I've been trying to use Yahoo Pipes to create new streams from my Google Reader feeds.
I've run into a parsing problem (Pipes may not support parsing feeds that require cookies) and a limitation of Pipes' Boolean logic (All A not In B).
I both cases "hapdaniel" answered my questions, though my problems are not yet solved.
Which led me to look at all messages by hapdaniel.
I've looked at the Pipes documentation. This message stream is more useful.
There's a lesson here, that I'm slowly learning. Whenever you receive a useful response on a message board, you ought to mine all related messages. Most forums allow one to see all messages of a member, almost all allow one to search for a string. These are valuable information streams.
So who is hapdaniel? A hobbyist with deep technical knowledge? A Pipes developer moonlighting in the forums? A covert tech support person? I think we see all 3 in these settings.
In some cases, it might be worth adding these information streams to a Google Custom Search engine.
Sunday, September 21, 2008
Saturday, September 20, 2008
iPhone app bypasses phone trees
via a Jacob Reider share:
I don't mind smart, fast, well structured phone trees. It's just that they're quite rare...
Direct Line Saves iPhone Users From Automated Call HellCosts $1. I'll try it. Jacob also links to Fonolo, a web site that does even more.
... Add this to your list of must have iPhone applications. Direct Line (iTunes link) is a service that helps you automatically navigate phone trees to get right to an operator (exactly what companies don’t want you to do).
Install the application, browse of search the included companies, and select the one you want. Direct Line then calls the number and preselects the appropriate choices to get you to an actual person...
I don't mind smart, fast, well structured phone trees. It's just that they're quite rare...
Filtering my Google Reader Share with Yahoo Pipes
[Update: I thought this was working, but it turned out I was using the wrong feed. When I substituted my true Shared Item feeds Yahoo Pipes was unable to parse it. I'll see if i can fix things up, but I'll leave the post as an example of what I'd like to do with Pipes.]I love my Google Reader shares, as can be seen on our family news page. I particularly appreciate being able to "star" and "share" items using Google Reader Mobile.
Of course there's always room for improvement. Google lets me tag blogs and share by tag ("folder"), but I can't sum blogs and I can't filter, for example, all my shared items save those that belong to the tag "politics".
The politics is the problem. I am, shall we say, not enthused with the GOP. Now it is true that all my friends feel pretty much the same way, but that is not true of my colleagues. If I give them my Google shared items feed address they'll find it a mixed blessing.
That's where Yahoo Pipes come in. Yahoo Pipes can be used to filter out, say, iPhone posts. Pipe are cool, even Googlers like 'em. I was hoping I could create a Pipe of form [All A not in B] where A is my Google Reader shared item feed and B is my Google Reader politics feed, but I don't think that's supported. On other hand I can filter out posts containing Cheney, Bush, McCain, Palin and even Obama.
That's not optimal of course. It will eliminate many news stories, and some horticulture. I'll see what else I can do, but in the meantime I'll test pipes.yahoo.com/jfaughnan/lesspolitics. I've added it to my Google Reader shares, so I suppose I can now create recursive shares ..
Update 2/2/09: I find a fix from a different angle.
Friday, September 19, 2008
Apple's ads lie. Who knew?
I don't watch TV, so I never saw Apple's iPhone ads until I watched this hilarious video comparing real world performance to Apple's iPhone ads
I enjoy using my 3G iPhone to surf the web, but it ain't nothin' like the commercials. Just as well I never saw them.
So are there are any legal limits to this sort of thing?
iPhone 3G Owners Are Using Less Internet Than AT&T Expected: Blame Crappy Service (AAPL, T)The ads are ridiculous -- a quad core desktop with a GB/sec fiber connection doesn't surf that quickly -- the servers aren't that responsive.
... In the meantime, we remind you of this video, which accurately shows the difference between Apple's pretend 3G iPhone experience and the real thing."
I enjoy using my 3G iPhone to surf the web, but it ain't nothin' like the commercials. Just as well I never saw them.
So are there are any legal limits to this sort of thing?
Web site for swap of defective 3G iPhone USB power supply
If your tiny 3G iPhone USB power supply doesn't have a green dot, you need to go to this web site to order a replacement: Apple - Support - Apple Ultracompact USB Power Adapter Exchange Program.
It takes just a minute, you need to know your Apple store account and you need your phone to look up the serial number.
Apple will send a replacement - same size and form, but with a green dot. We're supposed to return the defective unit, rather than, say, keep it and have two.
Tough call, but honesty will doubtless force me to return mine in the prepaid mailer.
It takes just a minute, you need to know your Apple store account and you need your phone to look up the serial number.
Apple will send a replacement - same size and form, but with a green dot. We're supposed to return the defective unit, rather than, say, keep it and have two.
Tough call, but honesty will doubtless force me to return mine in the prepaid mailer.
App store innards - handy knowledge for basic maintenance
Excellent review, includes a few that are new to me. Read the entire article for the full story, I'll be checking for leftover app versions in my iTunes app folder.
iPhone Atlas - Ted Landau - Five “under-the-hood” things you should know about App Store apps
1. Where are iPhone apps actually stored on a Mac ...
2. I opened the Mobile Applications folder. All the files there end in .ipa. What’s with that?
Consider ipa an abbreviation for “iPhone application.” ... use the shareware program Pacifist. Specifically:
1. Make a copy of the app that you want to check (say Koi Pond.ipa).
2. Change the name of the copied file to Koi Pond.ipa.pkg.
3. Click “Use .pkg” when the dialog appears asking what you want to do.
4. Open Koi Pond.ipa.pkg in Pacifist.
...
1. Via Pacifist, navigate to Payload > KoiPond.app >Info.plist. Extract this file.
2. Open the file using Property List Editor (or any other utility you have for opening .plist files).
From here, you can confirm the version number (CFBundleVersion) of the app. This should be the same number you’ll find in the Version item of the Summary tab, if you select Get Info for an app in iTunes.
Also in the .plist file, note the line that reads UIStatusBarHidden Boolean Yes...
3. There are several copies of some apps in the Mobile Applications folder (with names like Koi Pond.ipa, Koi Pond 1.ipa, Koi Pond 2.ipa etc.) What gives with that?
First the good news: If you’ve updated to iTunes 8, this should no longer happen.
Prior to iTunes 8, these duplicates accumulated each time you updated to a newer version of an app (or even redownloaded the same version). All downloads were retained, even though only the latest copy was used.
... If you still have duplicates hanging around, drag them to the Trash and delete them. You only need to retain the copy with the most recent modification date. If there is any doubt as to which copy to keep, go to Applications in iTunes and select Show in Finder from any app’s contextual menu. This will take you to the Mobile Applications folder with the active copy highlighted. That’s the one you want to keep.
Although they are usually harmless, these duplicates can occasionally cause problems...
4. Can I run apps on my iPhone that other people have purchased?
No and Yes. The system for apps works the same way as for music and video purchased from the iTunes Store. By default, App Store apps can only be run on iPhones and iPod touches synced to the computer used to purchase the software. However, a user can authorize up to 5 computers to have access to their iTunes Store purchases. Thus, to use an app purchased by a friend...
Thursday, September 18, 2008
Password twilight: bad from Gmail, not so bad from OpenID.
Bad news, then not-so-bad news, in the twilight of the password.
From Google, another scary installment in their online safety series:
And, of course we know about Google's brilliant mafia-funded password reset approach.
I was on the verge of having nightmares about losing control of my Google account, but their "reassuring" message is giving me night terrors instead.
On the bright side, there's optional two factor identification for my myOpenID account.
The big difference from Hailstorm/Passport is it's not controlled by Microsoft, Apple, Amazon, IBM or your cellphone company. All kinds of places can, and do, offer OpenID services -- including my many Blogger blogs.
Of course these services are only as good as the associated security, and Google hasn't been wining any prizes for their security measures.
Even MyOpenID is vulnerable, like anyone else, to password theft. It's a "one factor identification" service -- a "what I know" factor. If I add CallVerifID though it's a "two factor" service -- "what I know" and "what I have". A thief would have to steal both.
So what happens if I lose my phone?
Well, that's kind of where the good news ends:
Still, it's a measure of progress.
What I think I need is some combination of two factor identification and a digital certificate stored on secured machines. Then if I lose the phone I could at least fix things from a secure machine with a digital certificate (eg. home computer, not a laptop) stored on an encrypted disk image.
I think it might be possible to do that with MyOpenID; I'm going to give it a try. The combination of digital cert access from secured machines with two factor phone id when in other locations is interesting. I do want to be able to secure the cert on an encrypted disk image, I'll have to research how to do that, I'd prefer not to encrypt my entire user account directory (the default OS X approach). The cert can be revoked, so if I knew the machine had been stolen I could revoke the cert. [ps. The digital cert is browser specific, not user account specific. So if you use more than one browser you need a cert for each one on the user account.]
Now if only Google would enroll itself in a remedial security training program. At least they could use some loose change to pay Schneier for a consultation ...
PS. It looks like I can create MyOpenIDs for my domains, such as faughnan.com or faughnanlagace.com. That could help with securing Emily and the children's accounts.
Update: Too bad! myOpenID missed the brass ring.
If you active the two factor identification, you still need the cell phone call even when signing in with the digital certificate. So there's no good fallback if you lose cell phone access. Arghh!! They should have had two different two factor identification schemes:
Oh well, maybe they'll read this blog and fix it.
Update 3/8/09: Sign. OpenID.com never did get a clue. BTW, more the horror of losing Gmail account access.
From Google, another scary installment in their online safety series:
When it comes to Gmail specifically, there are a couple of things that might cause account-related interruptions in access: a lost or forgotten password, unusual activity that triggers the safety measures designed to keep accounts from being compromised, or, in the worst case, someone has stolen your login info and changed it...The $%!%!#$% verification code for my Gmail account?!! The account I opened the month they launched? Did they even do verification codes back then? What's the chance I could find that now? At least I know it's not in my Gmail respository?
... we don't ask for much personal information when you sign up for Gmail, which can sometimes make it difficult to prove ownership of an account and trigger the recovery process.
Still, there are some simple steps you can take to ensure that your account stays in your hands, and to greatly improve the chances of regaining access if you have any problems...
- Always keep the verification number you get when you sign up for Gmail. When you sign up for Gmail, we'll ask you for a secondary email address and then email a verification number to that account. This number is the best way to prove ownership of your account, so be sure to hang on to it.
- If you aren't able to access your account, try resetting your password. As mentioned above, most of the support requests we get turn out to be lost or forgotten passwords, rather than something more serious. Resetting your password usually gets the job done.
- If resetting your password doesn't work, try our account-recovery process. We recently launched an account-recovery form in our help center that can drastically reduce the amount of time it takes to verify ownership of an account and restore access. If you have the information necessary to prove ownership -- such as the verification code for the account -- this new process can help our support team restore access within a matter of hours.
And, of course we know about Google's brilliant mafia-funded password reset approach.
I was on the verge of having nightmares about losing control of my Google account, but their "reassuring" message is giving me night terrors instead.
On the bright side, there's optional two factor identification for my myOpenID account.
About CallVerifIDThe basics of OpenID are pretty simple. From a user perspective it's like the old Microsoft Hailstorm/Passport scheme -- a single un/pw sign-on. So when I use my OpenID to sign on to a web service, I'm redirected to enter my password into the myOpenID site then return to my true destination. I can stay authenticated with myOpenID provider, then I don't have to keep entering my password as I move from site to site.
... CallVerifID™ provides the most convenient and cost-effective strong security measure available for OpenID users. An individual can enable CallVerifID™ within seconds to add an additional authentication factor.
* Easy two-factor authentication for myOpenID
* Instantly receive a call when signing into myOpenID. Simply answer and press # to authenticate.
* No extra phone capabilities or text messages. Use any phone.
The big difference from Hailstorm/Passport is it's not controlled by Microsoft, Apple, Amazon, IBM or your cellphone company. All kinds of places can, and do, offer OpenID services -- including my many Blogger blogs.
Of course these services are only as good as the associated security, and Google hasn't been wining any prizes for their security measures.
Even MyOpenID is vulnerable, like anyone else, to password theft. It's a "one factor identification" service -- a "what I know" factor. If I add CallVerifID though it's a "two factor" service -- "what I know" and "what I have". A thief would have to steal both.
So what happens if I lose my phone?
Well, that's kind of where the good news ends:
What happens if I lose my phone?Ooookkkkaaayy. What do they mean by "strongly established"? There's no detail on what that is, it sure sounds vulnerable to social engineering.An alternate number can be set up by calling the support staff, once your identity is strongly established.
What happens if I lose cell phone coverage in a certain area?Call the support staff from any phone to request a one time bypass. Once your identity is strongly established, they can allow you to authenticate one time without receiving a PhoneFactor call. They can also change your account to point to an alternate phone number, such as a land line.
Still, it's a measure of progress.
What I think I need is some combination of two factor identification and a digital certificate stored on secured machines. Then if I lose the phone I could at least fix things from a secure machine with a digital certificate (eg. home computer, not a laptop) stored on an encrypted disk image.
I think it might be possible to do that with MyOpenID; I'm going to give it a try. The combination of digital cert access from secured machines with two factor phone id when in other locations is interesting. I do want to be able to secure the cert on an encrypted disk image, I'll have to research how to do that, I'd prefer not to encrypt my entire user account directory (the default OS X approach). The cert can be revoked, so if I knew the machine had been stolen I could revoke the cert. [ps. The digital cert is browser specific, not user account specific. So if you use more than one browser you need a cert for each one on the user account.]
Now if only Google would enroll itself in a remedial security training program. At least they could use some loose change to pay Schneier for a consultation ...
PS. It looks like I can create MyOpenIDs for my domains, such as faughnan.com or faughnanlagace.com. That could help with securing Emily and the children's accounts.
Update: Too bad! myOpenID missed the brass ring.
If you active the two factor identification, you still need the cell phone call even when signing in with the digital certificate. So there's no good fallback if you lose cell phone access. Arghh!! They should have had two different two factor identification schemes:
- password + digital cert (secure browser)
- password + phone ID
Oh well, maybe they'll read this blog and fix it.
Update 3/8/09: Sign. OpenID.com never did get a clue. BTW, more the horror of losing Gmail account access.
Subscribe to:
Comments (Atom)