Wednesday, July 28

Contrary to Recent Assertions - Snort 2.9 beta has been released, and it's awesome..

Snort 2.9 has been in the works now internally for awhile and the first beta release is out and ready for community feedback.


It's a big release with lots of enhancements, so here are the current list of things that need to be beta tested in Snort 2.9, and I'll expand upon them a bit:
* Feature rich IPS mode including improvements to Stream for inline deployments. A common active response API is used for all packet responses, including those from Stream, Respond, or React. A new response module, respond3, supports the syntax of both resp & resp2, including strafing for passive deployments. When Snort is deployed inline, a new preprocessor has been added to handle packet normalization to allow Snort to interpret a packet the same way as the receiving host.

This feature really does away with a lot of the old react/resp/reset code and unifies all that broken code under respond3.  It also allows for RST and ICMP injection into a stream in IPS mode (more reliable than IDS), so, for example, you want to cut a session off in midstream.  In regular IPS mode, we can drop the connection quietly.  With the new response module we can properly inject a RST (or other close) packet into a dropped stream, resetting the connection so that the end hosts don't have open TCP sockets.  There is also a normalization preprocessor,  (See README.normalize), which, essentially, cleans packets up.  For example here a just a few things that the normalization preprocessor can do to TCP:


  • Remove data on SYN.

  • Clear the reserved bits in the TCP header.

  • Clear the urgent pointer if the urgent flag is not set.

  • Clear the urgent pointer and the urgent flag if there is no payload.

  • Set the urgent pointer to the payload length if it is greater than the payload length.

  • Clear the urgent flag if the urgent pointer is not set.

  • [..]

Flexresp (Flex Response) 1 and 2 are now deprecated and a new Flexresp3 has been introduced.  Flexresp3 supports ALL of the flexresp1 and flexresp2 keywords and syntax.  Easy to move right over.


* Use of a Data Acquisition API (DAQ) that supports many different
packet access methods including libpcap, netfilterq, IPFW, and
afpacket. For libpcap, version 1.0 or higher is now required.
The DAQ library can be updated independently from Snort and is
a separate module that Snort links. See README.daq for details
on using Snort and the new DAQ.

Hooray!  Libpcap 1.0 is now required.  Hooray Libdnet!  As you can read above, Snort 2.9 adds support for nfq and afpacket.  In addition to ipfw, ipq, and dump that they've read already.  IPQ wasn't working as well in past releases, so we replaced it with netfilterq.
* Updates to HTTP Inspect to extract and log IP addresses from
X-Forward-For and True-Client-IP header fields when Snort generates
events on HTTP traffic.

This was a feature requested by one of our community people.  They didn't want to see the IPs of their proxies as Source or Destination IPs in HTTP alerts.  They wanted the ability to see the "real" IPs for those proxies that support "X-Forward-For" and "True-Client-IP" header fields in their packets.  This output is only available if you are using the Unified2 output method.

Those of you that are NOT using Unified2 really, really need to move to it.  Older, slower, output methods are eventually going to be deprecated, so please, start your upgrades.
* A new rule option 'byte_extract' that allows extracted values to
be used in subsequent rule options for isdataat, byte_test,
byte_jump, and content distance/within/depth/offset.

This was a feature requested by the community as well, it came from an email I received as a request that we add something like this in Snort.  The ability to yank a value out of a packet and store it for later use with other keywords.  (Unlike byte_test or byte_jump that calculates the value on the fly.)
* Updates to SMTP preprocessor to support MIME attachment decoding
across multiple packets.

I think that one speaks for itself, but make sure you read README.SMTP in the doc/ directory of the tarball to make sure you fully understand what this does.
* Ability to "test" drop rules using Inline Test Mode. Snort will
indicate a packet would have been dropped in the unified2 and console event log if policy mode was set to inline.

This was a feature, also requested by our community.  They wanted to know, for a fact, what traffic would have been dropped had the rule in question be set to drop.  Again, this output is only available in Unifed2 and console, so please start moving over!
* Two new rule options to support base64 decoding of certain pieces
of data and inspection of the base64 data via subsequent rule
options.

Nice feature here.  Base64 decoding in a rule.
* Updates to the Snort packet decoders for IPv6 for improvements to
anomaly detection.

Also added into README.normalize.  This is to continue to support the United States Government's push to IPv6.  In many environments, this is now mandatory.
* Added a new pattern matcher that supports Intel's Quick Assist
Technology for improved performance on supported hardware
platforms. Visit http://www.intel.com to find out more about
Intel Quick Assist. The following document describes Snort's
integration with the Quick Assist Technology
http://download.intel.com/embedded/applications/networksecurity/324029.pdf

This optimization is very hardware specific.  Make sure you read the PDF linked above which is a joint research project underway by Sourcefire and Intel.

I'm sure more tweaks and things will be added to 2.9 before it's actual release, so I look forward to these enhancements.

Be sure and check out Snort 2.9's beta code here, at http://www.snort.org/

Project Razorback has been unleashed on the World

For several months, the Vulnerability Research Team (VRT) here at Sourcefire has been heads down in coming up with a new framework for detection called Razorback, and now, it's been unveiled to the world this this morning.

Being announced at Defcon this weekend by the VRT, so if you are in Defcon this week, reading my posts, First: Have a beer for me, as I am not there this year due to the impending birth of my child, and Second: Attend this talk.  If no other talks are attended during your drunken hacking binge in Vegas, go to this talk.

OH AND BUY THE VRT BEER IF YOU MEET THEM.  Mkay?

What is Razorback?


In Marketing speak: "Razorback is an Open-Source Framework for an intelligence driven security solution."  Okay, okay, what does that mean?

Razorback is a system that detects and decodes, well, just about anything you need it to.  Following that, it has the ability to then block and alert on that activity.  So, for example:

  • Obfuscated Javascript?  Decoded, Blocked?

  • Bad PDFs? Decoded, Blocked?

  • Bad Word Documents? Powerpoint Documents? Decoded, Blocked?


This framework is aimed primarily at these Client based attacks, and, dare I use it?  Advanced Persistent Threat (APT).  It was born out of necessity and a discussion with the VRT during a panel they participated in last year about detection.  The community asked for something to be able to perform a function like this, and well, here it is.  Better.  There is nothing to combat these threats, so Sourcefire created one.

So, say for example, a PDF comes in via email.  The PDF is sent to Razorback by the SMTP engine, Razorback runs it through the detection, -- which I'm not even going to begin to explain here, because it's extremely awesome and complicated, and you should go to the talk to fully understand --, and if the detection decides the PDF is bad, it will record that fact in it's database so that all further attempts with a PDF like that one will be blocked from there on out.   Now, that's just one example.

Since Razorback is an Open-Source project and framework, anyone can write a detection "nugget" for it.  These nuggets, written in C, can detect pretty much anything and provide actionable intelligence on it afterwards, and of course, since it's Open-Source, many different "feeds" can be provided to Razorback.

SMTP, ClamAV, Snort, Web proxies, Web filtering devices, et all.  They can all be written to feed data to Razorback which then can have the ability to take further action after it's analyzation.

This is a different approach to detection than what's been tried before.  While IPS is great, it can't really grab a PDF off the wire, reassemble it, decode it, and block it in real-time.  With Razorback, Snort can grab the PDF off the wire, pass it to Razorback where it will be analyzed, and so on.

After the talk if the VRT puts their slides and more info up on their website, I'll make sure that I post further information about it.  But for now, here it is:

Razorback.

Here's another article about Razorback over at DarkReading.

Safari 5.0.1 Posted this morning

Back in June I wrote a post on a problem with Safari 5 creating a black background around certain objects when moved from one application to another.  For instance, when you attempt to use the "Mail this PDF" function from Preview.  Well, this morning Apple released version 5.0.1 of Safari.  This fixes the issue I described here, along with many others.  As posted on Apple's website here, the following are fixes:

  • More accurate Top Hit results in the Address Field

  • More accurate timing for CSS animations

  • Better stability when using the Safari Reader keyboard shortcut

  • Better stability when scrolling through MobileMe Mail

  • Fixes display of multipage articles from www.rollingstone.com in Safari Reader

  • Fixes an issue that prevented Google Wave and other websites using JavaScript encryption libraries from working correctly on 32-bit systems

  • Fixes an issue that prevented Safari from launching on Leopard systems with network home directories

  • Fixes an issue that could cause borders on YouTube thumbnails to disappear when hovering over the thumbnail image

  • Fixes an issue that could cause Flash content to overlap with other content on www.facebook.com, www.crateandbarrel.com, and other sites when using Flash 10.1

  • Fixes an issue that prevented boarding passes from www.aa.com from printing correctly

  • Fixes an issue that could cause DNS prefetching requests to overburden certain routers

  • Fixes an issue that could cause VoiceOver to misidentify elements of webpages


Safari 5.0.1 also packs in a bunch of security updates.  Of course Blackhat and Defcon are this week, so that may have something to do with this update being released.

Safari
Impact: Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server
Description: A cross-site scripting issue exists in Safari's handling of RSS feeds. Accessing a maliciously crafted RSS feed may cause files from the user's system to be sent to a remote server. This issue is addressed through improved handling of RSS feeds.
Credit to Billy Rios of the Google Security Team for reporting this
issue.


Safari
Impact: Safari's AutoFill feature may disclose information to websites without user interaction
Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari : Preferences : AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be checked. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected.
Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
(Nice work Jeremiah!)

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of element focus. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of element focus.
Credit to Tony Chang of Google, Inc. for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's rendering of inline elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit to wushi of team509 for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of dynamic modifications to text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of CSS counters. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
This issue is addressed through improved memory management.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for
reporting this issue.


WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: An uninitialized memory access issue exists in WebKit's handling of the :first-letter and :first-line pseudo-elements in SVG text elements. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by not rendering :first-letter or :first-line pseudo-elements in SVG text elements.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of foreignObject elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through additional validation of SVG documents.
Credit to wushi of team509, working with TippingPoint's Zero Day Initiative for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of floating elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.
Credit? Apple Internal?

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of 'use' elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of 'use' elements in SVG documents. Credit to Justin Schuh of Google, Inc. for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in WebKit's handling of JavaScript string objects. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.
Credit: Apple.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A reentrancy issue exists in WebKit's handling of just- in-time compiled JavaScript stubs. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved synchronization.
Credit? Apple Internal?

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of JavaScript array indices.
Credit to Natalie Silvanovich for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in WebKit's handling of regular expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of regular expressions.
Credit to Peter Varga of University of Szeged for reporting this issue.

WebKit
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue exists in WebKit's handling of "font-face" and "use" elements in SVG documents. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of "font-face" and "use" elements in SVG documents.
Credit to Aki Helin of OUSPG for reporting this issue.

Safari 5.0.1 and Safari 4.1.1 address the same set of security issues. Safari 5.0.1 is provided for Mac OS X v10.5, Mac OS X v10.6, and Windows systems. Safari 4.1.1 is provided for Mac OS X v10.4 systems

The thing to remember with the above vulnerabilities is that things that are labeled "Webkit", affect more than just Safari. They could possibly affect anything using the Webkit framework. Chrome included.

Tuesday, July 27

Apple's New Products

Apple announced a few new products this morning on their online Store.  New iMac, new Mac Pro, and a totally new product that I saw rumored a couple weeks ago, called the Magic Trackpad.

For years I've had a Fingerworks iGesture pad, I've been using it off and on since about the 2001 timeframe.  I found it to be the neatest and easiest way to navigate my computer's interface differently from the mouse ever.  I'm a big proponent of the keyboard, and hate taking my hand off of the keyboard to mouse, but for some reason I found the iGesture Pad fun to use (especially doing things like cut, copy, and paste.   Fingerworks was founded 1998 at the University of Delaware (a couple miles from where I live) and produced keyboards, pads, keypads, all to help with RSI and to introduce gesture based navigation into the world.  They weren't exclusively Mac based, in fact, they worked on Linux pretty well as well, of course, on Windows.  Which, back then, is what I used.

Apple bought Fingerworks back in 2005, coincidentally, when they started working on the iPad (before they started working on the iPhone.  They started working on the touch tablet first).  Presumably for their patents, and innovations in the technology.  If you've used an Apple product since about 2006 or 2007, you've used Fingerworks-based technology.

Two finger scrolling, three finger swipe, pinch to zoom and pinch to un-zoom, the whole Magic Mouse, the finger manipulation on the iPhone and iPad.

In this line, comes the Magic Trackpad.  Which is kinda like my old iGesture Pad (which is sitting right here -- not in use currently).  It's a trackpad that mimics the trackpad on the laptops.

There are, however, a couple things still missing.  Like these features:

However, since that's basically all software based, I am hoping that Apple builds that stuff into the interface now that we have the hardware.  Here's hoping.

Monday, July 26

Apple Stores are good to me

Yesterday my wife and I took a visit to the local Apple Store, my Time Capsule had died, and since it was one of the original models, it was under a replacement program. I took the Time Capsule back, they traded my broken one for a brand new one, and I was done.

My wife, however, was a different story. You may remember from a previous post of mine that my wife dropped her iPhone4 while getting my daughter out of the car. Whoops.  Cracked the back glass to shreds.

She was fairly upset, since she had it about a week. Anyway, she went in, explained what she did to the Apple Genius dudes, and guess what?

They gave her a brand new phone.

/That's/ why I like Apple Stores.

Thanks to the Christiana Mall Apple Store Geniuses. You rule.

Thursday, July 22

Reading Spam with Common Sense

Usually when I receive an email that looks like spam, I can just mash my "Send to Junk" keyboard shortcut and it goes away.  But every once in awhile there is a decent looking spam that *might* be real.  At first glance it won't have an images or selling viagra, or anything like that in it, and might just look real.

This is where the common sense approach to reading email kicks in.  Obviously this post it not for the expert, this is probably more of the occasional user, but maybe someone in between will find it useful.

Here's a spam I received this morning that prompted me to write this diary:

From: Comcast

"This is a courtesy reminder that your Comcast Billing Information needs to be verified.

In order to continue using comcast services,  click the link below, sign in and and follow the provided steps:


<Malicious Link was right here>

Regards,
Comcast Billing Department"


So, let's look at this and see how easy this is to detect:

  1. I'm not a Comcast customer.  So right there, it was easy to detect.

  2. "comcast" in the second line is not capitalized.  A real Comcast email would have capitalized their own companies name.

  3. Usually an email like this (from Comcast corporate) would tend to have all kinds of disclaimers and other nonsense at the bottom of the email.

  4. The link that I removed was not to "comcast.com"


Now, if we get into the weeds a bit more, we can look at the headers and see where it came from.

It came from a server at a .edu.  I don't want to talk about which .edu (but it was in the United States), as I am going to try and get in touch with their security department after I get done writing this Diary.

Even more bad though -- it came from the "root" account on this server, the headers even indicate what version of Linux this server was running (Ubuntu).  Most likely culprit?  Probably an SSH scan that compromised the root account.

Make sure you have tight controls over those SSH accounts!  And use common sense when reading your email.  If it looks like bull, and it smells like bull.  Chances are, it's bull.

Hopefully this helped someone.

Oh, the malicious link?  Pointed you to a site that collected your usernames and passwords.

Monday, July 19

iPhone 4. A review after practical use, part 2

Part 1 Linked here.


Buttons and other Cosmetics


The volume button, the lock button, and the silent/ringer switch all got the same industrial treatment the rest of the phone did. They work much better, have better tactile feedback and are much more defined, making it much easier to find one of these buttons in the depths of your pocket.  (Like to turn the volume down on your ringer or something)

There is the single button on the front of the phone, the Home button, which they made a bit more "clicky" I would say. But the one thing about the design of the phone is, when you reach in your pocket to grab the phone and bring it out of your pocket in one swift motion while mashing the Home button, you can't do it.

Since the 3GS had that rounded back, it was easy to feel where the backside was and hit the button. With the square design, it's hard to tell which side is the front and back when it's your pocket unless you try and find the buttons on the side.

This isn't a big deal at all. It's just a quirk that I found that I had that I've had to get used to.

FaceTime


FaceTime is Apple's new "video chat" feature. You use two iPhone 4s, call each other on the phone, and as long as both of you are on Wifi, you can then mash the FaceTime button.  If everything is okay, (NAT transversal, etc) you'll shortly be talking to each other via video chat. Is it cool? Yes.

Does it work? Yes.
Have I used it? A lot.

Is it revolutionary? No, video chat has been done before. But this time it's implemented correctly and easily. It works. You don't have to go to Fring and sign up with an account, and then use Video (btw, Fring's video quality sucks, and their audio is a close second).  You don't have to do anything extra.  Ensure you are on Wifi, and hit the "Facetime" button. The quality is good, audio quality is good.  It allows me to sit in my hotel and video chat with my wife and daughter while they are at home.  My daughter can show me her picture that she drew that day, she can show me what she's eating for dinner, she can show me her "beautiful dress" that she's wearing.  (All dresses, according to my daughter, are "beautiful dresses".)

Could we have done this before?  Yes, and still do, with iChat.  But there's two things about that.  First, iChat requires more bandwidth, therefore hotel internet most of the time, can't handle it, and secondly, my wife doesn't always have her laptop.  She most always has her phone.  And since my wife is 8 months pregnant, I'm not about to make her get up to get her laptop.   I have better sense than that.

I think this is a great feature, it'll be neat if my parents get an iPhone 4 so they can enjoy it as well.  Especially when it comes to seeing my new baby.

Speed


This thing is quick.  If you bought the 3GS, upgraded from the 3G, or you have the 3G, or if you have the iPhone original.  The new iPhone 4 is dramatically faster than the 3G or the iPhone original, the 3GS, yes, it's faster than that, but you'd have do some some really processor intensive stuff to notice a huge difference (like compressing video).  So, if you have a 3GS and want to upgrade to the iPhone 4, you need to use one of the other of the 100 new features of the iPhone 4 as your excuse to upgrade.  However, if you have a 3G or the original iPhone, you will be blown away by the speed.

Think about this in perspective for a second, the A4's rumored speed is 1 Ghz (after a cursory search of the internet, it's the best metric I could find).  Now the A4 is the same chip that is in the iPad and the iPhone.  The iPhone A4 is rumored to be clocked down, to preserve battery life.

The amount of RAM on the iPhone 4 is 512 MB (as evidenced by a particular slide  at  WWDC, Apple doesn't announce the RAM amounts or the clock speed in their mobile devices).  I remember, in 2003, my last computer before I bought an Apple computer, was a 1.7 Ghz chip with 512 bytes of RAM.  Seven years later, I have a phone in my pocket that is almost as fast, has the same amount of RAM, and as 32 Gb of storage on it.  Really puts things in perspective, how things are advancing.  I feel it's impressive.  (Of course, back then, I had a 1.5 Mb/s Cable connection to the Internet and I thought that was fast.  Now I have a 25 Mb/s Fiber connection.)

Camera


On the back is a 5 Megapixel camera, on the front is a significantly lower megapixel camera.  The front camera is primarily for taking pictures of yourself, if you are that vain, and also for Facetime. Which serves it's purpose quite well.  The back camera, with the LED flash, is for taking good pictures.  The iPhone does take good pictures.  Not GREAT pictures, not like Cannon 5D Mark II pictures, but it will easily replace that point and shoot my wife carries in her purse.  Anything where I can carry  less devices is a win for me.

Problems with the camera.  The Flash is okay.  If you try to take a picture, in the dark, and if the subject is close, it'll work great.  As long as the person you are taking a picture of doesn't actually look at the flash.  I don't know why, but every picture I have taken of people with the flash at night has a weird "red-eye" effect, except it's not red.  It's white.  Making my photo subjects a bit creepy.

In low light, and if there is any kind of motion, the iPhone will blur the motion in the picture.  Most cameras do this, so I can't fault the actual iPhone.

However, if you are taking pictures during the day, morning, or evening.  Indoors or outdoors, sunny or overcast, the pictures are great.  It replaces point and shoots.

The other feature of the iPhone is the ability to record 720p HD video.  I've done this several times already, recording video of my daughter jumping off the diving board for the first time and things like that.  The iPhone 4 handles it just fine.  The video looks great on playback on the Retina Display or even after you offload it to your iPhoto and play it on the Desktop.

Overall


I have some opinions, and this is the place to share them I guess, since it's my blog.  Overall, I like the iPhone, but I always have.  The iPhone 4 is much better than it's predecessor.  I'm still not too crazy about the Antenna reception "Don't touch this 2mm of the outside of the phone" thing, but I can overlook it by not touching it there, and getting a case.  Do I think it's a bad design?  No.  I understand why they did it, and it can be overcome easily, but it kinda sucks.

I'm not crazy about the glass on both sides, but according to the things I've read, I understand why it was done.  Apparently, they did away with the plastic back because plastic retains more heat than glass, and the iPhone 4 can heat up when doing really processor intensive things like compressing video.  It's slippery and obviously, as tested by my wife, it breaks.  Apple charges waaay to much to fix this issue, and I think that's BS.

  • Do I think it's a good phone?  Yes.

  • Do I think it's a good computer? Yes.

  • Do I recommend it to friends?  Yes, if you buy a case with it, or at least have the cognitive ability to not touch that portion of the phone.


Overall?  Good.  Buy it.  It rocks.

Saturday, July 17

iPhone 4. A review after actual use.

Physical Design


Okay, much has been said about the physical design of this phone, it's industrial features, it's glass front and back, stainless steel metal band around the side that doubles as an antenna, dual camera, and an led flash. The buttons, the glass, the band, everything. It makes for a great design, feels smaller and better in your hand than the 3GS. In fact, the 3GS feels fat, plastic, and bloated. I only see two problems with the design.

One, front and back are both glass, meaning, if you drop it it might break. Even though Apple claims that the glass is harder than sapphire, if you drop the thing at the right angle, it will break. Ask my wife, who has already shattered the back of her phone after dropping it on the driveway. (Which Apple wants 199 dollars to replace the back, which is the cost of a new phone! Apple, have you lost your mind?).

Problem Two: it's slippery. If you place your phone on something smooth, say, like in my car, I have a center console. If I place the phone on there, it slips right off. Or on the arm rest of an easy chair. This is as a result of it being glass. Neither is that big of a deal, if you just are careful about how you take care of the phone. If you buy a bumper (which Apple is now giving away for free until September 30th) it has a bit of rubber on the back edge, making it non-slip, and a bit more protected.

The Display


Just after the iPad comes out, and those of us who bought one were running around saying "Wow, look at this really big touch screen display", then following that the Evo comes out with that big screen and people say "Wow, look at this really big touch screen display". For instance, I have a friend of mine that went from an iPhone (o.g.) to an Evo, and he was like "This screen is huge, it's so big!", but I digress.

Apple comes out with this display on the iPhone 4, it's has 4x the pixel display density of the iPhone 3GS. This results in much sharper rendering of, well, damn near, anything. Photos look great, video looks great, games look great, apps look great, but what's the one thing you do, or view on an iPhone the most?

Text.

Oh, it rocks. If you have an iPhone (not)4, do this, and you'll understand:

Go to http://nytimes.com. Don't zoom in after it loads. Big newspaper website right? Look at the text, see how it's barely readable and all pixelated? On the iPhone 4, you can read it. READ it. Right from this screen. You can zoom in on the (not)4, and you'll be able to read it just fine, which you'd probably want to do on the iPhone 4 as well, but that's just an illustration of how much better this display is.

After you see and use the "Retina" Display, and go back to another phone (even the iPad, or a regular computer) you'll wonder how you ever complimented that old screen and how bothersome it is to have all that fuzzy text.

There has been some dispute about the fact that Apple calls this the "Retina Display". As to whether or not the pixel density is actually higher than what the Retina can perceive. First off, two things.

  1. I am not an optical engineer, and don't play one on TV, so I'm not going to get into the argument by adding my own thoughts here. All I know is that it looks great.

  2. It's a marketing term people, there is a line to how pedantic you must be people.


In short, the display is quite awesome.

The Antenna


Now, the antenna has been in constant controversy since the iPhone 4 came out. Let me cover a few parts of it.

  1. The Antenna is broken into two parts, if you are looking at the left hand side of the phone, you will see a black band. The piece of metal that is around the outside of the phone on the left hand side is for Wifi, Bluetooth, and GPS. The rest of the metal is for Edge and 3G.

  2. It's on the outside of the phone, for better reception.

  3. If you touch it, right at that black band on the left hand side, the "bars" or signal on the phone degrade into almost nothing, and if you are in a weak signal area, your call will just drop.


Not really an optimum design for an antenna you might think. One that you can touch in 2mm of the phone and the call drops? Yup. I can replicate it, I can do it, at will. You know what else I can do?

Not put my pinky over that part of the phone.

Or if worst comes to worst, get a case.  I got a bumper for my phone which covers the antenna and the phone works perfectly.

Now, some people have said that Apple should have never released a phone like this. Well that may be a good point, but I don't know if that would have helped. The antenna is on the outside of the phone, okay? Any phone you grip around the antenna is going to attenuate the signal. It's just the way it is. Apple says this, and you can replicate it on any of the prior iPhones as well as a bunch of the iPhone's competitors.

Remember when we were kids and you grabbed the rabbit antennas on your TV? Remember how the signal would get worse when you did that, even some times when you just got close to the TV? Same principle.

The phone is a radio. Sorry. It has to retrieve and transmit, and they have to put the antenna somewhere. Apple put the antenna on the outside of the phone to try and reduce the dropped calls everyone on AT&T was complaining about.

I personally have much less dropped calls than I used to (despite what Apple said about the iPhone 4 dropping more calls), and I'm not complaining about it one bit. Yes, I can hold the phone in a certain way to attenuate the signal and make the bars go down, so I just don't hold it like that.  It de-tunes the antenna, and therefore make signal reception go down.

Since this post is running right around 1000 words right now, I'll cut it into two posts...  stay tuned for part two.

Friday, July 16

MobileMe's New Look

I use MobileMe, no big surprise there, I have multiple Macs, iPhone, and the iPad.  MobileMe keeps them all in sync, and I have no problems with it.  However recently, Apple's been working on their web application portion of MobileMe with a new look and feel to the frontpage, the login, the "Find my iPhone", Mail revamp, and most recently the beta for the Calendar.

Mail


Let me talk about the Mail at MobileMe first.  This just came out of beta, (on the web) and the features they added are very nice.  First off, I think the attempt is to make it look like the iPad app for Mail.  It has three columns, the Mailboxes, the Inbox, and the message pane on the right.  Kinda like the newer versions of Outlook, or maybe even Mail.app (if you have the three column view turned on).


At the top there there are buttons, from left to right, they have the "Cloud" Icon (which is basically the Application switcher, allowing you to go back and forth between Calendar and Contacts, etc), the Search pane, Trash, Archive, "Move to Folder" Reply (and reply to all, and forward) and "New".  Over on the right you have the "gear" icon which is your "Preferences", and then your account manager (under your name over there).


Mostly everything works the same as the older MobileMe web app, or the same as you'd expect from any web-based Email GUI.  One thing that they did add was "Server-side" email filtering.  Now, it's still pretty limited as to the functionality, and I don't know if there are plans to expand this functionality, however, for me, it gets the job done.



I still like the ability in procmail to use Regular Expressions to filter my email, but this works as well and it works great.


MobileMe features "Push Email" to all your Apple devices, and what's nice about the server-side rule filtering is that emails that are filtered on the server are not pushed to your mobile device.  Why do I like this?  Because after I found this out, I switched all my listservers over to MobileMe and off of Gmail.  I actually don't even use my Gmail account anymore.  MobileMe, is a traditional IMAP server (no "labels are actually folders" or whateverness of Gmail.  (Oh and that stupid "All Mail" folder.  I hate that thing)  It works.  It works well, and it's fast.  Gmail bandwidth throttles their connections via IMAP and POP, leading to much irritation.  I use MobileMe because, once you get past my server side filters, (which are quite extensive), you get pushed to my Mobile device.


Could I do this with Gmail?  Yes. Gmail does feature server-side filtering.  Gmail does push email to the iPhone with the "Exchange" connector.  However, not only for the above reasons, but for one stupidly simple reason in addition:  When you reply to an email on Gmail, you don't get the reply icon in your Mail client.  So, basically, you don't know which emails you've replied to, or not replied to until you log into Gmail on the web.  Maybe this is the way they get you to log in and see their ads, but either way, it's stupid.  So yes, I use MobileMe for all my email, aside from work.


So, what's new recently?



Calendar


The Calendar just entered a new phase of beta.  When MobileMe has something in beta, when you log into the web interface it will ask you "Do you want to try out the beta?"  You click "Okay", and a couple of weeks later they make you eligible for the beta.  I requested my invitation last week, and got it yesterday.


After I logged in, it asked me "Do you want to upgrade your calendars?"  I clicked "Ok".  This whole process took about 10 minutes.  Upgrading my calendars and everything.


It not only changed the calendars on MobileMe (which, now look just like the iPad), with the ripped edges and what not.



But they also change your iCal calendars and your calendars on your iPhone into "Caldav".  What does this mean for you?


Finally, (why did this take so long Apple?  Nice job, but seriously?) you can send invites to other people on your Calendar on your iPhone.  You can accept invites as well, just like the iPhone does with Exchange, if you receive a calendar invitation, you can accept or Deny it right on the iPhone or iPad with MobileMe.  (This feature requires iOS 4, unless you manually add Caldav into your iPhone as a calendar)


You can share your calendar (see in the above screenshot where the "Home" Calendar has a Green button next to it?  Indicating that it's shared?  You can share it with individuals or the world.  (It used to be "The World".)  You can see the "Free-Busy" schedule for anyone on MobileMe (that's in the beta, but after it comes out of beta, it'll be normal.)


All in all, it looks great, and it works great.  I've only found one bug (I'm in the beta, I'm supposed to report this stuff right?) it's an html5 rendering problem with Chrome (works fine in Safari -- surprise!).  You even have a nice "To-Do" bar on the right.  Now, only if we could get a "To-Do" feature on the iPhone, I could do away with these wonky third party apps to manage that stuff.

Thursday, July 15

Microsoft opens source code to Russian secret service

Microsoft opens source code to Russian secret service | Security | ZDNet UK.

The above is a link to ZDNet on the fact that Microsoft has signed a deal with the Russian Federal Security Service (FSB) access to Windows Server 2008 R2, Office 2010, SQL Server, and Windows 7.

The thing to remember about this deal is, this is nothing new...  from the article:

"The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti."

I'm not even sure that the United States Government has access to Microsoft's Source Code, although it stands to reason... If the Russians have it, the US has it too.

Tuesday, July 13

Plug-Ins I use for Mail.app

Attention Mac Users that use Mail.app, this one is for you.

Mail.app has a bunch of plugins that are available to it, not like Thunderbird, where Mozilla holds a repository of Plugins, Apple doesn't do that. But there are a ton of them available on the Internet and it would be great if Apple would do something like that (like they are about to do with html5 extensions for Safari). Mail calls these plugins "Bundles" and are found in the ~/Library/Mail/Bundles directory. I just wanted to write a post about a few of the Bundles that I use with Mail.app to make my email a lot easier to use.

1. Mail Act-On


Mail Act-On, written by indev software, the same people who provide MiniMail and Mail Tags (two other great bundles that I don't use), is an Email organization tool. Basically it allows you to tie Mail.app rules to keystrokes. So for example, one of the Keystrokes that I use is "`1" (Backtick, 1). The rule I have tied to that command is to move whatever the current email I have highlighted to a certain folder. What I do is have most of the email that I deal with from listservers go directly to folders (on the server), and then the Mails from certain webservers and other "To Me" email goes to my Inbox. Since I use the Inbox Zero method of filtering email, I can read an email, and if I want to file it away, I use the keystroke to move it to my Archive folder. Simple, done. I can color emails certain colors, I can move emails around, etc. It's nice, and I suggest it's use.

2. Widemail


Widemail is a bundle that displays your email in the three column format. Similar to how the newer versions of Outlook and Entourage display your email, I find this method of email is easier to read (from left to right) as opposed to the old Outlook method of from the "Top Down". It also allows you to color code rows two different colors so it's easy to spot where your cursor is at.

3. QuoteFix


Quotefixformac is like Outlook Quotefix. It reformats emails for bottom posting, cleans up the cruft, removes the signature from the original message, cleans up unnecessary lines, and even prune replies above a certain indentation. It's a nice tool and I use it to format emails the way I like them as well.

So, just three plugins I use for Mail.app, check them out, give them a shot, support the developers that made them.

Mailing lists do not get Anti-Spam

Note: If you are subscribed to a Mailing List, and you have one of those "Auto-answer-back-auto-emailing-verify-that-you-are-a-human-by-clicking-on-this-link-really annoying-things". You are doing it wrong.

Get a frickin Gmail account people.

Saturday, July 10

Plugins I use for mail.app

Attention Mac Users that use Mail.app, this one is for you.

Mail.app has a bunch of plugins that are available to it, not like Thunderbird, where Mozilla holds a repository of Plugins, Apple doesn't do that. But there are a ton of them available on the Internet and it would be great if Apple would do something like that (like they are about to do with html5 extensions for Safari). Mail calls these plugins "Bundles" and are found in the ~/Library/Mail/Bundles directory. I just wanted to write a post about a few of the Bundles that I use with Mail.app to make my email a lot easier to use.

1. Mail Act-On

Mail Act-On, written by indev software, the same people who provide MiniMail and Mail Tags (two other great bundles that I don't use), is an Email organization tool. Basically it allows you to tie Mail.app rules to keystrokes. So for example, one of the Keystrokes that I use is "`1" (Backtick, 1). The rule I have tied to that command is to move whatever the current email I have highlighted to a certain folder. What I do is have most of the email that I deal with from listservers go directly to folders (on the server), and then the Mails from certain webservers and other "To Me" email goes to my Inbox. Since I use the Inbox Zero method of filtering email, I can read an email, and if I want to file it away, I use the keystroke to move it to my Archive folder. Simple, done. I can color emails certain colors, I can move emails around, etc. It's nice, and I suggest it's use.

2. Widemail

Widemail is a bundle that displays your email in the three column format. Similar to how the newer versions of Outlook and Entourage display your email, I find this method of email is easier to read (from left to right) as opposed to the old Outlook method of from the "Top Down". It also allows you to color code rows two different colors so it's easy to spot where your cursor is at.

3. QuoteFix

Quotefixformac is like Outlook Quotefix. It reformats emails for bottom posting, cleans up the cruft, removes the signature from the original message, cleans up unnecessary lines, and even prune replies above a certain indentation. It's a nice tool and I use it to format emails the way I like them as well.

So, just three plugins I use for Mail.app, check them out, give them a shot, support the developers that made them.



Please leave comments below.

Friday, July 2

Some new pictures of the Mustang

Went up to the shop that is restoring my car today and took a few photos.  For all the photos, go here, but here are some I took today.

[gallery]

Thursday, July 1

PulledPork 0.4.2 501 error when downloading rules

Security - The Global Perspective: PulledPork 0.4.2 501 error when downloading rules.

JJ, buddy, and fellow Sourcefire pimp wrote this blog post about errors that people are getting when trying to run PulledPork and it's not working when downloading rules under the new format when using Ubuntu.

Go read his post.