Leopard Has Other Problems, Too

Besides the stupidity of disabling the firewall by default and not updating included software, Apple's Leopard upgrade even has holes in its security measures -- an ironic concept by any other name. For example, the "Library Randomization" feature (similar to Windows Vista's Address Space Load Randomization) is supposed to keep code from predictably loading in the same memory spaces, making buffer overflow attacks much more difficult, but some parts of the operating system that should have been randomized are still in predictable locations, most notably the Dynamic Link Library. One of the security researchers putting Leopard through its paces notes that he's used that component in many exploits he's written before.

Sandboxing, the other major security feature, is also incompletely implemented, with the normal attack targets (such as browsers, IM clients, and email programs) not being run in sandboxes. Sandboxing is supposed to keep hacked applications from writing malicious files to disk and from installing programs. Since the usual targets are not sandboxed, however, these vulnerabilities are still quite present. Most of the applications sandboxed were network services, but most attacks come through email, IM, or the Web, not from the local network.

Hallowe'en Bah Humbug

Hallowe'en (yes, it has an apostrophe; get over it) is one of my least favorite holidays. Personally, I find it serves no real purpose other than to sell costumes, candy, and (sometimes) cards. Oh, and don't forget all the decorations. I'm glad to see Blogger hasn't modified their logo in any way for Hallowe'en, though the Google search engine, Technorati, and FriendFeed (to name a few; the last one's a private beta right now) all have Hallowe'en-themed modifications in place right now, to my dismay.

So what's the big deal with this Hallowe'en holiday, anyway? Where did it come from, and why do we celebrate it? Who came up with the idea of "Trick or Treat"? Perhaps Wikipedia can answer at least one of those questions.

Hallowe'en originated from an old Celtic holiday called Samhain, which celebrated the end of the harvest with a feast. The word also refers to November in the Gaelic languages. Samhain is still celebrated by several cultures, and has branched out to become the secular Hallowe'en and the Catholic All Souls' Day.

Hallowe'en itself is a contraction of "All-hallow-even," as it is the eve of "All Hallows' Day" (now also known as "All Saints' Day"). It is based on Celtic views that the day on which the holiday is celebrated is one of the few days of the year when spirits can make contact with the physical world. The trick-or-treating tradition, interestingly, while similar to the older Irish traditions of guising, seems to have originated in North America in the last century.

The holiday, in its North American form, at any rate, seems to have been rather modified to be a treat for kids (yes, I know, ouch) rather than a holiday proper. With people spending on the order of $5,000,000,000 on costumes (in 2006), at an average cost of about $40 a costume (in 2005), the holiday is more commercial than anything else.

I don't see it as much different from Christmas, for which the commercialization starts the day after Thanksgiving, or sooner. I might be a little happier if holidays like Hanukkah and Ramadan got such attention, too, though commercialization would be just as unwelcome (to me) on those holidays as it is on Hallowe'en and Christmas...

Apple's Spotted Firewall: Tsk Tsk

Apple has been selling the new Leopard OS X upgrade on its improved security, but it's not as secure as you might think. By default, the firewall is set to off, the opposite of Windows Vista. (Why don't people talk about XP anymore?) Even with the firewall enabled, incoming connections targeted at certain system services can still succeed; researchers were able to access the NetBIOS Naming Service over a LAN with full blocking enabled. Not the most ideal setup. UDP can't even be turned off from within the OS controls.

Apple also doesn't include the latest versions of bundled open-source software. The Samba networking client, which provides interoperability with Windows networks, is a couple releases behind, and the latest version is known to contain bugfixes for security issues.

Perhaps the worst problem is the fact that (going back to the firewall) the Leopard installer will disable the firewall even if it was enabled under Tiger. Talk about a bad idea. Almost as bad as Microsoft's tampering with Automatic Updates settings with OneCare.

I'm getting my information from a CNET news story; I have no personal experience with Leopard as of yet. Just thought I'd mention that so nobody tries to get Mac tech support from me...

Google Officially Announces Gmail Changes

Well, the rumored new version of Gmail is becoming a reality. Late last night, Google's Gmail team officially announced structural code changes to the Gmail client (for Firefox 2 and IE7 now; other browsers later) to prepare for the future. There won't be too many noticeable changes -- most improvements are under the hood -- but Gmail will now be using the same rich text editor as Page Creator and Groups. Other changes include new keyboard shortcuts, speed improvements, and bookmarking specific messages. Searches will also be email-able (not sure I see the usefulness of this one).

Garett Rogers also posted about the new Gmail interface, being rolled out to a very few users for now, yesterday. He notes the new contact manager and revamped Google Talk contact popups, though I think he's just going on screenshots right now.

One major downside to the upgrades is the fact that userscripts like my beloved Gmail Macros will be broken with the new code, though the Gmail team says they have been getting in touch with the developers of the more popular extensions, giving them the opportunity to create fixes. The Gmail Blog post ends with, "The team has a bunch more things in the works, so stay tuned," a statement that just makes me drool...

Hacker Software Jailbreaks iPhones Without a Computer

This seems to be an Apple banner day: three out of five news items concern the company. The latest news? A hacker program for the iPhone named AppSnapp installs itself on iPhone and iPod Touch devices by exploiting a vulnerability in the embedded Safari browser, and then patches the vulnerability after installation. A rather interesting idea, that is.

The website for the program boasts that your device is more secure with AppSnapp than it is without, as the vulnerability used is a long-standing TIFF handler problem. The program does not unlock the phone; users must use anySIM for that. The firefight between the cunning hackers and the deep-pocketed corporation continues...

Microsoft Claims OneCare Tells Users About Update Settings Changes

The saga of the unauthorized updates continues. Microsoft confirmed that the Windows Live OneCare security program does indeed change update settings, but they say users are told during installation. On closer examination of the installer, the note is included in a long, multi-paragraph block of text on one of the installer's screens, with a button that says not "I agree" but "Next". This is a big problem for users who don't pay much attention to EULAs and the like, who will likely just click "Next" without realizing what they are agreeing to (or that they are agreeing to anything at all).

Microsoft has usually been better at creating user interfaces (Windows Vista notwithstanding -- oy!); when did they lose their edge? I'm glad I don't need OneCare; I like to be told before my computer installs something or changes its own settings...

No Credit or Debit Card, No iPhone

Speaking of Apple, it has come out recently that consumers can only buy an iPhone with a credit or debit card; cash isn't accepted any more. This restriction comes as an addition to the two-phone-per-person limit enforced since the iPhone's release. An employee at the Apple Store in New York's SoHo neighborhood says Apple needs to do it so they can track who buys the iPhones. The estimated 250,000 unlocked phones are costing them money -- up to $4,500,000, according to some estimates -- and Apple wants to crack down.

This whole business of unlocking and relocking the iPhone is getting ridiculous; it's becoming like the cat-and-mouse game that is patching Windows vulnerabilities. If only Apple would just consent to have people use their wonderful (from what I've heard) device on a network that doesn't suck...

Leopard: 2,000,000 Copies Served

Just in the time since October 26, when Apple's Leopard OS X upgrade was released, over two million (yes, 2,000,000) copies have been sold, according to Apple. This number would put Tiger, the previous version, in second place when it comes to first-weekend sales. Steve Jobs says that the new upgrade is getting good reviews, and the innovative features are making more people than ever think about switching to the Mac.

Personally, I'm not too much of a Mac fan -- I find them pricey, and the interface is a little weird to me, a Windows user -- but the iTunes interface, at least, is nice, and I was running a Mac theme in Firefox for a while. I will probably stop by an Apple store and play with the new OS sometime. It's always good to get experience with various systems. Then I can go find a PC store and mess with Vista. I should write a comparison later this year... Ooh, post idea!

Flash Memory to be Replaced?

Researchers at Arizona State University's Center for Applied Nanoionics (CANi) have developed a new way of creating memory, called programmable metallization cell (PMC), that could be as much as 1,000 times as efficient as current flash technology. Developed to counteract the physical limits of storage devices, the PMC technology moves ions instead of moving electrons among ions. The research team has been able to move something the size of a virus between electrodes, switching them on and off, a technique perfect for memory.

Perhaps the best part is the fact that this new technology uses the same materials as current storage devices, albeit in a slightly different combination. Consumer products could be showing up in as little as 18 months.

Perhaps some elation is also in order. Because the materials of current storage devices are used, PMC can be fabricated into consumer products at nearly no extra cost. Perhaps this means I'll soon be getting a 128 GB SD card?

New Gmail Version Confirmed

Seems I've been slacking on my news-gathering. Posted yesterday, an entry in the Google Operating System (GOS) blog confirms the new version of Gmail I blogged about a few weeks back. Some of the new features announced at Google Analyst Day 2007 include message prefetching, an improved contact manager (which will be shared by other Google apps -- sounds like a Windows Live service I saw a couple years ago), and more integration with other Google services, along the lines of the "View in Google Docs" links added to Microsoft Office attachments.

Google didn't announce a new UI at Analyst Day, but a discovery made last month by Garett Rogers indicates a new interface. Also, comments to the GOS blog entry hint that some users are being offered the ability to test a new interface design.

Some preliminary comments from users who claim to already have the new features say the prefetching slows down the loading of folders, something Google should probably fix before a full rollout. I wouldn't put too much stock in an anonymous comment (since not signing in to a Google Account before posting smacks of a non-user), but "Chris" says he likes the new prefetching, and "Macon" tells of "Newer Version" and "Old Version" links in his user bar, alongside the settings and help links. Google must still be playing around with it.

I'm quite excited by the prospect of a jazzed-up interface. With the other services redesigning their UIs (Hotmail, Yahoo!), it seems only natural for Google to follow. The contact manager is of particular interest, considering the annoyances of the current model. Prefetching doesn't make me go "yay," really, since longer-loading folders and pulling down needless data (for messages I'm not going to open) seems like a bad idea to me. I am interested in seeing what other integrations they've come up with, though.

3,000 Wikipedia Contributions

Well, it's actually been a while since I passed the 3,000-edit mark on Wikipedia, but now I have reasonable assurance that external edit counters will also show it, not just the internal api.php output. But anyway, I'm very happy about it. The secret to doing this is to ignore everything else you're supposed to be doing and sneak off to Wikipedia to watch for vandalism. Yes, you can get behind in school (or your work), but isn't improving the Internet's best free encyclopedia worth it?

(Note: That was a joke; I do not advocate getting behind in anything for the sole purpose of editing Wikipedia.)

Content-Scraping Update

Well, it looks like the scrapers have stopped. Those blog-scraping bots or whatever they were are no longer posting incorrectly attributed excerpts. Now when I try to visit the offending pages, I am greeted by completely different sites, or error pages. They must have been kicked off or something. I say good riddance. I never did like splogs...

iPhone Stats: 250,000 Units Unlocked

Apparently, the 10% to 15% guestimations analysts made about unlocked iPhones were too low. A whopping 18% (approximately 250,000) of all iPhones sold so far (about 1.4 million) are unlocked and running on networks other than AT&T. Apple COO Tim Cook, who made the announcement, also warned users that Apple won't let the phones remain unlocked for long. Remember the 1.1.1 update? I'm watching for another one; it's definitely coming. Apple may be planning to unlock the application platform, but you'll still have to take your apps on an AT&T service plan.

Microsoft Admits Update Error

The Windows Desktop Search (WDS) program, included with Windows Vista, has been installed on some enterprise computers without administrator approval through the Windows Server Update Services (WSUS) program, a free update administration platform for corporate PC networks. The program allows administrators to approve and block updates that will then be installed on the computers on the network if approved, and not installed if blocked -- that is, until the WDS update.

Microsoft admitted blame in the unauthorized installations of Desktop Search, which caused massive slowdowns due to the intense initial indexing process. Supposedly, the cases where the program was installed were situations in which administrators had approved the search tool for a few select machines before, and it installed itself on all machines when the upgrade was pushed out. A mere reinterpretation of the rules, says Microsoft, but some sysadmins swear they didn't approve WDS at all, even for one machine, and that means Microsoft is, once again, doing what it wants with your PC.

Whether or not they approved a few computers, WDS shouldn't have been installed at all on machines that had not had it approved. The fact that Microsoft is still doing this reminds one of the old days, when downloading one tool would bring along six more, without telling you. These days, such behavior is reserved for malware, and apparently Microsoft programs. Windows Live offerings have also had similar issues.

Apple iTunes: $canReg = ($haveCreditCard) ? "Welcome to iTunes!" : "Go away!";

I'm not done complaining about Apple yet. I just downloaded iTunes so I could play my music files and have them show up in Google Talk without updating Windows Media Player to version 11. So I have to convert them to MP3, big deal. They're three times the size, but I can just back up the original WMAs and re-convert them if I lose the MP3s.

Anyway, that's not really what I'm complaining about; it's a minor annoyance that iTunes can read WMA files but won't play them or add them to your library without converting them to AAC or MP3. What makes me mad is the fact that, in order to get album art for your forcibly-converted audio files, you have to create an iTunes Store account. To create an account, you must (not "are requested to," and it's not "a suggestion;" it's a requirement) give them your credit card information. Never mind the fact that you can cheat on the name and address info; providing your card means you have to give them correct other information, or the card won't validate.

Since all I want to do is get album art, why do I have to give them a card number? Why do I even have to create an account? I don't have an iPod or an iPhone, don't intend to get one, and simply want to see album covers when I play my newly-converted music in Apple's surprisingly beautiful player. I suppose I could go buy a small gift card (costs money) or ask my mom to enter her card info (since I don't even have one), but both are inconveniences. You can remove the number post-registration, according to various forums around the Internet, but it's putting it in up front that bugs me. Why not let users register without info and then prompt them for a card if and when they decide to buy something? That would certainly make more sense to me...

PS
Apologies for the bad programming reference in the title. I know it's not valid PHP, but I thought I'd make a point.

Update (2008-05-13): I don't know why I said the title contains invalid PHP. Everything after the first colon (that is, from $canReg onward) would be a valid line of script. I must not have been thinking straight last fall...

Regressions in Firefox 2.0.0.8

Mozilla is reportedly rushing to fix several regressions in the latest security update to the Firefox browser, version 2.0.0.8. The patch could be available as early as next week, and will address problems with startup crashes (on XP), two page-rendering issues (all versions), and an odd bug that disables extensions on a fraction of Windows PCs.

I've noticed some issues with the toolbar reverting to default state, adding things back and removing others, and the address bar failed to respond to the return key earlier today until I restarted the browser, but I have definitely seen the toolbar bug before, and the return key problem happened at the same time as the toolbar messing itself up, so I don't think those are regressions. I believe the toolbar issues to be a problem with the Google Toolbar, actually, since it is usually the only bar affected. We shall see about the return key thing, but since I'm testing out a new skin, I'm not worried, especially since it fixed itself after repairing the toolbar and restarting the browser.

Nope, Microsoft Did It

Well, don't blame the reports of unasked-for updates in Windows XP and Vista on the users. PC World reports that Microsoft's OneCare security product changes Automatic Updates settings to fully automatic without permission, or even notifying the user. If you must be technical, there is a note about it in the program's help file, but it should say something up-front. Before trying to blame the users for the automatic updates, another Microsoft spokeswoman was more blunt, saying (incorrectly) that OneCare offers users the option. The program sells for $49.95, with a 90-day free trial available. Next time Microsoft tries to blame you for something, don't assume they're right. Apparently, users aren't the only ones that can be forgetful about changing settings.

A Motive for GOOG-411

The IDG News Service conducted an interview with Marissa Mayer, Google's vice president of Search Products and User Experience, at last week's Web 2.0 Summit. The interview contained some interesting tidbits, but the one I found most intriguing was the one that says the main focus of GOOG-411 is to get a lot of different speech samples so dialogue can be converted to text for Google Video Search. Google's speech-recognition engineers said they needed lots of different phonemes, and voice search was a good opportunity. Now I know why their calls are "recorded for quality." I don't think I'll stop using the service, but I will be a little more aware of what I say when I'm talking to Google.

Linking Windows Live IDs

As a break from my usual Google-centric coverage, I saw a report at PC World today that tipped me off to a new feature in Microsoft's Windows Live ID services: linking. Just like the Google Account, which allows you to link accounts at acquired services like YouTube to your existing Google Account, Microsoft has added the ability to link multiple WLIDs, and to switch between them during a session. While Google doesn't have this switching feature, it's not really necessary, but the linking also brings single sign-on. That means I can sign in with the Live ID I've had since I was twelve and access my Hotmail account, registered only last year (no, I don't use it; it's both a backup and insurance against username impersonation). My two accounts are linked, and I'm happy. I've been wanting this for months...

Gmail's IMAP Syncing Explained

Well, I got my answer to the question I asked myself yesterday. Labels in Gmail show up as folders in the mail client. Folders containing slashes are part of a hierarchy, e.g. label "Home/Work" would be a "Work" folder under a "Home" parent folder. Flags equal stars; trash is trash; spam markings translate between interfaces. Sending a message from IMAP stores it in Sent Mail; moving a message to a folder applies that label in Gmail. Moving to a sub-folder makes a hierarchical label as described above.

The only thing that doesn't work quite as you'd expect is deleting, which ordinarily removes the label you're viewing, unless the message is already in Spam or Trash.

Looks like I might be able to do that Outlook upload I've been wanting to do for a while. Thanks, Google! No more workarounds... In fact, the author of that venerable trick has beat me to the punch with instructions for loading in old email with the new IMAP support.

Idea for Using Gmail's New IMAP

A comment over on the news story at Download Squad gave me an idea. Is there any reason I can't temporarily set up IMAP and get all my old email in that way? IMAP is two-way synchronization, so adding the messages (carefully, of course) to the Inbox and then synchronizing, labeling each batch as I go, would be quite nice. I do wonder, though, how Google's handled labels and archiving in the IMAP interface. It will be quite interesting to see what I can hack together with the new feature.

"Report Bug" Link Back Again

Oddly, the "Report Bug" link just came back to my Gmail account. I really wonder what Google's up to... It does indeed point to the same place as before. Maybe they kept getting complaints about the bug reporting forms being too deeply buried... But that doesn't explain why my mom doesn't have it.

Gmail IMAP Support?

Some Gmail users have reported that there are new settings showing up in the "Forwarding and POP" tab of Gmail that enable IMAP support. A "Supported IMAP Client List" has also been published in the Help Center. The help article that said Gmail does not support IMAP is gone (link should be dead). The new page gives links to instructions for enabling IMAP access in all the popular mail clients: Outlook (Express, 2003, 2007), Apple Mail, Windows Mail, Thunderbird 2.0, and even the iPhone.

I've checked my settings page and found no new settings yet. (I never get new things before anyone else... Google, could you please help a blogger out?) I even tried the log out/log in method, described in an update to the report linked above. No such luck. Well, Mail Fetcher took a while to appear in my account (should've signed up sooner, I knew it), so maybe this will be about the same. I know I'll post back when it's enabled for me.

I wouldn't ordinarily be excited about IMAP support, but lately I've been toying with the idea of getting Portable Firefox, Portable Thunderbird, and Portable Sunbird (is there one?), putting them on a thumb drive (4 to 8 GB, probably), and using it wherever, reducing the need to schlep a laptop. Coupled with storing files on it, common apps like Notepad++, etc., it could be quite useful. And I can always temporarily set up IMAP if I'm going to be on a trip or something when I'll be offline, but still want to be able to write email and such. This might actually be part of the rumored new Gmail version; you never know. We do know that Google is exceptionally quiet about releases.

"Report Bug" Link Gone

Apparently, that "Report Bug" link in the top bar of my Gmail account was just a temporary thing. It disappeared this evening. I have no hypotheses as to why it showed up for me and not my mom, why it showed up, or why it disappeared. Maybe it was just a last push to get reports from previous bug reporters about any outstanding bugs in the current Gmail iteration before they finalize development on that rumored new version. My mom's account still doesn't have the link. Google can be so weird sometimes...

Incompatibilities Still Affecting Windows Vista

Windows Vista was released nine months ago (at the end of the month), but is still plagued by incompatibilities in both hardware and software. Printers, bookkeeping programs, photo editors... You name the category, there's at least one product that claims to support Vista but doesn't. And that doesn't include the devices and programs that don't support Vista at all.

Part of the problem is companies' reluctance to support a product for a nanosecond longer than they have to. Another piece involves the decreasing time-to-live of the average product revision, or model. New models and upgraded versions of existing products are coming out with increasing frequency, and manufacturers end up having to write new code for more products, which, if they don't want to bother, will leave you in the lurch in the case of an upgrade.

Of course, the worst thing is when products advertised to be compatible aren't. Products like the Brother MFC-5860CN multifunction printer and Corel's Ulead VideoStudio 10 software, both listed as "Certified for Vista" by Microsoft, have certain features missing. Brother's printer can't fax from the desktop (XP-only feature) and the included OCR software is incompatible. VideoStudio contains advanced features only available under XP. The "Certified for Vista" program is supposed to certify software and hardware that are fully compatible, with no missing features or functions. VideoStudio is listed on Corel's site as meeting the requirements for the "Works with Windows Vista" program, which means some features are missing, but the software may still do what you need.

This business of compatibility is a real pain, but on the plus side it's causing resistance to upgrades in the consumer market. Maybe Microsoft's certification bungles will help Linux take over...

Google Slowed it Down!

The increased Gmail storage rate has slowed. It's down to about a megabyte every 55 minutes, instead of ten. Maybe even Google has limits... The decrease cuts the storage rate to less than 20% of what it was just after the update, and this all happened last night, probably around 0100 Pacific, which is when Google did their last tweak. Since my storage was going nicely at the old new clip a mere 12 hours ago, and now it's slowed, it has to have been done overnight.

What I want to know is, why did Google make such a huge spike and then slow the counter down? It's still faster than it was initially, but 120 MB per day is a whole lot more exciting than the 27 or so it'll be now. Does this mean we won't see Gmail hit 6 GB by January?

Firefox 3 Visual Refresh

Apparently the Mozilla developers working on the next major Firefox release, version 3, are planning big integration changes. Operating system-wise, that is. Firefox will have Windows XP, Vista, and Mac OS X themes, each carefully matched to the existing native applications and interface style. Alex Faaborg, part of Mozilla's user experience design team, has more details on his blog.

I won't get into too many details. However, I do hope the new 'Fox will support switching between OS themes if the user wants. I might like to try out a Mac or Linux theme on my XP computer.

Canon Camera Numbering Hack

I finally decided to blog about the little hack I discovered over the summer. My Canon PowerShot SD750 (and all other Canon cameras, as far as I know) numbers files by user preference, either continuously or resetting on each new folder and blank card. I found a way to hack this setting so experimental pictures you don't want to count in your photo total can be re-used. This only works on deleted photos right after your last kept one, so it won't reuse other unused numbers in the sequence.

For example, you keep picture 1343, then take five test pictures and delete them all (1344-1348). By going into the menu, selecting the File Numbering option, and cycling the setting from Continuous to Auto Reset and back, you can make the camera re-use those five numbers. If you previously deleted picture 1245, though, it still stays unused.

This is a good short-term hack, but it can't be used retroactively. You have to do it before you save another picture. If you forget and save picture 1349, in our example, you'll have a five-number gap, and you can't fix that unless you delete photo 1349, as well.

I also discovered a way to get back your numbering if you accidentally reset it by performing this hack on an empty memory card.

Get Back your Canon Camera's Numbering

I just had the experience recently of trying to reset my Canon PowerShot SD750's numbering back to the last picture I had saved. The little hack I discovered over the summer was that I could go into the menu, cycle File Numbering from Continuous to Auto Reset and back, and any file numbers I'd erased since the last saved picture were re-used. It worked great when I was carrying the whole summer's worth of pictures on the card. With an empty one, though, it reset the numbering back to zero. I wanted my numbers back, so here's how I did it.

I took the memory card out of the camera and put it into my computer's card reader. I opened it in Windows Explorer (any file manager will do) and made a new folder named "100CANON" (the default photo folder name). I went into my photo library and found the latest picture I had taken, a file named "IMG1903.jpg". I loaded it into the new folder and took out the card. I put it back into the camera, cycled the menu option to be safe, and took a picture. Voila! Picture 100-1903 was joined by number 100-1904. I deleted both (a copy of the one I loaded was still on the computer by default). Now the camera's back to where it was.

I don't expect this to be especially useful for a lot of people, but it should work on any Canon camera that uses the same file numbering (is that all of them?). It works because the camera, when numbering files, goes on either the last picture taken (on an empty memory card in Continuous mode) or the highest-numbered file on a non-empty card (in either mode). Copying a file you took with the camera, as far as I can tell, is crucial, because you cannot view photos that have been edited with a computer on the camera. Theoretically, the file could be copied and renamed to "IMG9999.jpg" and set the camera to start over, or "IMG7285.jpg" and set the next picture at 7286. Deceptive numbering like that isn't very good for really determining how many photos you've taken with the camera, but it might be good for playing a prank on someone else's.

Microsoft to Support KML in Live Local Search

Also at the Web 2.0 Summit, a rare display of "corporate affection" saw representatives of Internet archenemies Google and Microsoft sitting next to each other on a panel discussing online maps, discussing the KML file format. Microsoft added support for Google's mapping data specification to Windows Live Local Search on Monday, something for which Google's rep commended his Microsoft peer. The Keyhole Markup Language (KML) format is used to create data files for both Google Maps and Google Earth. Now Microsoft lovers can also use the format to create maps for Live Local Search, and support Google's offerings at the same time (or vice versa).

Google Founders Really Do Hate Evil

At the recent Web 2.0 Summit, a panel of former Google employees confirmed that Larry Page and Sergey Brin, Google's founders, really do hate evil. The two executives did sometimes ask hard questions about deals with other companies if they sensed that the business leaders on the other side had an evil streak. And a product developer said the two were excellent at steering product teams to both think big and focus on not being evil at the same time. Sounds like that old "Don't Be Evil" thing, about that being Google's unofficial motto, is true, at least for its leaders.

iPhone Incites Consumer Awareness of Locked Phones

Apparently, all this buzz about the Apple iPhone has sparked consumer awareness in the United States. People are starting to ask themselves why their phones are locked. This is a good thing; carriers have been locking phones for years, and it boils down to the insertion of a few lines of code in each phone's software that keeps it from working with someone else. The handset makers and service providers do it intentionally, to make more money at the expense of their consumers.

In other parts of the world, where GSM (Global System for Mobile communications) phones are the norm (we have them here, but some networks use CDMA [Code Division Multiple Access]), people can have accounts with two or three (or even more) different carriers, each with unique numbers (or not), and can switch between them simply by swapping out a small memory card, called a SIM (Subscriber Identity Module). France has even made locked phones illegal. And the new awareness in the U.S. could be successful in finally making people rise up against their oppressors and demand unlocked phones.

The iPhone is by far not the first locked device. Carriers have been teaming up with handset makers to offer exclusive phones for years and years. It is only because of the incredible hype surrounding the iPhone that people are starting to think about the restrictions placed on their phones, and that they shouldn't have them.

Apple will be selling the iPhone, locked, through one carrier in every country in which they decide to market it. France will be an exception, with a (higher-priced) unlocked version available. I don't think, personally, that people should have to pay extra for unlocked phones; however, most phones aren't sold for their actual value. Part of the reason phones are locked is so carriers can offer steep handset discounts; they make more money because the discounts (usually) require a one- or two-year contract with the selling provider. And once your contract expires, chances are you won't be able to take the phone with you anyway.

Hopefully, this change in consumer thinking will force handset makers and carriers to move to GSM phones and SIM cards. Provided that some networks already do, others don't, and unlocked phones need GSM to work well. SIM cards could become the equivalent of the multitude of access codes we use every day to get into services like Google, MSN, Yahoo!, etc. Those networks don't prevent us from using our own computers on competing sites; why should cellphone makers restrict our phones' use?

Microsoft Claims They Didn't Modify Update Settings

The second instance of Windows PCs updating themselves without user permission might be a user problem, not another "stealth update" like the one in September. The reports have only cropped up on the AeroXperience website, while Microsoft's Automatic Updates support group has remained silent about these issues. Microsoft's update program managers investigated and found that none of the patches changed any settings. User action is required for all five of the scenarios described as possible causes for the changes.

Since the problem only affects Windows Vista, I can't say if it was a Microsoft change or a user thing.

Mozilla Makes Another URI Handler Fix

Firefox was updated to 2.0.0.8 recently, and I noticed that one of the eight patches is another URI handler fix. The 2.0.0.6 update also included a URI handler patch, when Mozilla rushed out that update after the first onslaught of protocol handler bugs. While the bugs are still a Microsoft problem, the Mozilla developers isolated cases when the Windows operating system would mishandle URIs and blocked them using their program, so users of Firefox won't be affected by the vulnerable handlers. Ultimately, Microsoft needs to patch this on their end, but Mozilla's taking steps to protect their users is something I applaud.

Microsoft Wants to Shrink Windows Kernel

Think of Windows Vista. Think of 4 GB of hard drive space. Think, "the same thing." Now think of the Windows kernel. Still pretty big (exact size unknown). But Microsoft wants to make it smaller in preparation for Windows 7, Vista's successor. So they've developed (and shown) MinWin, a 25 MB kernel that can run on a system with less than 40 MB of RAM. Yet they still want it smaller. While the kernel isn't half of what makes operating systems take up so much space, smaller kernels mean more device availability, since less memory is required to run the program. Maybe Windows 7 will have a 16 MB kernel? Is that an unreasonable expectation?

Not Everyone Has That New Link

That link I found last night is apparently not a global user interface feature. My mom's account doesn't have it. I'll check again in a day or two, since her account seems to lag behind mine when it comes to updates (Google's rollout model at work) to verify, but maybe Google just trusts me?

Google Working On Its Own Health Project

Hey, looks like I finally get to bash Google for copying. Not that I want to, but it is a refreshing change from Microsoft...

Anyway, Google Health, an information project similar to Microsoft's HealthVault, will let people create a profile containing all their medications and medical records. Such a system would make activities like moving and traveling easier, since unfamiliar health-care providers can access a comprehensive overview of a patient's medical history. The original leader of the project, Adam Bosworth, has since resigned, but the project itself is alive and kicking at Google. Health professionals were shown a prototype earlier this year, a product named (what else?) Google Health.

Personally, I'm probably much more likely to use a Google service than a Microsoft one, just because I already use Google for so much. If it integrates with existing Google Accounts, which it undoubtedly will, that's great! The only problem would be figuring out how to have health-care providers like physicians and dentists gain access to the system and enter data on my behalf, and how they'll know I have a Google Health profile if I'm seriously injured and unconscious on arrival, but solutions have certainly been worked out by Google, or will be before release.

I don't know why, but I have a feeling of trust in Google, which may be another weapon in the war for my allegiances. I have never heard of a Google security leak. I've never heard of a Microsoft leak either, but Windows has more known and exploited vulnerabilities than Linux, which runs Google's service infrastructure. I am excited, personally, for the release of this project, and I hope to see it launched before the end of the school year (maybe another April Fool's Day launch, though I would be happier if it were earlier).

Gmail's User Bar Has a New Link

Hey, look what Google put in the user bar of Gmail (that part with the menu, help, settings, etc.):


It's an easily-accessible bug report link. Yep, it links to the Gmail Support contact page, with direct=1. That means you get just a simple form for reporting a bug: address, subject, bug summary. No frills, no clutter; just a page to report a bug. This page has existed in the Help Center for some time, but it's only linked to for a very few issues. Now they've put it in the toolbar. I wonder how long it will stay?

MissingMoney.com Gets Your Money Back from the State

Want satisfaction? For a lot of people, nothing is more satisfying than getting money back from the government. The site MissingMoney.com has teamed up with over 35 states to provide searchable records of unclaimed property. Simply enter a last name, and an optional first name and/or state, and search; you might turn up a lot more than you think. I searched for three last names from my family and got half a dozen hits for people in my family, all over the country. I'm in the process of emailing everyone about their entries. I wonder if I'll get finder's fees? Ha, just kidding.

iPhone SDK Due in February

In what looks like a response to all the iPhone hacking going on, Apple has announced that they will be releasing an SDK (Software Development Kit) for the iPhone and iPod Touch this coming February. A step in the right direction, finally. Soon, hacks like Jailbreak and the newer iPhoneJailBreak won't be necessary. Third-party apps will be written and installable directly on the phone without any tweaks. I can finally say, "Go Apple!"

Google Reader Graduation Correction

Apologies for taking so long, but I just found an error in my old "Google Reader Graduates from Labs" post. The unread count displayed is not exact above 1000 items; it uses the old "+" thing, displaying "1000+". Personally, I'd rather this plus limit was removed rather than raised, but you know, it's Google's world.

Yipes, almost six weeks before catching that. I definitely need to improve my error-catching speed.

Badly Designed Websites

After certain recent experiences, I see that the way a website works is quite essential to the visitor experience. Take www.mcool.org as an example. The menus you see (assuming you're using a JavaScript-enabled browser) are generated by JavaScript, after page load. The data is included in a series of JavaScript functions at the end of the page, the definitions of which are included in the commercial Milonic popup menu script. This could be easily solved by including inline code that is hidden with CSS and displayed using an in-page rule contained in a <noscript> element.

However, that's not the only problem. Despite the solution, non-JavaScript browsers wouldn't be able to follow the links anyway, since their URLs are things like javascript:goGenie(9);. The menu isn't the only place this happens; as far as I can tell, the vast majority of the links call some JavaScript function that POSTs a hidden form to the clientschool.cgi script (all pages' URLs are the same, another annoyance because they can't be bookmarked). So even the very way the site is structured is inaccessible. What if a user wants to bookmark a page? Nope, can't do it. That one's easy; use a GET request instead of POST. What about non-JavaScript browsers? Can only see the front page due to the JavaScript links. Replace them with queried URLs containing "?schoolname=school188&page=4&genie=1", setting all the variables to the proper names, and using genie=0 to denote a non-genie (whatever the genie is) page.

This business of using a CGI script to serve pages is done quite a bit, but usually with URL parameters that uniquely identify the page requested using GET so the page can be bookmarked and linked to using regular links without JavaScript. I can't blame my school for this (for I am discussing their site); I must point the finger at rSchoolToday, the company that they have signed up with for the site hosting and development. The rSchoolToday website doesn't even display service information when you go to the homepage; it shows a graphic illustrating the several "applications for education" they offer which links to a "full version" of that image. That's it. No contact, no way to buy, nothing. Even their own site is horribly designed.

That's why I use separate pages for everything. It may take more work for me to figure out the site's directory structure and add includes appropriately, but it certainly makes it easier for visitors if they can enter page addresses using "photos.php", "/albums/photos-electronics.php", etc. and even bookmark them if they like. And the sites work without JavaScript.

Update (2008-09-05): Well, I checked back repeatedly over the year, and www.mcool.org has been completely redone; see my quick overview of what I consider to be the most useful changes.

Microsoft Updates Live Search Mobile

In what looks like another Microsoft "Me, too!" service, Live Search Mobile offers a free 411 service (sounds like GOOG-411 to me). When will Microsoft stop this copying other people? I may call this 1-800-CALL-411 number once or twice to test it, but unless it's loads better than Google's offering (which is likely to be updated regularly), I'll probably stick with GOOG.

IBM Uses RFID to Track Conference Visitors

PC World reports that IBM is deploying RFID name tags for visitors at its Information on Demand conference in Las Vegas. It is no secret to registrants, who are offered the option of a non-RFID enabled tag via large signs. The chips' data is gathered using systems from AllianceTech (Austin, Texas), and will generate a lot of raw data, some of which IBM doesn't even know what to do with yet.

The chips themselves contain 24-character identifiers including the name, title, and company of the attendees. Data is logged by RFID readers as visitors walk through doors into sessions and meal rooms, and sent to on-site DB2 collection systems in real time. (More details at report.)

The implications of this illustrate the very 1984-ish oversight RFID could provide if misused. Personally, I'd probably opt for the non-tracking name tag, if only for privacy's sake. If IBM offered me access to my own log data, with an option to review it for a certain period after the conference and delete unwanted data before they analyzed it, I might be much more comfortable with the tracking. Supposedly, only about 2% of the visitors didn't want to be tracked, but some of the takers just might not have noticed. This technology is getting somewhat scary.

iJailBreak: New iPhone App Installer

PC World reports that a thirteen-year-old coder, named AriX, has released an application to install third-party applications on the new iPhone firmware. It is freely downloadable from Google Code. The only interaction necessary, according to the article, is a soft-reset of the iPhone.

I don't know what's more impressive: The fact that the new encrypted software has been cracked, or the fact that a 13-year-old did this. Very impressive! Congratulations, AriX!

Google AdSense Payments Now Must Be "Validated"

An announcement from Google says the company will be adding a "validation period" to AdSense publishers' referral ad conversions, requiring that the clicks be validated as actual customers before the publisher will be paid full referral value. Ad clicks will receive less than the maximum referral value for the ad until the validation period ends. The validation period will end after an unspecified amount of time, but will vary between publishers. Some users will see a decrease in their AdSense revenue.

I do wonder what's going on. Google has so many click-fraud detection algorithms running already, why should they need to "validate" referrals? There must have been some heat from AdSense advertisers...

ICANN Testing Internationalized Domains

The ICANN (Internet Corporation for Assigned Names and Numbers) is launching an evaluation of international domain names that promises to allow non-ASCII characters to be used in Internet addresses. Tens of thousands of characters from the world's languages will be released for use as part of the test, and when the new system goes live. The ICANN president calls it "one of the biggest changes to the Internet since it was created." Users in other countries will be able to browse the Web in their own languages without using a single English or Roman-alphabet character in the URL when the international domain names are put into service.

Urchin 6 Confirmed

Well, that's what I get for blogging without first reading the entire set of new posts from Analytics Talk. That nice blogger over at EpikOne has confirmed that the new beta Urchin software is indeed the long-awaited Urchin 6 update. It has a completely rewritten back-end, uses the old Analytics interface, and uses Flash graphs instead of the SVG graphics it used to (info second-hand from the post). It will cost about $3,000, and can be used with all its functionality (no more modules) for one price. Existing owners can get discounts, and users who purchased service contracts will get the upgrade for free. Google's back on the ball! That news coverage in PC World came at the right time...

New Google Analytics Code

Google has released a new version of the Google Analytics JavaScript, as well, named ga.js. It replaces the old function- and variable-based calls with a new object-oriented style, and was rewritten to support event tracking. Other new features include the currently in-beta outbound link tracking and the in-rollout site search tracking. The code's structure has changed completely, so sites using calls to urchinTracker() in multiple places (i.e. not just in the tracking code) will need to plan their upgrades so as not to leave data holes. The old urchin.js should be supported for a while, as the old Analytics reporting interface was earlier this year. I'll have to update all of my sites (I have several using GA), but fortunately, I only have one, maybe two, instances of extra calls to urchinTracker(), and I will probably remove those when outbound link tracking is enabled or replace them with the new event tracking.

Google Analytics Updates

Today saw some exciting announcements originally made at the eMetrics Summit in Washington, D.C. Google Analytics will be rolling out several new features in the coming weeks, including the ability to track site search (if your site has search, like this one does), tracking events in Flash and JavaScript without using urchinTracker() (which artificially increases pageviews), and Outbound Link Tracking, which will (as its name says) track outbound links. The event and outbound link tracking will first be launched as betas, meaning I might not get to use them for a while. But man, that last one's going to be a useful feature for sites like blogs!

Also announced is a new beta of Urchin (that years-late software package update, I'm guessing). Users can participate in the beta by contacting a Google "Authorized Consultant", whatever those are.

All in all, an exciting day for us Google Analytics users. Better be careful next year; I might be tracking what arrows you click in the Blog Archive sidebar... (That's actually impossible with my current knowledge; Blogger modules can't be changed like that.)

Gmail Storage Update Frequency Update

Well, I think I have found a pattern to the counter updates in Gmail, actually. It updates every megabyte starting around 2300 Central Time, slightly behind the homepage counter, and then freezes between 0400 and 0500 until 2300, when the cycle repeats. An interesting update method, but Google's entitled to unusual methods.

Silverlight: More Microsoft "Me, Too!"

In today's Web world, Flash is king. Java comes in second. Way at the bottom of the list of plugins, down around position, oh, 1,000 or so, is Microsoft's new Silverlight platform. Yep, that's right, Microsoft has a Flash and Java competitor. And what does one write programs for it in? .NET of course! In fact, any .NET language is supported. But did the world really need another browser plugin?

My take on the matter is, Microsoft is playing another "Me, too" game. First it started with IE7, integrating tabs (Firefox, Opera, Netscape, Safari...) and a search box (ditto). Then Vista got that flashy sidebar (Mac). Now they've got Silverlight (Adobe, Apple, Sun...). And what use is it? It's just another Flash-killer that will probably (I hope?) flop. I haven't seen too much buzz about Silverlight development, though there is a "Moonlight" Linux version being programmed.

So what does Silverlight have that we don't get from an existing product? It can play videos, which Flash can do for sure and Java can likely do (I don't have experience with a Java video applet). It can make animations, which Flash definitely covers. And it can play music files, which, again, Flash already does. The only advantage I see is the XAML text-based markup, versus compiled Flash animations. That's it. Other than that one thing, it looks like more of Microsoft trying to do everything. Wasn't it nice when all they made was an operating system?

Gmail Testimonial

I just felt the need to write a Gmail story to send to the Gmail Team, and I've copied it here both for record-keeping and as a view into my online work life.

When I first got into using email, I used the old USA.net email service, which was free at the time. When that moved to being fee-based only, my dad created email addresses on his hosted server for myself and my mother. We had to use email clients for those, but didn't really get into the Yahoo! or Hotmail stuff because they weren't really any different from Outlook/Outlook Express.

Fast-forward to 2005, when a friend of mine invited me to Gmail. I added it as an account in Outlook, and enabled POP3 access, then promptly forgot about it. When the hard disk of my computer threatened to crash in 2006, I had to transfer everything to cloud-based services, which meant webmail, and FTP storage for files (I've since gone back to using a school computer and Google Docs in tandem).

Even though the computer was fixed, and the data recovered, I've never gone back to using the client or my old email address. Gmail's innovative conversation view, starring, and labels have changed the way I use email forever, and I can't see myself ever using anything else again (unless of course you guys pull the rug out from under all us Gmail users... Please don't!). I've since redirected every email account possible to Gmail, and really love the spam filters that work 99.9% of the time (I've found about two mistakes, otherwise it would be 100%) to keep junk mailings about drugs, stocks, real estate, etc. out of my life.

Even more wonderful was the fact that, since I started using Gmail, I've been using more and more Google services, and found my life getting easier. Gmail, Google Talk, Calendar, Docs, Reader, Blogger, GrandCentral, and the whole host of others have transformed the very way I communicate and work, and I'd just like to thank you, the Gmail Team, and all the other development teams at Google for creating the Google Operating System I use today.

That's why I'm such a Google fan.

PDF Spam Malware

A new malware-distribution scam is sending out fake order-confirmation messages with "self-extracting" attachments (EXE files) that supposedly contain PDF order summaries, but really drop a Haxdoor/Goldun (depending on what antivirus program you ask) payload that can severely compromise your computer's security, plus steal passwords, give a hacker control of your PC, and display ads. Some variants can also disable anti-virus and anti-spyware apps and firewalls.

The scary part of this scam is the fact that it is constructed in such a way that lots of users will probably fall for it. It appears to prey on the modern public's knowledge of identity theft. Users receiving this will want to open that supposed PDF attachment to see if the order is a result of identity theft and will infect their computers as a result. This could be a bad one.

What Do I Do About a Vulnerability I Find?

If you discover a security vulnerability in the computer system at your workplace or school, do you report it? Whistleblowers seem to have a record of late for getting punished (expelled, fired) when they report a security problem. A student at Western Oregon University, for example narrowly escaped expulsion when he discovered a file containing names, SSNs, and GPAs for 50-100 students at the school. He sent a copy to the school newspaper, which ran a four-page special report on his discovery. The student was disciplined by the university, and an adviser to the newspaper was, according to another student, apparently let go as a result of the incident.

Just last month, an employee of Providence Health System filed a wrongful termination lawsuit alleging that he was fired for tipping off local law enforcement to data theft in 2006. A St. Louis Boeing IT employee claimed he was fired for interviewing with a local newspaper about the company's security policies. And a former Sandia National Laboratories network security analyst was awarded $4.3 million after filing a suit against the lab regarding termination resulting from his disclosing an internal security breach to the FBI and other agencies.

What does all this say? These are four recent cases where people doing the right thing have been punished for doing it. Disclosing a security breach should not result in a termination or expulsion; it should garner a reward from the agency whose security has been improved as a result of the disclosure. Why is it that the famous Rule of Acquisition Number 285 is being applied so frequently to the field of IT security?

Gmail Storage Update Frequency

Well, after observing the counter in my Gmail account do both daily updates and as-it-happens updates, I'm not quite sure even Google has decided how often to update them. I couldn't really see any pattern to the updates. It's been the same since I logged on this afternoon, but it was increasing as-it-happened last night. This is very strange.

Confirmation of Email Blocking on School Account

Today I logged into my school email account to find five "Undeliverable Mail" messages in the inbox. Sure enough, each one referred to a particular message I had tried to send when I was troubleshooting Gmail and ended up troubleshooting the school system. Looks like they really are blocking email to external recipients now, though my teachers can still send to my Gmail account.

All five messages contained the same error message:

Rejected with: 550 5.7.1 Requested action not
taken: message refused

Feh. Now not only can I not send to the address from Gmail, I cannot send from the address to Gmail. Ah the good old days of using my own account without resistance from The Dark Side...

Example of the Effect of Video Games on Kids

I'd like to share a video here that illustrates the very reason I don't play video games much. This German kid needs serious mental help. There are multiple versions of this video, but this is the one that showed up in my Google Video recommendations, so I'm posting it above the others.

Warning: Video subtitles contain swearing

Wow! It's a wonder his computer keyboard even still works after the beating it takes. He probably does this every day or two, too. Somebody call the men with white lab coats...

Seriously, people like this are the ones that will probably go out and kill someone in real life, then blame it on their addiction to video games. Either that, or they'll kill the judge and jury, too. In all honesty, I don't know if this is real or not (one version says it's faked), but if it is, then we have a case for some wonderful psychiatrist to handle.

Sorry, Microsoft and IE7

I owe Microsoft and IE7 an apology. Last month, when I complained that IE7 wouldn't layer properly, that was really my fault for thinking I needed to fix something that wasn't broken. I set different background coordinates in the IE7 stylesheet (which is now empty thanks to my testing) and messed it up myself. So ignore that post if you came across it, or do in the future, because it's wrong. I guess my developers' hate for IE kept me from trying the most obvious solution: removing the fix and seeing if it was actually broken. Sorry, Microsoft.

Gmail Storage Did Increase

OK, the storage in my Gmail account did increase. I think it's updating every 24 hours or so, since it updated while I was asleep last night. I'll watch tonight around midnight (I plan to be up later than I was last night) and see if it goes up again. When it does, I'll note the time and then log it for a few days to see if I can find a pattern. I'll be posting my results back here around the middle of next week. I must say, again, I'm very excited by the possibilities opened by this update. I wasn't expecting to see the number "3" in the first two digits of the storage until next year. Now it looks like that'll happen in the next couple days (3300 MB). Should I try to get a screenshot of the instant when it's at 3333.333333 MB? Or is that a waste of time?

New Photo Galleries

I just launched the new photo albums over at the SW Robotics site. If I do say so myself, they look snazzier than the gallery style I came up with last year for my other project. I might adapt the modifications to work with the older site, since they work so well.

Creating the albums took a lot of elbow grease and patience, but it was mostly tedious copying and pasting filenames, adding captions, and adding more rows. Add organizing an extensible directory structure on the server, and everything took about a week, once I got all the photos. The quickest part was actually getting thumbnails and reasonable Web-sized large graphics that wouldn't break the data transfer bank or make users wait for ages, since Google Picasa can export to HTML page. Copy the thumbnails and images directories to the website's folder, and you can structure the actual gallery however you like. The only thing to worry about is specifying proper image size; if they're not correctly sized, images are stretched and squished to fit the dimensions you specify, often looking funny or just plain bad.

Anyway, new styles for the gallery popups, revamped gallery table styles, and a slick file naming job thanks to the team captain all helped make the albums what they are now, and more pictures should be added at various points during the year.

Increased Gmail Storage Hits News Media

As I thought, the increased storage counter rate in Gmail drew attention from both of my favorite sources: PC World and Lifehacker. Their articles basically say the same thing as I did, but interestingly they left out estimates of update speed. The title of Lifehacker's post is quite intriguing, because they put an estimated 6 GB time in their title. Anyway, it feels good to sit and wallow in the knowledge that I found this hours before any of the major news networks I follow. Especially after the day of classes.

Partial Explanation for Gmail Storage Lag

Now that I think about it, the storage in my Gmail account always lagged a few hours (at least) behind the counter on the homepage. Of course, no change since 0415 this morning is a bit long, as it's been about six hours, but my mom's account is several megs below mine, so Gmail storage must be, like everything else at Gmail, a rollout-type deployment, where groups of users get new features (or disk space). Since the clock is moving faster, it's no wonder the gap is bigger. I'll watch over the next few days to see if it stabilizes or closes at all.

School IT Strikes Again!

In what looks like a devastating blow to the usability of my school's already-crippled email system, it looks like the SMTP gateway or another piece of hardware or software downstream from the Ocean Mail Server is blocking all messages trying to get to the outside Internet. The system still says, "Your message was sent successfully," when you send a message to an external address, but the message is never delivered. For fear of losing all the accommodations I have gleaned in the last month or two, I dare not contact my Draconian IT support department, yet I must needs have my forwarding if I am to survive the year at all. For crying out loud, high school seniors are supposed to have more privileges than everyone else, but it seems that as I've moved up in academic years, my privileges Re: school sites, etc. have declined.

Consider what I was able to do three years ago:

• I could edit my personal information in Blackboard Learning System
• I could use my own email account with no fuss whatsoever
• Setting one's own schedule was an advertised benefit of attending my school
• Class rosters for each course were accessible from within Blackboard, listing names and email addresses of every student in the class (useful for determining why discussion boards were inactive)

Now see what's changed:

• The personal information section has been hidden and restricted
• The school's teachers and faculty insist upon using their closed email system
• They have a set nine- or eighteen-week schedule for all courses, no exceptions
• Class rosters are no longer accessible

What began as an enjoyable alternative to the oppression of being constrained to a school building has gained the very oppressive aura I left four years ago. By contrast, the few music classes I sit in on at a local high school (which, last year, fostered the connection to the Southwest High Robotics Team) are like freedom to the highest level. The freedom to choose my own schedule for work has been overshadowed by the immense number of restrictions placed on how I can use the online school. Ah, to return to the good old days of 2004 and 2005...

No, Seriously, What's Up?

Now I'm really confused. The counter on the Gmail login page says I should have 2,939 MB of storage space, but my account only shows 2,918. I'm behind by more than 20 megs. If Google is really increasing all the storage by five megabytes an hour, which is the rate the counter's going at, why isn't my account's counter increasing? Is it time to comment in a help group?

What's Going On?!

Since my post about an hour ago, I can see that my Gmail account's storage has gone up about five megabytes. Yep, you're reading this right: 5 MB in about an hour. At that rate... Whoo... Gmail will hit three gigs in a matter of days. Either Google messed up when they updated the script (and server: the Gmail account shows the same numbers as the login page counter), or they're radically increasing storage to compete with Hotmail and Yahoo! Mail, which have 5 GB and "unlimited" storage, respectively. I wonder what Lifehacker will say when they come across that Gmail Blog post?

Just for reference, the storage has gone up half a megabyte in the time it took to write this post. Mon dieu...

PS
For an up-to-the-six-decimal-places counter, you can go to the Gmail login page (don't worry, it won't log you out).

Google Paid Storage Also Upgraded

While Google's on the subject of upgrading storage, it seems they've beefed up their paid storage program as well. There is no longer a 6 GB option; the plans available start at 10 GB, and the starting price is the same $20/year that six gigs cost yesterday the last time I looked. As I recall, the plans used to only go up to 25o GB, but now you can buy a whopping 400 GB of shared storage for the (paltry) sum of $500 a year. The prices are still a little steep for me -- after all, I am on a very limited budget, most of which will likely go to Web hosting for a site I want to build -- but it's nice to see that Google has, in effect, reduced the cost of their storage plans. Didn't the old 250 GB option cost $400 a year? The pricing scale is coming down, gradually.

I don't plan to buy storage now, but if I start uploading more photos to Picasa Web Albums, I'll have to spring $20 a year. It's not a bad price for an extra ten gigs for Gmail and Picasa.

Gmail Storage Increasing Faster

While waiting for the Folding@home statistics system to do its hourly update so I could check my statistics before hitting the sack, I noticed that my Gmail account's storage counter seemed to have increased a day or two early. On a whim (since F@H was still locking me out of the stats), I checked the Official Gmail Blog, and noticed a post dated (assuming the blog runs on Mountain View time) about 15 minutes ago. It announces that Google will be increasing the speed of the storage counter and giving out more free space. Rob Siemborski, the Gmail engineer who posted the entry, also said that Google Apps customers using Apps Standard and Education Edition will see their storage begin to match Gmail's counter (up from the current 2 GB). Premier Edition customers will see their storage go from 10 GB to (!) 25 GB.

When I read about the Infinity+1 storage plan, I figured I'd never use all the space, but then my storage percentage use began increasing, about one percent every few months. Since I've only been actively using Gmail for a little over a year, I'm only using four percent of my storage, but every time that number jumped it was like seeing, "Your storage is going to run out some day." Now, hopefully, Google will have pushed the percentage increase interval from a few months to a year or more. Maybe if I keep my current average email volume, my percentage will stay the same. All I know is, Google deserves thanks for their new plans.

My Content is Being Scraped...Badly

Looks like these posts I'm writing are interesting some excerpt bot. I have been getting some reactions on Technorati lately that involve other blogs taking excerpts of my posts, incorrectly naming the author (as "peterblackqut", "Alex", "David George-Cosh", etc.) and often omitting a subject ("[Incorrect name] wrote an interesting post today on", with no actual what), and linking back to me. I have no real problem with others taking excerpts of my content, especially since they're linking back and increasing my blog's reputation, but it's annoying to be misnamed (differently) every time. I have a feeling the bad author scraping has to do with one of the widgets in the sidebar, maybe the Recently Starred Items box for Google Reader, but having to manually comment on each infringing post is annoying. I have better things to do than police my own Internet alias. I could just let it go, but vanity strikes... I might not be as annoyed if the corrected names showed up in Technorati, but the incorrect ones stick around.

Google Apps Suite Doesn't Worry Microsoft

Steve Ballmer, Microsoft's CEO, dismisses competitors' offerings as not "even as good as 'me too.'" He is convinced that desktop Office will remain king of the business software market, simply because Web-based alternatives cannot (yet) offer the same functionality. He postulates a future in which operating systems will be extensible in real-time, but Windows or Macintosh OSes will still be necessary. "There's no free lunch here," he says. Microsoft has been pushed to adapt its business and enterprise offerings in recent years by innovations from competitors such as Google.

Ballmer also acknowledged Microsoft's third-place ranking in search and Web advertising, and that Web-based computing will be a large step in the company's forward movement. Google is a good competitor for Microsoft, and their offerings seem to have been pushed by the number of (often free) alternatives Google offers.

I would love for Microsoft to worry about Google Apps, Zoho Office Suite, and all the rest, but if the new Web services force the Redmond behemoth to update its own online offerings, that will be a major step in and of itself. I want Word to die, since it's become incredible bloatware (as have the rest of the Office apps), but I still couldn't live without it; people just don't understand OpenOffice.org.

Mozilla to Develop Mobile Firefox

Mozilla Corporation has said it plans to get serious about developing a mobile browser. As devices like the iPhone have shown, people want a full browsing experience on mobile devices. Mozilla hired two new developers to help with the objective, and will continue developing Mozilla2 with mobiles as a device category. Mozilla2 is due out around 2009. PC World has a more in-depth report.

Personally I would love to have Firefox on my PDA. Though Mozilla is likely to encounter competition from Apple and Microsoft, who bundle their own mobile browsers on devices using their operating systems, and Opera ASA, which has been fine-tuning their mobile browser version for years, a mobile version of Firefox will probably catch on about as well as the desktop version has. I look forward to a day in my rosy, perfect-world future when all devices bundle Mobile Firefox, and Internet Explorer has been extinct for years, but that, at least the latter part, is highly unlikely. I do think, though, that a mobile Firefox will get users, especially as mobile Internet browsing becomes more mainstream.

Microsoft Fixes URI Handler Flaw

The Windows URI handler problem is finally getting a fix today. Microsoft is changing the function ShellExecute() so it sanitizes any links it processes. The flaw has been blamed for many vulnerabilities in other programs, vulnerabilities Microsoft originally said were not its problem. The software company has since reversed its position. The patch's release date has not been revealed, but the next set of patches is due November 13.

Not all URI handling vulnerabilities will be fixed, though. Depending on how Microsoft implements changes, the changes will go only so far, but bugs in other applications that are exploited after Windows' processing will not be affected. Vulnerabilities exploiting intended uses of URI handlers, such as a recently-discovered Picasa exploit, will not be fixed, and in fact cannot be fixed by changes to Windows.

Tax-Free Communications?

The House voted today to extend the moratorium on Internet access taxes for another four years. Originally instated in 1998, the tax ban would have ended this November, but will now last until 2011. A largely Republican group of lawmakers has proposed making the tax ban permanent. Bob Goodlatte, a Virginia Republican, noted that a "strong, bipartisan majority of members want a permanent ban on these burdensome taxes." If the House really does want to permanently ban taxes, legislation should be pushed through now, before the composition changes too much and pro-tax new members enter. The amendment allows nine states with current Internet access taxes to continue them, and also excludes other Internet-based services like VoIP from the ban.

The Internet is but one communication service, and it is not taxed, yet telephones have been taxed for decades, as are cellphones and cable television. As much as 20 to 25 percent of telephone bills can be government taxes. Should the government be able to levy taxes on the services that keep us in contact with family and friends? Should entertainment be subject to an additional fee? I think not. While opponents of the Internet tax ban might say it's odd for the government to be able to tax everything but 'Net access, I think it's odd that the government can tax the everything else. There is a phone tax that has been around for decades, instituted to help finance a war that ended many, many years ago. Should that stick around? No! The war's over, so stop saying we need to pay for it. If that tax was repealed and a new one named for the current conflicts in the Middle East was passed, that might be OK, but a thirty-year-old obsolete tax is irksome at best.

How to Get Out of a Speeding Ticket

Looks like policemen are suckers for honesty and humor. Some folks over on AOL submitted stories about how they got out of speeding tickets, and the resulting compilation was published at CNN Living. There are some pretty interesting methods illustrated there, most notably MaurDrisc's (being honest), CCCCINTI's (show respect), and RGLGINC's (be honest and laugh at your mistakes). Honesty and respect can go a long way toward getting the boys in blue to let you off, and even tall tales (Nexusrider) can help. Sharing a story about how bad your day has been (Pamelakins) is another way to be a bandit without getting ticketed by the smokeys. The only one that doesn't really make sense is the last one, submitted by Waymill, which seems to say the policeman stopped a low-flying plane on the highway?

The Blu-ray/HD-DVD Battle Continues

PC World published a wonderful article today detailing the problems with the battle between Blu-ray Disc and HD-DVD, the two competing high-definition formats. Some studios back Blu-ray, others back HD-DVD, and to make sure they can play all the movies they might want to watch, consumers will have to buy two players (or pay extra to have them both in one device). Blu-ray's specifications are undergoing change, and players bought in the last two years will not support the new features in the updated specs.

I won't try to explain in full detail the battle -- I'll leave that to the article -- but let's just say I think anyone who goes out and buys any HD player and discs right now is crazy. The market isn't stable enough; the industry has to figure out a unified standard before I'll risk money on a player and discs that might be obsolete in a year or two, when I'll have to repurchase the same discs to make them work in the new player. Wait another year -- or two -- before buying HD. Chances are you'll be glad you did when the format wars are over.

PS
Anyone else reminded of VHS/BetaMax?

Microsoft Claims Its Intellectual Property is Used In Linux

Microsoft CEO Steve Ballmer says users of Red Hat Linux should pay Microsoft for patented intellectual property supposedly contained in the open-source OS. The company has made no specific claims as to what portions of the Linux distro violate what patents. I feel the same way as Jim Zemlin, executive director of the Linux Foundation: Microsoft will only create more ill will in the Linux community, and in their own users', until they specifically state what patents are being infringed, and provide proof. The fact that Ballmer simply says Microsoft patents are infringed will likely only further irritate customers who feel that the software giant's patent controls are already too stringent. It also makes for a kind of greedy-sounding statement.

AdSense for Video Now Available

Google has teamed up with several content providers to offer ad-enabled video players for embedding on websites. The players are customizable and display text ads both as banners across the top of the video window and as text across a clip's bottom. Only YouTube videos appear to have this service, and only a few companies have the use of it as of yet.

What I wonder is whether these new in-video ads will help or hurt YouTube. Users aren't used to very many ads, and lots of sites display annoying bumper ads before and between clips. Could this be a segue into that market? If Google introduces video bumper ads, YouTube's business could drop like a rock.

IE7 Bug Reopens Debate Over Protocol Handlers

A bug in IE7 affecting how the browser handles URIs that launch external programs, patched today, has rekindled discussions about the responsibilities of protocol handlers. While some say the browser developers should be held responsible, others say it is a Windows problem.

From what I have read about the issue, dozens of programs are potentially vulnerable. The vulnerability is reportedly in the way Windows handles the launching of programs, not in Internet Explorer or Firefox (both of which were affected by the earlier QuickTime protocol bug). I would say that the responsibility of fixing the problem falls on Microsoft in that case, except the software giant has already stated that the problem is in the external programs (this statement came after the QuickTime bug, earlier this year).

Microsoft can't be reasonably expected to cover all the bases when it comes to external apps, of course, but modifying individual programs creates a lot more work. Perhaps the solution is to disable external app launching altogether, though a lot of users would probably object to that. Maybe the fix should be a concerted effort between Microsoft and affected programs, with the entities working together to produce fixes in both products that will both fix the current flaw and prevent similar problems from cropping up again.

Apple Sued Over iPhone Antitrust Concerns

A PC World news story reports a class-action lawsuit in California, brought about by a man named Timothy Smith, alleging that the Apple iPhone breaks California law. Among the problems cited in the suit are Apple's AT&T software lock and denial of warranty service to customers who have unlocked their phones. (See the full story for more details)

Personally, I don't think Apple should be allowed to implicitly endorse carrier exclusivity, as it seems to with its AT&T contract. I think all cellphone companies should be regulated for interoperability, and a phone should be capable of being pulled from one network and activated on another, without anything more than the SIM card switch European phones require. This nonsense of phones only working on specified networks is absurd.

I also don't agree with Apple's denying warranty service to owners of unlocked phones, but the updates and packaging included warnings against unlocking, stating that unauthorized modifications would void the warranty. I do not believe the suit will have much of a case against warranty-service denials.

It will be interesting to see how this case turns out in court.

A Second Robotics Job

Well, it's official. I'm the new Media Captain of the Southwest Robotics Team. I'll be doing photos whenever possible, with my trusty Canon PowerShot SD750. I'm looking forward to it; the previous captain will be doing video editing. This will certainly make loading new photo galleries onto the website easier; I won't have to get CDs or anything from other people.

A Wi-Fi-Finding Shirt

Looks like technology in search of a purpose to me. ThinkGeek has developed a T-Shirt, available only in black so far, that has a glowing decal on the front with bars to indicate Wi-Fi signal strength. It runs on three AAA batteries and can be machine-washed, though it must be hung out to dry. The decal and batteries, obviously, need to be removed before washing. It looks like an interesting idea, but it doesn't provide much information, such as encryption status or access control; it only measures signal strength. I think I'll wait until v2 (or v3) before getting one.

Like-Minded Geeks (Short)

Looks like I made friends with a like-minded geek. My friend i80and uses the same template for his blog as I do. We both hate Microsoft, love Firefox, and use Google to the exclusion of all other service providers. It's rather interesting. Of course, we don't have everything in common. I write a whole bunch more than he does...

It's Good to Have Talents

I deviate from my usual technobabbling to reflect on some of the things that have happened in the last couple of days. I designed a website for the Southwest High Robotics Team, the launch of which I announced earlier this month, and now the team captain would like me to be the Media Captain, in addition to my current position of Website Captain. This would mean that I would not only maintain the site, update the upcoming photo galleries and video pages, and develop new features like our planned wiki, but would also take photos and possibly create posters/edit videos. My skills in the latter two I'm not so sure of, but I have gotten quite a few positive remarks about my picture-taking abilities. I don't know how much of it is skill and how much is luck, but I'll take whatever compliments I get.

It would definitely make adding new photo galleries easier, not having to get burned CDs from the current photographer, and actually kind of knowing what's going on so I can organize the albums on my own. It could mean I'd have to delegate some of the more mundane tasks, like filling in album tables with values, to others (who have offered to help). I might turn into a regular executive-type who never does anything himself. OK, so that's a stretch, but I seriously could find some excuses to delegate tedious tasks. Let's see... Resizing images, filling in HTML templates, adding links, updating website text... The list could potentially go on for a while. Depending on what taking the position would involve, perhaps I will take on the extra challenge, if only to exercise my management and photography skills.

Gmail Development Seems to be Stagnated

In the over three years since releasing Gmail, Google has failed to introduce any major improvements in the last two. After the release of chat functionality way back when, new features (increasing storage doesn't count) have been noticeably absent from the client. Yes, they added integration between Gmail and Calendar and Docs. Yes, they added support for the newest Presentations addition to the Docs suite. Those aren't really new features in the sense we're describing. They're just added conveniences, leveraging other services to make email easier.

Within the client itself, Google hasn't done much at all. Despite the myriad versions of the infinitely-useful Gmail Macros script, the keyboard shortcuts are the same old mildly-useful-but-not-that-convenient ones introduced when they first showed up. The same Quicksilver-ish interface has been integrated into Google Reader, and it would help both product similarity and user productivity if a master Macros version could be found, tweaked to be just right, and made another option in Gmail, perhaps as an "Advanced keyboard shortcuts" option, along with the "Off" choice and the "Basic" mode, which would be the current ones.

Gmail's rumored to have a new version coming up some time in the next several months, thankfully, and the features Garett Rogers found, if they're included in the free version and not restricted to Apps (or worse, Apps Premier), look quite handy. Hopefully, more is in the works, and Google will release all its latest work no later than April Fools' Day, 2008.

Microsoft and Privacy

Microsoft reportedly released results of a three-month phishing study conducted through an add-on to their Windows Live toolbar, the Phishing Detective. The software compared passwords used on various websites and reported URLs to Microsoft if the passwords for two sites matched. Admittedly, it is an interesting approach, and legitimate matches are easily weeded out, but it raises issues about how much Microsoft knows about you.

Microsoft could theoretically profile all its toolbar users and keep track of what sites they have accounts at by what sites generate hits to the password-comparing program. Other companies like Google also collect the URLs their toolbar users visit, but the features are clearly marked as having privacy implications and they promise not to log your traffic. Microsoft was definitely logging, though the degree of user specificity is unclear.

This wouldn't be so much of a bother if it was going to be limited to the Windows Live Toolbar add-on; rumors are afoot that Microsoft might add the technology to Internet Explorer, which already has an anti-phishing system similar to the one in Mozilla Firefox. Whether or not that version would send logs back to the company or just alert users if it detects suspicious password similarity, I can't tell, but it still makes my skin crawl a bit. I think I'll continue doing what I've been doing: sticking with Firefox and, for the occasional Explorer site, IE6.

Google's Quietness About Releases

Since Google bought the Urchin company in 2005, and since then has been extremely quiet about the upgrade Urchin promised in late 2004. The Urchin 6 upgrade has never been released, though the Google Analytics website says, "Urchin 6 software will not be free when it is released." It goes on to say that customers who purchased extended service contracts that have expired will be offered a free upgrade, though there is no indication at all of the product's release date, now approximately three years overdue.

Current customers are getting antsy about Google's keeping mum, and it certainly would worry me if I had spent $10,000 of company money on an analytics package and support service with an upgrade that never came. Not to mention, part of the reason would have been to develop a relationship with the software company, which was bought out only a few short months later. Such is what happened United Diamonds, Inc., a 25-employee diamond vendor based in Sun City, California. They spent thousands of dollars on a software package with service contract and upgrades promised, and then lost their business relationship with Urchin when it was bought, and the upgrade was already a few months overdue at the time of Google's purchase.

Google has historically preferred the Software As A Service (SAAS) model over packaged software, as it keeps installation-related technical support requests at bay (they are just about nonexistent) and gives everyone instant access to updates when they are released. However, Google is very quiet about its release schedules for products, never announcing new versions until they are released. Various blogs run by Google staff members announce minor feature additions and security-related bug fixes, but version-related commentary is distinctly absent.

The recent graduation of Google Reader from the Labs testing ground (written up in a humorous letter on the Reader blog) was unknown until it actually happened, as was the search box released a couple weeks beforehand. User feedback seemed like it was being ignored when Google was actually working on features behind the scenes. They just didn't tell anyone about them.

Google might be able to keep free customers happy, but if they start delaying new releases for years on corporate customers, such as Google Apps Premier buyers, some consumers might become disgusted with their no-announcement policy and go somewhere else.

Let's Define the Term "Hacker"

Popular culture has done a number on the word "hacker" these days. It used to refer to a person who built something cool, computer-wise, back before the laptop was invented. In recent years, though, it has taken on the same meaning as "cracker", not in the victual sense, but in the safe-robbing one. These days, a "hacker" is someone who breaks into computer networks, usually with some nefarious agenda. "Hacking" computer hardware and software for increased productivity or performance is now called... I don't know, actually. Maybe "tweaking".

This evil connotation even led a Microsoft blog to be renamed recently. The "Hackers @ Microsoft" blog, which was supposed to introduce the world to the "white-hat" hackers working in Redmond, was renamed to "%41%43%45%20%54%65%61%6d", hexadecimal code for "ACE Team", a possible reference to Microsoft's Application Consulting & Engineering Team, which does security and reliability testing on Microsoft software. The team also has its own blog.

I really hate to see a wonderful word have its meaning changed by people who never even knew what real hacking is, but I guess I'll have to stop thinking of myself as a "hacker" and change to calling what I do "fussing" or "tweaking".

Lithium-Ion Batteries: Confirmed Fire Hazards

In recent years there has been a string of highly-publicized cases where various types of Li-Ion batteries catch fire. Be they installed in laptops, cellphones, or, now, iPods, Lithium Ion battery technology has, I think, established itself as a definite consumer hazard. PC World has a humorously titled article ("Hot Tunes: Man Says Nano iPod Caught Fire in His Pocket") that shares the hazard of the newest of the three device types: the iPod.

A man playing an iPod Nano in his pocket had it catch fire on him, setting his pants aflame and sending orange streams of plasma (flames for you laypeople) up to the level of his chest. He says if the TSA had seen him smoking like he was, they would have thought him a terrorist (he was in the Atlanta International Airport at the time, where he works). Apple reportedly sent him a packet with which to return the two-year-old device. The cause of the fire is unconfirmed, but the battery is a likely suspect.

Now, Gateway hasn't been involved in any laptop battery recalls that I know of, but having a potential explosion on my lap doesn't bring much comfort. Untold millions of batteries have been manufactured, and I carry one in my pocket nearly every day (PDA), as do both my parents (cellphones). It makes me wonder how safe the technology really is.

We've also been awaiting new battery technology for many years now. Given the rigorous safety testing batteries go through, it's not surprising that we haven't had many developments, but there must be a problem somewhere in the testing because there have been a lot of defective batteries lately, and I don't think that many recalls can be blamed on manufacturing malfunctions. We need more stable battery chemistries. I have heard of new mixtures such as sulfur dioxide (I believe), though they will be years before coming to market, as they still have much testing to do.

I suppose all I can do for now is take comfort in the fact that research is being done. I'd take the battery out of my laptop, but then its unreliable AC socket would make the power cut out every few minutes. I just hope my battery wasn't made by Sony.

Apple Kills iPhone Resale Market

Remember that iPhone update that broke unlocked devices? Financial analysts say Apple effectively killed the unlocked-iPhone resale market with that move, even if only temporarily. People would buy up to five iPhones (the customer limit) at the store, likely with the intent of unlocking at least one of them and reselling it. Since unlocked iPhones are now impossible with the latest firmware updates, this market would seem to have no way of existing anymore. At least, until someone finds a way to unlock the new firmware.

IE7 Available to All Windows Users

Microsoft has removed the Windows Genuine Advantage validation requirement to download Internet Explorer 7. The change came yesterday (Thursday), when the software giant changed its mind about IE7 from its being a "reward for being legal" to being "in users' best interest." Windows Update will be offering the upgrade as a high-priority update, or it can be downloaded immediately from Microsoft's website.

I agree with analyst statements that this is probably a play for market share. Popularity of Mozilla Firefox has been increasing since IE7's release, and much of the market gains of the new browser have been at the expense of its older brother, IE6, rather than other browsers like Firefox. I surmise that users dissatisfied with the new browser began investigating alternatives, not knowing IE could be downgraded by uninstalling the IE7 update. I personally know several people dissatisfied with IE7, and am in fact using IE6 myself (the few times I actually use IE, that is).

All I can say is, there must be some large motivator for this removal; it is the first time Microsoft has ever removed a WGA check for a major product; Windows Media Player 11 and, interestingly, the Windows Defender security tool still require validation. (If Microsoft is really committed to security, why not allow all Windows users to download Defender?) I plan to fight this and recruit more Firefox users than ever, to counteract the increased adoption that's likely to take place as a result of this event. IE7 may be an improvement, but it still needs major work, and continually decreasing market share for IE7 might push them to innovate in the next major release.

eBay Phishers are Getting Smarter with Linux

PC World reports that eBay phishing attacks are getting more sophisticated. Attack networks and servers, including those that control spam botnets and host phishing sites, are being run from rootkitted Linux machines whose owners haven't a clue they've been infected. eBay recently reported that data on over 1,000 of its members had been stolen through a phishing attack. The online world appears to be getting more dangerous.

It's intriguing that cybercriminals are turning to Linux attacks; the penguin has long been regarded as the most secure of the three major operating systems, yet cracked (not hacked) servers and desktop machines running various brands of the open-source software serve as command networks for botnets and data collection servers for phishing sites. Linux machines apparently fetch a premium over PCs in the underground market, but their primary purpose seems to be staying in the control and hosting fields. When it comes to the actual bots in a botnet, Windows is preferred.

Looks Like IE7 is Finally Arriving, But Windows Vista Bites

Reviewing the site stats for this blog, I see a distinct prevalence of visits from IE7 users over IE6. Firefox still seems to dominate my hits, but Internet Explorer's own little battle of the versions seems to be turning. A few months ago, not many people I knew used IE7; now I can see the trend clearly. It looks like the day may be coming when I can dump support for IE6 completely as regards my Web development and focus on IE7 fixes. Like the old IE5, version 6 of the venerable, annoying (to developers) browser may soon see its support dwindling in the website world. Not too many sites bother staying compatible with IE5 these days, since it's not used much (my stats show no IE5 traffic at all, though I did get a hit from Firefox 0.9). Holding IE6's hand with complex CSS layouts might be something I won't have to do anymore come this time next year. I'd be ecstatic; I'm really tired of having three stylesheets...

While the newest version of IE is winning, however, Windows Vista seems to be losing to its older brother, XP. In the last few months, traffic from XP was more than five times the traffic from Vista. I think all the problems Microsoft has had with their newest baby have hit people where it hurts -- the bugs threaten productivity -- and kept them from upgrading. With Service Pack 1 in beta testing, the new OS might finally take off in the next few months, but I don't expect to see too much growth before the new year.

It's really quite interesting to see what browsers and operating systems people use. Lifehacker mentioned statistics for their site a while back, citing Firefox as the most popular browser on that site. It also has the lead on this one, ten percent ahead of IE between July 1 and now. Interestingly, the Macintosh OS has a lead over Linux, but it's small; Mac OS has 16 visits, while Linux has 12. Under those, there are three "(not set)" visits, which apparently didn't provide browser data. It will be quite interesting to see how these stats change in the coming months... Will Vista catch up to and/or surpass XP? Will IE take over Firefox? We shall see come December 31, when I'll check the stats from today until then and note the changes in trends.

Update (12/2): The results have been tallied for the end of 2007. See who won!

Apple Closes iPhone, Competitors Tout Openness

While Apple's closed iPhone operating system draws wrath from application-starved users, competitors such as Nokia, Microsoft, and Research In Motion are promoting their phones' open development platforms. Nokia in particular just launched a new website, NSeries.com, that advertises the application-readiness of the NSeries phones. "We believe the best devices have no limits. That's why we've left the Nokia NSeries open. Open to applications. Open to Widgets. Open to anything. So go ahead and load it up. What it does is up to you." states the site's "Open" page.

Microsoft also has gone with an open development platform with the Windows Mobile device family. According to a figure in a recent PC World article, Microsoft states that over 18,000 applications have been developed for Windows Mobile. In recent years, Research In Motion has begun taking steps to enable application development for its BlackBerry (affectionately known as "CrackBerry") phones.

Apple's decision to create a closed platform doesn't appear to be hindering iPhone sales -- in fact more than a million phones have reportedly been sold -- but it makes me wonder if Apple will ever open the platform. Certainly the PC wouldn't be as popular without the myriad programs and applets that do everything from organizing photos to editing videos to creating Web pages to renaming files in bulk. One company didn't write all of those applications; they were developed by countless people over a period of decades. Apple can't expect to write all the iPhone apps its users would find useful. And developing within the Safari browser leaves limited capabilities, and questionable access when away from a Wi-Fi hotspot. When will they realize that open development (and open carrier usage) would benefit their users?

Southwest Robotics Website Launched

After weeks of work, the first version of the Southwest Robotics website has been launched. Upcoming features include a video page, photo galleries, a members' calendar, and possibly a wiki, but the current site has all the basic info and a template that works pretty well in all the major browsers. Check it out at http://www.swrobotics.com/.

iPhone Upgrades Almost Successfully Rolled Back

In a posting on the iPhone Dev Wiki, iPhone hackers posted instructions for downgrading the iPhone's firmware from version 1.1.1 to 1.0.2. The downgrade restores iTunes and Wi-Fi capabilities, but the call-making functionality cannot yet be restored. Hackers have yet to find a way to downgrade the firmware used by the iPhone's baseband chip, which is used to make calls.

Apple's latest update includes much better firmware encryption, which is making current research into unlocking version 1.1.1 very difficult. The earlier unlocks were much easier. According to Tom Ferris, a security researcher working on the iPhone, everyone is working on trying to get into the firmware. The iPhone-unlocking business really has turned into the cat and mouse game Steve Jobs talked about.

Apple's Latest Update was a Mistake

The iPhone 1.1.1 update that broke unlocked phones is being called a mistake by industry analysts, according to a PC World story. On Monday, analysts said the decision to bundle a crippling firmware update with the ten security patches was plagued with a lack of full disclosure. If companies don't tell users exactly what patches will do to their software or devices, people may worry what the latest update will break, and whether installing the update will backfire and make the program or device inoperable.

Aside from the security patches to the built-in Safari browser, Bluetooth firmware, and email application and the upgrade of the iTunes software that enabled access to the Wi-Fi Music Store, Apple bundled the by-now infamous patch to the device's firmware that rendered phones unlocked with the anySIM tool useless.

If companies like Apple (and Microsoft, which has also done things like this in the past, like the Windows Genuine Advantage update in the summer of 2006) continue mixing features, functionality, and security in their patches, users may not bother to upgrade, worried about breakage, insufficiently-tested new features, and other problems. To keep iPhone users secure, Apple needs to tell its users up-front exactly what will happen when the updates are installed. The current tactics scare legitimate users who have not unlocked their phones into wondering whether their phone will work the day after an upgrade.

Whether Apple defends their actions or not, the upgrade also raises issues about who actually owns a purchased device. Apple and many cellphone carriers seem to project the attitude that they own every device they've ever sold, and that they can enable or disable features, disable the device, delete your applications or data, or any number of things. Is this really where we want American business to go?

Intriguing New Touchscreen Technology

In a report from PC World, Sharp has improved upon the conventional touchscreen model with a prototype that uses optical scanner pixels interspersed with the LCD pixels, instead of a wire grid. The 3.5-inch screen can scan fingerprints, utilize multi-touch functionality (even more than the iPhone's two fingers), and even scan name and business cards in under a second at up to 320 by 480 pixel resolution. Supposedly, similar technology was introduced in 2003 by Toshiba Matsushita Display Technologies, but the technology never took off after its April exposition at the Electronic Display Expo in Tokyo. Potential uses for Sharp's tech include cellphone screens, gaming devices, and possibly PDAs.

Is There Such a Thing as Too Much Advertising?

In this day and age of Web-based services, one must wonder if all the banners, badges, and taglines inserted by modern webapps are worth it. To get a free email account from Hotmail or Yahoo!, for example, the user must accept that their email will have ads appended to the bottom of every message sent out. (Note that Google doesn't do this...) Creating documents is a mixed bag; Google's services don't have these "watermarks" (that I can see), but others might, primarily lesser-known services that want to get the word out. Flowchart apps are especially annoying; both apps I've found (the only two I can locate through Google searches) attach large banners to the bottom of exported graphics, detracting from the appearance of the finished chart when embedded in a document or other assignment (I use these for school).

One app, Gliffy, seems to be a released product, with many irritations beyond the banner. Pushy upgrade notices, draconian limitations on document creation (you can only have five, public charts in a free account), and obnoxious ads at the bottom of exported pages made me leave the same day I joined (I'm working on account cancellation). I just won't tolerate that kind of thing.

Fortunately, I found Lenovo Labs' Best4c service, a beta offering that does much the same thing as Gliffy, without all the annoyances. It remains to be seen if it will have more irritants when the service is released, but for now it has reasonable limits, private document creation, collaboration, public publishing, export as PNG or PDF, and a range of symbols for charts. And connectors to boot, Visio-style. The only annoyance I've found is the banner inserted at the bottom of exported images. While I haven't tried PDF export yet, a banner in such a medium is harder to remove than in a PNG image (just open in The GIMP or MS Paint and crop).

Don't come away with the wrong impression; I'm all for promotion, but embedding graphics twice the size of the chart (a little token exaggeration) is a little much. How about a simple text note? Like putting "Created by Best4c, from Lenovo Labs" (that size, as would be polite) in the bottom-right corner? That would get the word out quite well. And as for Gliffy's advertising, instead of upgrade prompt banners that obscure the top eighth of the chart, just put a similar note in the corner of the window. Remember The Milk has their Pro upgrade link well-placed; it's just a text note near the bottom of every page. Why don't other services learn that less obtrusive advertising will result in happier customers?