The Mouse, Done Right

Indeed, MacMice got it right:

I've stated (repeatedly) that using Mac OS X with a single button-mouse is like rowing with a single oar, and I stand by it. This looks at first glance every bit like the original Apple mouse (except the underside, which I can see no photos of), and cleverly uses the half-split translucent shell as an integral part of the mouse buttons.

Now all they have to do is license it to Apple, and we're all set.

Mac OS X 10.3.3 Out

Changes in the 59MB update include:

  • network volumes are now available in the Finder sidebar and Desktop for convenient access
  • improved file sharing and directory services for Mac (AFP), UNIX (NFS) and PC (SMB/CIFS) networks
  • improved Postscript and USB printing
  • updated Disk Utility, DVD Player, Image Capture, Mail and Safari applications
  • additional support for Firewire and USB devices
  • improved compatibility for third party applications
  • previous standalone security updates and Bluetooth Update 1.5

Get it via Software Update. I just hope it doesn't break my HP printer again...

Wi-Fi Fragments, Consumers Lose

This piece reminds me of the 802.11a and 802.11g race all over again. Every year some manufacturer pushes their own proprietary go-faster wireless enhancement, sells a few percent more (kicking off a spree of "me-too" products) and gets consumers stuck on an ultimately useless product. Last year we had US Robotics pushing their quasi-g, now we have Agere and Atheros.

And then people wonder why around a quarter of Wi-Fi products fails or does poorly in interoperability testing.

Nokia Now Owns 63% of Symbian

Via Gizmodo, this piece of news is just one of the reasons SonyEricsson's latest models don't run Symbian. Not that it wasn't quite obvious, and that the UIQ development community wasn't complaining for a while now (the SonyEricsson developer relations staff are making a commendable job, though).

Don't Knock On Your Firewall

Bruce Schneier's Crypto-Gram is always a source of entertainment and insights into real security, i.e., what so-called "security consultants" often ignore. Sometimes it's plain common sense, sometimes it's downright fascinating. However, I've just been reading through the Port Knocking HOWTO and wondering how the hell can something like this be really secure.

Sure, it's clever, and it's not immediately apparent from the outside, but all it takes is for someone to sniff your traffic and figure out the SYN packet sequence - then you're exactly where you were before you implemented it. In short, it might keep your boxes safer for 15 minutes more.

There is a more secure alternative, as Trevor Jim just noted to me on e-mail (hi!): If you use a one-time sequence (the same concept as a one-time password, but consisting of port sequences) then you're safe from replay attacks. Nevertheless, this is still more complex to set up than the reasonable alternative (which follows) and is likely to only be of use to the "bad guys".

If you're not on the Dark Side and really want to open ports (instead of using time-honoured techniques like SSH or IPsec encapsulation), it's much better to:

  • Use an encrypted channel (SSH or SSL) to trigger the process
  • Use out-of-band signalling (get an SMS modem and SMS instructions to your box)

Both of these have the advantage of allowing you to confirm the identity of each of the participants (by using SSH keys, SSL certificates or just validating the MSISDN the SMS came from).