iPhone Keychain Encryption Revealed

I just got the definitive word on the algorithm that the iPhone uses to encrypt Keychain items and it’s Triple-DES. I was flabbergasted that they didn’t go with AES since a) there’s hardware acceleration for AES-128 on the 3G and AES-256 on the 3GS; b) the Keychain APIs are wildly different from the Mac OS X ones; and c) Triple-DES has been deprecated for new secure applications for years now.

The Quest for Feed Bliss

I’ve recently switched to Google Reader for all of my feed reading needs. This is the latest iteration in a long line of trying to find the perfect feed reading experience. Here’s what “perfect” means to me in this context:

• Readily available so that I can polish off a few items whenever I have a spare minute
• Enables me to clear out a batch of unread items easily
• Fast
• Navigable by keyboard for faster reading
• Native applications for whatever platform I’m on plus a Web application backend
• Sync between work, home, and phone

I subscribe to 250 feeds presently so the primary consideration is staying on top of them. There is a real cognitive weight to having 1,593 unread items and I strongly dislike declaring “feed bankruptcy.” So I have spent the last few years testing different options.

For most of that time, Bloglines was my go-to solution. It was fast and fairly efficient. But I was never satisfied because it was Web-based, lacked decent keyboard navigation, and required an Internet connection to access at all. I tried Google Reader when it first came out but it left me cold. Since I spent my working life on a Windows XP machine, I resigned myself to a Web-based application.

Then I got a Mac at work and suddenly all of the great Mac OS X feed reading applications were available. I again tried all of the ones I had evaluated at home: NetNewsWire, NewsFire, Shrook, and some others that I can’t remember now. I settled on NetNewsWire because of the NewsGator syncing, the native iPhone application, and decent keyboard navigation. I still wasn’t completely happy with the set up because the NewsGator Web application is terrible: no keyboard navigation, slower than you’d think possible, and hard to mark items as read.

As I said earlier, Google Reader is my current solution and I think it’s going to stick this time. The Web application has matured substantially since I looked at it four years ago. It lacks a native Mac OS X application but I found a way around that earlier this week, which I chronicled in this Super User answer:

1. Download Fluid.app.
2. Save this PNG image (or this higher-resolution one) to your Desktop.
3. Open Fluid.app and use the Google Reader URL, name, and newly-saved icon.
4. Launch the Google Reader application from your Applications folder.
5. Buy Byline or use the really good mobile version of Google Reader (you can save it to your Home screen to boot).

This setup is very fast, feels native (Fluid.app even displays the unread item count as a badge on the Dock icon), syncs between all environments, has great keyboard navigation, and is always available. I’ve gotten my total unread item count down to 8 and kept it in double digits for the last week, something I haven’t done since I started feed reading.

It’s refreshing to have that load off my mind.

Curse You, URL Shortening Services!

I now have a horse in the URL shortening drama. My Meme Obfuscation Machine doesn’t work for tweets. Try as I might, I just can’t get something by Twitter’s automatic URL shortening. Seriously, what’s the fun in Rickrolling someone with a carefully-crafted, seductive URL when it gets turned into bit.ly/NauRm.

Lessons of a First-Time WWDC Attendee

In the interest of contributing to the wealth of tips on WWDC, I’d like to share what I learned this week about the event itself—I can’t talk about the session material since it’s under a non-disclosure agreement.

1. Don’t lose your badge. I didn’t, thankfully, but the attachment of the badge to the lanyard is very precarious. Everything—everything—revolves around that badge and there’s security everywhere. They will balk if they can’t see the full badge.
2. There is no Apple-provided dinner except for the Bash. From the original Web site, it seemed like Apple would provide dinner daily, but that was emphatically not the case. The Bash food, incidentally, was excellent. I was stuffed from the sushi, hot dogs, pizza, Chinese, pasta, cookies, and quiescent confections.
3. You can leave on Friday. I booked my return flight for Saturday morning thinking that sessions would run as normal on Friday and I didn’t want to rush around dealing with luggage and transportation to the airport. Turns out, the last session ended a little past 2 o’clock and they have a luggage holding station at Moscone West. I could have easily left that day. There’s a lot to see in San Francisco, of course, but I was ready to go home.
4. Don’t miss Stump the Experts. I didn’t learn anything at all from the session but it was hilarious. This was the 20th Stump the Experts event and it made me feel nostalgic even though this was my first time attending.
5. The labs run concurrently with the sessions. There were many great sessions that conflicted with one another, but most of the good labs also conflicted with those great sessions. The best bet, I found, was to skip a Q&A here and there to make use of the session interstitials. Even still, I missed several opportunities. If the videos came out in a timely manner, I’d say to only go to the sessions for the Q&A (or to ask your Qs at) and focus on the labs. You can watch the video at your leisure but you’re never going to get that kind of face time with an Apple engineer otherwise.
6. The WiFi access was excellent. I consistently got five bars throughout Moscone West during the entire conference. I also was able to connect via VPN at will. I’m not sure why the online accounts I read had WiFi trouble in the past, but Apple appears to have gotten its act together.
7. Complaining about the lines is an effective icebreaker. WWDC, for me, was a series of lines: lines for the sessions, lines for the labs, lines for the urinals, lines for the sinks, lines for the food. Witty observations about this led to many interesting conversations with line neighbors. Not that you need an icebreaker: I never had any trouble striking up a conversation with anyone and the bonhomie was palpable throughout.
8. Use the elevator. There’s an elevator near the stairs that was almost never being used. If you’re on the third floor after a Presidio session and you want to go to a lab, your best bet is to skip the line for the escalators entirely and go straight for the elevators. I generally rode it alone; I have no idea why so few people took it.
9. Plan on getting in line for the Keynote by 8 o’clock. I waited until 9 AM to mosey down to Moscone and the line had already wrapped around nearly back to the main entrance off Howard. By 9:45, we had barely moved. I ended up getting seated in the overflow room, which had quite a nice view of the Keynote, about 10:20 AM and missed the hardware announcements entirely.
10. The Interface Design consultation is by appointment and they fill up quickly. I was planning on having an Apple engineer give my iPhone application a once-over, but I didn’t realize you had to reserve a spot so they were gone by the time I got down there. If I were doing it again, I would make this action my top priority.

Was WWDC worth it? Big time. It was hard being away from my family—video conferencing via iChat helped considerably—but I learned so much and got direct answers to my questions that I can recommend it without reservation. Plus, I got a developer’s preview of Snow Leopard that is wonderful. iPhone OS 3.0 and Snow Leopard are going to be great, people. Make sure you upgrade when they become available.

Redmond, Start Your Pricing Guns

One of the most exciting aspects of the WWDC keynote announcements was the pricing of Snow Leopard at $29 and a five-pack family pricing of $49. I’ve purchased every version of Mac OS X for $129 since the original 10.0 (except 10.1 obviously), only occasionally catching a break due to buying new Macintoshes.

Every version was worth it, mind you, but it still felt like an ongoing cost of owning a Mac. (I must here disclaim any sense of entitlement: I know that previous versions of Mac OS X continue to work after the new ones come out and I have taken that route for non-essential computers. This feeling arose from my inner cheapskate more than any sense of deserving something for nothing.) Every new version required a careful calculation of benefits and review of features for ancillary machines.

But I don’t have to think twice at a $29 (or $49) price point. On this point, David Pogue has it right. But his reasons for the pricing barely scratch the surface. I paraphrase his four listed reasons as follows:

1. This release doesn’t have enough features to justify $129.
2. They want to get this out to a lot of people.
3. They want to embarrass Microsoft with this ridiculous value of the release.
4. The lower the price, the likelihood that people won’t even blink at upgrading.

There’s a lot more to it than that, though. 10.6 requires an Intel machine. If you’ve got an Intel machine already, it’s likely that you’ve running 10.5 and that you’d gladly pay $29 to recover 6 GB of space much less for a slew of new features. If you’re running Tiger on an Intel machine, you have to shell out $169 for the Mac OS X Box Set. And if you’re not using an Intel machine, you cannot upgrade to 10.6 (and presumably any future releases either). So this release cycle effectively communicates to those still on Tiger or the PowerPC platform that their days of being supported by Apple are nearly over.

Finally, if 10.6 is truly laying the groundwork for future plans, then Apple has an interest in having as many developers making use of its new technologies as possible. But historically developers will not migrate to these new systems until a critical mass of users have made the move: supporting two disparate versions of a feature is expensive for small developers and they won’t do it unless there’s a absolutely compelling reason. Pricing 10.6 at this level will induce a substantial number of consumers to upgrade. On the iPhone, I can imagine that 3.0-only applications will come about soon because the upgrade friction is minimal there.

With a solid base of applications using 10.6 features, Apple can sell future hardware in a way that Microsoft-based vendors cannot. With the gigahertz arms race faded, hardware vendors are competing on multiple cores, multiple CPUs, and RAM. But consumers quickly discover that all of this extra hardware encounters diminishing returns on the software that they use—either the software can’t make use of memory above 4GB or these extra cores are mostly idle. 10.6’s promise is that it makes using these hardware features seamless to the developer through mechanisms like Grand Central Dispatch, OpenCL, and completing the transition to 64-bit.

These strike me as more substantive reasons for the pricing than Pogue’s facile ones. I believe 10.7 will resume the $129 price cycle as people catch up to the Intel/Leopard transition and Apple wants the third-party applications to be there waiting to sell the hardware’s value.

Email Fun

In speaking with a co-worker, I mentioned a couple email tips that he hadn’t heard. Thinking that others may be in the same boat, I offer them here:

• Gmail: you can put periods throughout the username and Google will ignore them. So “bbrown” can be “b.brown,” “bbr.own,” or even “b.b.r.o.w.n.” and the emails will come through.
• Gmail: you can append a plus sign and additional text to the username and Google will also ignore that text. “bbrown+specialdeal,” “bbrown+spam,” and “bbrown+yahoo” all get to their proper final destination. This and the other tip plus Gmail’s filters enable you to create disposable email addresses without preplanning.
• Mailinator is the king of throwaway email addresses. In a form, enter something@mailinator.com and you can access that username’s messages through the mailinator Web site. Anyone else can access the email, so this isn’t really useful for anything besides anonymous emailing. Some sites have caught on and check for the mailinator domain name, but there are plenty of aliases available (you can even point your own domain’s MX record there).

WebException and the HttpWebResponse

The following code is used to make a request and get the results:

HttpWebRequest req = (HttpWebRequest)WebRequest.Create("http://bbrown.info/");
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
StreamReader reader = new StreamReader(resp.GetResponseStream());
string contents = reader.ReadToEnd();
resp.Close();

contents will contain the HTML of this blog if the server gives a 200 OK response. Anything else will throw a WebException. You can wrap the snippet above in a try-catch to handle a non-200, but the exception is thrown in the GetResponse call so you get nothing from the actual response. 404? May as well be a 500.

Today I discovered that the WebException itself has two properties: Response and Status. This Response is the same as the resp above so you can extract out the server response in the catch.

This whole behavior of HttpWebRequest is counterintuitive in the sense that a non-200 is not an exceptional circumstance; I would have expected the response to be accessible and the status code to be populated.

Resolutions for 2009

It’s time to announce my goals for the coming year. Apparently, I missed last year (even though I did a recap on New Year’s Eve). I love making resolutions because they crystallize the big picture plan for the whole year, but I do believe that goal setting is an ongoing process that’s part of the general self-improvement that should be a part of everyone’s life. So here they are:

1. Read 12 books: I’d like to be more aggressive about this, but twelve seems like a realistic number. I don’t think I read that many last year cover to cover so it would still be an improvement.
2. Settle down: I tend to start new things entirely too often. It’s time to stop and focus on a few things. I want to get into some routines and get much of my life on autopilot so I can concentrate my attention on the things that really matter.
3. Limit television: I haven’t attached a number to this yet, but that’ll be the first order of business. I’ve re-added my halved feed subscriptions since I’m blogging heavily at The New Clarion, so I’ve got to cut out some other time sinks. Television fits the bill. I’m going to watch Lost—that’s a given—but I’m going to try to pick a handful of other shows and be ruthless in not caring about anything else.
4. Adore Sandi: with the adoption and ensuing chaos last year, I’ve really let my relationship coast too much. After 15 years of marriage, that’s not unusual but I don’t want it to be like that. I still feel a thrill being around her and I can’t imagine life without her, but I know I don’t convey that adequately. I want her to feel like she’s the most special person in the world to me, when all too often I’m the only one that knows that.
5. Improve my writing: I think I can write better. By and large, the best way to improve writing skills is by writing more. I’m going to do that, but I think I can gain by being more deliberate also. Start from an outline, ask the metaquestions, and revise—things I don’t normally do as I dash off a blog entry.

I think that covers what I’d like in resolutions: general statements about this year’s direction.

Amen, Joel Spolsky!

I couldn’t agree more:

I don’t understand why this “leaving the industry” thought process is so predominant in this little corner of the universe.

This is a TERRIBLE time to leave the industry. I don’t know if you’ve noticed, but there are half a million NEW unemployed people JUST THIS MONTH.

Although the tech industry is not immune, programming jobs are not really being impacted. Yes, there are fewer openings, but there are still openings (see my job board for evidence). I still haven’t met a great programmer who doesn’t have a job. I still can’t fill all the openings at my company.

Our pay is great. There’s no other career except Wall Street that regularly pays kids $75,000 right out of school, and where so many people make six figures salaries for long careers with just a bachelors degree. There’s no other career where you come to work every day and get to invent, design, and engineer the way the future will work.

Despite the occasional idiot bosses and workplaces that forbid you from putting up dilbert cartoons on your cubicle walls, there’s no other industry where workers are treated so well. Jesus you’re spoiled, people. Do you know how many people in America go to jobs where you need permission to go to the bathroom?

Stop the whining, already. Programming is a fantastic career. Most programmers would love to do it even if they didn’t get paid. How many people get to do what they love and get paid for it? 2%? 5%?

Music to My Ears

“Are we at the point now where it’s politically incorrect to be successful? At the end of the day, we didn’t make any bad mortgage loans, we are not building cars that don’t sell, and we didn’t lay any people off.” – Bob Parsons, “Grinch Is Not Invited To GoDaddy’s Shindig”