Recent Articles

[Kim Baldonado][1]:

> A TSA office near LAX was evacuated Wednesday afternoon after it received a suspicious package, believed to have been mailed by an ex-screener arrested for allegedly threatening the airport, according to the FBI.

I wasn’t going to link to this, but right before tossing it aside I caught the really funny part. You see the headline makes it sound like the TSA has been getting some naughty packages, and the above quote attributes the latest to an ex-TSA employee. That’s pretty bad, but really whatever. What makes this story great is the next paragraph:

> The delivery to the Century Boulevard offices marks the third suspicious package attributed to Nna Alpha Onuoha, 29, officials said.

You see, this *same* ex-TSA employee has sent all three of the packages. *Insert your own joke about how good the TSA is at screening employees, here.*

[1]: http://www.nbclosangeles.com/news/local/Nna-Alpha-Onuoha-LAX-TSA-Threats-Suspicious-Package-Evacuation-223387571.html

There are two really great things about the iPhone 5S that I can’t wait to have:

1. The new camera. Like every iPhone before it, the camera is much improved. This go around I think it is going to start giving cameras like the GX1 a run for their money. The new autofocus, flash, and burst modes are the kind of features you just don’t get out of a camera that compact.
2. The Touch ID systems lack of cloud storage. That is, the fact that the system works without transmitting your fingerprint to *any* server is a huge win for security. I’m personally not too worried about this system as my fingerprints have to be in “the system” in order for me to be a commercial broker.

There are undoubtedly tons of nice additions, but the two above are the ones that I am most excited about.

[Editorially has officially launched today.][1] I have been in on the beta of Editorially for quite a while, but really don’t know much about their product roadmap. So now the doors are open, and if you want to give it a go you can sign up and do just that.

For those that don’t know Editorially, it is an online writing app, where you can invite others to checkout, modify, comment on, and discuss your writing.

It’s a great tool for writing with other people.

I’ve been using it with my editor James for quite a while now and it has been great. I love being able to pop a document on there, still work on it privately, and then invite him to it. I can add a comment about the overall document, or highlight a specific section that I want him to see.

There’s still a lot missing and a lot that *could* be added to make this a great tool. Right now, it is the best tool I have found for working with an editor and I am, overall, happy with it. Now that the doors are open, I will also be adding it to the workflow for my day job for collaborating on long documents — it’s just leaps and bounds better than “track changes”.

[1]: https://editorially.com/

[Marcel Rosenbach, Laura Poitras and Holger Stark](http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html):

> According to the documents, it set up task forces for the leading smartphone manufacturers and operating systems. Specialized teams began intensively studying Apple’s iPhone and its iOS operating system, as well as Google’s Android mobile operating system. Another team worked on ways to attack BlackBerry, which had been seen as an impregnable fortress until then.
> The material contains no indications of large-scale spying on smartphone users, and yet the documents leave no doubt that if the intelligence service defines a smartphone as a target, it will find a way to gain access to its information.

First, let’s acknowledge how refreshing it is that *so far* the reports are that this is only being used for targeted individuals and not just randomly grabbing up all data. The iPhone is mentioned in this article, but from my reading of the article is seems as though iPhones are targeted through backups.

Not, as you might suspect, through iCloud backups, but backups on a user computers. This seems like a dubious assertion to me, because before iCloud backups even *I* wasn’t regularly backing up my iPhone. It would be my guess that iCloud backups are just as, if not more, vulnerable.

More telling is the hack into BlackBerry’s as it looks to be pretty far reaching — and may be the nail in the coffin for BlackBerry. It appears the NSA has a pretty good handle on the “secure” communication device, I can’t imagine it is a good day for Canada’s *only* company. ((Joking, or am I?))

No, actually, the most disturbing part of this report is this bit:

> In three consecutive transparencies, the authors of the presentation draw a comparison with “1984,” George Orwell’s classic novel about a surveillance state, revealing the agency’s current view of smartphones and their users. “Who knew in 1984 that this would be Big Brother …” the authors ask, in reference to a photo of Apple co-founder Steve Jobs. And commenting on photos of enthusiastic Apple customers and iPhone users, the NSA writes: “… and the zombies would be paying customers?”

The touting of creating a 1984 like state is very unsettling and is very telling. This is how these agencies view themselves: as the watchers. They were created to keep us safe, but see themselves as helicopter parents.

On a lighter note, the idea that these agencies can hack iPhones, but still use transparencies is, well, both confusing and ridiculous.

As recently as a couple of years ago ((Rough guess.)) I would have stood confidently before you and declared the Apple retail store experience to consistently be the best retail store experience, and perhaps the best shopping experience, I have ever had.

I’m not just speaking as an “Apple Blogger” or a tech-geek. I *do* speak as those things but also as a commercial property manager. What does a commercial property manager do? Well, I’m basically the landlord for office buildings, shopping centers, shopping malls, warehouses, etc. If someone doesn’t call the place “home”, then it’s something I manage for the owner of the property.

Needless to say I deal with retailers all day. I visit a ton of stores, many you would never want to set foot in. What I don’t manage, nor does my company, is any real estate with an Apple Store in it.

Keep that in mind as we continue…

***

What made the Apple Store one of the best retail experiences I have ever had, and all the more astonishing, was its *consistency*. No matter the day, time or location of the store, Apple retail always delivered a great experience. This was simply amazing to me: Like iPhone level quality mass manufacturing on a human retail employee level — something I didn’t think possible.

And then, at some point in the last couple of years, Apple changed the way their stores operated and fucked it all up.

Now I play a little game whenever I go to an Apple Store: “Avoid the iPad-Wielding-Apple-Rep”. You know who I’m talking about: the 2–4 Apple employees that hang out in Apple Stores greeting you and asking if you need any help, the ones with the iPads.

Sounds like these are really helpful people, right?

Wrong. These are the scourge of the Apple Store because they cannot actually *help* you. If you walk up and say: “I’d like to get an iPhone.” They say: “Sure, I will get someone to help you.” They are friendly, but why can’t *they* help you?

I understand that certain Apple retail employees specialize in certain products, which makes sense. I’m perfectly happy waiting for a knowledgeable representative when I have specific questions about the products. However, the single most annoying thing about iPad-Wielding-Apple-Reps is if you ask them: “Hey, could you ring this up for me?”, you get the response: “Let me get someone that can help you with that.” (“Duh, don’t you see I use this-here iPad to look official and nothing else?”, remains unsaid.)

One of the greatest things about the Apple Store used to be that there were only two employee types: Geniuses and non-Geniuses. You knew the difference because the former always had a line of people waiting for them. At this time you could grab any free non-Genius, pay for your wares and leave. This experience was so great that stores like Nordstrom Rack implemented it to make checkout easy, non-location specific, and personable.

To be fair, only the iPad-Wielding-Apple-Reps can’t check you out (Geniuses are still too busy for that). The problem is that in a typical Apple Store, the iPad-Wielding-Apple-Reps are the ones making eye-contact with you and are generally always available, just not available to really *do* anything.

Today at the Apple Store I saw a common scene unfold. Four to six retail employees standing around talking, a dozen or so people with broken iOS devices getting help, others looking at iPhone cases, etc. When it came time for me to checkout I turned to the first Apple Store employee and lost my own game — it was an iPad-Wielding-Apple-Rep.

*”Let me get someone that can help you with that.”*

The time it took waiting for her to get someone to help me check out, was greater than the time it took for me to actually check out. The iPad-Wielding-Apple-Rep could have just checked me out and saved us all time. It’s not like she would have helped anyone else during that time…

This starts to chip away at an outstanding retail experience. I hope the iPad-Wielding-Apple-Rep is a temporary thing, because I am starting to dislike visiting Apple Stores. I feel compelled to avoid these employees.

***
*A Note from Editor, James Martin:

I wonder if iPad-Wielding-Apple-Reps was a reaction to customers sometimes feeling, at busy times, that it was impossible to get anybody to help with anything. I’ve certainly experienced that phenomenon in Apple stores more than once (usually at the flagship retail locations: NYC, London UK, Sydney Australia).

Maybe for the frustrated, ignored customer *some* attention is better than nothing. Even if it’s only a placebo.

[Ellen Nakashima reporting on a secret (now-not-secret) court ruling expanding NSA powers][1]:

> Together the permission to search and to keep data longer expanded the NSA’s authority in significant ways without public debate or any specific authority from Congress. The administration’s assurances rely on legalistic definitions of the term “target” that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government’s approach to surveillance: collecting first, and protecting Americans’ privacy later.

Gee, wonder why this wasn’t debated in congress.

[1]: http://www.washingtonpost.com/world/national-security/obama-administration-had-restrictions-on-nsa-reversed-in-2011/2013/09/07/c26ef658-0fe5-11e3-85b6-d27422650fd5_story.html

[Matt Gemmell has written his take on the NSA scandal][1]. Gemmell is someone who I normally agree with, but in this case I am in disagreement. There is a chance that cultural differences (however slight) are at play here, but I still would like to respond to a couple statements he makes:

> If you didn’t already assume that all this was happening, I really have to wonder why not. It’s inevitable, and entirely in keeping with the goals and modus operandi of state-operated secret signals intelligence-gathering institutions. That’s what they do. That’s what they’ve always done, and what they’re designed to do.

I think there’s a few issues at play in this paragraph, but the only one I want to tackle right now is the notion that people should have assumed this was occurring. [I’ll point you to cryptographer Matthew Green, talking about an interview he did with ProPublica (wherein he didn’t know about what was to be released)][2]:

> I admit that at this point one of my biggest concerns was to avoid coming off like a crank. After all, if I got quoted sounding *too much* like an NSA conspiracy nut, my colleagues would laugh at me. Then I might not get invited to the cool security parties.

> All of this is a long way of saying that I was totally unprepared for today’s bombshell revelations [describing the NSA’s efforts to defeat encryption][3]. Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough.

Gemmell thinks we should have all assumed this was going on, but even very smart cryptographers couldn’t imagine the scale of this. That’s what I take issue with. It’s fine to say that we perhaps should have thought more was going on than meets the eye, but to assume that *this* level of subversion was at play was something that only the most paranoid assumed. ((And I am pretty damned paranoid.))

Back to Gemmell:

> This current flap is about privacy from the state. Notionally, we’re protected by legislation, due process, reasonable cause, and so forth. More realistically, we must assume that the state knows (or at least *can* know, should it choose to) everything about our online lives, which in turn reveals probably almost everything about our offline lives.

I don’t know anything about laws outside of the U.S., so I will only comment on those that I know. But it is widely believe here in the U.S. that such programs violate our constitutional rights. It is with that in mind that Americans (at least) assumed that any spying done at this level was done in direct protection of the country and never on American citizens — this is looking to be a false assumption.

This is a big deal. It’s not just a matter of secret laws, it’s a matter of violating some fundamental truths that Americans hold near and dear. Namely being, as Gemmell so accurately notes, privacy.

There’s a lot of points I don’t like, but that doesn’t make them invalid. Gemmell has presented a very good argument, just one that I very much disagree with. Especially this point:

> So what do we do about it? Probably not a lot, if we don’t want to sacrifice effective national security, international relations, and global communications.

Say what now? That’s a weak sentiment — that nothing can be done so why bother — and anything that is done makes “us” woefully insecure. I couldn’t disagree with that more.

Terrorism is not as rife as news media and politicians make it sound, and while we certainly don’t know how much these programs have prevented, reining these programs in certainly wouldn’t lead to daily 9/11 attacks.

Lastly, international relations (from the US side at least), are already on thin ice. The U.S. makes a ton of the software the world runs on, and some of that software has most certainly been compromised in the name of **U.S.** interests — how does stopping that do anything *but* bolster international relations?

“All that is necessary for the triumph of evil is that good men do nothing.” –Edmund Burke

[1]: http://mattgemmell.com/2013/09/06/privacy/
[2]: http://blog.cryptographyengineering.com/2013/09/on-nsa.html
[3]: http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=0

[Jeff Shiner CEO of AgileBits][1]:

> It is impossible to absolutely prove that our answers to the easy questions above are truthful. But what I can do is provide a number of more verifiable claims, each of which makes it harder for us to lie about any of this. In combination, these should be enough to persuade you that there is no backdoor (deliberate weakness) in 1Password and that it would be very unlikely for one to be introduced.

Great post, and about as much as anyone can hope for. (I was glad to see this because I looked at some of the other 1Password like offerings and they are, erm, not good.) While the post doesn’t give me 100% confidence it gives me enough to feel comfortable staying with AgileBits products for the time being.

[1]: http://blog.agilebits.com/2013/09/06/1password-and-the-crypto-wars/

[Ken White][1]:

> I am the other because I believe a free person needs no excuse whatsoever to keep communications secret from the government, whether those communications are weighty or frivolous. I am the other because I believe the mantra “what do you have to hide” is a contemptible and un-American sentiment that fundamentally misconstrues the proper relationship between citizen and state.

Fantastic read, and I could have quoted any section of it. One particular section (that I felt was too long to quote in a “moral” sense) deals with the government potential to pass confidential information to prosecutors to help with crimes. Put this at the top of your list if you are still wondering why NSA spying is a really big deal.

[1]: http://www.popehat.com/2013/09/06/nsa-codebreaking-i-am-the-other/

[Justin Williams responding to this year’s complaints about upgrades and free trials in the App Store(s)][1]:

> I don’t have a solution to the problem, but I know that trials won’t transition customers who have grown up in the age of free into people willing to part with money for software. A martini may be $10 whereas your app is a mere $2.99, but people are conditioned to always pay for their liquor as food and drink has always been a pay-for product.

Williams has some really smart points in his post and I think he is spot on about upgrade pricing.

I don’t think free trials are needed at all. If you think people aren’t buying your software because they can’t try it, then you simply are not doing a very good job explaining your software (with screenshots, descriptions, website, screencasts, etc.). There’s a lot of software I won’t buy until someone I know has it because the information about the product is scarce — and what is available isn’t very informative.

[1]: http://carpeaqua.com/2013/09/05/trials-and-upgrades-are-still-dead/

New Snowden documents are out. [James Ball, Julian Borger and Glenn Greenwald report][1]:

> It cautions analysts that two facts must remain top secret: that NSA makes modifications to commercial encryption software and devices “to make them exploitable”, and that NSA “obtains cryptographic details of commercial cryptographic information security systems through industry relationships”.

And:

> A quarterly update from 2012 notes the project’s team “continue to work on understanding” the big four communication providers, named in the document as Hotmail, Google, Yahoo and Facebook, adding “work has predominantly been focused this quarter on Google due to new access opportunities being developed”.

Lastly:

> This GCHQ team was, according to an internal document, “responsible for identifying, recruiting and running covert agents in the global telecommunications industry.”

Ok, so this report is coming out from The Guardian, The New York Times, and ProPublica as a joint report of sorts — and of course the government asked they not publish this article (kudos to them for publishing it anyway).

From what I can tell, with the information being provided, GCHQ and the NSA are working with large software companies to build-in backdoors to encrypted software. This can/could/is/maybe running the gamut from VPN, HTTPS, SSL/TLS, and so on. Basically if the encryption tool is made by a large US or UK corporation there is a chance it has a backdoor built in for the spy agencies.

Not. Good.

On top of that, as quoted above, it appears that Google was/is the top target (not surprising given the popularity and the amount of data Google holds on users). More importantly it *sounds* like GCHQ (maybe the NSA?) is putting spies into telecomm companies to compromise those networks from within…

[Bruce Schneier, writing about how to stay secure in light of this new information][2] (he has the original documents and has read through them), states:

> What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

That’s Windows, Mac, Linux, iOS, or whatever. That’s incredibly unsettling.

Essentially, if the government wants in to your communications, your data, your computer, it’s likely going to get in. What’s unsettling about backdoors is that once they are found by others, they can, and will, be used by others. That’s incredibly dangerous for all.

Being in the U.S. this is not comfortable, but I can’t imagine being in a foreign country and seeing that most of the software you are using is U.S. made software and knowing that the NSA is specifically targeting foreign communications coming through the US.

[1]: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
[2]: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

[Daniel Jalkut on the new Yahoo! logo][1]:

> This is not how any company, big or small, cherished or unknown should design a company identity. The more I read about Yahoo!’s process for this redesign, the less respect and confidence I have in them

The only good thing I can say about the logo is: at least it isn’t blue. Then again, I have seen blue iOS app icons that I much prefer to this, for example: any blue Apple iOS icon would be better.

[1]: http://bitsplitting.org/2013/09/05/a-mockery-of-whom/

I certainly don’t like the Microsoft acquisition of Nokia, but this post from [Patrick Rhone strikes me as rather short-sighted][1]:

> The smartphone war is over. It has been for a while. And, like a lot of wars, the two winners both claim victory and are likely both, through the view of each own’s prism, right. Anyone else getting into this fight now (or trying to start the same fight) will be ignored.

Really? [Kind sounds like this][2]:

> “\[Apple and the iPhone is] kind of one more entrant into an already very busy space with lots of choice for consumers … But in terms of a sort of a sea-change for BlackBerry, I would think that’s overstating it.”– Jim Balsillie, 2007 \[then Co-CEO of RIM]

The one thing to know about the cell phone industry is that it can change almost over night. Build something substantially better and the geeks will flock to it, which means eventually all users will too. The odds are heavily against Microsoft, but that doesn’t mean that the “smartphone war is over” — not by a long shot.

[1]: http://minimalmac.com/post/60240331259/7-billion-reasons-to-say-no
[2]: http://www.theguardian.com/technology/2012/jun/29/rim-chiefs-best-quotes