June 2007 Archives

Joining an 802.1X Network at Mac OS X Login

In case your missed it: Mac OS X 10.4.6 or later: Joining an 802.1X network at Mac OS X login.

Got a Crashing MacBook Pro?

If you're finding that your new MacBook Pro is having frequent kernel panics when connected to an AirPort network, you're not alone. That thread suggests that Apple is aware of the problem and is working on it, but does not yet have a fix. I'm typing this from an AirPort-connected Santa Rosa-based MacBook Pro, so not all machines have the problem. This must be extremely frustrating for folks that do have the problem, though.

Microsoft Security: Sixth Worst Job in Science

Amusing: Popular Science lists "Microsoft Security Grunt" as one of the worst science jobs. Worse than "Whale Feces Researcher," apparently.

(via Slashdot)

EV Certificates: Questionably Effective

"Extended Validation" (EV) certificates are sold by authorities like Verisign and Entrust to webmasters looking to prove their sites' security to users. By paying extra money and going through a more rigorous approval process, webmasters receive an SSL certificate that turns the Internet Explorer 7 address bar green. This, the certificate authorities claim, gives users extra assurance that they are not subject to phishing or other kinds of attacks.

Verisign's current entry level "SSL Secure Site" certificate is $399 retail, while a quick Google search turned up a competitor selling certificates for $14.95. From a web browser's perspective, the two certificates are equally trustworthy, and both will show the little lock icon in the address bar. What's more, not only are the competitor's certificates much cheaper, they're also easier to obtain. All you need to do is send a couple of emails. With Verisign (at least, the last time I bought a Verisign certificate), you need to jump through additional hoops to get your certificate. In my opinion, Verisign's certificate are indeed more secure, but it doesn't matter — so long as the lock icon appears is the address bar, that's all that counts.

So what's a certificate authority to do? Create a new, higher tier of certificates that do more than just show the lock icon and recover some of that lost revenue. Verisign's EV certificate offering is $1,499 a year. If you purchase one of these certificates, a user visiting your site will have their browser address bar turn an unpleasant shade of green (with a nice little lock icon, for nostalgia's sake).

Just one problem: a study by Stanford and Microsoft researchers indicates that EV certificates are no better than regular certificates at helping prevent phishing attacks. Additionally, users who read the IE7 help file were more likely to fall prey to phishing attempts, as they came to trust the browser UI to alert them to such attempts. A false negative (that is, a phishing site not flagged by the browser), was implicitly trusted by users in the study.

Looking Back at WWDC

Mark Alldritt's thoughts pretty much sum up my own: WWDC was nice, but not earth-shattering. The labs were OK, although most of the answers I was given were of the "hmmm, the guy that can answer that is not here right now" variety. I had one laugh-out-loud moment during the keynote: "Here's your iPhone SDK, it's called a a web browser. Sweet!"

WWDC can be a little frustrating for me. We get to look at all the cool technology in the upcoming Mac OS X release, but I won't get to use it for at least a year or more. That's because our official policy here at the Labs is to support both the current and previous versions of the OS. That means everything we write needs to be Tiger-compatible until Leopard's successor arrives¹.

Over the last few years there's been an increasing IT-related presence at WWDC. Back in days of yore, the conference was 100% developer focused. Now there's a full track devoted directly to IT issues, and a number of sessions that bridge the IT/programming divide. The Bending Directory Services To Your Will: Best Practices session was particularly good (and the roar from the crowd when it was re-announced that "NetInfo is dead!" was amusing).

I can report that Elektron runs on the current release of Leopard, although the UI is a little glitchy. I suspect that this is because Cocoa is still a little rough in this release (other third party apps seem to have the same problems). On the whole, it looks like the transition from Tiger to Leopard will go more smoothly than did the transition from Panther to Tiger.

¹ OK, eagle-eyed observers may have noticed that Elektron 2 requires Tiger, which technically violates our policy — until Leopard ships, we should be supporting Panther. We initially timed the release of Elektron 2 to coincide with Leopard, but then Apple missed their ship date for Leopard.

UGC + Wi-Fi = WeFi

WeFi is a startup with software that locates and maps open Wi-Fi hotspots. Nothing special about that — there's lot of services that help you find Wi-Fi. What WeFi does that's a little different is to add a social networking component, with which users can easily submit hotspots they find for sharing with other WeFi users. WeFi seems to hitting all the Web 2.0 buttons: social networking, Twitter integration, and a "beta" tag built into its logo. Unfortunately, no Mac software is available (they recommend BootCamp!).

Another Day, Another Build

New versions of Elektron are available for both Windows and Mac OS X. This is a recommended upgrade for Windows users, and an optional upgrade for Mac OS X users coming from earlier versions (i.e., earlier this week) of Elektron 2.0.x.

The Windows update is recommended because it fixes a bug with which users connecting via TTLS/MS-CHAPv2, authenticating against their Active Directory accounts, would always have their connection requests rejected, even if the user presented a valid username and password. This was due to an incorrect MS-CHAPv2 server response being generated. The issue affected only TTLS/MS-CHAPv2, but that is the default 802.1X authentication method on Mac OS X, so if you've got Elektron 2.0.1716 or 2.0.1717 running on Windows Server and Mac users who can't connect, this is the solution.

Both version also get better logging in debug mode, but that's a minor change. You'll also note the reappearance of Windows and Mac OS X installers for exporting your Elektron server certificate. It was gently pointed out to us that removing features is a good way to make your customers, um, unhappy. Sorry about that! Please consider the new build an act of contrition.

Download the latest versions of Elektron from our support page.

EVDO to Wi-Fi Router Update

Earlier I wrote about a then-new EVDO to Wi-Fi router from Kyocera. Well, I can report that I've been using it for over a year now with fantastic results. I initially bought it to house my Verizon EVDO PC card after upgrading my PowerBook to a MacBook Pro (remember, the MacBook Pro has no PC card slot; it uses ExpressCards). At the time, there were no EVDO ExpressCards, so the Kyocera was to be a stopgap solution until they appeared. Well, Verizon started shipping the EVDO ExpressCards, and I'm still using the Kyocera. Despite the size, its nice having a full-fledged access point that can share a connection with multiple users.

Apple Design Awards 2007

Congratulations to the winners! Some of the usual suspects are there: Panic, Delicious Monster (what, no Freeverse?!), and some newcomers — the BART widget is now installed on my MacBook Pro.

Elektron 1.0 was a runner up in the (now non-existent) Server Solutions category. The awards take a Glengarry Glen Ross approach: first place is a stack of Apple hardware; second place is a lucite cube; third place, you're fired! OK, maybe you don't get fired, you just don't get mentioned at the awards. I've got our lucite cube sitting on the bookshelf behind me, but I'd rather have a 30" Cinema Display sitting on the desk in front of me!

The amusing thing is that because your application must be shipping at the time of the awards submission deadline (with the exception of the Leopard applications category) to be considered, that last day of eligibilty tends to make for an embarrassment of riches for Mac users. Both Coda and the winning version of CSSEdit (a personal favorite) shipped on the same day this year.

"Try Elektron" Link Fixed

To anyone who tried downloading an evaluation version of Elektron between yesterday afternoon and this morning: sorry about that! The link is now fixed.

Hello From WWDC

Well, it's difficult to be underwhelmed by a Steve Jobs keynote, but somehow we managed to do so yesterday. Leopard looks great, and Time Machine, Spaces, stacks, the new Finder, et. al. are great new additions to Mac OS X. If he had ended it there, we would have walked away happy. Instead, Steve gave us "one last thing": third party development for iPhone means writing a web app with iPhone-like CSS. We're joining the chorus of disappointed developers on that one.

Last week I wondered what changes would be needed in Elektron to get it ready for Leopard. The answer: not much at all. Apple has been stressing that well-behaved Cocoa applications will pick up Leopard features "for free." We put a lot of work into making Elektron a well-behaved Cocoa application, so things are looking good. Putting Cover Flow in the Finder does mean we're going to need a new high-res icon for the Elektron Settings application, though.

BART Wi-Fi

This morning the local TV news featured a segment on BART adding Wi-Fi service. My interest was immediately piqued — we're all pretty regular BART users around here (in fact, I took BART to WWDC this very morning).

The devil, however, is in the details, and the BART Wi-Fi plan suffers from the same problems that other Wi-Fi rollouts have. Problems, that is, in acquiring people like me as a customer. It's just too darned expensive for what you get: $10 a day or $30 a month, for extremely limited connectivity. According to the news report, service is only available in stations, not on the trains. Because there is, at most, 15 minutes between trains, you will get at most 30 minutes of network time for your $10. And that assumes that you just miss the previous train on both your inbound and outbound trips.

Of course, you save money by buying the monthly pass. But daily BART riders, the obvious target market for monthly Wi-FIipasses, have the train schedules committed to memory — the real pros walk onto the platform just as their train is pulling up. That leaves no time for whipping out the laptop and hitting the network. What's more, daily BART riders are by definition commuters, likely riding at rush hour. Once Wi-Fi is rolled out on the moving trains, there won't be any room to set a computer on your lap. At rush hour, BART is standing room only.

Finally, there's the issue of whether you want to be seen with a laptop in a BART station, whether there's Wi-Fi available or not. There are definitely some stations on the BART line that I would not want to be seen carrying a multi-thousand dollar piece of electronic equipment, given the epidemic of iPod theft the system has been experiencing.

New AirPort Extreme (802.11n) Firmware

AirPort Extreme firmware version 7.1.1 is now available. No mention of WPA Enterprise changes (not that it needs any &mdash we have a couple here for testing and they run great with Elektron). Most of the changes are related to the NAS features.

Sun Blade 6000

Sun just announced the new Sun Blade 6000 system. Sun, in our opinion, is putting out the nicest server kit in the business, and this new system is no exception. It allows you to mix and match Sparc and x64 processors (both AMD and Intel, the first fruit of the Sun/Intel partnership announced a couple of months ago) in the same blade chassis. The pricing is an incredible value, with the chassis starting at $4,995.

They've come out just in time for us to consider for a big project we're starting here at the lab. I suspect we'll end up going the single-server-at-a-time route, though: the chassis holds ten blades in a 10U package, so it uses the same amount of rack space as 10 1U servers. What's more, the modules are price-competitve with similarly equipped standalone servers, so the blade system will end up a little more expensive (since you still have to buy the chassis). If we needed the enhanced manageability, though, I wouldn't hesitate to buy the blade system.

Interesting note: core for core, the Opterons are a good deal less expensive than the Xeons. We like seeing that, being the Opteron bigots we are ;-)

See You at WWDC

Going to Apple's World Wide Developer's Conference next week? We are! Elektron 2 will be supporting Leopard once Leopard ships, and we need to find out exactly what's on our plate, development-wise. Hopefully not too much, since in Elektron 2 runs just fine on the latest Leopard developer seeds. See you at Moscone — and while you're there, keep your eyes peeled for a big announcement from us...

...And We're Back!

After a brief (oh, say 18 month) hiatus, the Periodik Labs blog is back! Two things have allowed this to happen: we're just about done with Elektron v2, and as a company we've grown to twice the size we were when we went on our blogging holiday So, we've got more time and more people!

In the weeks ahead look for posts spotlighting new Elektron features and the same curmudgeonly commentary on the wireless industry that made the blog (not at all) famous.