Technological Musings

"Is there room for a third category of device in the middle, something that’s between a laptop and smartphone?"

And with that, Steve Jobs, CEO of Apple, ushered in the iPad.

So what is the iPad, exactly? I've been seeing it referred to as merely a gigantic iPod Touch. But is there more to it than that? Is this thing just a glorified iPod, or can there be more there?

On the surface, it truly is an oversized iPod Touch. It has the same basic layout as an iPod Touch with the home button at the bottom. It has a thick border around the screen where the user can hold the unit without interfering with the multitouch display.

The screen itself is an LCD display using IPS technology. According to Wikipedia, IPS (In-Plane Switching) is a technology designed by Hitachi. It offers a wide viewing angle and accurate color reproduction. The screen is backlit using LEDs, offering much longer battery life, uniform backlighting, and longer life.

Apple is introducing a total of 6 units, varying only in the size of the built-in flash storage, and the presence of 3G connectivity. Storage comes in either 16, 32, or 64 GB varieties. 3G access requires a data plan from a participating 3G provider, AT&T to start, and will entail a monthly fee. 3G access will also require the use of a micro-SIM card. AT&T is currently the only US provider using these cards. The base 16GB model will go for $499, while the 64GB 3G model will run you $829, plus a monthly data plan. As it stands now, however, the data plan is on a month by month basis, no contract required.

Ok, so with the standard descriptive details out of the way, what is this thing? Is it worth the money? What is the "killer feature," if there is one?

On the surface, the iPad seems to be just a big iPod Touch, nothing more. In fact, the iPad runs an enhanced version of the iPhone OS, the same OS the iPod Touch runs. Apple claims that most of the existing apps in the iTunes App Store will run on the iPad, both in original size, as well as an enhanced mode that will allow the app to take up the entire screen.

Based on the demonstration that Steve Jobs gave, as well as various other reports, there's more to this enhanced OS, though. For starters, it looks like there will be pop-out or drop-down menus, something the current iPhone OS does not have. Additionally, apps will be able to take advantage of file sharing, split screen views, custom fonts, and external displays.

One of the more touted features of the iPad was the inclusion of the iBook store. It seems that Apple wants a piece of the burgeoning eBook market and has decided to approach it just like they approached the music market. The problem here is that the iPad is still a backlit LCD screen at its core. Staring at a backlit display for long periods of time generally leads to headaches and/or eye strain. This is why eInk based units such as the Kindle or the Sony Reader do so well. It's not the aesthetics of the Kindle that people like, it's the comfort of using the unit.

It would be nice to see the eBook market opened up the way the music market has been. In fact, I look forward to the day that the majority of eBooks are available without DRM. Apple's choice of using the ePub format for books is an auspicious one. The ePub format is fast becoming the standard of choice for eBooks and includes support for both a DRM and non-DRM format. Additionally, the format uses standard open formats as a base.

But what else does the iPad offer? Is it just a fancy book reader with some extra multimedia functionality? Or is there something more?

There has been some speculation that the iPad represents more than just an entry into the tablet market. That it, instead, represents an entry into the mobile processor market. After all, Apple put together their own processor, the Apple A4, specifically for this product. So is Apple merely using this as a platform for a launch into the mobile processor market? If so, early reports indicate that they may have something spectacular. Reports from those able to get hands-on time with the iPad report that the unit is very responsive and incredibly fast.

But for all of the design and power behind the iPad, there is one glaring hole. Flash support. And Apple isn't hiding it, either. On stage, during the announcement of the iPad, Steve Jobs demonstrated web browsing by heading to the New York Times homepage. If you've ever been to their homepage, it's dotted by various flash objects with video, slideshows, and more. On the iPad, these shows up as big white boxes with the Safari plugin icon showing.

So what is Apple playing at? Flash is pretty prevalent on the web, so not supporting it will result in a lot of missing content, as one Adobe employee demonstrated. Of course, the iPhone and iPod Touch have the same problem. Or, do they? If a device is popular, developers adapt. This can easily be seen by the number of websites that have adapted to the iPhone. But even more than that, look at the number of sites that adapt to the various web browsers, creating special markup to work with each one. This is nothing new for developers, it happens today.

Flash is unique, though, in that it gives the developers capabilities that don't otherwise exist in HTML, right? Well, not exactly. HTML5 gives developers a standardized way to deploy video, handle offline storage, draw, and more. Couple this with CSS and you can replicate much of what Flash already does. There are lots of examples already of what HTML5 can do.

So what does the iPad truly mean to computing? Will it be as revolutionary as Apple wants us to believe it will be? I'm still not 100% sold on it, but it's definitely something to watch. Microsoft has tried tablets in the past and failed, will Apple succeed?

There's a bit of buzz surrounding Apple's press event on Wednesday. Much of the speculation seems to be that Apple will be announcing their tablet product. However, it seems that Fredo & Pid'jin have uncovered the real announcement..

People use the web today for just about anything. We get our news from news sites and blogs, we play games, we view pictures, etc. Most of these activities are fairly innocuous and don't require much in the way of security, beyond typical anti-viral and anti-spyware security. However, there are activities we engage in on the web where we want to keep our information private and secure. For instance, when we interact with our bank, we'd like to keep those transactions private. The same goes for other activities such as stock transfers and shopping.

And it's not enough to merely keep it private, we also want to ensure that no one can inject anything into our sessions. Online banking wouldn't be very useful if someone could inject phantom transfers into your session, draining your bank account. Likewise, having someone inject additional items into your order, or changing the delivery address, wouldn't be very helpful.

Fortunately, Netscape developed a protocol to handle browser to server security called Secure Sockets Layer, or SSL. SSL was first released to the public in 1995 and updated a year later after several security flaws were uncovered. In 1999, SSL became TLS, Transport Layer Security. TLS has been updated twice since it's inception and currently stands at version 1.2.

The purpose of SSL/TLS is pretty simple and straightforward, though the implementation details are enough to give anyone a headache. In short, when you connect to a remote site with your browser, the browser and web server negotiate a secure connection. Once established, everything you send back and forth is first encrypted locally and decrypted on the server end. Only the endpoints have the information required to both encrypt and decrypt, so the communication remains secure.

What about man-in-the-middle attacks? What if you were able to insert yourself between the browser and the server and then pass the messages back and forth. The browser would negotiate with you, and then you'd negotiate with the server. This way, you would have unencrypted access to the bits before you passed them on. That would work, wouldn't it? Well, yes. Sort of. If the end-user allowed it or was tricked into allowing it.

When a secure connection is negotiated between a browser and server, the server presents the user with a certificate. The certificate identifies the server to the browser. While anyone can create a certificate, certificates can be signed by others to "prove" their authenticity. When the server is set up, the administrator requests a certificate from a well-known third party and uses that certificate to identify the server. When the browser receives the certificate, it can verify that the certificate is authentic by contacting the certificate signer and asking. If the certificate is not authentic, expired, or was not signed by a well known third party, the user is presented with an error dialog explaining the problem.

Unfortunately, the dialog presented isn't always helpful and typically requires some knowledge of SSL/TLS to understand. Most browser vendors have "corrected" this by placing lots of red text, exclamation marks, and other graphics to indicate that something bad has happened. The problem here is that these messages are intended to be warnings. There are instances where certificates not signed by third parties are completely acceptable. In fact, it's possible for you, as a user, to put together a valid certificate signing system that will provide users the exact same protections a third-party certificate provide. I'll post a how-to a little later on the exact process. You can also use a self-signed certificate, one that has no root, and still provide the same level of encryption.

So if we can provide the same protection using our own signed or self-signed certificates, then why pay a third party to sign certificates for us? Well, there are a couple of reasons, though they've somewhat faded with time. First and foremost, the major third-party signers have their root certificates, used for validation, added to all of the major web browsers. In other words, you don't need to install these certificates, they're already there. And since most users don't know how SSL works, let alone how to install a certificate, this makes third-party certificates very appealing. This is the one feature of third-party certificates that still makes sense.

Another reason is that your information is validated by the third-party provider. Or, at least, that's how it used to be. Perhaps some providers still do, but since there is no standard across the board, SSL certificates as a de-facto identity check are broken. Some providers offer differing levels of validation for normal certificates, but there are no indicators within the browser to identify the level of validation. As a result, determining whether to trust a site or not falls completely on the shoulders of the user.

In response to this, an organization called the Certificate Authority/Browser Forum was created. This forum developed a set of guidelines that providers must adhere to in order to issue a new type of certificate, the Extended Validation, or EV, certificate. Audits are performed on an annual basis to ensure that providers continue to adhere to the guidelines. The end result is a certificate with special properties. When a browser visits a site that uses an EV certificate, the URL bar, or part of the URL bar turns green and displays the name of the company that owns the certificate. The purpose is to allow users a quick glance check to validate a site.

To a certain degree, I agree that these certificates provide a slight enhancement of security. However, I think this is more security theater than actual security. At its core, an EV certificate offers no better security than that of a self-signed certificate. The "value" lies in the vetting process a site has to go through in order to obtain such a certificate. It also relies on users being trained to recognize the green bar. Unfortunately, most of the training I've seen in this regard seem to teach the user that seeing a green URL bar instantly means they can trust the site with no further checking. I feel this is absolutely the wrong message to send. Users should be taught to verify website addresses as well as verifying SSL credentials.

Keeping our information private and secure goes way beyond the conversation between the browser and the server, however. Both before information is sent, and after it is received, it is available in some plain text format. If an attacker can infiltrate either end of the conversation, they can potentially retrieve this information. At the user's end, security software such as an anti-virus, anti-spyware, and firewall, can be installed to protect the user. However, the user has absolutely no control over the server end.

To the user, the server is a mystery. The users trusts the administrator to keep their information safe and secure, but has no way of determining whether or not it is. Servers are protected much in the same way a user's computer is. Firewalls are typically the main defense against intruders, though server firewalls are typically more advanced than those used on end-user computers. Data on the server can be stored using encryption, so even if a server is compromised, the data cannot be accessed.

Security on the Internet is a full-time job, both for the end user as well as the server administrator. Properly done, however, our data can be kept secure and private. All it takes is some due diligence and a little education.

...to be charitable.

Christmas is right around the corner, only a few weeks away! Time really flies. So, if you're wondering what to get me for Christmas, look no further! I'll tell you.

Child's Play.

That's all. Seriously! That's it.

Child's Play is a charity started by the guys from Penny Arcade. Not content with the bad rap that gamers tend to get, they set out to prove that not all gamers are bad. To that end, they have created a charity that has been growing every year. Money donated to Child's Play is used to purchase games, toys, movies, and more for sick children located at hospitals in the US, Canada, and Europe. Christmas for these kids can be a bit light given the cost of medical care and the strain on their families.

Here, Gabe from Penny Arcade can explain it better:

If you are like me, every time you see an article like this one, where the author claims that video games are training our nations youth to kill you get angry. The media seems intent on perpetuating the myth that gamers are ticking time bombs just waiting to go off. I know for a fact that gamers are good people. I have had the opportunity on multiple occasions to meet hundreds of you at conventions all over the country. We are just regular people who happen to love video games. With that in mind we have put together a little something we like to call “Child’s Play”. Penny Arcade is working with the Seattle Children’s Hospital and Amazon.com to make this Christmas really special for a lot of very sick kids. With the help of the Children’s Hospital we have created an Amazon Wish List for the kids. It’s full of video games, movies and toys. Some of these kids are in pretty bad shape and just having a Game Boy would really raise their spirits.

Please take some time to browse the Wish List. Maybe all you can afford is a package of batteries or maybe you want to go in with your entire office and get the kids a GameCube. Every single contribution will help out the Children’s Hospital and the 190,000 kids they treat each year.

All the toys and games will be delivered to us and we will in turn deliver them to the Children’s Hospital. As soon as the toys start arriving I’ll set up a web site and post as many pictures as I can. We will be making a trip over to one of the hospitals next week and we’ll bring you back stories from some of the kids along with more pictures.

Penny Arcade has a readership of something like 4.5 million gamers across the world. We are arguably the largest community of gamers on the internet. The important word there being community. This isn’t IGN, this isn’t Gamespy, we are not a faceless corporation, you are not just a number tracked by a database and then relayed to hungry advertisers. You guys have proven yourselves to be a powerful force when stirred into action. Here is your opportunity to use that power to do some real good.

Let’s give these kids the Christmas that they deserve and let’s give the news papers a different kind of story to write about gamers.
-Gabe out

That post originally appeared back in 2003 and more information about the start of Child's Play can be found on their About page.

So that's it. That's all I want. Show these kids that even in the darkest of times, there is a ray of hope. Give them the gift of fun and distraction. You'll be happy you did.