The technosphere is a buzz this week with the news that DropBox’s security has a rather large and rather stupid hole in it. I’m only going to give a brief overview of the issue here, so if you’d like more details please check out the blog post that broke the story. What I do want to say is that this is a really infantile mistake on DropBox’s part, and the fact that they could overlook something so elementary for so long worries me a lot.
Anyhow – the whole problem revolves around the Host ID which DropBox uses to identify a computer within your account. This code acts as both an identifier and a password, and it’s a big long string of random looking gibberish. The problem is not that this ID is easy to guess, but rather that it’s not tied to any particular machine. If a bad-guy gets their hands on the file containing this ID they can effectively clone your machine in DropBox’s eyes, and see your files in perpetuity, regardless of how many times you change your password. The only way to kill the bad guy’s access would be to de-authorise the machine who’s ID they cloned in your account pages on the DropBox website.
The original blog post that broke this story describes in detail where you can find this ID on Windows, but doesn’t mention any other OSes. Quite a few listeners to my various podcasts have asked me if I know where the file is located on the Mac. I didn’t, but I figured it would be worth spending a little time finding the answer.
I’ve lost count of the amount of Twitter clients I’ve tried, and none are perfect. There may well be a client out there that does everything I need exactly how I want it to, but I’ve yet to find it. In recent times I’ve settled on Syrinx because it ticks most of the boxes, but it’s not perfect. I haven’t been actively search for a new client, but I’ve still been keeping my ears open. Hence, when Tim Verpoorten talked about Itsy on a recent episode of the Mac Review Cast I decided to give it a go.
I don’t normally log in to Twitter directly – I almost always use clients – but today I did, and I noticed something which shocked me – Twitter is sending login details over an unsecured HTTP connection! I have no idea if Twitter’s always done this, or if they are experiencing some kind of bug today, but either way, this is a serious issue.
Were I to be using public WiFi or any other un-trusted network it would be trivial for someone to get both my username and password and take over my Twitter account. Worse still – if I were to use the same credentials elsewhere like so many people do – all those other accounts could be taken over too. This is just not acceptable in 2009.
I recently moved to a new machine (a hand-me-down G5 20″ iMac), and when it came to installing my new apps I decided I’d had enough of Adobe AIR and the whole idea of web apps pretending (poorly) to be native apps. I like OS X, and I want the full power of OS X in my apps. I also like how OS X apps all look and work similarly to each other. You just don’t get that with AIR apps like Twhirl (which had been my Twitter client up to that point). Not long before I got my new Mac listener Scott had contributed a short review of Syrinx to the NosillaCast, so I decided to give it a go.
I took and instant liking to the app because it’s a proper OS X app, because it uses the OS X keychain to securely save my password, and because it has Growl support. The fact that it’s free also helps of course! I’ve been using it for a month or so at this stage, and I’m still happy enough with it to keep it as my current client on all three of my Macs. It’s also under very active development at the moment with updates coming out regularly, so I have high hopes for this app’s future.
There can be no doubt that Twitter has taken off. It has become completely main-stream, and is rapidly rising in popularity and usage, last weekend’s twitpocalypse is proof of that! It would be nice to think that Twitter can remain the peaceful and relatively spam-free haven it is now, but I can see the start of the downward spiral already. Spam. Sure, you choose who you follow, and if you choose badly you can un-follow people, but does that prevent spam? Unfortunately it doesn’t. Anyone can message you using the @ sign, even if you don’t follow them. In many ways this is a great thing, for me, it lets listeners to my podcasts contact me without my having to give out my email address. However, this provides spammers with a mechanism to target people with their infuriating crap.
This week I went hunting for a piece of software to automatically change my desktop wallpaper using Flickr as the source. In particular I wanted it to use my set of desktop wallpapers on Flickr. There are solutions to do this kind of thing on Linux and Windows, but since I use OS X I had to go find one I could actually use. In the end I found just one solution that worked well, the donation-ware app DeskLickr.
DeskLickr is definitely one of those apps that does just one thing, but seems to do it well. I’ve only been using it for a few days but so far I’m very happy with it. I set it up, then forgot about it and watched my background change to a new photo every 30 minutes. It could be argued that the Flickr configuration could be a bit clearer to understand, and it could definitely be argued that it would be nice to have more options for choosing photos from Flickr, but, it works, and that’s the important thing.
The problem with .Mac (the previous name for Mobile Me) was never the concept, nor was it what was promised, the problem was always the implementation. I expressed my views on .Mac back in January 2007 in a post entitled “.Mac – The Devil is in the Implementation”, and nothing has really changed since. I had high hopes that Mobile Me would finally give us the .Mac we’d always wanted. If all Mobile Me had been was a working version of .Mac without any new functionality it would have been great! However, since it’s launch Mobile Me has just been one disappointment after another. Things started badly when it took them days to get the system even remotely stable, got worse when they permanently lost thousands of people’s email, and didn’t improve at all when we found out Apple had lied to us about push.
[tags]Apple, Mobile Me, .Mac, iDisk, security[/tags]
I’ve heard Leo Laporte prattling on about twitter for what seems like years on TwIT and have been actively avoiding it for ages. However, a few weeks ago I finally caved in and decided to give this whole Twittering thing a go. My overall impressions are that it’s a great idea, just poorly implemented. The service is about as stable as a pencil balancing on its point! I’ve only been twittering for two weeks and already I’ve experienced two Twitter outages, there’s no word for that other than poor. Then we come to their website. What an ugly and clunky mess! Yea, it works, but not that well and it’s far from a joy to use. Then we come to the main thrust of this post, Twitter clients on the Mac, overall I’m not really that impressed. I’ve settled on a client that’s good enough, but that’s the highest praise I’ll give it.
[tags]Twitter, OS X, Titterific, Spaz, TwitterPod, TwitterPost[/tags]
Apple really go out of their way to push .Mac so a little over three months ago I decided to give their 90 day free trial a go. I may as well see for myself what all the hype is about right! On paper .Mac is great. The iDisk is a wonderful idea, the idea of syncing your application settings, calendar, contacts email …… is wonderful. However, I’m sure we’ve all heard the phrase the devil is in the detail, well, with .Mac it’s similar, the devil is in the implementation.