludicrous to expect that
someone buying a Mac -- and looking for Apple style, after all -- is going
to want to plug in a pizza-stained, three-year-old keyboard and a mouse chock
full of desk scum." It's not about
simply style, you moron - as a programmer and R&D manager, I switched two
years ago because I can do things with my machines instead of spending countless
hours keeping the machines themselves functional. It's about getting things
done, period. If there's some style there, big
bonus.Well, we'll have to see how the
Mac Mini fairs- by all accounts, Apple is selling a zillion of the things and
they're already backordered for weeks. Seth, stick to stock analysis. Without
some sort of lame-ass insight-less product "review", you can convince people to
not buy Apple stock. I mean Seth - don't buy Apple stock because they came out
with some new long-awaited products. Buy the products instead. You'll be much
happier.
Posted at 02:21 PM Permalink
|
Tue - January 11, 2005
Mac Mini
I'm
sure you've all heard the low down on Apple's new Mac Mini, but I can't help but
spout off about it some more myself. The thing will, I predict, be the killer
piece of hardware for the Mac line - they're going to sell piles of these
things. I mean, the thing is the same price as a high-end iPod! Everyone has
always complained that Apple's were too expensive, even the low end eMac with
it's built in CRT was too much when you could pick up a cheap white box PC for
300 bucks and use your existing
peripherals.Well, now, those people
for whom Mac's were too much can quit complaining. For $499, you can get
yourself a nicely configured basic Mac with all the productivity apps for basic
user, including the newly announced iLife '05 suite, email, browser,
Quicken '05, and even the venerable AppleWorks. Use your old keyboard, mouse,
and monitor and ditch that old spyware-laden Windows POS and get yourself a
piece of heaven. Plus the thing is
positively dinky. 6.5 inches square, two inches tall and weighs less than three
pounds. Smaller even than the cult-status Apple Cube from way back when. This
thing is sized more like a peripheral than a whole machine. Hell, I have
external DVD drives that are far larger. And this one comes with one built in.
(You can even add on a Superdrive DVD burner for some extra
cabbage.)Now my parents don't have an
excuse not to get rid of the half-broken down machine they're limping around
on.Plus: doesn't that thing look damn
sexy?
Posted at 05:04 PM Permalink
|
Fri - December
24, 2004
Acrobat Reader 7.0 Released
Adobe has released Acrobat Reader
7.0. Included in this version is something that was lacking from the
Mac for quite some time: An official browser plugin for viewing PDFs. Unlike the
ridiculously priced ($69 - are they on crack??) PDF Browser
Plugin, this one is official and allows basically all viewer
functionality. This includes the newly-added ability to fill in and print/save
PDF forms - something that was previously only available with the full version
of Acrobat.Something else you might
find interesting - the load time has been dramatically reduced - it's almost
usable now as a day-to-day reader of PDFs. Something that wasn't possible
before. It's not as fast as Preview, but much, much better.
Posted at 11:26 PM Permalink
|
|
Quick Links
Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin slitting throats.
- H.L. Mencken
Calendar
| Sun | Mon | Tue | Wed | Thu | Fri | Sat
|
Why the hell doesn't IE 6 support transparent PNGs?
Categories
Archives
PHOTO ALBUMS
The Photo Galleries are offline at the moment. I've moved the site to a new provider and haven't had time to set them up.
OS X Software
Windows Software
Miscellaneous Stuff
RSS Feed
» RSS feed for Toast442.org
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Jul 20, 2006 09:26 AM
|