Year: 2013

[Shawn Blanc on DSPTCH straps][1]:

> I’ve been using both of the DSPTCH straps for quite a while now and they are fantastic. The build quality and materials used are just great; they are comfortable; and DSPTCH uses interchangeable connectors to attach their straps to the camera’s lug mounts.

I love these straps. I have been using them for quite a while and it is awesome to be able to easily switch between the two strap types. My only complaint about the shoulder strap is that it is a bit slick — other than that I have no issues with the straps whatsoever.

[1]: http://shawnblanc.net/2013/10/dsptch-straps/

[The award goes to John Casasanta of taptaptap for the Camera+ release notes](http://taptaptap.com/blog/look-over-there-pal-its-camera-4-2/):

> And then we thought about jumping on the bandwagon where we put Camera+ out as a whole new app and let existing customers pay for it all over again. And of course there’d be the ensuing sh__storm where those customers felt cheated and we’d have to backpedal and reverse that shortsighted decision.
> So it was Clear that that would’ve been a knuckleheaded move, so instead we decided to treat our lovely customers fairly and make Camera+ 4.1 a free update as we’ve always done. But then we felt like it was all give and no take… so to make us feel better about giving-in too easily, we chose to call it version 4.2. That’ll teach you to mess with us.

*Really?*

[Randy Rieland, with a][1] honestly I don’t even know how to preface this, so here you go:

> In August, Google was awarded a patent to allow for the use of something known as “pay-per-gaze” advertising. In its application, the company noted that “a head-mounted tracking device”—in other words, Google Glass—could follow where the person wearing it was gazing, and be able to send images of what they saw to a server. Then, any billboards or other real-world ads the person had seen would be identified and Google could charge the advertiser. As noted in the New York Times’ Bits blog, the fee could be adapted based on how long the ad actually held the person’s gaze.

*Finally*.

[Claire Cain Miller on sleezy practices][2]:

> Google, the biggest online advertising company, is considering a new way to help advertisers track people across the Web and consolidate its power in the industry.

Cookies are *so* 2010. Won’t it be great when using Chrome means that Google will be tracking your every move on the web and reporting that back to the NSA, I mean Kellogs, or Viagra, or `___________`.

The best Google related news was this puff piece from Steven Max Patterson’s, now banned by TBR standards, article in Quartz, where he [presstitutes][3] for Google:

> Until now, Google hasn’t talked about malware on Android because it did not have the data or analytic platform to back its security claims. But that changed dramatically today when Google’s Android Security chief Adrian Ludwig reported data showing that less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users.

[I’ll leave the Macalope to clean this one up][4]:

> What about apps that simply ask users to give them permission to harm them? Seems like those are the ones that are more of a problem.

I don’t know what the real malware problem on Android is, but I doubt that Google knows how big that issue is either — and that’s the problem.

[1]: http://blogs.smithsonianmag.com/ideas/2013/10/will-google-glass-make-us-better-people-or-just-creepy/
[2]: http://bits.blogs.nytimes.com/2013/09/19/google-is-exploring-an-alternative-to-cookies-for-ad-tracking/?_r=0
[3]: http://www.urbandictionary.com/define.php?term=presstitute&defid=1621012
[4]: http://www.macworld.com/article/2052307/macalope-weekly-fairness-and-accuracy-in-the-media.html

[Nik Fletcher, writing about IAP and developers complaining about lack of sales, concludes with this bit][1]:

> The majority of customers, I’d argue, see the iPhone a bit like this: the iPhone is a device with little-to-no up-front cost, with payment made for the services that provide value. That sounds familiar…

He’s specifically refuting the “people with $800 phones are complaining about a $3 app” arguments. I’d agree with him on this too. Consumers simply don’t see their iPhone as an expensive thing — it’s not (in that sense) a luxury item.

A cellphone is seen as a necessity by a great many of these consumers, and it’s a necessity that must be replaced (for whatever reason) with regularity. So it’s not a matter of the cost of the phone, but the cost of the phone relative to the other phone choices (keep in mind the “free” iPhone is still in play here). For many, there is no other choice than the iPhone, or the choice is close enough in price for it not to matter.

I’ll admit, I don’t “get” these people, but I never will. What I can understand though is the logic of not thinking an iPhone is as “luxury” as it truly is. With that in mind, the lack of willingness to buy $3 apps makes a fraction more sense to me.

[1]: http://nikf.org/blog/offers-in-app-purchases

[Bruce Schneier:][1]

> To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the Internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target’s browser to visit a Foxacid server.

A very in-depth article on how the NSA is exploiting the Tor network. One part I loved:

> The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target’s technical sophistication, the value of the exploit, and other considerations.

In other words they use their best attacks against the highest value targets, because should those attacks become known, they can no longer use those attacks.

I like to think about it like lock picking. If you get caught breaking into a building, it’s best for you long term (as a person who breaks into buildings, and not legally speaking) to have been found out as picking a lock. If you *have* the key to the door, without permission, you probably don’t want that known — because then they change the key, when the defense against picking a lock is not as clear cut.

Likewise if you have a master key, it’s better to be caught with a non-master key. “Oh, we just change one lock, not all the locks — he doesn’t have a master key.” That’s the same thinking with the NSA exploits — it is riskier to never use the master key, but safer (for the viability of your long-term exploits) if you never get caught with a master key.

[1]: https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

[Rob N on the FastMail blog][1]:

> As noted in our recently updated privacy policy, we are an Australian company subject to Australian law. We are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation, which means a warrant signed by an Australian judge. We do not co-operate with any kind of blanket surveillance, monitoring or “fishing expeditions”, and we do not give out user information to anyone outside Australia.

That’s a strong statement, but it gets even better:

> It might be possible for the US government to lean on the Australian government or other international legal body to compel us to hand over data but this likely to be an expensive, time-consuming and highly visible process. In our opinion those barriers make it extremely unlikely to happen.

All in all, FastMail just made a strong statement that they have no knowledge of active spying on their users, and from the sounds of it they are prepared to make a loud complaint about such requests. Good for them, not sure it matters, but good for them.

[1]: http://blog.fastmail.fm/2013/10/07/fastmails-servers-are-in-the-us-what-this-means-for-you/

[Garrett Murray on Instagram getting ads][1]:

> You can pretend all you want that ads won’t be intrusive, annoying or awful, but they will be. They’re ads. You’re putting unwanted crap into a feed of photos from people I hand-selected to follow.

Did I mention that [Favd launched][2], and that it’s great? [I think I did][3].

[1]: http://log.maniacalrage.net/post/63029294919/instagram-blog-hey-you-want-ads-no-too-bad
[2]: http://favd.net
[3]: https://brooksreview.net/2013/09/favd-share-your-pictures/

With real estate being my day job, I regularly get a lot of paper files and these files typically end up crumpled at the bottom of my bag unless I immediately do something with them. Therefore I try to scan things with my iPhone as I get them. I use ABBY Business Card reader for all business cards, and had been using JotNot Pro for all other documents.

JotNot works really well, and quickly. However, as you may know, Smile Software recently launched [PDFpen Scan+][1] — a new iOS app for scanning. The biggest feature it offers is the ability to do OCR conversion on your iOS device. That sounded killer, so I immediately bought the app.

In my testing, Smile’s Scan+ is *mostly* better than JotNot. The biggest point in JotNot’s favor is how cropping is handled. With JotNot the auto-edge-detection is much better. Even more in JotNot’s favor is that manually adjusting the corners brings up a nice magnifying glass making things easy and fast. With Smile’s Scan+ I would recommend not even wasting your time trying to adjust the edges — it’s that difficult. This is the only point not in Scan+’s favor.

As for the final file output? Smile wins hands down. Scan+ leaves you with a better PDF image and accurate OCR of the document. There’s little to no good reason to recommend anything but Scan+ right now for iOS scanning — great app.

For those that want to see a comparison, I took a printed page and scanned the page in each app — adjusting the image as best I could within each app. Here’s the result from [JotNot Pro][2], and here’s the result from [PDFpen Scan+][3]. It’s important to note that Scan+ has a much larger file size, but it also looks better and has OCR (OCR is not required).

Now that you can see the massive difference I suspect you want the link to buy Scan+. [PDFpen Scan+ is $4.99 in the App Store][4].

[1]: http://www.smilesoftware.com/PDFpen/Scan/index.html
[2]: https://f3a98a5aca88d28ed629-2f664c0697d743fb9a738111ab4002bd.ssl.cf1.rackcdn.com/File-03-10-2013-10-38-58.pdf
[3]: https://f3a98a5aca88d28ed629-2f664c0697d743fb9a738111ab4002bd.ssl.cf1.rackcdn.com/scanplus.pdf
[4]: http://www.smilesoftware.com/PDFpen/Scan/index.html

[David Kravets][1]:

> And thus, a digit-collection device attached to a lone purse snatcher’s telephone set the legal precedent used, three decades later, to justify the bulk collection of the same information on every single American.

Nice bit of reporting here by Kravets in looking at how the legal basis for NSA spying was formed off of a case that likely doesn’t have the implications that current courts are purporting it to have.

If you read the article, what you find is that FISC took a Supreme Court decision, which upheld the sentence of man that was specifically being targeted, and turned that into the legal basis for collecting everything on everyone (more or less). ((I see no reason for me to be more accurate than “more or less” if the NSA and FISC are going to play fast and loose with the Constitution.))

[1]: http://www.wired.com/threatlevel/2013/10/nsa-smith-purse-snatching/

[Charles P. Pierce on the shutdown][1]:

> We have elected the people sitting on hold, waiting for their moment on an evening drive-time radio talk show.

Here’s a great [Government status website][2].

[1]: http://www.esquire.com/blogs/politics/Shutdown_Blues
[2]: http://usgovernment.statuspage.io

[David Chartier][1]:

> After more than a year of work, 1Password 4 for Mac in the [Mac App Store][2] and will be available here in [our web store][3] in the next day or two!

I haven’t seen many people touch on this, but that last bit is suspicious to me. Why wait to release the version on *your own* site?

With an app like 1Password, I’d recommend you get it *outside* of the Mac App Store, not *from* the Mac App Store. You never know what features you may not be able to use in the future because of App Store restrictions — I wouldn’t buy it from the Mac App Store at all. I *will* be buying it from Agile Bits directly as soon as I can, but why make me wait?

I don’t get it.

UPDATE: Oddly enough, and without reason, 1Password 4 is now available on the website for purchase and download. Odd stuff. I bought it, installed it, and it is working.

[1]: http://blog.agilebits.com/2013/10/03/1password-4-for-mac-is-here/
[2]: http://j.mp/1PmasBLOG
[3]: https://agilebits.com/store

[CIRONLINE.ORG has a fantastic report on how easy it is to get personal data on people][1]. This is all the reason anyone should need for getting out of Google and other big email providers:

> Even if an investigator faces some hurdles with your inbox, such as Google insisting on a warrant, email is not entirely protected. With a court order that doesn’t reach probable cause, Google will give up your name, IP address, the dates and times you’re signing in and out, and with whom you’re exchanging emails.

Well worth the read of the entire report, but none of the report is good news for privacy advocates.

[1]: http://cironline.org/reports/easily-obtained-subpoenas-turn-your-personal-information-against-you-5104

[Fraser Speirs on LA students “hacking” their iPads][1]:

> Imagine you’re 14 and, one summer, you hear on the news that you’re getting iPads when you go back to school. You go back, are handed an iPad, and then they tell you that you can’t browse the web, can’t use it for personal projects and all you can do with it is look at Pearson apps.
> Total heartbreak.

Speirs makes some fantastic points backed up by his experiences in the deployment at his school. I still wonder how anybody thought a fully locked down iPad was worth, well, buying an iPad for?

[1]: http://speirs.org/blog/2013/10/1/battle-los-angeles.html