t 'n t luoma

Is there some sort of a bonus system at CNet for writers who can make inflammatory statements? Do they get paid extra based on the number of page views each article generates? Because if that’s true then we can understand that they are just taking a page out of the tool’s box of hackneyed journalism tips for generating ad revenue.

Here’s the latest round of lies, damned lies, and CNet “Reporting” (with apologies to actual reporters for lumping them in with this sort of crap).

First of all, the headline: Security Bites Podcast: Macs face Wi-Fi hijack risks. Certainly that’s one way to put it. Here’s another: “Apple releases security update for Wi-Fi to fix a potential security hole with no known exploits.”

Yeah, I know, not nearly as sexy as the original. It does have the advantage of being true, but let’s not let that get in our way, shall we?

The same article goes on to state:

A month-and-a-half ago, Apple dismissed claims that Macs could be hijacked via Wi-Fi. This week, however, the Cupertino, Calif., company released security updates for a trio of flaws in Mac OS X that could be exploited to do just that.

The paragraph contains two links to two other articles. Let’s deal with them one at a time. The first is to MacBook "hack" still stirring controversy which is dated August 18, 2006 3:48 PM PDT. Today is September 22, 2006. The patches were released yesterday (September 21st). So it’s a month and about 4 days since this report, but CNet claims it was a month and a half ago. Why the exaggeration? Is it supposed to make Apple seem slower in responding than they really are? I mention this because it shows that CNet is clearly exaggerating, which can be proven simply by looking at the timeline.

When did Apple make a statement? According to Macworld, it was on August 17, 2006 4:33 pm ET which you can verify by reading MacBook Wi-Fi hack didn’t use Apple drivers. So CNet claims that Apple dismissed these claims a month and a half ago, but really it was about a month and 4 days. Since when is 4 days equal to half a month? Only in CNet world.

So we are 6 words into CNet’s coverage and we’ve already identified a factual error of exaggeration. If this was a college course in journalism, I think the grade would be at a B or C depending on your instructor.

Now let’s look at the content of that statement. CNet “staff” wrote: “Apple dismissed claims that Macs could be hijacked via Wi-Fi”. Hrm. They did? Where was that?

CNet links to itself (the “MacBook ‘hack’ still stirring controversy” article linked above) where it is reported that Apple’s reply was:

But the SecureWorks researchers have still not shown any proof that Apple Computer’s wireless hardware and software is flawed, despite the claims that it was vulnerable, Lynn Fox, an Apple spokeswoman, said in a statement. “SecureWorks has not shared or demonstrated any code that is relevant to the hardware and software that we ship,” she said.

Pardon me, but there seems to be a rather wide stretch of road between Apple “dismissing” claims that Macs “could be” hijacked via Wi-Fi and Apple saying “No one has shown us anything proof or demonstrated how this can happen.” The difference is significant. It’s the difference between Apple saying “Macs are completely safe!” and Apple saying “There are no problems we are aware of, despite claims that there are problems.”

That’s a world of difference. CNet is overstating what Apple said, and when Apple said it.

If you want to know precisely what was said, here is a quote from the Macworld article mentioned above:

“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,” Apple Director of Mac PR, Lynn Fox, told Macworld. “To the contrary, the SecureWorks demonstration used a third party USB 802.11 device–not the 802.11 hardware in the Mac–a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.”

Once again, Apple didn’t say there was no chance of a problem, just that there was no evidence of a problem.

The second link CNet makes is to the new patches: “This week, however, the Cupertino, Calif., company released security updates for a trio of flaws in Mac OS X that could be exploited to do just that.” The article links to New Apple patch plugs Wi-Fi hijack flaws, which is, on the whole, a bit more balanced. For example, that article states:

There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means people should not be under immediate threat of attack.

I love the way that they say “should not be” as if to imply “you might be” rather than “it’s damn highly unlikely.”

What it doesn’t say, but should, is: “This means people should not be under immediate threat of attack, despite previous claims that there were known exploits, which there’s still no evidence of whatsoever except a video of an exploit which in all likelihood didn’t use the drivers which were patched today anyway.”

What should have been reported is that Apple, when presented with the possibility of flaws even when no flaws were demonstrated, set about to conduct a security audit, found some flaws which were not part of the original allegations, and patched them before any exploits were made known.

Instead, CNet went after the “juicier” story that Apple was only now fixing flaws that had been shown to it 35 days earlier. Oh, I mean “a month and a half earlier.”

So, in sum, what we have learned is this:

• Mac users were never vulnerable to any known threat
• Apple took the possibility seriously enough that they went searching for possible problems when the issue was raised without any supporting evidence (this is was CNet refers to as Apple “dismissing” the idea)
• Roughly one month after the claim-with-no-proof was made, Apple patched both its Intel and PowerPC hardware to be more secure from flaws which were never known to have ever been exploited anywhere by anyone, even those who made the initial claims of having knowledge of a security problem.
• CNet overstated both what Apple said and when they said it

For a better and easier to understand translation of what Apple’s latest security patches do, see The AirPort Security Update and the Supposed MacBook Wi-Fi Hack. In particular note this paragraph:

“No known exploit” does not just mean that there aren’t any attacks in the wild; it means no one has demonstrated to Apple a way to take advantage of these frame validation issues. They fixed them to eliminate potential exploits, not to address actual, known exploits.

Finally, in closing, although no kittens have been demonstrated as being killed by the slipshod reporting at CNet, the most I can say is that kittens should not be under immediate threat of attack.

Posted by at 11:52 PM | Permalink | Comments (0)

Ok, so I was browsing the iTunes Music Store today and came across this image.

Now, mind you, I realize that there’s not a red blooded male on the planet who hasn't used the opportunity to admire a young lady’s necklace as a front for admiring her neckline. It may be nearly as American as apple pie (or at least as American as American Pie). In fact, on an episode of House, Dr Chase said to a teenage boy getting a spinal tap: “Hey isn’t that a nice necklace Doctor Cameron is wearing?" aka “Hey kid, from this angle you can totally see down her shirt, which will distract you from the pain of having this needle shoved in your spine.”

And really, if you could distract a teenage boy getting a needle shoved in his spine and refused... well that’s just mean.

Anyway, back to the picture at hand. My reaction wasn’t quite “that’s in poor taste” (there’s not even a cleavage line or anything, it’s purely hinted at)... but not quite “purely innocent” either (I think it’s the open button that tips the scale).

Someone in the art department at the iTunes Store had a chuckle putting this together.

I was at the iTunes Store because I ordered some iPod accessories from someplace having a "Buy for $25 and get a $25 iTunes gift certificate" sale. I bought two such items. Their website accidentally charged me $30 for one of them. I emailed them and they said “OOps, we'll fix that. Would you like your $5 back or another $10 in iTunes?” Given that shipping was a total of $10, I took the extra iTunes stuff and broke completely even on the deal. The only annoying part was having to copy and paste 60 separate codes from my email to iTunes. The system is definitely not designed for entering a lot of them at once.

A sided note: these “free songs” at the iTunes Store are just that: free songs. It is not the same thing as having $60 worth of credit at the iTunes Store. You can buy 60 songs. You cannot buy a complete album and get the album discount. You cannot buy videos. You cannot buy audiobooks. Just songs.

I asked Tracey for some suggestions because I had to use the certificates by the end of September. At first I thought she was going to have trouble too, but then she found the “iTunes Essentials” (basically a “Greatest Hits” collection). She went through each decade, lingering just a bit too long on the ’80s, but we are what we are. (No I will not post a list of what we bought there, because some of it is just too embarrassing... yes, much more embarrassing than admitting the whole necklace/neckline thing, which 90% of guys (at least hetero guys) will admit to... and 10% of guys are liars.

Posted by at 3:59 PM | Permalink | Comments (0)

My recent complaint against the Nike+ Sport Armband (you know, the one that doesn’t let you see the screen?) led me to checkout other options.

Even worse, I actually used the thing and found it very uncomfortable. My biceps are not by any stretch of the imagination “huge” but the “One Size Fits All” Nike+ Sport Armband is decidedly too small to wear comfortably. It has a Velcro connector and I was constantly thinking it was going to come off. With about 1" more of fabric they could have made it much more human-being compatible.

My search led me to the Sports Sleeve for iPod nano by Belkin. Its description reads:

Now you can power and play your iPod nano on the go.

Which made it sound like the dock port was accessible even when the Nano was in the case. However, since this was my third armband, I wanted to be sure. I emailed their support, who said that yes indeed, it was.

So I ordered one.

Or at least I tried.

I am one of those weird folks who will pay a little (not a lot, but a little) extra to order something directly from the place that makes it. For example, if this armband was on sale at Belkin.com for $15 (it is) and at Amazon.com for $12 (it is), I’ll buy it from Belkin. Why? Because I believe that if I have problems, Belkin is going to be more interested in solving it than Amazon.com

One problem though... I couldn’t buy it from Belkin.com. Whenever I tried to “Add to Cart” it told me that my shopping cart was empty. Another time I tried and was told (by Safari, Camino, and Opera) that the site was using weaker encryption. Opera made my change a preference setting to try and buy it. At least one of the other browsers simply refused to let me proceed.

So finally I tried Amazon.com. Now you will see it listed for $12 (1). Unfortunately it doesn’t see from Amazon itself, but through one of its “Marketplace” resellers. What this means is that most of the prices you see are a complete lie, and they will hit you with “Shipping and Handling” charges.

For example, TechNGnet claims to sell it (via Amazon) for $12 but charges $6.33 for shipping, which you can’t tell until you add it to your cart. This despite the fact that their published shipping rates indicate only $1.50/lb. (My UPS tracking page eventually indicated that the package weighed .70 lb.)

Likewise, Crutchfield sells it for $15 but charges $7 for shipping ($22 total).

The lowest listed price was infiniteelectronix2 at $9 and $5 for shipping ($14 total). BlueProton sold it for roughly the same amount.

I emailed Amazon.com and complained about this, and told them that it made me less likely to trust any of their Marketplace Businesses when people could get away with what I consider to be a scam. Listing one price for shipping when I click on the link for your shipping info, but giving me another when I “Add to Cart” is a bait-and-switch, pure and simple.

So finally I went to Buy.com, for no other reason than I had used them before. Right there on the Buy.com page for Belkin iPod nano Sports Sleeve it showed me their price plus their shipping cost (as well as several other merchants and their shipping costs as well).

I bought it, they shipped it, I got it.

YES! I believe this will work just fine. It has a nice human-compatible sized band which (unlike the Nike+ version) does not rely on the blood-pressure cuff method of holding the Nano to your arm.

You can indeed see the screen and access the dock connector. In fact it even comes with a clear, custom sized screen protector for the Nano (something they ought to tell you!).

I haven’t even taken the plastic protecter off that Apple ships the Nano with because I haven’t had a case for it and hadn’t wanted to risk the screen. Now I will take that off and put this new one on.

Also, the armband can slip off and you can use the silicone case to keep the Nano in your pocket. It adds very little weight or thickness, and would provide (I think) just enough protection for the average “Oops I dropped the Nano onto the kitchen floor” type of accident most of us are most likely to have.

There is a cut-out for the hold switch on top and the scroll wheel and buttons are directly accessible (and of course not protected, but to me I’d rather have them within reach).

My only complaint? Well, look at the image again. They are selling a white case with a black/grey armband. If I had a black nano, that would be fine, but I would have much rather had a white armband for my white Nano. You’d think a company like Belkin would be savvy enough to attend to a detail like that.

Still, it was clearly visible in the image on Belkin’s web page, so I can’t say that I was too surprised. It just strikes me as odd. Not as odd as not being able to see the screen in the first place, but odd.

Now I just have to get the Nike+iPod sensor calibrated properly. I tried it out over the weekend and it was only recording 0.70 or 0.80 mile for each 1.0 mile that I walked. I tried to calibrate it but when I pressed the “Stop Calibrating” button (after having walked a known-mile stretch) the Nano replied (I’m paraphrasing) “You said you were going to walk a mile, but you’ve only walked 0.8 mile. Do you want to continue or cancel calibrating?” to which I said “Whu-huh? Why isn’t there an option for “Ok so you’re trying to calibrate this and you’re telling me that for every 0.8 mile we detect you are really walking 1.0 mile. Do you want me to adjust the sensor accordingly?”

If/when I get that figured out, I’ll let you know.

Meanwhile, if anyone does want a Nike+iPod Sports Armband, please let me know (email me at luomat AT gmail DOT com)

Sigh. Being fat and out of shape is so much less of a hassle. Not to mention cheaper. Doritos don’t need an armband. (2)

Footnotes:

1. A note on pricing: I’ve rounded off the numbers in this article, because I find the whole $x.95 or $x.99 pricing thing insulting to my intelligence. If I see “$11.94” I think “$12” and I consider iTunes songs to be $1 each. ↩
2. Associated medical costs of being fat and out of shape not taken into consideration in this estimate. And if there is an armband out there for Doritos, please don’t tell me about it. As far as I’m concerned the only appropriate Dorito accessory would look something like this:
   ↩

Posted by at 2:23 PM | Permalink | Comments (1)

After reading the DaringFireball Linked List, specifically Multiplayer Game of the Year (more specifically Multiplayer Game of the Year (full post)) and thought to myself, “Ok, time to get off your duff and do something.”

This summer has been awful for exercise. It’s been horribly hot and I haven’t had any racquetball partners.

But the fall is fast approaching, so I finally broke down and bought the necessary add-ons: a Nike + iPod Sport Kit, and a Nike+ Sport Armband (Black/Red), and a Sportsuit Sensor+ for iPod nano so I could use the Sport Kit with any sneakers, not just the $100 pair that Nike wants to sell me.

I already regret buying the armband. It is incredibly poorly designed.

Why? Well look here at one of the main 3 pages for the iPod Nike: “Run”

What do you notice? How about the fact that the iPod Nano screen, when hooked to the Nike+iPod sensor, provides all sorts of visual (as in “see them with your own two eyes”) bits of information.

You might think that the armband designed by Nike, which is, you may notice, one of the two brand names mentioned in the name “Nike+iPod” would be savvy enough, perhaps, let you see that visual information?

You would be wrong with a capital W because the Nike armband completely covers the screen.

Well done there, design team. Why didn’t you just make this Nike+iPod kit for the iPod Shuffle if you’re NOT GOING TO LET ME SEE THE SCREEN. Argh.

That’s not all the G-in-Genius going on here.

On page 16 of the Nike + iPod User Guide (4.2MB PDF) (which is also printed with the kit) you will read: “Answers to frequently asked questions about Nike + iPod: Go to www.apple.com/ipod/nike/faq.html.”

Notice that I didn’t make that a hotlink? Yeah, you know why? Because the page doesn’t exist. Nice. You don’t get a 404 page, you get redirected to http://www.apple.com/ipod/nike/.

Where you would notice, again, the information from the Nike+iPod sensor shown on the iPod screen.

(And yeah, if you look closely you’ll also notice someone using the armband and you can’t see the screen, but I had just assumed it was dimmed.)

• Nike + iPod Frequently Asked Questions (Technical)
• iTunes Music Store: Nike Sport Music Frequently Asked Questions
• Apple - Support - Nike + iPod Sport Kit - Service - Service FAQ

So there ya go. Now I need to find a new armband that will work with the Nike + iPod senor and show me the diggity dang screen.

Posted by at 8:26 PM | Permalink | Comments (1)