I made a careless mistake recently. No, not the RAID one, but more on that later. This one was a simple web browsing mistake, and I should have known better. To start with, Blizzard Entertainment recently released a major content update for their insanely addictive game World of Warcraft, and I was browsing some comments about the new release and changes it is making to the game's mechanics (WoW is a terrific game for people who enjoy complex and arcane mathematics that determine the effectiveness of characters and equipment). In my perusal of various websites, I came across a link to a discussion of new equipment, so I copied an pasted the link into a new Firefox tab. At the time, I didn't think to double-check the link. Before I click links, I look in lower left corner of the window to see where it actually goes, and am almost always suspicious about where a link will take me. But in this case, it appeared legitimate and I simply copied and pasted it. It lead me to a discussion page from a third website and wasn't "branded" like the website I was expecting. It was only then that I noticed that the domain name was spelled differently from the one I was expecting, wowinsidar.
But I was careless, and the cold fingers clutching at my stomach did not feel good at all. What was my fear? I didn't want to get a keylogger installed on my machine. Of course, better to know that you have a keylogger installed the moment that it happens so that you can immediately work on removing it, but better still to not get one at all...
I remained calm, however, and took a look at the html to discover what I could. In http://
As I mentioned, though, a "defense in depth" is best, and there I had a third and final protection, the Blizzard Authenticator , a one-time password (OTP) security token, a hardware device that, with the push of a button, displays a six digit number which I need to enter whenever I log in to Blizzard's website or World of Warcraft. I noticed that I can use a number even after a new one has been generated, though I don't know how serious of a security weakness that is, if at all. Other OTP hardware tokens I have used have displayed a graphical countdown alerting you to how soon the current one expires, but this one does not. Although providing a very high degree of security, even this device could be circumvented by a man-in-the-middle attack, however. If an attacker could somehow alter the WoW client to connect to a server under their control, they could display a long queue time to the user (say an hour or so) and during that time log in themselves using the intercepted OTP. This would be a rather sophisticated attack, much more than a basic keylogger, and with more than 10 million accounts and probably only a tiny percentage protected by a security token it is hardly worth the effort. Probably do-able in theory, but there is much lower hanging fruit they can go after. This time, I was protected. But I must make sure that there is no next time.
I am not particularly worried about Apple's decision to not exhibit at MacWorld in the future. I certainly expect that decision to reduce attendance, but from Apple's point of view it makes good sense. They have their retail stores to which they attract many more people every day, 3.
The installation was painless, but a bit sneaky: the installer wants to make iTunes the default player and to automatically install updates. Well, at least it points this desire out right on the main installer page, even if the text is in a small point size, and the checkboxes aren't buried in some subpanel. The advertisements it presents while installing had not been updated to reflect the new pricing on the iTunes Music Store ("... for just 99c a song...") but I suppose that isn't a big surprise. Apple has a lot of collateral material to update after this Expo. But it did add Bonjour to my Windows firewall configuration without either asking permission or telling me what it was doing. A momentary "Configuring Windows firewall for Bonjour" or something similar to that flashed by and could easily have missed it. I checked the firewall and yes, Bonjour's port or ports had been given unfettered Internet access. For the time being, I have changed its scope to my LAN only and will look into it further to see if I want to open it up further. Probably nothing bad will happen, but I am just a little bit paranoid on the Windows side, especially after my recent brush with potential disaster.
Thankfully, QuickTime didn't make me reboot, and I could enjoy the HD version of Phil's keynote. However, I didn't want to watch it in my browser, so I saved the MOV ref file locally and watched the stream within a QuickTime window. It let me watch it full screen, too, which I thought only the paid version allowed, but perhaps I am misremembering. Anyway, it was a solid keynote, not really amazing considering it was Apple's last one (and Phil's first and last). The ending act with Tony Bennett was okay, too, though he isn't quite as in-sync with Apple's current userbase as someone like, oh, Sting or Moby or Seal. The quality of the HD was quite good. I saw some pixelation and the framerate wasn't high enough to be completely smooth, but it was impressive. No doubt my Core 2 Quad CPU helped. As for the announcements, one thing struck me, actually hit me over the head quite a few times, and that was Phil's use of "incredible" and "unbelievable" far, far too often. I know he meant them as superlatives, as descriptions of remarkable achievements or features or whatever, but I could not help but hear them as "this is not believable" or "this is not credible." He didn't mean that, no one ever means the literal definition of those words, but his overuse of them was quite unpleasant to me. There were so many other words he could have used, but did not. Oh well, probably not something that will be a problem in the future.
The new MacBook Pro looks excellent, but at US$2,799 it will be a while before I ever have one. Although I am still a bit skeptical about the non-removable battery, it is quite possible that Apple has again made one of those key design decisions that marks an industry turning point. Manufacturers always lie about battery life--let me rephrase: manufacturers always present battery life based on absolutely optimal usage conditions. But if Apple is being honest when it says that you can get eight hours of usable life out of one charge (using the integrated graphics chip rather than the discrete one), then that will be a terrific improvement. I suppose more and more airplanes have charging receptacles, too, so when taking those trans-Pacific flights you might not be forced to read a book or watch the same in-flight movie over and over again. JAL will let you a battery (if you are in Executive Class) but it seems that the most recent Mac they support is the iBook G4 from late 2003. Not particularly helpful, but I suppose it is the thought that counts. Phil showed a short video about their battery production, and I noticed some signs on the equipment with Chinese characters. Although I suppose it could have been in Japan, I think it more likely that it was a Chinese factory.
Santa brought my wife a US$999 MacBook, the one with 2.
Overall, I was very impressed with iLife's new features, for example the face recognition function to help you classify your photos, its integration with geocoding and Google Maps, and Facebook and Flickr syncing. iMovie is looking more and more like the video editor my old employer created many years ago, with lots of drag-and-drop editing and real-time display. The image stability function looks fantastic, though I imagine there is some heavy pre-processing that needs to happen before we can see what they showed in the demo. iWorks looks like a solid upgrade, and Apple even included a feature for me: full screen view, when the app blocks out everything except the word processor page, assisting the writer to concentrate on the work at hand! One thing I have some questions about it iWork.