By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: July 23, 2007

Monday, 23 July 2007

Yahoo/iPhone ‘Push’ IMAP Doesn’t Use SSL? ★

If I’m reading this right, using Yahoo’s “push” IMAP with an iPhone, your login credentials are put on the wire unencrypted. Update: Got it now: They’re not sent in the clear, but since it’s not sent over SSL, an attacker can capture (say, over Wi-Fi) your transactions with Yahoo and replay the authentication bits.

I can’t think of a good reason why email servers don’t mandate SSL nowadays; to have a service that doesn’t even support it is appalling.

Silent Evidence ★

John August on Nicholas Taleb’s new book, The Black Swan.

Glass Houses ★

Ed Burnette on his ZDNet weblog on Saturday, after Duke admitted their Wi-Fi problems were caused by their Cisco equipment:

What’s interesting about all this is how the mainstream press jumped all over the problem. Fox, CBS, ABC, the Associated Press, and others all ran stories on the incident.

Even more interesting: Burnette himself, three days earlier, ran a post titled “Apple iPhone KO’s Cisco Network at Duke”.

Dashalytics ★

Dashboard widget for displaying Google Analytics web stats.

Poll: 70 Percent of Zune Owners Will Switch to iPod or iPhone ★

Talk about switchers.

Security Firm Demos iPhone Exploit to New York Times ★

John Schwartz, reporting for The New York Times:

Dr. Miller, a former employee of the National Security Agency who has a doctorate in computer science, demonstrated the hack to a reporter by using his iPhone’s Web browser to visit a Web site of his own design.

Once he was there, the site injected a bit of code into the iPhone that then took over the phone. The phone promptly followed instructions to transmit a set of files to the attacking computer that included recent text messages — including one that had been sent to the reporter’s cellphone moments before — as well as telephone contacts and e-mail addresses.

The researchers have set up their own web site with additional information.

Fuel for Thought ★

James Surowiecki in The New Yorker, on why many Americans support higher fuel efficiency standards even though they don’t buy fuel efficient cars:

Back in the nineteen-seventies, an economist named Thomas Schelling, who later won the Nobel Prize, noticed something peculiar about the N.H.L. At the time, players were allowed, but not required, to wear helmets, and most players chose to go helmet-less, despite the risk of severe head trauma. But when they were asked in secret ballots most players also said that the league should require them to wear helmets.

Shiira 2.2 ★

Now compatible with the Safari 3 beta version of WebKit. (Via David Chartier.)

ISO 6400 With 1D Mark III ★

James Duncan Davidson is using his new Canon 1D Mark III to shoot at up to ISO 6400 and is getting usable results. Amazing.

Twitter Undo ★

Convenient script from Daniel Jalkut to delete your most recent Twitter post; because you can’t edit a tweet once it’s posted, you can use this to correct typos by deleting and re-posting.

Red Sweater Software: Usable Keychain Scripting ★

Worth a re-link: Daniel Jalkut’s free Usable Keychain Scripting is 200 times faster than Apple’s bizarrely slow Keychain Scripting scripting addition. If you want to access keychain items from AppleScript, you want this.

Quinn 3.5 ★

Updated version of Simon Härtel’s excellent freeware Tetris clone; new stuff includes a new UI and universal binary support. I’ve said it before and will say it again: Quinn’s my favorite Tetris game for Mac OS X.

Harry Potter and the Phantom Delivery ★

Kottke:

Here’s what I think happened. I think UPS’s network was overwhelmed by Amazon’s Potter-volume in some parts of the country and they had no way to deliver all those packages. […] So, UPS just marked all of those packages they had no intention of delivering as “oops, we missed you, you must have been out”.

iPhone-Optimized Google Search ★

Google search results optimized for display on iPhone. (Via Scoble.)

Stephen Colbert Gets an iPhone ★

“I’ve been using this non-stop. I’ve been making calls. I’ve been petting it. I’ve been turning it sideways — all the things you dream of doing with a phone.”

PeepCode: Ajax With Prototype.js ★

90-minute screencast on the fundamentals of Ajax web development with the Prototype.js library. $9 for the whole screencast, free three-minute preview available.

Fox News Left Their Root Image Directory Open ★

Reddit users poke through open image folder on Fox News web site.

The Problem With Duke’s iPhone Problem ★

Ben Worthen of The Wall Street Journal:

And this is why information-technology departments always worry about employees’ bringing new technologies like the iPhone into the workplace. The conventional wisdom in IT shops is that anything that’s not standard-issue will cause unanticipated problems when it’s introduced into an existing network. The new technology may be perfectly innocent; but the network still goes down, and the IT guys have to fix it.

Translation: A lot of IT infrastructure is fragile rickety crap, and the people responsible for it aren’t smart enough to fix it so they make rules and place blame based on little more than superstition.