Is not easy! I upgraded my 17″ MacBook Pro to a 200GB 7200rpm drive, which gave me TONS of space, and it didn’t really matter what applications I installed or how much stuff got added in the form of data.

The second part is not as easy to solve and it largely depends on what you do – an accountant may be generating tons of Excel workbooks and PDF documents, while someone else *cough* could just be browsing RSS feeds and watching YouTube videos, and only touch Excel on ocasions.

In terms of apps, I was accustomed to large-size tools for my needs (coding web pages and PHP backends in Dreamweaver, PDFs would be edited in Acrobat, Photoshop would fill the graphic editing needs every now and then…). Here is a small table comparing various apps from the CS3 suite and some (admittedly not as powerful) alternatives:

• Image editing: Photoshop (490MB) versus Pixelmator (113MB).
• Web design: Dreamweaver (366MB) versus Coda (52MB).
• PDF editing: Acrobat (832MB!) versus PDFPen PDFClerk Pro (12MB). I was going to mention PDFPen but after trying it and seeing how they totally ignore mouse input (you cannot use your mouse’s scroll wheel to browse through the PDF’s pages!!!) I’ve concluded it sucks.

These three apps alone are saving me 1.5GB of disk space without even starting to generate data!

Additionally, nothing like video or audio editing tools should be even installed, let alone used on this machine, as it’s drive only spins at 4200rpm, and basically grinds your system to a halt during drive-intensive tasks (such as opening or saving huge video files).

Another tip is to move as much of your data online as you can. Either using .Mac or a different free alternative, online music streaming, Flickr for photos, and so on – it will save you a ton of space.

It seems that Entourage 2008 SP1 is broken in regards to how it checks an Exchange server’s SSL certificates. I would go one step further and argue that Entourage is broken in its thought process about how to connect to Exchange as a whole.

We have a hosted Exchange email service with mail2web, and in their setup instructions (let’s assume we use domain.com as our own domain), they ask you to configure the Exchange server address to https://ex7.mail2web.com/exchange/username@domain.com. On your DNS server you must then configure an MX record to point to mail2web’s IP addresses, and also add a CNAME for autodiscover.domain.com that points to the same IP – this last one is used by Outlook 2007′s automatic configuration feature.

As soon as I started using Entourage, the error messages showed up, but they refered to a problem with the SSL certificate of domain.com, not mail2web.com. Confused, I fired up tcpdump, and found that Entourage, during it’s connection process to Exchange, attempts to connect to all these addresses:

ex7.mail2web.com (https/443)
autodiscover.domain.com (https/443)
domain.com (https/443)
www.domain.com (http/80)

I have no clue where Entourage gets the idea that to access the Exchange server at ex7.mail2web.com it has to connect to www.domain.com – it could be a number of places, for example, if it assumes the last part of the Exchange configuration string is the actual domain it needs to connect to, or maybe there is a setting in Exchange that tells Entourage where to go (unlikely, but I’m not an Exchange expert so I cannot say for sure).

Having established that until Microsoft fixes the bug, the only way to cure the problem is to give Entourage a valid certificate for autodiscover.domain.com, www.domain.com AND domain.com. You may think that all these are covered by a single SSL certificate, but that’s not how they work. You can get a certificate for domain.com, but then autodiscover.domain.com is a different common name, and thus not valid. The opposite is also true.

Come to the rescue Subject Alternative Names

This is a not well know feature of x509v3, and not many SSL certificate providers allow it, but it’s the perfect fix for this problem. A Subject Alternative Name (SAN) is an additional record inside the certificate which includes alternative domain common names, so a wildcard certificate which includes domain.com as a SAN would be valid for all possible domains on the server. I went ahead and requested such a certificate from DigiCert, installed it on the Apache box, and Entourage stopped complaining.

The procedure to generate a CSR with a SAN is not point-and-click, but only involves a little edditing of openssl.cnf. First, create a copy of openssl.cnf (usually found in /etc/ssl), and in the copy, add the following in the respective sections:

[req]
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = domain.com

Once you have this done, create your CSR as usual, but specify -config yourconfigcopy.cnf to force openssl to use the edited configuration file. Check your CSR and you should see this:

Attributes:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:domain.com

Once you have the CSR, submit it to your CA as normal and install the new certificate on your server. You could alternatively create your own certificate and add it as trusted on OS X’s keychain, but that’s a different story.

Microsoft, the ball is on your side now!

Having used Thunderbird on my Mac for a couple of years now, I grew accustomed to the Growl notifications it provided (via a plugin) when new email arrived. The time came to switch to an Exchange server, as our email host was getting worse and worse.

I’ve read different reviews on Entourage 2008, but none so bad as to totally put me off at least trying it out. I have to say it’s really good on a few aspects that Thunderbird lacks, but that’s a matter for another post. What really brought me to a spate of AppleScript and some graphics work was the so ugly default popup notifications provided by Entourage, and their position at the bottom of the screen. For a heavy Growl user, totally counter-intuitive. One thing led to another, and I ended up with a script that does the following:

• Generates a Growl notification with the default style for each new email that arrives (or those you want to – more on this later).
• Shows the email subject in the notification title, and below the sender’s name (or email address if the sender has no display name), and the first 80 characters of the email – enough to give you a feel of what’s in it.
• Shows a custom icon for high and highest priority emails, which also have their notifications made sticky.

Without further ado, here are some screenshots:

The default normal-priority notification, in Growl’s Smoke style.

A high priority notification, in AboveTheNight style.

The highest priority of them all – in bright red!

Download eGrowl.zip here, and follow the install instructions found in the Readme.

Enjoy, comments and suggestions welcome!

While analyzing the future of WiFi against the expanding 3G networks, it seemed curious that AT&T recommends using WiFi while abroad, and even Apple seems to really love WiFi instead of EDGE.

My theory is that Apple is itching to release the next generation of the iPhone without carrier lock-ins such as the current AT&T deal. They know very well they can sell a 3G version with a better camera and maybe GPS for $800 to $1000 in Apple stores, and people will queue to take them off the shelves, to then stick whatever SIM card they want in it. They could then be smart and have per-carrier features like Visual Voicemail, which doesn’t bind them to the operator, but gives subscribers a slight edge over “plain” iPhone users.

Apple will continue promoting WiFi on the iPhone and iPod touch for two reasons: it’s way cheaper and way faster to get iTunes content onto them over WiFi (a couple of movies will bust most 3G “flat” fee plans, and take eons to download). With the reported ‘edge cache’ for iTunes media deployed at Starbucks, for example, it only makes sense to promote WiFi as the access technology of choice.

WiFi also knowns no boundaries, and is the only cost-effective way to use data while roaming abroad – remember all those horror stories of four-digit roaming data bills after the iPhone was launched? Would never happen using WiFi. With the new Exchange integration coming with firmware 2.0, many more business travellers will want to tap into WiFi while abroad without having to pop open the laptop. In my opinion, it all points to a long life for WiFi, alongside mobile access technologies such as 3G and WiMAX/LTE.

Today I updated my home Mac Pro to Leopard, and proceeded to download and install the latest Parallels release. I have been a faithful early adopter, buying their very first release when it was buggy and unstable, and have since seen it outgrow many expectations. First surprise was having to “upgrade” to version 3.0, for a total of $49.99. Incidentally, this comes out to just over 31€, but they charge 39€ at the store if you choose this currency – when are US-based companies going to stop abusing European customers? But I digress.

Having made the purchase, I am told that my order “needs review”, and that it should be handled in between 12 and 24 hours. Not sure what this means, but the Internet was invented so that purchases, particularly of downloadable software, could be immediate. Well not quite, but you get my point. With the the option to receive a 15-day trial key via email, I was still a happy camper, until I get this in my inbox:

Dear Parallels user,

Thank you for registering for a 15-day trial download of Parallels Desktop 3.0 for Mac!  Your trial activation key gives you access to a complete version of Parallels Desktop 3.0 for Mac and all of its innovative features.

Your trial activation key is listed below:

PRODUCT     : Parallels Desktop 3.0 for Mac
ACTIVATION KEY    : 1EL1Z-40Z99-F4ZZ1-ZONMV-TCODZ
START DATE    : 2007/12/26
END DATE    : 2008/01/10

Pay attention at the dates, and then tell me if this is not worth sending to The Daily WTF!

Got this in my inbox today:

SB (richstyles) is now following your updates on Twitter.

Check out SB's profile here:

  http://twitter.com/richstyles

You may follow SB as well by clicking on the "follow" button.

Best,
Twitter

If you check out this guy’s Twitter page, you will notice something rather odd:

• Following 36,053
• Followers 983
• Favorites 0
• Updates 665

So, this means this guy’s inbox must be on fire! If he is really following 36,000 users, the flurry of notifications can become enormous. Facebook placed a limit on the number of friends you can have, I imagine to avoid these kinds of scalability problems. I wonder if this is the reason why Twitter grinds to a halt every now and then.

If you are a talented developer for iPhone, we are looking for someone that can develop a WiFi application for it. It involves getting deep into the WiFi interface, so please only apply if you can do such work. We pay a very attractive hourly rate, so if you’re up for it, email me!

I get asked this question a lot, in regards to Whisher, the startup I’m the CTO at: “why is your software based solution better than a dedicated, purpose-made router like the Fonera?” I believe software based has many advantages that offset the perceived advantages of a dedicated box.

Reality check

Right now, there probability of finding a purposely shared WiFi hotspot is close to zero, as evidenced in the recent poll run by Martin Varsavsky, where the top reason for people to stop sharing was the lack of sufficient roaming. This poll was really surprising as he says (and I quote) “Dime que piensas porque es un tema que realmente no entiendo bien”, or translated, “Tell me what you think because this is a topic that I really don’t understand well”. For the CEO of a company that has received over $53 million in funding, it seems a shocking thing to ask. It may be time for a quick trip to the office in between conferences to find out what is going on.

One comment caught my eye, which mentioned that what is the point of having your Internet connection shared for 99.999% of the time, if you would only get roaming elsewhere 0.00001% of the time. Today, the reality is that if you want reliable WiFi, you go to a hotel or a coffee shop where you know you will have a decent connection. The penetration of free shared WiFi must be an order of magnitude larger than what it is today to really start making an impact.

Before Whisher with WiFi Out, this was completely true. You would share your WiFi, and then either sit patiently waiting for someone to connect, or try in vain to find another shared signal. WiFi Out fixes this problem, not for free of course, but by giving users a cheaper access at locations that are well placed and easily accessible, such as hotels, coffee shops and airports. Since it is a pre-paid credit and charged by the minute, you only pay what you use, and carry on the unused minutes over the next months.

Hardware based WiFi sharing

The most publicized, hardware based WiFi sharing solution today is Fon, which sells a small router with a customized firmware based on open-source OpenWRT, and which creates two SSIDs, one encrypted, for use by the owner of the router, and one open, for use by visitors. The theory goes that the separation of traffic makes the owner safer, by firewalling the visitors from the internal network of the owner. In any case, the visitor is not protected from passive sniffing of the public signal, as it is not encrypted, and available for anyone to see without the need to even connect to it – contrary to what Fon claims.

To share your WiFi using such a custom-made router, you must first buy it for $64.30, install, and configure it. This may sound easy, but network devices such as routers are hardly plug-and-play, and in many cases, require from the help of a techie friend or support from the provider. Problems like MAC address cloning, disabled DHCP or DNS forwarding can all get in the way of the sharer, causing him to simply give up and put the router back in its box.

If you get the router up and running, you must then keep it switched on at all times, or you lose roaming privileges. Knowing if your router is actually online is not as easy: even though the router looks OK, Fon’s servers could not be receiving the router’s heartbeat. In this case, you would not have roaming rights and you would not know about it. Fon recently started emailing users who were detected as having offline routers, but relying on an email for this is not what I would consider reliable – nothing beats a big red blinking LED to signal trouble. Mine has been offline for a while now, and I never got an email.

Finally, the factor which in my opinion is the primary cause of people stopping sharing with hardware-based solutions is that the router going offline permanently does not affect their lives one single bit. The roaming possibilities are so small that are not a decisive factor, and if they just unplug the router, they will still be able to surf the web, check their email, or download content, using their existing ISP-provided or bought broadband WiFi router!. In other words, there is zero incentive to share or not share, other than the feeling that you are contributing something to the rest of the world, and in any case, sharing costs you extra money (not a lot, but more than if you unplug the router and it stops using electricity!).

Software based WiFi sharing

The best known software based solution for WiFi sharing is Whisher. So far, we have gone through three iterations of the concept to find both the right feature set that makes it attractive to users, and that offers an incentive for users to share. If your existing WiFi router already works fine, why not share that instead of buying an extra box that may not even work at all?

When we first launched Whisher, we believed many features in a simple, good-looking client would be best, tying WiFi access to social features such as IM, file exchange and geolocation. During the first eight months after the launch, we learned that these features were neither well understood, nor considered a strong enough benefit to drive users to massively adopt WiFi sharing. Even so, we managed to get a sizable amount of registered and tagged access points, around the 80k mark.

As confirmed by Martin’s poll, we then aimed in the right direction: roaming. How could we both give Whisher users a better roaming footprint, while solving the WiFi sharing incentive chicken-and-egg issue? The answer was WiFi Out, a universal WiFi currency that can be earned and exchanged by giving and using WiFi. By sharing WiFi, you will earn WiFi Out credit, which you can then use to get cheaper access at premium locations with which we have negotiated roaming agreements. Very soon you will see a new setting on your shared WiFi hotspots that will enable you to earn WiFi Out credit by sharing and having others connect to them.

The second large problem, usability, has been resolved by turning Whisher into a plugin rather than a standalone client, integrating its features into the existing operating system’s WiFi manager. The result is that if you install Whisher, you will not notice its presence during your normal use of wireless connections, and when you find either shared or premium WiFi signals, all it takes to connect is the same as with normal networks – one click. Many features have been moved to the web, so you can now manage all your shared WiFi from a central location wherever you are located, all you need is a web browser. Sharing or tagging a network is also done on the web, with a single click on the Whisher plugin. Here is what the Windows version looks like:

Finally, what I believe is truly the largest cause of people stopping their sharing, that it does not affect them one bit – is also solved, because sharing with Whisher works with whatever WiFi equipment you already have, be it the broadband router or modem your ISP gave you, or an off-the-shelf access point bought at the store. There is no need to toy with settings or configurations – one click, and you are sharing. And since the signal you use to normally access the Internet is the one also being shared, you are more likely to keep it on 24/7 without having any extra impact or cost.

What about security?

This is a subtopic that usually crops up once I explain why software based WiFi sharing is better in my opinion. How secure is it? While it is true that visitors have access to your internal network, the likelihood that they will be there to access information on it is very low. You are thousands of times more likely to catch a virus or trojan while browsing the Internet or checking email that having someone connect to your WiFi and do something. If you don’t handle particularly sensitive information, you probably are OK with just sharing your WiFi and not worry, but if you are more security-conscious, there are some things you can do to protect yourself, such as firewalling the range of IPs given by the router’s DHCP server to visitors. I feel vindicated by one of the leading experts in security, Bruce Scheiner, who writes in his blog:

Whenever I talk or write about my own security setup, the one thing that surprises people — and attracts the most criticism — is the fact that I run an open wireless network at home. There’s no password. There’s no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

Is there a risk of someone doing something bad while connected to your network? Yes, but as Scheiner says, it’s as likely as you being hit by an asteroid. In any case, anyone connecting must have previously registered an account with Whisher, since there is no other way to get access to your encrypted network. Thus, if push came to shove, you could identify potential culprits.

Another feature Whisher has to safeguard you is Private Mode – simply enable this while connected to your network with Whisher, or from the web-based My Account section, and all visitors will be disconnected, leaving the network to yourself. We will implement schedule-based sharing soon, which will enable you to specify at which times during the day your WiFi is shared or not.

From a visitor’s point of view, Whisher is more secure than connecting to the unencrypted signal of a hardware based solution, as every other visitor connected must have a Whisher user account, and so they could eventually be identified in the unlikely event something bad were to happen.

Keep in mind we are reducing the attractiveness of your network to attackers by giving you the power of deciding when you are sharing or not, identifying those that do connect, and making passive sniffing of traffic anonymously not possible, all while keeping your network encrypted. As Scheiner observes, “I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house”.

And bandwidth hogs?

The Private Mode functionality solves this issue by enabling you to have the network to yourself with a single click. Bandwidth throttling in hardware is hard to do, and can even cause undesirable side effects, as the small, not-so-powerful router’s CPU has to keep track of all inbound and outbound connections. Besides, it’s fine to say “Give 512kbps from my 3Mbps to visitors”, but how much do you need to give up from your much slower upload (as most broadband connections are asymmetric) to make the visitor’s connection usable? It’s much easier to say “Make the WiFi all mine now”, or “allow only two visitors”.

So what do you think? Is software better than hardware? You are welcome to comment! If I managed to convince you, download Whisher now and start sharing in minutes – if I didn’t, it will take you at least a couple of weeks for the box to arrive once you have paid for it.

Edit: due to some pressure from people not known for having a sense of humor, I have to fully clarify: THIS IS A JOKE. If you are in a country that doesn’t have April Fool’s, you may have an equivalent, in Spain for example it’s the “dia de los inocentes”, and falls on December 28th.

Just remember to check the date on every post you read today – Happy April Fool’s day!

Credits to Hugh of gapingvoid.com for the image.

I am quite surprised about the lack of respect for privacy and anti-spam laws that many startups are showing nowadays, with the excuse that being social and web-two-d0t-ohish gives them carte blanche to jump over all the hoops. Today’s case: Twitxr.

A friend got this in his inbox:

——– Original Message ——–
Subject: Martin Varsavsky wants to keep up with you on Twitxr
Date: Mon, 3 Mar 2008 01:01:07 +0000 (UTC)
From: Twitxr
Reply-To: no-reply@twitxr.com
To: notshown@nospam.com

See Martin Varsavsky’s pictures:

http://twitxr.com/martinvars

Thanks,
The Twitxr team – http://twitxr.com

About Twitxr

With twitxr you can share a moment, a picture, a thought, instantly with your mobile phone. Where are and what are you doing your friends now? Twitxr tells you.

To start with, the email address this was sent to is from an old company he worked at, and which has not been used for over three years. It seems that Martin has just taken his list of email addresses, containing anyone who he has ever been in touch with, and copy/pasted them into the Twitxr database. Secondly, the email comes from a no-reply email address, and provides no way to unsubscribe from these communications. In fact, this email was not even used to subscribe to a Twitxr account!

Now, I believe there are many laws in Europe and the US that prevent this. We currently use a mailing list platform that requires us to comply with many regulations and provisions, so I know for a fact that it’s not as simple as copying a bunch of emails into a database and clicking ‘send’.