I still own and use Apple’s first iPod Shuffle (the long, white one that holds 240 songs or a gigabyte of data). I find it extremely convenient for shuffling files (not music) between machines, especially if there’s no network available or the data is too big for email. I thought at the time that for $99, they were tantalizingly close to the give-away-the-device price-point, where you would, for example, buy a music album that came on the iPod Shuffle, not on CD.

More interestingly, non-music-playing memory sticks that sold for $30 or $40 a few years ago were likewise almost at the throw-away-device stage: toss some data on it, flip it to the recipient, and walk away. No need to get the device back. But the price would have to drop to under $10 to make that truly viable.

I wouldn’t be writing this if it hadn’t happened.

Sure, you can buy a 1GB Kingston Data Traveler for $11, or the 2GB version for $20, but they’ve been outdone.

A co-worker has been making the rounds, showing off his latest cool gadget: a tiny USB memory stick, capable of storing 2GB of data. The Kingmax Super Stick is literally smaller than a paperclip, consisting of just the USB connector and the memory chip. And it’s only $18.

The 1GB version? $9.

Nine bucks for a gigabyte of data, in a tiny, begging-to-be-tossed-in-the-wash device.

I’ve been enamored of the concept of disposable storage devices ever since I read my first cyberpunk novels some 15-plus years ago, in particular the Shadowrun series of novels (especially the ones by the late Nigel Findley).

The stories were filled with shadowy underground operatives working the Matrix (think body-modded hackers on a future Internet). Payment for services rendered wasn’t cash (that was illegal) or credit cards (that left a data trail), but small, disposable devices keyed with a set amount of money. The recipient plugged the device into a system, punched a few keys, and his bank account grew appropriately.

With these miniscule drives steadily shrinking in size and price for the last few years, I’ve been impatiently waiting for the day when disposable storage devices became a reality, and now that they’re here, I’m breathlessly waiting for someone to create a way for me to “pay” someone by giving them a coded memory stick.

Anyone want to make this a reality?

---

Note: Good luck finding copies of these books. They’re 15 years old, and an intersection of a sub-genre of a sub-genre of sci-fi and role-playing games. They didn’t have huge sales even in their heyday. If you’d really like to read one or two of these, Amazon sellers have (mostly used) copies. Your local well-stocked library may also do you well. There are also a couple of newer story-lines (e.g. Shadowrun Book #1: Born to Run), sort of a reboot of the series, if you will, but I haven’t read any of them.)

Media Rights Technologies and BlueBeat.com Issue Cease and Desist to Microsoft, Apple, Adobe and Real Networks ¹

The Digital Millennium Copyright Act (DMCA) was signed into law by President Clinton in 1998 to disseminate and protect the arts in the digital age.

We just heard about this “DMCA” thing today, and thought we’d see if it could make us money.

It makes illegal and prohibits the manufacture of any product or technology that is designed for the purpose of circumventing a technological measure which effectively controls access to a copyrighted work or which protects the rights of copyright owners.

Don’t make stuff that only exists to steal stuff. That’s wrong.

Under the DMCA, mere avoidance of an effective copyright protection solution is a violation of the act.

If you don’t stop the crime, we’ll make you do the time.

MRT and BlueBeat have developed a technological measure which effectively controls access to copyrighted material.

Wait a minute! We make “effective” copyright protection solutions. A loophole! A loophole!

That product, the X1 SeCure Recording Control,

We love unNecessary inTercaps.

has been tested by the industry’s standards bodies, the RIAA and IFPI, and has been proven effective against stream ripping, while protecting privacy and limiting infringement liability for users, distributors and academic institutions.

The people who sue children like us. What more can you ask for?

It has been designed for rapid deployment on a reasonable and non-discriminatory (RAND) basis.

Anyone can use it, it’s cheap. Prices so low, we’re practically giving it away.

Therefore, Media Rights Technologies (MRT) and BlueBeat.com have issued cease and desist letters to Microsoft, Adobe, Real Networks and Apple with respect to the production or sale of such products as the Vista OS, Adobe Flash Player, Real Player, Apple iTunes and iPod.

No one wants to buy our stuff. Maybe legal departments of billion dollar companies are easier to contact than their procurement departments?

MRT asserts Apple, Microsoft, Real and Adobe have produced billions of these products without regard for the DMCA or the rights of American Intellectual Property owners, actively avoiding the use of MRT’s technologies.

Next up: we’re suing car drivers for using generic gas rather than Chevron with Techron. Don’t you care about protecting your car’s engine?

Failure to comply with this demand could result in a federal court injunction to any of the above named parties to cease production or sale of their products and/or the imposition of statutory damages of at least $200 to $2500 for each product distributed or sold.

Nice business you got there. Be a shame if something happened to it.

“Together these four companies are responsible for 98 percent of the media players in the marketplace; CNN, NPR, Clear Channel, MySpace Yahoo and YouTube all use these infringing devices to distribute copyrighted works,” states MRT CEO Hank Risan.

We’re not after the gold diggers, we’re after the pick-axe makers. Same reason to rob banks.

“We will hold the responsible parties accountable. The time of suing John Doe is over.”

They don’t have any money anyway.

---

1. With apologies to John Gruber ↩

Technorati Tags: Adobe, Apple, DMCA, Legal, Media Rights Technologies, Microsoft, PR-Speak

With a title like that, you almost have to click through to read it. I did a few weeks ago when it came across my newsreader, and ended up on the website of Tim Ferris, where he was talking about his forthcoming book The 4-Hour Workweek, subtitled “Escape 9-5, Live Anywhere, and Join the New Rich”.

I ended up spending about 30 minutes trawling through his website, intrigued if suspicious. One of a million people selling “lifestyle redesign”. Work less, make more. Blah blah blah. Heard it all before.

But he had an interesting take on things. He gave an example of “outsourcing” your life to, say, someone in India working as your personal assistant. Bills, research, difficult phone calls to your cable provider. All for maybe $5 an hour.

Perhaps you then choose to live in an inexpensive part of the world, maybe Buenos Aires, and generate income in the U.S. So you’re making American dollars, paying Indian wages and Argentinean expenses. A true “global economy”.

Hey, that sounds kind of fun!

I’ve mentioned this book to a couple of friends in conversation. E thinks it’s hokum; he likes living in the Bay Area, for example, and doesn’t mind spending 20 minutes paying his bills. Others are likewise intrigued but believe it’s just another get-rich-without-trying scheme.

They may be right. I just added the book to my Amazon cart, so I suppose I’ll be finding out myself shortly. I’ll report back….

It’s 6:48pm and I (and my entire complex, and, it seems, much of the area) am without electricity. I have a couple of battery backups, and I have my Airport Extreme and DSL modem plugged into one of them. I’m posting this from my trusty MacBook.

Power has been gone for about 25 minutes now, and PG&E have indicated they “know” about the problem. They expect to have power back “between 6:15pm and 8:30pm”. We shall see….

I lost power twice in the span of twenty minutes, earlier today, each time under a minute. Enough to shut down my TiVos rather rudely. I hope the drives don’t get corrupted.

I have a fair amount of food in the fridge, so I’d rather not be without power for too long. I’m chatting with my friend JS in New York as this happens, and she mentioned that ConEd in NY paid for the loss of her food and any damaged appliances, but I doubt PG&E would do the same. Something to investigate, should it become necessary.

In the mean time, I’ve flipped all the switches in the fuse box to protect my stuff in case of a power surge when electricity finally comes back.

Update, 7:15pm: Power delayed. Automated call from PG&E stating power is estimated to return between 8pm and 10pm. Sigh.

Update, 8:10pm: Power restored. Automated call from P&E informs me power has been restored. Unfortunately, I’m out looking for dinner. I had to hand-open my garage to get my car out. Funny how much stuff around us stops working without electricity.

Update, 8:30pm: Finally back at the house. Lights are on across the complex. Whew. Off to flip the circuit breakers, power on the servers, and post this.

One of the few issues of getting a Nintendo Wii, especially in the early days of our Wiinfatuation, was the constant changing of the remote’s pair of AA batteries. For a while it seemed like we went through a two or three pairs a month. I thought of buying a set of rechargeable AAs, but still didn’t relish the idea of swapping out batteries every few weeks to recharge them.

So I was thrilled when I learned that a company called Nyko was stepping up and making a rechargeable battery pack and charging station. No need to swap batteries, just stand the remotes on the station and boom! automatic recharging.

Unfortunately, when I read about it, the product was still months from being released. When my buddy THW noted a few weeks ago that it was available at Fry’s, I kept an eye out for them, visiting various Fry’s and Best Buys, without success, until last night, when I found myself killing time at the Palo Alto Fry’s.

At only $30 for the ability to charge two remotes, and save untold amounts of money (and landfill space) going through batteries, buying a set was a no-brainer. Most of THW’s points from his report stand for me, except I find the handling of the wrist straps on the remotes to be poorly thought out: if there’s a groove for them, they are not obvious on my system, and having to put them just right to charge the remotes was a tad annoying. Having the lights though does make it less frustrating than it would otherwise be, and no doubt I’ll get used to finessing them.

At four AA batteries per pair, and eight batteries a month, I figure I’m saving close to $100 and 100 batteries a year. A win-win for my wallet and the environment.

My new concern? Running down the battery charge in the middle of a marathon game of Wii tennis, and not having extra batteries….

Technorati Tags: Games, Nyko, Nintendo, Wii

Today Apple posted another Steve Jobs essay, this one about how Apple strives to create products that are environmentally friendly. Apple has been getting beat up in the press about the Mac and iPod maker’s supposedly poor environmental policies, thanks in great part to Greenpeace’s campaign against the company.

In his essay, Jobs notes that

It is generally not Apple’s policy to trumpet our plans for the future; we tend to talk about the things we have just accomplished. Unfortunately this policy has left our customers, shareholders, employees and the industry in the dark about Apple’s desires and plans to become greener. Our stakeholders deserve and expect more from us, and they’re right to do so. They want us to be a leader in this area, just as we are in the other areas of our business. So today we’re changing our policy. (Emphasis mine.)

Anyone with a grade-schooler’s reading comprehension will see that “today we’re changing our policy” is in reference to Apple policy not to “trumpet our plans for the future”.

So what does Greenpeace do? They post a headline on their Green My Apple site that says “Breaking News: Steve Jobs” announces change in policy”, and an essay of their own:

Today we saw something we’ve all been waiting for: the words “A Greener Apple” on the front page of Apple’s site, with a message from Steve Jobs saying, “Today we’re changing our policy.”

You’re the consumers of Apple’s products, and you‘ve proven you make a real difference. You convinced one of the world’s most cutting edge companies to peel the toxic ingredients out of the products they sell.

They’ve deliberately taken out of context Jobs’ comment about policy change, and state that this change” is about eliminating “toxic ingredients”.

How lame.

That’s not all, though. In their opening paragraphs they also say

Apple has declared a phase out of the worst chemicals in its product range, Brominated Fire Retardants (BFRs) and Polyvinyl Chloride (PVC) by 2008. That beats Dell and other computer manufacturer’s pledge to phase them out by 2009. Way to go Steve!

Factually accurate, but purposefully misleading. Reading this, you might draw the conclusion that Apple said “we’re changing our policy to eliminate BFRs and PVC by 2008”. In fact, what Apple said was

Apple began phasing out PVC twelve years ago and began restricting BFRs in 2001.

[…]

Today, we’ve successfully eliminated the largest applications of PVC and BFRs in our products, and we’re close to eliminating these chemicals altogether. For example, more than three million iPods have already shipped with a BFR-free laminate on their logic boards.

[…]

Apple plans to completely eliminate the use of PVC and BFRs in its products by the end of 2008.

[…]

Apple’s plastic enclosure parts have been bromine-free since 2002.

Much different take, wouldn’t you say? Apple choose to “phase out… the worst chemicals in its product range” six years ago for BFRs, and twelve years ago for PVC! And while some computer manufactures still use BFR for some of their plastic enclosures (Jobs mentions Dell specifically), Apple completely eliminated BFRs from their plastic enclosures five years ago.

I’m disappointed in Greenpeace. While I applaud their efforts to reduce the environmental impact companies make, it’s unfair to use misleading tactics to accomplish this goal. Apple appears to be as green as—if not more so than—any of its competitors, and calling them out smacks of opportunism: Apple is a media darling, draws headlines, and has millions of famously loyal customers.

Using Apple as the poster child for the industry garners Greenpeace more interest than using Dell or Gateway. I find that a sleazy practice and wish Greenpeace would just fight fair.

Technorati Tags: Apple, Enviromentalism, Greenpeace, Steve Jobs

For the last year or so I’ve been trying to follow David Allen’s Getting Things Done methodology, with varying levels of success. One reason for the less-than-stellar progress is a lack of a “trusted system” into which all my projects, tasks and “next actions” go.

Sure, I carry around my trusty Moleskine notebook and a Tul pen everywhere to do the “ubiquitous capture” that’s so important in GTD, but transferring those captured ideas, reminders and notes into something permanent has ben missing. I need a system on my computer into which I stuff these written items, along with those I think of when I’m at my computer (most of the time).

I’ve tried a bunch of stuff. Kinkless GTD (kGTD), iGTD, Actiontastic, and on and on. Each has some killer feature and, more importantly, some fatal flaw.

Today I may have found my holy grail, and I’m ready to plunk down my credit card. Two problems: I haven’t used it and it’s not shipping yet.

So why am I ready to part with my plastic? Because I saw a video of it in use, and it does everything I want. From capturing information to making tasks into projects (“bake a cake” isn’t a single task, it’s a project with a series of tasks) to showing only the “next action” in a series of actions (I can’t “buy ingredients” until I “find a recipe”).

The application is OmniFocus, from The Omni Group, creators of OmniOutliner, one of the better outliners on the Mac, and other fine Mac-only apps. Kinkless GTD is based on OmniOutliner. It’s a bunch of AppleScripts that drive OmniOutliner in a GTD-like manner. It works, but it’s clunky: for example, you have to press a “sync” button whenever you make changes to your list of tasks.

Ethan Schoonover, the creator of kGTD, worked with The Omni Group to rework the kGTD idea into a real application, and the results, even in early alpha, had me slapping my hands and shouting in delight. I absolutely cannot wait to get my hands on the product and give it a spin.

Whether I’d become more organized is debatable, but I’d have one less excuse for it.

Technorati Tags: Actiontastic, Apple, GTD, iGTD, Macintosh, Moleskine, Tul, Omni Group, OmniFocus

Recently I moved Jasonian.net from the Mac behind my DSL line to a “real” webserver at Dreamhost. For some reason I don’t remember, this required me to make a change in Ecto, the tool I use to write and publish to Jasonian.net, and in doing so, I lost all the drafts of articles or ideas I’d written but not published.

Aarrgh!

I searched the Ecto forum and found many others complaining about lost drafts. The only solution presented was by the developer, suggesting we send him a pair of files and he’ll try to reconstruct the missing entries. Although appreciated, it didn’t sound promising.

Ecto had made a backup of the “working” file when it created the new file (thank goodness for small favors, it turns out). Simply renaming the file from “entrydata_backup.plist” to “entrydata.plist” didn’t work, even though when I opened the .plist file in BBEdit I could see all the drafts there. I decided to poke around the files a bit.

I tried copying an entry from the backup to the main file, and it didn’t show up. It took a couple of minutes of poking around but I eventually did notice that some of my draft entries were listed in one tag as

<<key>url</key> <string>http://jasonian.net/</string>

while others were listed as

<key>url</key>
<string>http://www.jasonian.net/</string>

Hm. Could a simple "www." make a difference? Yes! If I copied an entry to the main file with "www.jasonian.net", it didn't show up in Ecto, but did show up as "jasonian.net"! A few more minutes in BBEdit finding and replacing appropriate entries, and voila, all my drafts were back!

This method may not work universally, but if your drafts disappear, check to see if your url key is set to something other than what you expect.

Technorati Tags: Ecto, Mac OS X, Macintosh

MacLockPick is a $500 USB flash drive from SubRosaSoft. It claims to be

a valuable tool for law enforcement professionals to perform live forensics on Mac OS X systems…. with as little interaction or trace as possible.

You insert the USB drive into a Mac, run some software, and it will copy a bunch of sensitive information to the flash drive. Among the information copied:

• the user password of the logged in user
• passwords for encrypted disk images, iTunes music store and iChat login
• login and passwords for web sites, email accounts, online stores and .Mac accounts
• a list of all the key user folders, with their creation dates and date of the most recent access
• paths to files opened in the Preview application
• recent applications, documents and servers
• contacts stored in Address Book
• search terms from Safari’s Google search bar
• Safari bookmarks
• web cookies, which may include login information to secure sites
• web browsing history

Wow. That’s a phenomenal amount of sensitive information available. Is it possible that you can thwart such a device with two mouse-clicks?

The device “is not for sale to the general public” and anyone buying it must prove they “are a licensed law enforcement professional”. No word on what proof is required. (I got to the point in the order process where I was asked for my eBay payment information, without any request for some kind of proof.)

From what I can tell (there is understandably little detailed information on SubRosaSoft’s website), much of the application (all the password stuff) works by taking advantage of Mac OS X keychain’s default settings. You, Mr. or Ms. Mac user, have a “keychain” that stores all of your logins and passwords, and an application (called, intuitively enough, “Keychain Access”) to manage those items. You only have to remember one password (the keychain’s) instead of dozens or hundreds of individual ones, and application developers don’t have to write dozens or hundreds of different ways of storing secure information: they just use the keychain.

By default, when you log in, your default keychain is unlocked for you. It re-locks automatically after your computer’s been idle for some time. The keychain resets to the default “unlocked” setting when you wake your computer from sleep. This means if the keychain happened to be locked when you put your computer to sleep, it will, by default, be unlocked upon wake.

This is meant as a convenience to you: when you’re actively using your computer and an application needs a stored username or password, the application gets that information from the keychain without interrupting your work. When you’re not using the computer actively, the keychain is locked, protecting your secure information from casual attackers.

This convenience appears to be the vector SubRosaSoft uses for MacLockPick:

Once awakened a Mac will return its keychain access levels to the default state found when it was initially put to sleep. Suspects often (and usually) transport portable systems in this sleeping state.

If my assumption is correct (I’ve asked SubRosaSoft to confirm or deny this; I’ll let you know if I hear back), thwarting MacLockPick is as simple as checking two boxes in the Keychain Access (found in /Applications/Utilities):

You’ll find these checkboxes in Keychain Access under the Edit > Change Settings for Keychain “login” menu.

The first checkbox (“Lock after # minutes”) will lock your keychain after the set period of time. After five minutes (in this example), any application needing access to your keychain will result in a prompt for your keychain password.

With the second checkbox (“Lock when sleeping”), applications needing access to your keychain after your machine’s awoken from sleep will likewise prompt for your keychain password.

Both items make it more likely that at any given period your keychain is locked, and therefore unaccessible to applications without your direct intervention. What you lose in convenience you gain in security. (And yes, actually setting this to five minutes will certainly drive you batty if your applications need stored passwords a lot.)

Why would I write about a way to potentially thwart a supposed law enforcement device?

First, the default settings for Keychain Access are less secure than they could be. Clearly Apple made a conscious choice here, coming down on the side of user convenience in leaving the two options off by default. That’s probably the right choice, one I’ve never had the need to rethink until now.

Second, I’m merely pointing out two checkboxes Apple has included in Keychain Access. They’re clearly there for those who wish to enhance their computer’s security. In fact, the National Security Agency (NSA) Systems and Network Analysis Center (SNAC) have this very recommendation in their “Mac OS X Security Configuration For Version 10.4 or Later, Second Edition”.

If this method prevents covert access via MacLockPick to sensitive information (and I still don’t have confirmation that it does), law officials will still have other methods of accessing the information, while I have some piece of mind that MacLockPick won’t be misused on my machine by some unscrupulous guy sitting next to me in a coffee shop.

Unfortunately, this would still leave much of your sensitive information ripe for the picking. Enabling OS X features like Safari’s Private Browsing, or the use of encrypted disk images come to mind immediately. I would suggest a thorough reading of the NSA/SNAC security configuration guide. I’ll write about some of my security escalation plans in the next couple of days.

Deeper-geek aside: The piece I’m unsure about is how MacLockPick has access to your keychain information without you giving it access. Any application can write to an (unlocked) keychain, but requires permission (in the form of asking for your password) to access any keychain item other than its own. It’s possible SubRosaSoft is bypassing the keychain APIs and using a much lower-level set of functions (the open source Common Data Security Architecture (CDSA) and the Common Security Services Manager (CSSM), which the keychain protocols are built on).

I’ll be looking into this detail using Apple’s Developer Connection website, where documentation on reading and writing to and from the keychain is available for application developers.

Update: A comment on Digg pointed me to another author’s take on this, along with that author’s suggestions for further securing your Mac.

Technorati Tags: Apple, CDSA, CSSM, Keychain Access, Law enforcement, Mac OS X, Macintosh, MacLockPick, Privacy, Security, SubRosaSoft