TidBITS#953/10-Nov-08
=====================
Issue link: <http://db.tidbits.com/issue/953>
Perhaps we're secretly paranoid, but security is on our minds again
this week. Glenn Fleishman reports on a weakness in WPA that opens a
vulnerability in wireless connections, and he analyzes its actual
threat level. Joe Kissell is more proactive with his review of PGP
Whole Disk Encryption, which finally brings the capability to
encrypt an entire startup disk - but with some important caveats.
Fortunately, Kevin van Haaren isn't paranoid at all (as far as we
know), and is more than willing to share his experiences replacing
his old Palm Zire with an iPod touch as a personal digital
assistant. And in this week's TidBITS Watchlist, we note the
releases of Nisus Writer Pro 1.2, Sandvox 1.5.2, Envision 1.2,
Apple's Digital Camera Raw Compatibility Update 2.3, HistoryHound
1.9.6, and PopChar X 4.1. Finally, as Thanksgiving approaches, we're
giving away copies of "Take Control of Thanksgiving Dinner" with any
other ebook purchase.
Articles
A Crack in Wi-Fi Security and How To Fix It
Take Control News: Free Copy of Thanksgiving Ebook!
Securing Your Disks with PGP Whole Disk Encryption
Confessions of an iPod touch Convert
TidBITS Watchlist: Notable Software Updates for 10-Nov-08
Hot Topics in TidBITS Talk/10-Nov-08
------------ This issue of TidBITS sponsored in part by: --------------
* READERS LIKE YOU! Support TidBITS with a contribution today!
<http://www.tidbits.com/about/support/contributors.html>
Special thanks this week to David Bailin, Laurie Gill,
Bryan Simcock, and Stephan Miller for their generous support!
* Fetch Softworks: Fetch 5.3 has WebView, the easy way
to view files in a browser and copy Web addresses from Fetch.
Also a new look for Leopard, droplet shortcuts, and more.
Download your free trial version! <http://fetchsoftworks.com/>
* WebCrossing Neighbors Creates Private Social Networks
Create a complete social network with your company or group's
own look. Scalable, extensible and extremely customizable.
Take a guided tour today <http://www.webcrossing.com/tour>
* MARK/SPACE, INC: Take it with you! The Missing Sync makes
it easy to synchronize contacts, calendars, notes, photos
and more from your Mac to your BlackBerry, Palm OS, or
Windows Mobile phone. <http://markspace.com/bits>
* VMware Fusion. The most seamless way to run Windows on your Mac.
Backed by nearly a decade of proven virtualization technology.
Try VMware Fusion today for free, or order online for only $79.
Visit: <http://www.tidbits.com/about/support/vmware-fusion.html>
* Microsoft's MacBU: Supporting Mac users with Office 2008.
Is your Office up-to-date? Make sure you're running the latest
versions of Word, Excel, PowerPoint, and Entourage by choosing
Check for Updates from the Help menu of any Office application!
* ConceptDraw Office adds real business power to Microsoft Office
and Apple's iWork. Whether you need project management, business
graphics, or mind mapping, it's all easily created on your Mac!
Buy today for only $499! <http://www.conceptdraw.com/tb>
* Circus Ponies NoteBook: The easy way to get organized
on the Mac. Control your notes. Track your tasks. Manage
your projects. Organize your life. Try NoteBook right now,
free for 30 days! <http://www.circusponies.com/tidbits>
---------- Help support TidBITS by supporting our sponsors ------------
A Crack in Wi-Fi Security and How To Fix It
-------------------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
article link: <http://db.tidbits.com/article/9846>
News broke last week that German graduate students had uncovered and
documented a verifiable flaw in Wi-Fi Protected Access (WPA), the
method of encrypting a Wi-Fi connection between a computer or other
device and a base station. WPA was designed to replace WEP (Wired
Equivalent Privacy), a protocol that can be defeated easily using
cracks that appeared starting in 2001.
WPA comes in two flavors: the earlier version is called just WPA. It
was standardized in 2003 by the Wi-Fi Alliance, a trade group, and
includes an updated and backwards compatible encryption standard
(Temporal Key Integrity Protocol, or TKIP) that works with hardware
released as long ago as 1999. The original Apple AirPort Card can be
updated with firmware and drivers to handle TKIP; Mac OS X 10.3
Panther or later is required, however.
A second flavor, WPA2, was released later, with an additional,
stronger encryption method; the gap was due to a delay in a
standards group finishing a thorough revision of Wi-Fi's security.
WPA2 handles both TKIP and the AES-CCMP protocol (you really don't
want to know what that stands for).
The flaw that Erik Tews and Martin Beck have documented in a paper
Tews will present in Japan next week involves a weakness in WEP that
carried over into TKIP. TKIP was supposed to fix all of WEP's
problems, while still working with older hardware. Beck discovered,
and the students tested and documented, that it was possible to
examine short packets - lumps of data containing brief network
messages, for instance - and extract the encryption data without
violating any of the safeguards against that had been added to TKIP.
This isn't a key crack - that is, you can't use this method to
recover a TKIP key and then decrypt all traffic over a network.
Rather, it's a very clever way to resend (or inject) a packet that
appears valid into a network. The two researchers bypassed yet
another TKIP protection using features added in Wi-Fi to ensure that
data containing voice-over-IP and streaming audio or video wouldn't
be overwhelmed by data that didn't need to arrive in a timely
fashion.
(If you want the technical details, you can read my long article for
Ars Technica, in which I interview Tews. You can also see a piece I
wrote at Wi-Fi Networking News that has more technical detail than
this article, but less than the Ars Technica feature.)
<http://arstechnica.com/articles/paedia/wpa-cracked.ars>
<http://wifinetnews.com/archives/008500.html>
The good news is that this exploit is very tiny, and may be
difficult for a cracker to pull off. The crack requires physical
proximity, where someone can sniff your network data. It also likely
won't work with corporate Wi-Fi networks that are well designed, and
which change some encryption properties every few minutes.
For home networks, if you're the least bit concerned, you can modify
a setting on your base station. The AES-CCMP method isn't vulnerable
to this exploit, and you can choose to use only that encryption
method.
For Mac users to switch to AES-CCMP, you need at least Mac OS X 10.3
Panther, an AirPort Extreme Card (available as an add-on or built-in
option for every Mac starting in 2003), and any Apple Wi-Fi base
station shipped in 2003 or later (such as the original AirPort
Extreme Base Station). Windows and Linux systems starting in 2003
should also include AES-CCMP support or be upgradable through
firmware patches. (There are some add-ons from third parties, mostly
free, to allow Windows 2000 to handle AES-CCMP if the underlying
hardware is also compatible.)
Macs with the original AirPort Card can't use AES-CCMP encryption;
the hardware simply can't deal with it. AirPort Extreme Cards
released in 2003 were built to handle what was already known would
be needed. Likewise, the pre-2003 AirPort Base Stations can't use
WPA at all: neither TKIP nor AES-CCMP is supported.
The iPhone and iPod touch, like all hardware shipped with a Wi-Fi
label attached since November 2004, include full WPA2 support, which
means they can handle both TKIP and AES-CCMP. Starting that month,
the Wi-Fi Alliance required that companies support WPA2 for products
that were to use the Wi-Fi name.
You can switch an Apple Wi-Fi base station to use only AES-CCMP by
following these steps:
1. Launch AirPort Utility. (It's found in the Applications >
Utilities folder, or can be downloaded for Tiger and Windows from
Apple's support site.)
2. Select your base station in the list at left.
3. Click the Manual Setup button.
4. Click the Wireless tab under the AirPort view.
5. From the Wireless Security pop-up menu, select WPA2 Personal. The
text below changes to read "WPA2 clients can join this network using
AES-CCMP."
6. Click Update to restart the base station with the new settings.
This causes a momentary network interruption for any device using
the base station via Wi-Fi or Ethernet. (Make sure you unmount
networked volumes first.)
Please note that older computers that can't use WPA2's AES-CCMP to
connect won't alert you to that fact. In the office I share with
Jeff Carlson, we originally configured our network to use WPA2
Personal, back in 2005. This was fine, because all the computers in
the office were newer. When a visitor arrived with an older Mac, we
couldn't connect it to the network, but there was no specific error:
just a message that it couldn't connect. We eventually figured it
out and had to back off to WPA/WPA2 Personal.
You may have seen early coverage of this exploit suggesting that the
TKIP key or WPA encryption was broken. It's not. This is a very
interesting, very clever compromise that currently has no
wide-reaching repercussions. But it's also the first wedge that's
been successfully inserted into TKIP, and should help push a move to
AES-CCMP by those who care about security.
Take Control News: Free Copy of Thanksgiving Ebook!
---------------------------------------------------
by Adam C. Engst <[EMAIL PROTECTED]>
article link: <http://db.tidbits.com/article/9848>
The days in November are flipping by ever more quickly, with the
Thanksgiving holiday on 27-Nov-08 fast approaching in the United
States. Although we will be hard at work publishing TidBITS and Take
Control ebooks for the remaining weeks, we're not worried by the
extra effort necessary to prepare a full-fledged Thanksgiving dinner
for my extended family, thanks to the schedules, shopping lists, and
recipes in Joe Kissell's "Take Control of Thanksgiving Dinner,"
which we first published in 2006 and tweaked slightly last year.
<http://www.takecontrolbooks.com/thanksgiving.html?14@@!cp=CPN004281110FRE&pt=TB953>
Needless to say, the topic hasn't changed at all, so the book is
still entirely relevant. Although it's one of our best in terms of
clarity and utility, we've so far had trouble marketing what is
essentially a holiday cookbook. We knew it was a risk when we
started, but we're still disappointed that the book hasn't been able
to help more people.
So, to help reduce cooking stress and increase the tastiness of
Thanksgiving dinner everywhere, we're giving away "Take Control of
Thanksgiving Dinner" from now through Thanksgiving Day. Just
purchase any other Take Control ebook and you can get the $10 "Take
Control of Thanksgiving Dinner" for free. Use this link to load the
necessary coupon code and start shopping at our alphabetized catalog
page.
<http://www.takecontrolbooks.com/catalog-alpha.html?14@@!cp=CPN004281110FRE&pt=TB953>
Securing Your Disks with PGP Whole Disk Encryption
--------------------------------------------------
by Joe Kissell <[EMAIL PROTECTED]>
article link: <http://db.tidbits.com/article/9840>
I've been using various incarnations of PGP (Pretty Good Privacy)
encryption software for almost as long as I've been a Mac user. I
won't go into PGP's long and interesting history (for that, see this
Wikipedia entry), but since 2002, commercial Mac versions of the
software have been available exclusively from PGP Corporation. PGP
is commonly used for encrypting email and chat, and the PGP Desktop
software can also create encrypted disk images that offer
capabilities unavailable with Apple's Disk Utility.
<http://en.wikipedia.org/wiki/Pretty_Good_Privacy>
<http://www.pgp.com/>
In addition, for some time PGP Desktop has been capable of
encrypting an entire disk or partition - but until recently, you
could do this only for non-startup volumes. Now, however, with the
release of PGP Whole Disk Encryption for Mac OS X (also included
with version 9.9 of PGP Desktop Professional for Mac OS X - though
not with PGP Desktop Home), that limitation has finally disappeared.
It may sound like a fairly trivial change, but this is something
I've been waiting for since the days of Mac OS 9, and in my opinion
it's a Pretty Big Deal (PBD). I've frankly been surprised that this
new capability has received so little attention, so allow me to do
my small part to rectify that.
<https://row.store.pgp.com/whole_disk_encryption_mac.html>
<https://row.store.pgp.com/desktop_pro_mac.html>
**Why Encrypting a Startup Disk is Interesting** -- Suppose your Mac's
hard disk contains sensitive information of some sort - confidential
business plans, personal financial records, secret love letters, or
whatever. You could put all that information on an encrypted disk
image, which is plenty secure but potentially awkward to use; you
must be careful not to store any private information anywhere other
than that disk image, and every time you want to mount it, you must
enter your password. Or you could use Apple's FileVault feature,
which encrypts everything in your home folder (including your iTunes
music, your iPhoto photos, and so on). That should cover most of the
bases, but FileVault introduces some complications when it comes to
backups (in particular, it's only partially compatible with Time
Machine), and the way it stores information makes it potentially
susceptible to large-scale data loss from random disk errors. In
addition, FileVault must periodically perform time-consuming
maintenance to free up disk space, and it doesn't protect any data
stored outside your home folder.
Speaking of backups, I always recommend creating bootable duplicates
of your entire startup disk - and, for extra safety, I suggest
making two or more copies and keeping one offsite at all times (for
example, at a friend's house). You should do this, of course, even
if you have no need to encrypt your Mac's internal hard disk. But if
someone happened upon that offsite backup, there'd be nothing
stopping them from reading everything on the disk. Even if you'd
used encrypted disk images or FileVault to protect part of the
disk's data, some private information could still be at risk.
Although lots of backup programs offer encryption, they invariably
do so by wrapping up all the data from your disk in a special
archive file or disk image, preventing the disk from being bootable.
So, until recently, the only way to get bootable duplicates that
were also totally encrypted was to use one of the few, and
expensive, hardware-encrypted enclosures, which require a physical
key to unlock your data.
Now suppose you could encrypt every last byte of data on your
startup disk - any startup disk, even an external FireWire or USB
bootable duplicate - all at once, without fiddling with disk images
or FileVault, without any backup caveats, without any intrusive
rituals to interrupt your work, and without any performance
penalties. As a matter of fact, you could do just this, years ago,
with any of several classic Mac programs that encrypted entire disks
at the driver level. (My personal favorite was a component of FWB's
Hard Disk Toolkit - may it rest in peace.) But for a variety of
reasons, none of these utilities made the jump to Mac OS X. That
means ten-year-old Macs (not to mention brand new Windows PCs) could
do something that modern Macs couldn't do. But earlier this year,
for the first time, that changed.
The first company to introduce whole-disk encryption for Mac OS X
was Check Point, which released Check Point Full Disk Encryption in
May 2008. I haven't yet tried Check Point's product, but then, it's
not marketed or sold to individual end users; it's designed for
large-scale deployment in businesses and requires non-trivial setup
procedures to be performed by a system administrator. Luckily, PGP
released its Whole Disk Encryption products just a few months later,
and they're readily available to ordinary folks like you and me.
<http://www.checkpoint.com/products/datasecurity/pc/>
Incidentally, both PGP Whole Disk Encryption and Check Point Full
Disk Encryption can work their magic only on Intel-based Macs. To be
more precise, PGP's products can run on PowerPC- or Intel-based
Macs, and can encrypt entire volumes on either variety of Mac, but
encrypting a _startup_ disk requires a Mac with an Intel processor.
**How PGP Whole Disk Encryption Works** -- To encrypt a whole disk
(whether a startup volume or not), you open PGP, select PGP Disk in
the program's sidebar, and click Encrypt a Disk. The program then
walks you through a few brief steps, such as selecting a passphrase,
and begins encrypting the disk in the background using the AES-256
encryption standard. The process takes some time, depending on the
speed of your computer, the size of the disk to be encrypted, and
how much other work you're doing. In my case, it took about 10 hours
to encrypt a 250 GB disk on a 2.4 GHz MacBook Pro, but I was keeping
the machine extremely busy with other tasks at the time (installing
Windows in a VMware Fusion virtual machine, for example). I didn't
find that the encryption slowed me down unreasonably, but if I had,
I could have clicked a Pause button and resumed the encryption at my
convenience.
When you encrypt an entire disk, you can normally choose between a
manually entered passphrase and a public key (which could, for
example, let someone else decrypt the disk without your having to
know their passphrase). With startup disks, you must always choose a
passphrase, but after the disk is encrypted, you can grant access to
more users, each of which may use either a passphrase or a public
key. (To access a disk encrypted with a public key, someone would
use their corresponding private key; see Wikipedia for more on how
public-key cryptography works.) If the need arises, you can change
the passphrase for any user after the fact without decrypting the
disk; you can also re-encrypt an already encrypted disk in much less
time than it would take to start from scratch.
<http://en.wikipedia.org/wiki/Public-key_cryptography>
Once your disk is encrypted, nothing special happens until you shut
down or restart your computer (or, for a non-startup disk, unmount
the disk). When you attempt to start up your Mac, you initially see
a special PGP BootGuard Screen, where you enter your passphrase.
Once you've done so, startup continues normally. (If you mount a
non-startup disk while your Mac is running, you see a simple alert
dialog with a field to enter the passphrase.)
After you've unlocked your Mac with your passphrase, Whole Disk
Encryption is normally invisible as you use your Mac. I did not
perceive any performance slowdowns in day-to-day use (even with
disk-intensive activities), and for all practical purposes,
everything behaved exactly as it did before.
You can mount an encrypted disk on another computer - even a Windows
computer - as long as it has the appropriate version of PGP Desktop
or PGP Whole Disk Encryption installed. If you've encrypted an
external FireWire or USB drive containing a bootable duplicate,
you'll be prompted to enter your passphrase on any Mac when you use
it as a startup disk (since the disk itself contains the PGP
software, it need not be installed separately on other computers).
Note, though, that because Whole Disk Encryption works only on
Intel-based Macs, you can't use such a drive to start up a
PowerPC-based Mac.
If you were to forget your passphrase, your data would ordinarily be
gone forever: this is strong encryption, and tricks like using data
recovery software will be of no use. However, if (and only if)
you're using PGP Whole Disk Encryption in a managed environment -
meaning an administrator centrally deploys and configures the
software - there is a fallback plan. Your system administrator can
issue a one-time, per-device token that gives a particular user an
opportunity to recover data from a single encrypted disk. (That
means the administrator could also potentially get at your data, but
that's to be expected in managed settings.) Individual users have no
such back-door option.
**Qualifications and Gotchas** -- As convenient and transparent as
Whole Disk Encryption is, it comes with some limitations I wasn't
expecting, and which gave me pause. These may or may not be issues
for you, but it's important to be aware of what this software can
and can't do.
First of all, although all the data on your disk is encrypted all
the time, it's freely accessible from the time you turn on your Mac
and enter your passphrase on the BootGuard screen until you shut
down (or restart) the computer. You can't turn off access manually
without shutting down or restarting. Crucially, Whole Disk
Encryption does not disable access to your data when your computer
goes to sleep or require entering your passphrase when it wakes up.
So, suppose you've encrypted your MacBook's hard disk, but you
normally put the computer to sleep when you carry it around. (Like
most owners of Mac laptops, I do this to eliminate wasted time
waiting for the computer to restart whenever I want to use it.) Now,
the unthinkable happens and someone steals your computer. As long as
the thief doesn't shut it down or restart it, the disk's encryption
is useless - any data on it can be freely accessed directly, or over
a network.
You can minimize the risk by choosing a strong login password and by
making sure you must enter it when your Mac wakes from sleep (check
Require Password to Wake This Computer from Sleep or Screen Saver in
the General view of the Security pane of System Preferences),
because in order to reset your password without knowing it, an
attacker would have to restart your Mac. Still, this situation bugs
me because Whole Disk Encryption seems most useful for laptops, and
laptops seem most useful when you employ sleep mode rather than
shutting them down after each use.
Second, Whole Disk Encryption for startup volumes isn't compatible
with Boot Camp, at least not in this release. If you install Whole
Disk Encryption while a Boot Camp partition is present, you'll see a
warning message to the effect that you can still encrypt whole
disks, just not your startup volume. If you use Boot Camp Assistant
to remove your Boot Camp partition, you can then encrypt your
startup disk. But you have to choose between Boot Camp and having
your entire disk encrypted.
Third, if your disk requires repair or troubleshooting, you're going
to run into problems. For example, with an encrypted startup disk,
you can't perform a Safe Boot. Holding down the Shift key while
restarting normally disables some potentially problematic software,
such as third-party kernel extensions, but since Whole Disk
Encryption relies on such an extension to provide access to your
disk, this won't work. Furthermore, you can't use disk repair
programs such as Disk Utility and DiskWarrior on an encrypted disk;
if you have disk problems, or suspect you might, you must first
decrypt the disk and _then_ start up from another volume (say, your
Leopard Install DVD) to run disk repair software. Unfortunately, the
process of decrypting a disk is quite time-consuming - for me, it
took considerably longer than encrypting the disk in the first
place. So you could be looking at a 24-hour period to decrypt,
repair, and re-encrypt a disk - not fun.
I also encountered a couple of less-serious annoyances. The first
time I restarted my computer after encrypting its disk and tried to
enter my passphrase, I had a moment of panic that Whole Disk
Encryption wouldn't let me in. I had chosen a 32-character
passphrase, and as I typed it, the cursor in the PGP BootGuard
Screen moved incrementally across the passphrase field (though
without displaying bullet or asterisk characters, as is often the
case). After I typed the 21st character, the cursor was all the way
to the end of the field and didn't move any further as I typed the
remaining characters, so I got no feedback that my input was being
registered. It was, and everything was fine after I finished blindly
typing the passphrase, but I didn't like the fact that feedback is
registered for a maximum of 21 characters when passphrases can
contain up to 255.
I had also set up Carbon Copy Cloner to duplicate my Mac's hard
drive to a network volume on a daily schedule, and the first time
this backup ran after I encrypted my disk, it failed. Consulting the
logs, and cross-referencing them with the support material on PGP's
Web site, I discovered that the problem was an invisible file called
PGPWDE01, which PGP stores at the root level of any encrypted
volume. This file can't ordinarily be read or written by backup
software, so you must exclude it manually if your backup software
complains (some backup programs, like Time Machine, already ignore
the file).
**Recommendations** -- When I first heard about Whole Disk Encryption,
I allowed my excitement to get ahead of reality, and I pictured a
complete solution to all my encryption problems; I had the idea that
this product, by itself, would eliminate the need for all the other
sorts of file encryption I'd tried. As it turns out, although it
solves a couple of problems brilliantly, it's still just one piece
of the puzzle. It does indeed provide virtually bulletproof data
protection in cases where a computer is shut down when it falls into
the wrong hands, at least if you've chosen a good passphrase and
taken care to prevent anyone else from learning it. It also
eliminates the need to encrypt virtual memory separately (which you
can otherwise do in the Security pane of System Preferences by
checking Use Secure Virtual Memory), because that happens
automatically. And it makes encrypted bootable duplicates incredibly
easy to create.
Nevertheless, PGP recommends continuing to use multiple layers of
protection, such as encrypted disk images (whether generated by PGP
Desktop or otherwise) and FileVault, depending on your needs. Part
of the reason is that PGP's whole-disk protection doesn't help when
your computer is running or asleep; another part is that even if a
determined or clever attacker could find a way to get past one layer
of encryption, getting past multiple layers is much less likely.
Keeping especially sensitive information on an obscurely named disk
image also makes it at least a bit harder to find in the event that
someone did obtain access to a still-unlocked encrypted volume.
**Obtaining PGP Whole Disk Encryption** -- You can buy PGP Whole Disk
Encryption as a stand-alone product, which costs $119 for what PGP
calls a "perpetual" license - that is, a license that lets you use
the version you purchased indefinitely, but which only provides free
support and updates for one year. All the capabilities of Whole Disk
Encryption are also built into PGP Desktop Professional (which
includes encryption for email and chat, as well as support for
creating encrypted disk images). Two kinds of licenses are available
for PGP Desktop Professional - the perpetual license for $199, and a
subscription license, which costs $83 per year. With the
subscription license, you can only use the software for as long as
you have the subscription. If you haven't renewed it within 90 days
after its expiration, PGP automatically decrypts all your encrypted
disks (after alerting you that it's about to do so), which is a
potential security risk. PGP Desktop Professional 9.9 is available
in a 30-day trial version, a 30.1 MB download; no trial version of
PGP Whole Disk Encryption alone is offered.
<https://row.store.pgp.com/whole_disk_encryption_mac.html>
<https://row.store.pgp.com/desktop_pro_mac.html>
<http://www.pgp.com/downloads/desktoptrial/desktoptrial2.html>
Confessions of an iPod touch Convert
------------------------------------
by Kevin van Haaren <[EMAIL PROTECTED]>
article link: <http://db.tidbits.com/article/9843>
I thought I'd steal Joe Kissell's idea and write an article on my
conversion to the iPod touch (see "Confessions of an iPhone
Convert," 2008-09-17). My usage needs were different from Joe's so I
went with the iPod touch instead of the iPhone. Since I have to use
a work-provided BlackBerry for phone and email, I wanted to see if
the iPod touch would prove more capable than other PDA-type gadgets
I've relied on for other various tasks.
<http://db.tidbits.com/article/9774>
The second-generation iPod touch gains several features over the
original model. The addition of physical volume buttons on the left
side is the most visible change, but Apple also added a speaker and
voice recording feature (the latter requires purchase of headphones
that support it). These additions bring the second-generation iPod
touch closer to the iPhone 3G, with the exception of the iPhone 3G's
phone, cellular data network, Bluetooth, GPS, camera, and - on the
plus side - 2-year contract with AT&T (see "Apple Reveals New iPod
nano and Updated iPod touch", 2008-09-09).
<http://db.tidbits.com/article/9764>
I've used a number of these devices over the last several years,
including a BlackBerry 8830 from Verizon, a 60 GB iPod video, and,
until I burned out its CPU, a Palm Zire 72. I didn't bother
replacing the out-of-warranty Palm because it died right when my job
gave me the BlackBerry, which offered most of the same
functionality.
<http://na.blackberry.com/eng/devices/device-detail.jsp?navId=H0,C201,P463>
<http://support.apple.com/kb/SP41>
<http://www.palm.com/us/support/zire72/>
Each device provided several functions I enjoy having at my
fingertips. Other than the BlackBerry email, none of the functions
are vital to my job or day-to-day productivity. The iPod video was
obviously my media player. Until I got the BlackBerry, the Zire was
my Web browser, ebook reader, small games machine, digital camera,
and briefly, my calendar. The BlackBerry took over most of those
functions, although I've never used it to read ebooks.
On 09-Sep-08, when Apple announced the second-generation iPod touch
and dropped the prices on all models, I debated whether it was worth
replacing the iPod video with the new iPod touch. At the time my
iPod video held over 5,200 songs and 29 TV episodes (mostly Looney
Tunes because they're short and I can watch them over and over again
without getting tired of them). I also had several games I'd
purchased via iTunes before the App Store existed.
**Pros and Cons** -- At first glance, the iPod touch posed several big
problems for me. The 32 GB model still cost more than I wanted to
pay even after the $100 price cut, and going with the 16 GB model
would be a severe drop in storage space. Also, the games I bought
wouldn't move over to the iPod touch. My BlackBerry already had
access to the Web and also had some games on it. It can play music
and video as well, but I had only a 1 GB microSD card, which wasn't
sufficient for a decent music collection (the largest microSD card
I've found is 8 GB, not enough space for me to consider giving up my
iPod).
Fortunately, the iPod touch also boasts many advantages over these
other devices. It has a larger screen than the others, and a higher
video resolution. The iPod touch also has a lot more games
available, many taking advantage of its better graphics and
accelerometer. Its Wi-Fi support enables faster Internet access than
the BlackBerry's EVDO cell data connections. Finally, the iPod touch
supports several applications that I really wanted, including James
Thomson's PCalc (despite being able to learn to use a mouse left- or
right-handed, I am apparently incapable of learning to use a non-RPN
calculator), the Iconfactory's Twitterrific, and Apple's Remote app
for controlling iTunes and the Apple TV.
<http://www.pcalc.com/iphone/>
<http://iconfactory.com/software/twitterrific/>
<http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=284417350&mt=8>
Despite those pros, the iPod touch's small storage space still
bugged me, so I reviewed how I used my iPod video. I realized that I
rarely synced the iPod. I have a charger at work and would just plug
the iPod into that while listening to music. Because I seldom
synced, my calendars were always out of date and I was constantly
reminded about events I'd already changed or deleted on the Mac. I
also lacked music that I'd purchased in the months since the last
sync. Most importantly, I found that I was listening to the same
playlists over and over, despite having a vast library on the iPod
video's hard drive. In the end, I decided - or perhaps convinced
myself - that the iPod touch's limited capacity would force me to
sync more frequently, thus rotating my music more often, maintaining
calendars in a useful way, and keeping me up-to-date on recently
purchased music and video.
Viewing the storage limitation in a positive light finally convinced
me that I would benefit from replacing the functionality of the
BlackBerry/iPod video combination with an iPod touch, so I ordered
one.
Once my iPod touch arrived, I immediately linked it to iTunes,
bought or downloaded several apps I wanted to try, and was off and
running. So how does my new toy compare to the BlackBerry 8830, the
iPod video, and, where relevant, the Palm Zire 72?
**Display** -- The iPod touch screen is beautiful. I've been impressed
with how small type can be and yet still be readable to my eyes.
When I traveled with the iPod video, I used a portable DVD player
with a built-in iPod dock to enlarge the image to a viewable size. I
don't need to use that DVD player with the iPod touch; on a recent
business trip I found watching both movies and TV shows directly on
the device to be acceptable.
The screens of both the Zire and the BlackBerry pale in comparison
to the iPod touch screen's level of clarity. Neither uses
anti-aliasing for text, rendering the text on the iPod touch
noticeably more readable in comparison, something I appreciate when
reading ebooks on the iPod touch (more on that shortly).
**Navigation** -- The iPod touch's approach to navigation is
overwhelmingly better than that in either the BlackBerry or the
Zire. Even when using single-finger navigation the iPod touch beats
the stylus-driven Zire. Scrolling with the Zire is pretty typical
for small electronic devices: you use the stylus to slide the scroll
bar up or down, and when you reach the bottom of the screen, you
move the stylus back up to the top to continue scrolling. It works,
but it's clumsy at best.
Navigation on the BlackBerry is horrible. It has a small trackball,
but it tracks directly, lacking the acceleration approach used by
the Mac (where the distance the pointer moves increases with the
speed of trackball motion). Scrolling while reading text is
reasonable, but getting back to the top of a long page after
reaching the end is painful. Many apps have keyboard shortcuts, but
they aren't standardized and can thus be difficult to discover and
remember.
In comparison, with the iPod touch, you can flick a finger on the
screen to "throw" the screen in the direction of your flick. The
screen scrolls with inertia, as if it has weight, scrolling slower
and slower until it stops. Flick again to scroll some more, or press
down with your finger to halt scrolling immediately. In many
applications, you can also tap the bar at the top of the screen to
jump to the top of the document. It's amazing how intuitive this is
and how quickly you can move around within long documents. I'm
doubly amazed at how terrible the same behavior is when scrolling
long lists on the Apple TV via remote control; I guess this behavior
really works only on a device that you're manipulating directly.
Even after short use, it's hard to live without multi-touch zooming
and navigating. If there is free Wi-Fi around, the iPod touch is my
first choice for navigating the Web when out and about. My only
issue with its interface is that it very infrequently fails to
register that I've touched the screen (or thinks I'm touching it
somewhere there isn't anything touchable). This mostly happens when
I'm trying to tap links on Web pages or Twitterrific messages.
**Character Input** -- The Palm Zire uses Graffiti for character input
(it also has a virtual keyboard although it must be used with the
stylus). Graffiti is a modified handwriting method that reduces most
characters to a single stroke that largely resembles the character
you want. Special strokes are also available to delete the previous
character, enter spaces and line breaks, and so on.
<http://en.wikipedia.org/wiki/Graffiti_(Palm_OS)>
Graffiti on the Palm is a decent input system, but not without its
quirks. For instance, I never mastered the K character stroke due to
having spent many years writing the K in my name a certain way. But
Graffiti's main problem for me is that you draw each character in
the same spot, switching sides of the input area to enter numbers
instead of letters. I had trouble training myself to avoid writing
across the screen. The Palm also works only with a stylus. I lost
three of them while using the Zire, something that was especially
annoying while traveling without a spare.
The iPod touch eschews the stylus and Graffiti-like writing in favor
of a virtual keyboard with a word guessing feature that enables you
to avoid correcting many mistakes as you type. It's passable, but
not great. I've been using it for only a few weeks now, so it may
grow on me, but at the moment I don't much like it. It's too easy to
hit wrong characters, and the word guesser assumes you want to use
its guess instead of what you typed. This latter behavior is
particularly frustrating if you work in an industry where you use a
lot of jargon that isn't in the dictionary, or if you type a lot of
cuss words that Apple left out of its dictionary. I work in the IT
industry so I do both.
RIM touts the BlackBerry's physical keyboard as a major selling
point, and they're correct to do so. Responding to email messages is
much easier on the BlackBerry than on either the iPod or Zire. I
wouldn't want to write a book, or even this article, on a
BlackBerry, but I have to correct mistakes far less often on the
BlackBerry than on the iPod touch. Of course, the keyboard takes up
space that could be used for a significantly larger screen, which is
the tradeoff. It's also possible that Apple could tweak the iPod
touch's virtual keyboard software to eliminate the BlackBerry's
keyboard advantage.
**Applications** -- Although the overall system has been somewhat
marred by boneheaded moves on Apple's part as to what it will and
won't accept, the App Store remains the easiest method I've found
for purchasing and installing apps on a PDA. It's easy to find apps,
and there are many (sometimes too many in any given category) to
choose from. And in fact, the ease of finding and purchasing apps
means that I did it, whereas I've stuck largely with included apps
on previous PDAs.
I have downloaded some free games for my BlackBerry, but I couldn't
tell you where I got them or how I found them. The Opera Web browser
was an easy install on the BlackBerry, but I had to know to go to
Opera's site to get it.
I didn't install many applications on the Zire, in part because Palm
apps suffer from needing to support too many widely divergent
devices. For example, some apps are black and white at low
resolution only because they were written for earlier versions of
the Palm. Palm apps were also difficult to find and tended to be
expensive. A quick Google search reveals several Web sites dedicated
to listing and selling Palm software, but they suffer from being Web
sites, and oddly, are laid out for computer browsing rather than
browsing from a Palm - probably because you can't install software
from the Palm Web browser. In contrast, Apple's dedicated App Store
application provides the instant gratification of buying and
installing an app, even while away from your computer. Palm apps are
also more expensive than iPhone/iPod touch versions. Bejeweled 2 for
my iPod touch from PopCap Games costs only $7.99, but the Palm
version from Astraware will set you back $19.95.
<http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=284832142&mt=8>
<http://www.astraware.com/palm/bejeweled2/?link=101/5/2>
**Mail, Contacts, and Calendars** -- The Palm's contact and calendar
capabilities are a nightmare. To be fair, the nightmare mainly comes
in syncing and in attempting to work with multiple accounts. I
initially thought the Palm would be a good way to keep my contacts
and calendars from work and home with me at all times.
Unfortunately, due to discrepancies in functionality (I seem to
remember serious issues surrounding repeating events), attempting to
merge everything together resulted in a huge mess of duplicate or
missing entries.
A quick search through TidBITS Talk uncovers a number of people
having problems syncing Palms with Macs. The best solution seems to
be to use The Missing Sync from Mark/Space, but I never actually got
that far. I gave up syncing with my Mac at home and just synced with
my Windows machine at work so I could rely on the Zire to remind me
of upcoming meetings. I did sync home calendars with the iPod video,
but my infrequent syncing meant the alarms were often out of date.
<http://www.markspace.com/missingsync_palmos.php>
The BlackBerry is considered the gold standard for dealing with
enterprise mail, contacts, and calendars. It did a splendid job with
my Exchange email account at work, but I couldn't get it to work
with my home IMAP server. (It doesn't appear to like that my home
server is accessible only via the IMAP SSL TCP port rather than the
standard IMAP port.) Since the BlackBerry was provided to me by
work, I wasn't all that comfortable tying it to my home server
anyway, so I gave up after an hour of trying.
The iPod touch's mail and calendar capabilities are impressive. With
little effort, I was able to set up three accounts: MobileMe, my
home IMAP server, and my Exchange account at work. The iPod touch
handles Microsoft Exchange email via an encrypted connection to our
Exchange 2007 Outlook Web Server. IMAP setup was equally painless,
merely requiring I accept the self-signed SSL certificate I use on
that server, and MobileMe was, as expected, easy as well.
I wirelessly sync all my calendars and contacts, work and home, to
the iPod touch and it does a good job of keeping them isolated from
each other. No more nightmares of merged calendars causing numerous
duplicates. The only limitations I've found are that you can't sync
subscription calendars wirelessly or sync wirelessly with iTunes.
John Gruber of Daring Fireball wrote a lengthy essay on calendar
syncing that's worth reading.
<http://daringfireball.net/2008/08/iphone_calendar_syncing>
**External Speaker** -- When the second-generation iPod touch was
first announced, Apple made a big deal about adding a speaker.
Initially, this feature seemed like a minor addition to me, but now
I can see why so many complained about the first-generation model
lacking this feature. Put simply, it makes it possible to listen to
a YouTube video or podcast without plugging in earbuds. The quality
isn't great - you wouldn't want to use it to listen to music - but
it's good enough.
The first-generation iPod touch did have a speaker, but it could
play only the beeps and boops of timed alarms. Unfortunately, for
alarm use the speaker's volume is barely adequate. I can hear it in
my pocket most times but not if there is a lot of background noise.
On trips I use my BlackBerry alarm for an alarm clock instead of the
iPod because I worry that I would sleep through the lower volume
iPod alarm. A vibrate option - much as the iPhone has - would be a
welcome addition.
**Voice Recording** -- The other major new feature in the
second-generation iPod touch is the capability to record from a
microphone. Although I've never particularly wanted to use voice
recording, many people find it useful. To record, however, the iPod
touch requires an external microphone that's not included in the
package. Apple announced in-ear headphones that include a remote
control and microphone for the voice recorder but hasn't yet shipped
them. The iPhone headset would probably work, but it has regular
iPod ear buds which won't stay in my ears, so I'm still waiting for
the release of the new headsets. Once they are available, there are
a variety of voice recording apps for the iPhone that should work on
the iPod touch as well.
<http://www.apple.com/ipod/inearheadphones/>
Many PDAs offer voice recording capabilities, including the Palm
Zire, which has a built-in microphone and a designated Record button
so you don't have to go into an app and then begin recording. The
few times I tried recording on the Zire, it worked as expected.
The situation is fuzzier with the BlackBerry 8830. Supposedly, it
can do voice recording, but I can't seem to figure out how to do it.
I don't know if Verizon removed the capability (so as to force users
to pay for a separate recording service), or if I'm just missing the
functionality in an application I have. While trying to find the
answer I found that RIM had released a firmware update that added
voice recording capabilities to many of the BlackBerry models. The
update is free; however, your provider must allow you to install it.
This is one of the many provider lock-ins that drives me crazy in
the mobile phone market. Fortunately, Apple has retained full
control over iPhone software, instead of allowing AT&T to set the
rules.
**Ebooks** -- Reading ebooks was one of my favorite uses of the Palm
Zire and I've missed it since my Palm went belly up. The BlackBerry
screen is just too small for prolonged reading sessions. On the
Palm, I used Plucker to read free ebooks from the Baen Free Library
and Project Gutenberg. I found the desktop side of Plucker, used to
download and convert content to the Plucker format, to be wildly
confusing, but the reader on the Palm was nice and simple. It
supported the basic functionality I expect from an ebook reader: a
library that can hold many documents, adjustable text sizes and
colors, and bookmarks in multiple books at a time.
<http://www.plkr.org/>
<http://www.baen.com/library/>
<http://www.gutenberg.org/wiki/Main_Page>
Prior to the 2.0 software release for the iPhone/iPod touch, Adam
wrote an open letter to Steve Jobs commenting on how ebooks were
overlooked on the iPhone and iPod touch (see "Open Letter to Steve
Jobs: In Support of an iPod Reader," 2008-01-01). He was right then
and the situation hasn't improved significantly, but with the
addition of the App Store some third parties are trying rectify the
problem with dedicated ebook reading software. A number of ebook
apps are available now, and I've been playing with two of them: the
$9.99 Bookshelf from Zachary Bedell, and the free Stanza from
Lexcycle.
<http://db.tidbits.com/article/9487>
<http://www.iphonebookshelf.com/>
<http://www.lexcycle.com/iphone>
The two apps offer similar functionality but differ in user
interface and document formats supported. Bookshelf supports the
Plucker-formatted documents I still have from my Palm reading days,
while Stanza supports the Kindle format. Stanza also supports PDF,
but removes images and formatting which, for most of my PDFs,
including my Take Control ebooks, makes them unreadable. Bookshelf
doesn't support PDF at all, so when I want to read a PDF I use
another app or email it to myself. Even using a PDF viewer that
maintains formatting doesn't make PDFs easy to use on the iPhone,
because most PDFs are designed for 8.5" x 11" pages, which require
lots of side-to-side scrolling.
[The email attachment trick is a simple way to get our Take Control
PDFs onto the iPod touch or iPhone. When you click an attachment to
open it on the iPod touch, it displays the PDF. As Kevin says, it's
not an ideal display, but if you switch to landscape mode and zoom
in just enough to eliminate the right and left margins, the text
should be readable. -Adam]
Bookshelf uses a scrolling format for displaying text. It offers
auto-scrolling, as did Plucker on the Palm, but I don't particularly
like the feature. In contrast, Stanza uses a page-at-a-time format,
wherein it divides the screen into zones: a tap on the left goes
back a page, and a tap on the right goes to the next page. A tap in
the center brings up Stanza's options. I find I prefer the scrolling
method for one-handed reading. Neither app supports zooming text
with pinching motions on the multi-touch screen; instead you must go
into options and manually select a larger font size.
Neither app synchronizes via iTunes but instead relies on a program
on your Mac for loading new titles. Bookshelf's desktop program can
make entire folders available to the iPod touch, whereas Stanza's
desktop reader lets you send only individual documents to the iPod
touch. You can also download ebooks directly within the Stanza app
on the iPod touch.
Overall, I prefer Bookshelf, but I'm not sure its few advantages are
worth $9.99 more than the free Stanza. So while many of Adam's
criticisms about the lack of a good ebook solution for the iPod
touch still apply, the iPod touch ends up being about as good an
ebook reader as the Palm Zire, with better text rendering.
**Summary** -- Overall, I've found the purchase of the iPod touch as a
PDA to be well worth the money. I ended up with a better media
player than the iPod video, and I gained easy access to apps that
are significant improvements over my BlackBerry and Palm
applications. I did give up instant access to 5,000 songs, but I've
found that I don't miss it, since more-frequent syncing means that I
can rotate the set of music I store on the iPod touch more
frequently than I ever did on the iPod video.
Although the iPod touch comes out well ahead of the BlackBerry, Palm
Zire 72, and iPod video as a PDA, the comparison isn't quite so
clear cut for those considering replacing a BlackBerry with an
iPhone. Leaving aside any unanswerable (for this article) questions
of cellular reception and battery life, the major difference comes
down to how much typing would be necessary, since for me at least,
typing on the iPhone's virtual keyboard is slower and less accurate
than on the BlackBerry's physical keyboard. If Apple were to open up
the iPhone to Bluetooth external keyboards for typing longer email
messages and notes, I would have no qualms recommending the iPhone
over the BlackBerry in almost every situation.
TidBITS Watchlist: Notable Software Updates for 10-Nov-08
---------------------------------------------------------
by TidBITS Staff <[EMAIL PROTECTED]>
article link: <http://db.tidbits.com/article/9844>
* Nisus Writer Pro 1.2 from Nisus Software is a fairly major update to
the increasingly powerful word processor. The most significant
change is a new importer that Nisus Software claims greatly improves
file translations, especially for Word's .doc files. Other new
features include the capability to export Word .doc files and the
Open Document .odt format, new ways of rearranging entries in a
table of contents, Flesch and Kincaid reading ease scores,
automatically updating time stamps, additional backup options, a
Macroize menu that makes it easier to create macros based on the
contents of the Find & Replace window, and additions to the Nisus
Macro Language. Plus, Nisus Writer Pro 1.2 now includes the Sparkle
automatic updating framework so manual downloads will no longer be
necessary. For even more detail on the huge number of other changes
and bug fixes, see Nisus Writer Pro's release notes. ($79 new, free
update, 100 MB)
<http://nisus.com/pro/>
<http://nisus.com/pro/releasenotes.php>
* Sandvox 1.5.2 from Karelia Software updates the template-based Web
site creation tool with new features and under-the-hood
enhancements. Changes include smoother media handling and various
improvements to pages and pagelets, as well as "updates to page
archives, contact forms, collection indexes, Amazon lists, photo
grids, sitemaps, raw HTML editing, and QuickLook previews,"
according to Karelia. Also included is the latest version of the
Karelia iMedia Browser featuring enhanced library updating
capabilities and improved media search and insert features. The
update has also reworked the program's insides, increasing speed of
file handling and achieving greater overall stability. ($49 new,
free update, 25.9 MB)
<http://www.karelia.com/>
* Envision 1.2 from Open Door Networks is a minor update to the Web
image browsing software that has seen a significant surge of
interest since the iPhone versions appeared (they're good for
flipping through editorial cartoons, for instance). Changes in
Envision 1.2 include publishing of shows from the Mac to the iPhone
(via MobileMe), improvements to help create shows that display well
on the iPhone, many new built-in shows, improved transition effects
in Mac OS X 10.5 Leopard, and bug fixes. ($39 new, free update, 6.2
MB)
<http://www.opendoor.com/envision/>
* Digital Camera Raw Compatibility Update 2.3 from Apple adds raw file
compatibility to Aperture 2 and iPhoto '08 for the Canon EOS 50D,
Nikon D90, Sony DSLR-A900, and Nikon Coolpix P6000. According to
Apple's Web site, "It also addresses issues related to specific
cameras and overall stability." The update is available via Software
Update (the easiest way to get it) or as a standalone download.
(Free update, 4 MB)
<http://www.apple.com/support/downloads/digitalcamerarawcompatibilityupdate23.html>
* HistoryHound 1.9.6 from St. Clair Software is a valuable update to
the Web history search utility. The new version now enables users to
search WebArchive files created by WebKit-based browsers such as
Safari, OmniWeb, and Shiira. The update also fixes a bug that had
been causing sporadic crashes for some users. Other smaller changes
include an improved error log that now saves between launches and a
fix for a bug related to searching for file URLs. ($19.95 new, free
update, 3.3 MB)
<http://www.stclairsoft.com/HistoryHound/>
* PopChar X 4.1 from Ergonis Software updates the long-standing tool
for finding and inserting special characters with several new
features and some minor bug fixes. Changes include improved
compatibility with OpenOffice and NeoOffice, the capability to
detect the current font in MultiAd Creator Pro, and a new technique
for adapting to the particular quirks of certain applications. The
update also fixes several bugs, including one that caused the memory
allocation of PopChar to grow over time. ($29.99 new, updates are
free for 2 years after purchase and then 14.99 euros, 1.9 MB)
<http://www.ergonis.com/products/popcharx/>
<http://www.ergonis.com/products/popcharx/history.html>
Hot Topics in TidBITS Talk/10-Nov-08
------------------------------------
by Jeff Carlson <[EMAIL PROTECTED]>
article link: <http://db.tidbits.com/article/9847>
**Congratulations, Adam** -- Readers congratulate Adam on running the
New York City Marathon and wonder what's next: the Iditarod? (6
messages)
<http://emperor.tidbits.com/TidBITS/Talk/2282>
**Anti Virus or Not?** Is it worth running anti-virus software on the
Mac just in case, even though there are no viruses in the wild? (39
messages)
<http://emperor.tidbits.com/TidBITS/Talk/2283>
**MacBook Pro and WiFi Problems** -- AirPort signal strength seems to
be waning in a reader's MacBook Pro, leading him to wonder if
there's some inherent flaw with that model's implementation. (4
messages)
<http://emperor.tidbits.com/TidBITS/Talk/2284>
**Confessions of an iPod touch Convert** -- Since the new iPod touch
now supports audio recording (using a compatible microphone), can it
be used for voice-over-IP (VoIP) calls? (16 messages)
<http://emperor.tidbits.com/TidBITS/Talk/2285>
**Getting Finder info of many files into text format** -- Need to
print a list of Finder folders and their documents? Turn to a Web
browser, of course! (13 messages)
<http://emperor.tidbits.com/TidBITS/Talk/2287>
$$
This is TidBITS, a free weekly technology newsletter providing timely
news, insightful analysis, and in-depth reviews to the Macintosh and
Internet communities. Feel free to forward to friends; better still,
please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or
link to articles if full credit is given. Others please contact us. We
do not guarantee accuracy of articles. Caveat lector. Publication,
product, and company names may be registered trademarks of their
companies. TidBITS ISSN 1090-7017.
Copyright 2008 TidBITS: Reuse governed by Creative Commons license.
Contact us at: <[EMAIL PROTECTED]>
TidBITS Web site: <http://www.tidbits.com/>
License terms: <http://www.tidbits.com/terms/>
Full text search: <http://www.tidbits.com/search/>
Subscriptions: <http://www.tidbits.com/about/list.html>
Account help: <http://www.tidbits.com/about/account-help.html>
--
If you want to unsubscribe or change your address, use this link
http://emperor.tidbits.com/webx?unsub@@.3c557dc4!u=306a67f9
