If you’ve been following my Twitter account at all, you’ve probably noticed by now that I’ve become an avid mobile device (i.e. smartphone) user, and a fan of Android in particular. This isn’t just a passing phase for me, nor is this a technology fad that’s just going to fade away. Mobile technology is really taking off, and I wouldn’t be surprised if a paradigm shift won’t occur—if it hasn’t already—where more people will be using smartphones and mobile devices to access the Internet and other online services than using a full desktop or laptop. There are other contenders vying to be our one-and-only window to the digital world, like set-top boxes, digital TVs, and such, but nothing is as personal and portable as the smartphone and its bigger brother, the tablet.
That said, I’m not in the camp that believes that the Web is dead and that mobile apps are the way of the future. I’ve expressed my feelings on that here before. Apps won’t and can’t be the end-all, be-all interface to data and the mobile Web will always have a place. Thus the mobile browser is one of the most important apps a smartphone can have. That said, most browsers on smartphones are anemic, underpowered, and severely lacking in important functionality. Smartphone manufacturers and OS authors want us to believe that we can leave the laptop behind and work entirely from that wondrous miracle in our pocket, but fail to deliver the tools we need to make that dream a reality.
My case in point: client-certificate authentication. As a very brief summary, the entire industry of e-commerce rests entirely on a set of encryption technologies such as HTTPS, SSL, TLS, etc., that allow secure, private communication between a client (such as an online shopper) and a server (an online store). The server authenticates itself to the client by using a digital certificate, signed by a trusted certificate authority which has investigated and authenticated the server as a legitimate entity. The client can rest assured that the server belongs to the authenticated entity because the certificate uses strong public-key cryptography to provide a chain of trust back to the authenticating authority. Without this technology in place, we wouldn’t be able to tell legitimate businesses such as online retailers and banks from the phishing scams so prevalent on the Web. (This doesn’t always solve problems between the keyboard and the chair, of course, but it is effective as long as the wetware interface is working properly.)
But digital certificates can be used to authenticate the client as well as the server. Many businesses and governments use client certificates to authenticate users to secure systems. For example, I use a government-issued Smart Card to authenticate with my client’s servers. On this card is chip that contains my digital certificate, signed by a private certificate authority. When I authenticate with the client’s services, the private key on the card creates a digital signature which the server can authenticate against my public key, the inverse of what happens between the online shopper and the store front. Thus, I can trust the validity of the government’s certificate and know I’m connecting to their servers and no one else, and they in turn can validate that I (or the person who has my card) am who I say I am and let me in. I use a similar technology with GPF, although I import my certificates directly into the browser rather than use an external card. I created my own private certificate authority and issue client certificates to each browser I wish to use to access my admin interfaces. That way, I know only certain machines can access those portions of the site, offering a lot more security than just a simple password can provide.
This isn’t a new technology. SSL has been around almost as long as the Web itself, and it wasn’t long before the model was flipped around to authenticate clients to servers as well as servers to clients. This is a tool used by businesses every day all over the world. Every desktop browser supports client certificates because they are a standard. Any browser that doesn’t support them is likely to be overlooked or ignored in favor of browsers that do.
Yet the support for client certificates on mobile devices is appallingly absent. I know the built-in Android browser doesn’t support it, and I created an issue in Google’s official Android issue tracker to complain about it. Android supports client certs for WiFi authentication, but not in the browser, e-mail, or any other key service vital to secure business communications. Supposedly support for this functionality is going to be added in future versions of Android, but that doesn’t help me or any of the millions of current Android users until it comes time to upgrade our devices. I’ve read in various places that the iPhone supports client certs, but I’ve never been able to get any of the solutions to work with my iPod Touch (essentially an iPhone minus the annoying contract and poor service of AT&T). The only success I’ve had in this area has been with Firefox Mobile, which is pretty much a Firefox 4 release candidate smooshed and crunched down to fit on a mobile device. It’s bloated and a lot slower than Android’s built in browser and there’s no handy UI for importing certs like there is on the desktop, but if you take a sledgehammer to it and do some manual file tweaking, you can import your client and CA certs into the certificate database and use it effectively.
Seriously, guys… you want your devices and mobile OSes to be taken seriously by businesses as tools to take our work out of the office and on the road. Yet, you don’t give us the essential tools required to take advantage of this amazing freedom. Sure, you tell us “there’s an app for that”, but frankly, there isn’t. I’ve looked, and they’re not there. Apple won’t let third-party browsers compete with Safari on iOS and none of the Android add-on browsers support client certs either. Only Firefox, a desktop browser masquerading as a mobile app, comes close, and it takes a bit of technical wizardry to do something that should be a quick five second import. Someone’s got to step up to the plate and make some progress here, or no business that really understands security is going to take the mobile space seriously.
By now, the tech savvy among you have probably heard of Firesheep, the infamous unofficial Firefox plugin that lets you swipe other people’s session cookies and impersonate them on various popular, less-than-secure websites if you and they share the same unencrypted WiFi access point. The less tech savvy ones probably could care less, or are so terrified and spooked that you’ve turned off and unplugged your computers, buried them in a 20-foot-deep hole in the backyard, and layered on top of them concrete, asbestos, Kevlar, lard, and ten thousand old AOL CDs you’ve been hoarding in the closet since 1990.
OK, I was only kidding about the lard.
Last week I tweeted that “Firesheep makes me want to weep for the Internet and laugh maniacally, both simultaneously”. That’s no exaggeration. On one hand, it’s performing wonders by raising awareness of just how insecure many of our favorite sites really are. The problem Firesheep exposes has been around for ages; hard-core hackers could perform all the tasks that this plugin does through readily available tools and a lot of dedicated logging and log scanning. What Firesheep does is take a complicated, hard-core hacker task and make it bone-headedly simple: install, scan, infiltrate. It provides a wake-up call to Web 2.0 developers that they need to look seriously at security rather than just pay it lip service. And at this task it seems to be doing quite well; already Google has made moves to force SSL for all GMail access and Facebook is mumbling under its breath that they’re “looking into it”.
What scares me about Firesheep is the bone-headedly simple aspect. I won’t get into the ethics of responsible disclosure of security flaws, but releasing a tool like this that makes such a questionable task as simple as clicking a button is bound to have repercussions. Putting this tool in the hands of everyone means putting it in the hands of everyone, no matter what color hat they wear. Yes, we’ll hopefully see lots of increase in security at many of the websites we use every day, but how many innocent and ignorant users will be maliciously attacked before those changes occur? The gun was a very useful tool for early pioneers to hunt and protect one’s family, but it’s also useful for criminals to steal, coerce, and murder their victims. Technology is inherently amoral; it is people that are moral or immoral.
I won’t go into the details of how Firesheep works or the many ways it can be easily thwarted. A quick spin by your favorite search engine will likely provide all the information you may need. However, I did want to take a few minutes to publicly analyze the various aspects of this site and the GPF site and reassure all my readers that your information should be reasonably safe. Right now, it looks like the person most likely to be impacted would be me, directly or indirectly, and the risks are actually pretty darn low.
First up, this site: Firesheep does indeed include information on how to “hack” WordPress. Well, how to hack WordPress.com. Since Neural Core Dump is self-hosted, the built-in attack against WordPress.com hosted blogs won’t affect us here. However, Firesheep is open source, so it is trivial to modify the code to attack specific domains, so the WordPress.com attack can be tweaked to attack an individual self-hosted WordPress blog. My original assumptions here proved to be incorrect; in looking back over the the Firesheep code, it doesn’t look specifically for WordPress.com domains, but for common cookie names used by all instances of WordPress, whether it’s self hosted or not. Thus, any logged-in user here could potentially be exposed. In this case However, this blog’s small size becomes its advantage; the likelihood that anyone will directly attack it is pretty low, and even then I keep extensive backups and can easily back out malicious comments or posts. (Mind you, being too small should not be used as an excuse not to be concerned, just that the threat can be downplayed for the time being.) I rarely use public, open WiFi hot spots (to be honest, there aren’t that many of them around where I live), and on the rare case that I do, it’s easy enough for me to create an SSH tunnel to my home Linux box and proxy all my HTTP traffic through it.
As for GPF, all logins occur over SSL, so no passwords are ever sent in the clear. Of course, Firesheep does not sniff passwords but rather session cookies, so this isn’t really the problem. I thought of a few scenarios where Firesheep could be used against GPF to varying degrees of success:
Again, GPF’s probably far too small a target for anyone to really bother with, but the fact is that so little attack surface is visible that the only person likely to be hurt by it is me.
There, I hope I laid all your GPF/Firesheep fears to rest. What was that? The only person really concerned about this was me? Oh… well, in that case… um… never mind, I guess.
UPDATED November 4, 2010: Updated the paragraph about this blog to correct an incorrect assumption about only WordPress.com blogs being affected.
In the ongoing spirit of releasing pointless Open Source software, I semi-proudly announce the release of Cryptnos 1.0 for Microsoft .NET 2.0.
So what is it? Cryptnos is a secure password generator. By now, I’m sure many of you have heard of various programs, especially browser plug-ins, that let you generate unique passwords for all your various online logins. They usually do this by combining the domain name of the site with a master password you supply, then run those inputs through an MD5 hash to give you a “strong” password that is unique for that site. Many of these applets also search the page you’re currently on for the login form and attempt to pre-populate the password box for you. Well, Cryptnos is kind of like that. Only it’s not.
Like these other apps, Cryptnos generates a password from your master password and from some mnemonic or “site token” that you supply. But that’s where the similarities end. First of all, Cryptnos does not live in your browser, so it can be used for any application where you need a strong password. As a corollary, the mnemonic does not have to be a domain name, although it certainly can be; it can be whatever you want it to be, so long as it is unique and it helps you remember what the password is used for. Next, Cryptnos gives you unparalleled flexibility in how your password is generated. You’re not stuck using just MD5, a broken cryptographic hash that is horribly out of date and which should no longer be used. You can select from a number of hashing algorithms, as well as how many times the hash should be applied. Crytpnos also uses Base64 rather than hexadecimal to encode the output, meaning your generated passwords can have up to 64 possible options per character instead of 16, making it stronger per character than the other guys. You can further tweak your generated password by limiting the types of characters used (for those times where a site requires you to only use letters and numbers) and the length of your password. Best of all, Cryptnos remembers all of these options for you, storing them in an encrypted state that is nearly impossible to crack. Your master password is NEVER stored, nor are your generated passwords; your passwords are generated on the fly, as you need them, and cleared from memory once the application closes.
Cryptnos originally sprang from the “Hash Text” function of WinHasher, which I used to generate passwords in a similar fashion for a long time. I quickly ran into limitations in using WinHasher this way, especially when it came to sites where I had to tweak the password after it was generated. I thought to myself, “I’ll never be able to remember all these tweaks for all these passwords. Why can’t I just rip this function out of WinHasher and wrap a program around it to let the computer do all the work for me?” And that’s exactly what I did. I’ve been using Cryptnos to generate and “store” my passwords for months now and I finally decided it was stable enough to release it to the world at large.
Oh, and the name? Um, well, I wanted a better one, but that’s the only thing I could find that sounded “passwordy” that didn’t have a lot of hits on Google.
Wow! A non-Twitter digest post! Amazing!
This is a quickie to let you guys now I’ve just released WinHasher 1.6. This is a minor release containing a few cosmetic and minor functional changes, so there’s no need to upgrade unless the features or bug fixes listed below seem worth the effort.
For those who don’t know, WinHasher is a cryptographic hash generator for Microsoft .NET. It is roughly analogous to digest programs on other platforms (such as “openssl dgst” from OpenSSL) but designed for Windows and other .NET platforms. It lets you verify the integrity of downloads and determine whether changes have been made to files. It does NOT guarantee the authenticity of a file; for that, use cryptographic signatures such those produced by PGP or GnuPG. It also lets you create hashes of arbitrary text, which is handy for generating strong “passwords”, although I’m working on a different project that will do a much better job of this particular task. [Looks around shifty-eyed.]
There’s an interesting trend in webcomics for a push onto mobile devices. I think it started with Clickwheel.com (which apparently no longer exists, hence no link), which tried to bring comics to the iPod by encoding them as short video files syndicated like a podcast. I thought this was an interesting idea, and I was even offered an opportunity to get into it on the ground flood, right when it started. However, I had a number of technical and rights management questions about the service and dragged my feet, eventually losing out on the deal and never following up on it. Given that the domain is now owned by a Norwegian ISP that apparently serves up malware, I’d say apathy may have been the right choice.
Nowadays the hot new distribution medium is to put an app on the (seemingly) ubiquitous iPhone (or its GSM-crippled sibling, the iPod Touch). Keenspot was the first place I remember seeing webcomic iPhone apps showing up, although I can’t say for certain that they started the trend. Since then, I’ve seen iPhone apps for various comics popping up here and there. The one I’ve been watching the closest has been Howard Tayler’s Schlock Mercenary (since Howard and I follow each other on Twitter and Facebook). It’s a curious trend to be certain, and it certainly has an element of “hipness” to it. After all, the iPhone is the “it” mobile device these days. And one thing every webcartoonist wants is more eyeballs reading their comics. Certainly it makes sense to go where those eyeballs are, to reach as many potential readers as possible.
Then a thought occurred to me: No one has really asked me why there’s no GPF iPhone app. Certainly it’s a valid question, and I’m even more surprised it hasn’t been brought up yet. I know a number of you out there use iPhones, as I’ve read your comments and seen your screen shots of the GPF site in the past. So I thought about this for a while and came up with a list of reasons why we don’t have an app, then decided to document those reasons here so I can point folks to one place so I won’t have to repeat myself. I thought about putting this in the GPF News, but since it’s more of an opinion piece than a news item, it probably belongs here instead. (There will probably be links from the FAQ eventually, if nothing else.)
The primary reason there is no dedicated GPF app for the iPhone will surely come as a shock to those out there who can’t get enough of their favorite beloved Apple device. I’ve never been one for great diplomacy or delicacy, so I’m afraid I can only be my blunt, bullish, blundering self. I really hate to say this, but it has to be said:
The iPhone isn’t the last word in mobile computing.
Now, before the fan boys start picking up your torches and pitchforks, let me elaborate. I have nothing against the iPhone. In fact, at one point, I seriously considered getting one. The GPF Year Nine story “iDilemma” is actually semi-autobiographical. (GPF Premium subscribers should check out the Author’s Notes for that story to see how it diverges from real life.) In the end, it all boiled down to economics, just as it did for Nick and Ki; it was less expensive for me to buy my current Treo 700p without subsidy than for me to break my contract with my current carrier, switch to AT&T, buy the iPhone plus another phone for my wife, and so on. While I passed on the device itself, several of my coworkers at my day job have iPhones, so I can pretty much get access to one to play with any time I wish. Thus I’m familiar enough with how it works and all the whiz-bang spiffiness it purports to have. I know a thing or two about what it does right, what it does wrong, and how it’s revolutionized the mobile computing or “smartphone” industry.
That said, the iPhone’s 30+ million units pales in comparison to the number of BlackBerry devices in circulation. The iPhone represents one device, one platform, on one network. BlackBerries are available in many form factors from almost every wireless carrier. On top of that, Android is a rapidly-growing platform; while it hasn’t yet matched the numbers of the iPhone, like the BlackBerry it comes in many flavors from many manufacturers and can be found on almost every network. It won’t be long before Android phones overtake iPhones in number by mere aggregation of disparate devices. And while some folks dismiss Palm as a has-been in the market, the Pre and the Pixi are selling modestly and may represent a comeback for the company. (Don’t forget the many of us who, ahem, still use good ol’ Palm OS, myself included, despite its age.) No matter how much we’d all wish it just went away, Windows Mobile still exists and people are still suckered into buying phones with it installed. And all of this ignores the biggest player of all in the field: Symbian, which runs about half of all mobile phones in the world.
Right there, I’ve listed off seven mobile platforms, including the iPhone. To pick one would severely limit the potential to reach new customers. To pick one with such a small market share (~14% as of Q2 2009) would be even more limiting. If my goal were to reach as many eyeballs as possible, why would I focus on one tiny segment of the market, simply because it’s the one everyone is talking about at the moment? After all, everyone might be talking about something else in a couple months.
Of course, this plethora of platforms opens up another can of worms. My goal with GPF has always been to be as accessible as possible to as many people as possible. Although the comic is (currently) confined to the English speaking world, it is available to just about anyone with a Web browser. I carefully designed the site to be as cross-browser compatible as possible, sometimes even sticking with older technologies longer than I should so the site will keep working in older browsers. If nothing else, it degrades gracefully and is still functional if you don’t have something top of the line. For that matter, thanks t0 our Oh No Robot transcriptions, you can even read 95+% of the archives with a text browser! That also means screen readers for the visually impaired can be used to enjoy the strip. It’s not ideal, of course, but it’s functional, and it’s helped us garner fans in ways you might not expect.
And the answer, my friend, is the same as it is the desktop: the Web browser.
What piece of software do all the nifty little gadgets listed above have in common? A Web browser, of course. Some make it the core of everything the device does, like in webOS and to some extent the iPhone. To others, it’s just another app available among many. But even the most rudimentary phones have simple browsers these days, enough to grab small snippets of HTML and display it competently. Even my Treo, which most iPhone users would likely scoff at, allows me to do the odd bit of online banking, news reading, and forum checking. While no single mobile platform is ubiquitous, the Web browser itself comes alarmingly close.
So I’m happy to announce the creation of GPF Mobile, the official mobile-optimized version of the GPF site. There’s nothing special to learn or type in; just visit the main GPF site at the usual URL and it will detect your mobile device and bounce it to the mobile site seamlessly. With the exception of one or two multimedia-rich updates, you can read the entire comic archive, browse the News archive, read the forum, or search the wiki. If you are a Premium subscriber, you can do all of this ad free, as well as get mobile access to the Jeff’s Sketchbook and Rumor Mill archives. The entire mobile site is specially optimized to minimize clutter and trim bandwidth, so it loads fast and doesn’t break your data plan. But if you have a smartphone with a bit more horsepower and a fatter pipe, switching to the “full” site is as simple as a few extra clicks. Just use our site to set a cookie (and you choose its duration) and have access to the full size for as long as you choose. I’ve been using the mobile site myself for months now, especially to keep track of the forum while I’m on the road, and it’s been beta-tested by a number of hand-picked Faulties. It’s not necessarily pretty (in fact, it’s downright Spartan), but it does let you get your GPF fix on the go.
Best of all, it works with BlackBerries, Android, webOS, Palm OS, Symbian, Windows Mobile, and… yes, folks, wait for it… the iPhone. I guarantee that bookmark will take up less valuable storage space than some bloated, unnecessary “app”.
Recently, our family took a long, hard look at some stock options my wife had been sitting on for a while and discovered that, even in the current questionable economic client, these options were looking pretty good. Well, a bit better than just “pretty good”. How about we say, “even after taxes, ‘pretty good’ still looks like an understatement”. After agonizing for a while over whether we should pull them all now or wait for the chance for the stock to go up even further, we decided to pull the trigger and take them all at once. After immediately moving the money to the savings account (where it will earn the most interest while still remaining liquid), we sat down and rationed how to slice up our piping hot and fresh money pie. Healthy chunks have or will go into numerous investments, of course, including the boy’s college fund and both long and short-term investments with decent returns. But we also wanted to keep some of that for ourselves, just to have a little fun. We’re planning on getting Ben a nice play set next spring or summer, and earmarked some to buy a few “toys” for ourselves.
The biggest “toys” are a new 55″ (139.7 cm for you metric-heads) LED LCD high-definition television, wall mounted, and a Blu-ray capable home theater system. Let me tell you folks, I was one of those people skeptical of the “high definition” craze when I had no basis of comparison. But after watching good ol’ standard DVDs on this thing and comparing them to what we got on our old 57″ (144.78 cm) projection TV, the difference is amazing. And that’s with “standard” definition DVDs! I think we still haven’t played an actual Blu-ray disc in this thing yet. And while surround sound is generally relegated to a gimmick in my book, I will admit that at times it’s a pretty good gimmick. I only wish now I actually had time to watch anything.
But none of that is the point of this post.
Rather, this is about the unilateral proliferation of the ubiquitous remote control. You know what I’m talking about. Every A/V device comes with one, and no matter what the manual tells you, you can try to program it to control your other devices, but you inevitably can’t. Either one device partially works but the rest don’t, or there’s one or two critical buttons that you absolutely need that never get mapped, or your device x from manufacturer y is not supported by the remote for device a from manufacturer b. So you end up with three or more remote controls sitting on the arm of your couch, each dedicated to one device and only halfheartedly supporting one or more others, if you’re lucky. You might be able to use the DVD player remote to turn on the TV and control the volume, but you have to switch back to the TV remote to get the aspect ratio right or switch the input mode.
Our recent purchase made our ever-breeding collection of remotes even worse. We were fortunate enough that the Tivo remote fully replaced the cable box remote (since the Tivo controls the cable box anyway), but now we were stuck with the Tivo, the TV, the home theater, and the old five-disc DVD player (kept in the loop mostly for its multi-disc capacity), all leaving remotes on the couch. (After about ten seconds of thought, we opted to retire the old VCR completely, eliminating a potential fifth remote.) Turning things on or switching activities required the “remote shuffle”, switching from one device to another to get everything just right. Worst of all, many times there were only a handful of buttons on each remote that were really needed for everyday use, meaning a lot of space, plastic, and silicon was being wasted.
Like any good geek, I thought that there had to be a better way. Larry Wall‘s first and second virtues of a great programmer are laziness and impatience, and I have both in spades. (Hubris, the third virtue, is something I struggle with as I have a chronic case of humility.) If only there were a way for me to consolidate all those useless logs into one, a single device that would let me push a single button and have everything just do what it needed to do: turn on what needed to be on and only those devices, put the TV and home theater on the right inputs, adjust settings for a device for one activity and then again when the activity changes, and make sure everything gets turned off when we’re heading out the door. I wanted something “scriptable”, something that with one button press would send off a chain of commands and “just do it”. Yes, there are “universal” remotes with macro languages out there that you can program to do just that. But I’m lazy (virtue #1); I wouldn’t mind a good starting point where most of the work is already done, and I don’t want to exert any more effort that I have to to make everything “just right”.
If you hadn’t guessed, we eventually purchased a Logitech Harmony remote, a Harmony One to be exact. For those whose definition of a “universal remote” consists of a $25-50 cheap plastic brick you can pick up at any drug store that “learns” by you pressing buttons on the old remote while pointing it at the new one, the Harmony line might seem like overkill. With prices starting around $100 and skyrocketing from there, Harmony remotes aren’t cheap. But for the premium price you get a ton of premium features that quickly make you wonder why you ever put up with the remote shuffle in the first place.
Harmony remotes are driven primarily by a single online database of devices. Using the Harmony software, you enter all the model numbers and it will look them up in the database, returning a pretty good mapping for all their remote keys. The database is pretty extensive, with tens of thousands of devices from thousands of manufacturers. Even our brand new TV (just released when we purchased it according to the manufacturer’s website) and home theater (which still doesn’t show up on their website) were there, ready to go. Best of all, all of the Harmony remotes share the same database, so the cheapest of the line can control the exact same devices as the most expensive. Of course, sometimes the database entries are inaccurate or incomplete since they are often populated by other users. However, Harmony remotes can learn just like the cheap URs can. I’ve been able to add a number of buttons from our home theater remote that were missed in the database import, and hopefully others will be able to share that effort.
To control your devices, Harmony uses an “activity” based process that may take a little bit of getting used to. You first need to decide what activities you plan to perform with your devices, such as “watch TV”, “watch DVD”, “play a game console”, etc. Once you have this list, you select what devices are needed for each activity and either let the software map the buttons for you or manually map them yourself. For example, our “watch TV” activity involves the TV, home theater (f0r audio), and Tivo box (which controls the cable). Many of the buttons on the remote map to the Tivo’s controls, so that’s how we switch channels, control video flow, etc. The volume and mute buttons are mapped to the home theater (the TV speakers are turned off). For the Harmony One, old remote buttons that don’t have an easy mapping (like the infamous Tivo “thumbs up” and “thumbs down” buttons) are mapped to “soft buttons” on an LCD touch screen; cheaper Harmony remotes have a simpler text LCD with hard buttons next to each option. Default mappings are easy enough to modify with the Harmony software. When the activity is started, all the relevant devices are turned on if necessary and are switched to whatever inputs and settings you specify. While you remain in that activity, the buttons remain mapped to where you set them. At any time you can switch to a “device mode” that controls a single device exclusively, mapping all the buttons to control that once device. Once you’re done with taht, you can simply switch back to activity mode to restore the activity mappings. When you finish the activity or switch to a different one, devices are turned off and reconfigured as necessary to fit the new role and your button mappings change as appropriate. Hitting the “power” button doesn’t technically turn everything off, but rather ends the current activity and turns off all the devices currently in use… which is often the same thing.
The Harmony is not without its quirks, of course. As previously mentioned, the database isn’t always accurate and most likely you’ll need to learn a few commands and remap a few keys. This is simple enough and just requires a few minutes button pressing and a sync with your computer. Initial setup isn’t for the faint of heart, so non-techies may want their favorite tech-savvy relative set things up for them at first. After that, though, using the remote can be very intuitive if your key mappings are set up correctly. Although technically not the Harmony’s fault, some devices still require you to tweak things after an activity has started. For example, our TV does not provide a direct way to specify the aspect ratio (i.e. you have to cycle through the options by repeatedly pressing a single button), so that can’t be scripted as part of the activity. However, it’s easy enough to map the TV aspect ratio button to a soft button in any activity, making that function readily available at all times. It obviously can’t control hardware switches—for example, our five-disc DVD and the Wii share the same component video input on the TV, so a small splitter box combines both streams into one—so you may still have to walk up and flip a switch every now and then. And while it often does a good enough job of it, the remote occasionally forgets what state a certain device is in and turns it off when it’s supposed to be turning it on. That, however, is simple enough to fix using an integrated help function. (You can’t just go in and turn the device back on in device mode, though; you have to use the help so the device state manager knows that the device is supposed to be on.)
So now we have a single remote controlling, either directly or indirectly, five A/V devices. We’ve only pulled out the old remotes once or twice, primarily to learn the missing keys and add them to the Harmony database. We feel more confident that we can hand this remote to one of our less tech-savvy relatives and not come back with infinite picture-in-picture nesting going on and with all the colors shifted blue. I definitely think this thing was a worth-while purchase for us, and I’d heartily recommend it for anyone tired of doing the remote shuffle.
(I should add the disclaimer, of course, that I was not paid for this “endorsement”, nor was I given any promotions, samples, or “freebies” in return for a favorable review. No, I’m just a happy customer who paid full price for a nifty device that I really enjoy and I want to share that enjoyment with others. Make of that claim anything you see fit.)
Sorry again for the long dry spell. As hinted at in the latest GPF News post, things have been hectic in the Darlington household these past few months, with tons of minute issues slowly chipping away at the overall allotment of free time. The good news for GPF fans, though, is that I should have a good month’s worth of comics in the buffer when the comic restarts on January 5th, and with the holidays behind us I should be able to concentrate more on getting things done and on time.
In the tradition of last year’s “Christmas loot” post, I thought I’d post some of the awesome things I received as gifts this year. I know some people might look at this as a bit of bragging—and I can see how it can be read that way—but it’s really not. It’s an honest, geeky desire to share some of the exciting things my friends and family blessed me with out of love and happiness. If you want to read bragging into this, well, that’s your choice and you’re free to ignore this post. Otherwise, let me squeal with geeky glee as I delineate some of the cool things I was blessed to receive from people I love.
I’ll start off with a note to the folks: I know some of my family reads this blog, so don’t be offended if I didn’t mention something in particular that you got me. It’s not that it wasn’t memorable or that I didn’t like it; it’s because you know I have the memory of a sieve and I didn’t take copious notes after each present was opened. Since I’m composing this away from where the presents are stashed, I’m doing everything from memory. I also spent most of my time during the present opening ceremonies assembling and subsequently helping Ben play with his new toys, so there were lots of interruptions. So here’s my apologies in advance and don’t forget that blog posts can thankfully be edited.
My favorite gift, by far, is the one given to me by my wife. (Well, she signed Ben’s name on the tag, but I know he has neither the budget nor expertise to have picked it out himself. Just remember that if you read this years later, my son.) She got me a Nikon D60 digital SLR camera. As I previously Tweeted, “It’s like giving a 16-year-old with a beat-up ’85 Civic the keys to a sports car.” 10.2 megapixels, “real” lenses, tons of preset and manual options… it may technically be a “prosumer” or low-end professional camera, but it’s definitely the best I’ve ever had.
I’ve always wanted to learn more about photography, but have had neither the time nor capital to really invest in more than casual picture taking. We’ve had a succession of digital cameras over the years, all of which have served us very well (the Shows & Cons subsite is loaded with the results). However, they’ve all been relatively cheap, low-end models geared for amateur consumers. Our previous family camera was a nice little Olympus that only topped out at three megapixels and still used SmartMedia cards. Do you have any idea how hard those things are to find these days? While still functional, it was definitely showing its age. However, like many consumer cameras, it did all the automagic focus and lighting settings, making it a simple point-and-shoot device. This new Nikon can do point-and-shoot well, but it has enough manual options to make it a good learning platform for a curious amateur to graduate to a serious hobbyist. Now my biggest problem is finding time to actually play with it…. 😀
As an ironic side note, as I mentioned in the previous “Christmas loot” post, my wife’s birthday is also in December, and guess what I got her? That’s right, a new camera. Her’s is admittedly not as nice, but it is exactly what she wanted: a small little point-and-shooter that she can tuck away in her purse for those spur-of-the-moment photo ops where lugging the old Olympus around (and, for that matter, my new Nikon) would be inconvenient. As she so succinctly put it, “Who knew we were going to have such a photogenic holiday?”
Other items of note:
So, what did Santa leave in your stocking this year? 😉
So ICANN, the organization that oversees the doling out of domain names on the Internet, has approved the relaxation of the rules for top-level domains (TLDs) to allow for arbitrary TLDs for whoever has the money and technical capability to grab it. If things go according to plan, by the middle of next year you may be able to just type into your browser something like
http://search.google/ rather than
http://www.google.com/, or perhaps you’d rather
http://drive.ford/ or even
To quote virtually ever character in the Star Wars universe, I have a bad feeling about this.
I am so sitting on the fence on this one. My initial gut reaction is this can’t be a good thing. I know far too many non-techies who are confused by Internet addressing as it is, so let’s confuse them some more by adding even more things for them to figure out. JD Fraizer over at User Friendly hit the nail on the head; anyone who has ever used Usenet is probably rolling their eyes a lot more lately. The potential for cybersquatting and trademark dilution is enormous. ICANN insists that an “objection-based mechanism” will be in place to prevent such things, but how much red tape (and legal dollars) will someone have to go through to protect their brand? Every day that a squatter sits on a domain equates to valuable time, money, and reputation that can be lost, something big corporations may be able to wait out but little guys like me can’t afford. It’s been hard enough right now for me to keep up with all the variants of
gpf-comics.something out there. And let’s not get into the discussion of what “offensive” TLDs creative individuals might come up with….
Of course, it’s not like I’m going to be registering
.gpf anytime soon anyway. I suppose that’s one thing ICANN did right: to create your own TLD, you’ll need a truck load of money first. The CBC is reporting an estimated $100,000 per TLD—I have no idea if that’s Canadian dollars or not—but ICANN only says for now that “fee information is not yet available”. Ordinary domain names are dirt cheap nowadays, which is a blessing to small-time operators like me but a curse in that squatters with cash to burn can snap up thousands at a time and hold them for ransom. At least starting a new TLD will take capital, making it a serious investment. It will also be quite a technical undertaking; owning a TLD also means you have to build the infrastructure support it. So if Google were to grab
But then it occurred to me… how awesome would it be if all your favorite comics or comic-related sites could found at “something dot comics”?
Imagine if you will that some philanthropic comics creator/reader with a hundred grand in “mad money” under his bed were to snatch up
.comics and register that with ICANN. Being philanthropic, this individual would charge a minimal fee to register a domain there, just enough to cover operational costs and maybe make a modest living in the process, aggregated out to anticipated demand (of which I’m sure there’d be plenty). There would be only one additional requirement for application beyond the current standard (ethical) process: the domain must be used for a site publishing, promoting, or discussing comics in some way, shape, or form. Consideration for approval would require proof of content, such as a preview development site, previously published work, portfolios, etc.—just enough to prove the site really will be used for something comic-related. Individual titles would be encouraged to register at the root level (
x-men.comics) while companies would register their names (
keenspot.comics) and potentially use sub-domains for their own titles (
x-men.marvel.comics). Our hypothetical philanthropic registrar would also be fair and balanced as to not let big conglomerates dominate the little guys. Disputes over domains would come down to traditional copyright and trademark resolutions, requiring proof of prior art, etc.
Wouldn’t that be just grand?
Of course, what will really happen will be that some big company will come along and buy up
.comics with far more misanthropic intentions (and we know such an obvious TLD wouldn’t sit dormant for long). They’d either squirrel it away selfishly for promoting their own works and no one else’s, or they’ll charge such an exorbitant “premium” price for registrations that only big publishing houses like DC, Marvel, etc. will be able to afford it, shutting out the little independents and webcomics. Even if they price it fairly and keep it open, I’d bet it would get so swamped with squatters that the novelty of the whole TLD would become as diluted
.info is today. Maybe it’s just that I’m pessimistic… or that I’ve been annoyed for so long that some jerk had been holding
gpf-comics.org hostage for years… but I just don’t see this turning into as promising a possibility as I think it could be.
Oh, well. I’ve been waiting for
gpf.com for nearly a decade now. I guess I can just add
gpf.comics to the list. Wishful thinking….
Sorry for the dry spell, all. With the holidays I’ve been largely offline with the exception of keeping up with my daily webcomic reading and uploading new comics into the queue. (Yay!) I hope everyone had a happy holiday, no matter what holiday(s) you celebrate, and I wish everyone a slightly premature Happy New Year (or, if you celebrate Chinese New Year, either a very belated one or a slightly advance one).
Firstly, in case you haven’t seen it or don’t subscribe to the RSS feed, make sure to check out the latest GPF News post. Some important updates are mentioned there. I’ll expound upon one of those in a separate post here.
I thought I’d share with you my list of “geeky Christmas loot” for this year. I don’t do it to brag, but more just to share. I always like hearing about other’s newest geek toys, and I love sharing the same with others. So maybe if I share about some of my new playthings, others will chime in and share as well.
Perhaps my favorite gift this year was not one that I received, but one that I gave, and technically it wasn’t even a Christmas gift. My wife (“kmd” on the forum) has a birthday in December, and I always try to make it special for her. Being a December baby can be tough as many people either buy you one slightly larger gift to cover both the birthday and Christmas or worse, completely overlook your birthday altogether. So I try to make her birthday extra special, take her out to a nice dinner, and just give her as best a day as I can. This year, I gave her one of the brand new third-generation iPod Nanos. One of things that made this special is that it appeals to her geek side; she too is a programmer, and sometimes I know she feels “overshadowed” by me in all things tech among folks who know both of us. It’s also significant because most of her geeky gadgets are my hand-me-downs; when I get something new (like a new Palm), she usually ends up getting the old one. So now she has a brand-new geek toy all her own, as well has her entire “Weird Al” Yankovic collection in her pocket wherever she goes. (I also got her the one “Weird Al” album she didn’t have on CD, so now she has his entire discography in digital form.)
As for me, my geek gifts were numerous and plenty. My parents had a definite Doctor Who theme: I got the third series of the new Doctor Who; the transition between two of my old-time favorite Doctors, Tom Baker and Peter Davison; a Tardis 4-port USB hub; and a “You Never Forget Your First Doctor” T-shirt. There were several other DVDs amongst the list, including one of Pixar short films. My wife surprised me with a terabyte(!) external USB hard drive (because you can never have enough disk space).
But probably the credit for the most unexpected and most played-with gift this year has to go to my sister-in-law and her husband. For now I’m suffering from an affliction I only heard about while growing up: Nintendo thumb. I am now an owner of a Nintendo Wii.
Well, I guess I’m having less problems with “Nintendo thumb” as I am with “Wii shoulder”. I’ve suffered tendinitis in my left thumb for quite a while now (it kept me from drawing for an entire month back in 2002) and I actually think the workout it’s been getting from the Wii has been somewhat therapeutic. But several hours of Wii Sports, especially bowling and baseball, had me running for the pain relievers the next day. Man, am I getting old. I’m doing better now, though. I never had a popular gaming console while growing up (or an unpopular one, for the matter); while most of my friends were playing with their ColecoVisions, Intellivisions, or NESes(eseses), I was hacking away in BASIC on my Tandy CoCo. (Gee, that didn’t date me at all, did it?) So this this was an entirely new experience for me. We quickly ran out and purchased a second controller (“wiimote”) and “nunchuk” and added a game or two to the ones that accompanied the system as separate gifts. The system has been loads of fun, although I must admit I’ve done far less comicking this past week than I had hoped.
So… what nifty geek trinkets did you get/give this holiday? And do you have any suggestions for utterly awesome kick-butt Wii games that I supposedly must absolutely, positively have or my life will be incomplete? Dump core below.