Suddenly I noticed that my blog has made me anonymous by stripping out my “Author” page (when did that happen?) and the little markers giving my name at the bottom of each post.

Feh.

I’ll be at WWDC next week if anyone wants to say “Hi.”

Any marketing survey that requires me to blow the dust off of my Trig (specifically the Law of Sines) is not all bad.

I installed the latest Adobe AIR installer, v1.5. Turns out Adobe AIR changes your default keychain from login to something else, which then completely breaks all Xcode signing.

To resolve this problem, open up Keychain Access, then right-click on the login keychain. Select “Make Keychain ‘login’ default” in the popup menu.

Then go back to iPhone development.

*sigh*

I hated to do that.

But for some reason or another, thanks to spam scrapers and the like, I was getting so much spam on that e-mail address that I couldn’t sort out the real messages from the Spam.

Even thanks to Google’s spam filtering and to Apple Mail’s junk mail filtering I was still seeing 200 messages a day on that address–all spam.

I’m sure there was some real messages in there somewhere, but sorry; I didn’t get them. If you sent me a real message, it was probably buried under offers for Viagra, free money, and offers in Spanish and Russian and Chinese I couldn’t read.

During tonight’s iPhone judging contest, one of the projects was one which handles personal information in a way which requires a fair degree of security. Unfortunately I didn’t have the time to make some simple observations about security, so I’ll note them here instead. So here are some simple security rules of thumb:

(1) “Never underestimate the power of human stupidity.” — Robert Heinlein.

(2) Security by obscurity simply gives a single point of failure. That includes things like “hidden” encryption keys.

(3) Unless you have a degree in Mathematics with a specialty in abstract algebra and encryption algorithms, and later either got a Ph.D. in encryption security or apprenticed at the NSA for a few years, do not create your own encryption algorithm. (These guys invented their own system, and how many microseconds did it take to break it?)

(4) Always salt your passwords: One-way hashing never is.

(5) Never pad your blocks with zeros.

(6) Be aware of man-in-the-middle attacks and design to work around them.

(7) Two factor authentication means something other than what the banks think it means.

(8) Security only increases the cost to break in a system: if you put something behind a security barrier that is worth more than the cost of breaking the system, someone will break it.

(9) Social engineering is your greatest enemy. The best key lock systems protected by armed guards, security cameras and a barbed wire fence won’t protect you against a helpful employee who holds the back door for some nice young man.

(10) If you don’t understand the stuff above, for God’s sake, hire someone who does.

Because I have a whole bunch of technical documents that I’d like to be able to carry around and read on a device that is not my laptop.

(And yes, I could have ordered a cheap touch-screen laptop, but I’d also like to be able to order and download books from Amazon as well as O’Reilly (who makes their books available as PDFs at a discount) as well as papers from ACM. The ePaper screen also makes the thing highly readable outside.)

I have never been a fan of corporate titles. I always thought they were silly. For me, all I care about is (a) how much power do I have to drive direction, (b) how many people do I have to worry about making sure they do their stuff, and (c) how much money do I make. Title can hint at these things, of course, and title does matter to recruiters who are less likely to promote you as a “Principal Software Developer” if your previous title was “Software Developer”, even if you have 20 years experience.

So today I’m happy. I believe on my business cards I’m about to get the title of “Guru of Code-Fu.”

What happens when a bunch of executives for corporations who pioneered closed devices running siloed and proprietary operating systems, who work and-in-hand with corporate providers who are famous for running “walled gardens” suddenly have their lunch handed to them by a corporation who made a better device, which is easier to develop for, who allows anyone to download the developer tools for free (rather than charging between several hundred and several tens of thousands for the dev tools), and allows anyone to sign software for a nominal fee?

Simple: these Kings of Silos, these Grounds Keepers of the Walled Gardens, these Maintainers of Closed Ecosystems bitch about the lack of “openness” by the latecomer who changed the rules for the better.

Apple is top of mind for execs at MWC

The panel which included three of the most powerful CEOs in the mobile industry–Ralph de la Vega, CEO of AT&T Mobility, the second largest mobile operator in the U.S.; Olli-Pekka Kallasvu, CEO of Nokia, the world’s largest handset maker, and Steve Ballmer, CEO of Microsoft, the worldwide software leader–centered on the need for more openness to spur successful innovation in the mobile market.

But the discussion quickly devolved into the need for openness, despite the growing success of Apple, considered the most closed player in the industry.

The most closed player in the industry? Are you fucking kidding me?

Yes, Google has an even more open operating system, the Android, for mobile phones. But at the moment Android is a marginal player.

And who are the other principles on the stage at MWC? AT&T Mobility, who imposed the closed restrictions on Apple in order to allow Apple to play in their closed walled garden, Nokia, who until recently charged some serious change to use the Symbian development tools, and still features the Nokia Pro premium service which is invitation only, and who charges twice as much as Apple to allow you to sign an application for distribution. And Microsoft, who still charges serious change for the correct version of Virtual C++ to develop Windows Mobile applications, and who used to charge per signing for signing applications–including those being signed for beta testing.

I just don’t get it.

What’s funny is that only recently did Nokia make their development environment free–but that doesn’t overcome the fact that Symbian is still a nightmare to develop for. (Really, who ships a mobile operating system with two–count them, two user interface APIs?) And Microsoft’s Windows CE is, um, ah, well, like a walk down memory lane: if you were a Windows 95 developer a decade ago, you’ll be right at home in Windows CE–aside from the odd restrictions and, um, clumsy ways of handling display windows.

The real irony of all of this, however, is the following quote from Ballmer:

“I agree that no single company can create all the hardware and software,” he said. “Openness is central because it’s the foundation of choice.”

Erm, is this supposed to be a hidden slight at Apple, who just ate Windows CE’s lunch in the United States and is poised to eat Symbian’s lunch (except for the most stripped down no-feature underpowered phones) in Europe.

I’m just amazed that these idiots, in their whole drive to make sure they didn’t become as pointless in the mobile world as Earthlink became in the wired world, left such a huge chunk of change on the table that it took an upstart and a nearly bankrupt walled gardener who was desperate for a hit to show folks how things could be done–and essentially create demand in a segment that until recently was a fringe marketplace. After all, until the iPhone came out, how many people were willing to pay $300 for a phone that also involved a two year, nearly $60/month (for the most basic service) service contract? Pre-iPhone, mobile phones were giveaway devices that were given to you for free as part of your service contract.