shahine.com/omar/

I’ve always been skeptical of the usability of two-factor authentication. Specifically, Microsoft employs a form of Two-Factor authentication using a Smart Card. To get access to our corporate resources from outside our network you are required to enter your username + password and enter your Smart Card (which is our Badge) into a Smart Card Reader entering your PIN number. The Smart Card contains a certificate that is used to identify you to Microsoft (in addition to your username and password).

The problem with this is that each computer that you want to use to connect to corporate assets requires a Smart Card reader. Kind of a pain. Especially since laptops don’t have PCMCIA readers any more (replaced by Express Card).

When thinking about using two-factor authentication for securing non work assets, I just assumed this would be a hassle.

VeriSign Two-Factor Authentication

I knew that a while back PayPal started to offer a PayPal Security Key that you could use as an extra layer of security when signing into PayPal or eBay. This seems like a good idea after all, because PayPal is linked to my bank account and Credit Card, and eBay has one of my post important identities: my “seller reputation” is tied to it. An extra layer of security to sign into those sites seems like a good idea, but at what cost?

When I found out that VeriSign PIP (an OpenID provider among other things) started to offer extra security using a Security Token (and was compatible with the PayPal Security Key) I decided to give it a shot. After all, the entry price was $5. You can see the PayPal Security key below:

In addition to the PayPal Security Key, VeriSign offers two additional solutions:

1. VIP Security Card – a credit card sized Token
2. USB Memory Key from SanDisk – a traditional USB Key with special software.

Both solutions cost more than $5 so I started with the PayPal key. I’m not interested in #2 since I view it as more of a hassle to have to insert something into a computer.

I received my PayPal key the other day and immediately fell in love with it. It’s small, and easy to use and easily found a place on my key chain. For $5 it’s a steal.

However, I was wondering what the VIP Security Card was like.

Luckily I’ve been chatting with the folks at VeriSign over the past few days and they were kind enough to send me a VIP Security Card to play around with.

All I can say is WOW. This thing is awesome. It’s the exact same size and dimensions of a credit card. I assumed it would be thick because it appears to have some kind of LCD. But actually it’s a form of screen similar to the Amazon Kindle. It consumes no power to display the current code, only to change it. Your security code is only ever valid for 30 seconds and each one is unique (One Time Password).

 

Personally, I prefer this format better since I can just throw it in my wallet and my wallet is always with me, unlike my keys.

Other Two-Factor Authentication systems

I should point out that two-factor authentication does not have to be limited to physical tokens like the ones mentioned above. There are numerous other mechanisms that other OpenID providers utilize. VeriSign summaries a whole slew of then here.

SSL Certificates

VeriSign and myOpenID both support SSL Client Certificates, but they both implement them differently.

Most people are familiar with server based SSL certificates. These are the things that practically every single ecommerce or financial institution uses to encrypt the information between you and them. It makes is to that the bad guys cannot sniff your traffic and steal your credit card or other personal information. Generally speaking these have been adequate protection for hundreds of billions of dollars in transactions over the years. Since it’s hard for the bad guy to pretend to be the server you are interacting with, they tend to focus on things like Phishing and man in the middle attacks to steel your username and password (and now DNS exploits).

For years we have been trained to look for the “lock” icon when dealing with secure websites.

Over time this has evolved to include more prominent UI features as you can see below in IE 7

 

and FireFox 3

However little attention has ever been paid to client side SSL certificates. Well they work just like server side certificates except that the authentication is mutual. In other words, not only do you validate that the web site says who they are, but the website is validating who you say you are. This is done because the server and you share a secret, and SSL is a mechanism for verifying that you both know the secret, without exchanging that secret with each other. Sounds complicated? it might, but this is the basis upon which Public Key Infrastructure (PKI) is built.

At the end of the day, what you need to know is that the way this can be a two-factor authentication mechanism is that you install this SSL cert on each computer that you plan to login to the service (in this case the OpenID provider) and after you authenticate to the service using a username and password, the service has an addition layer of authentication via your client SSL certificates. It’s like a “Soft Token” (a software version of a hardware token, like those mentioned above).

VeriSign and myOpenID have two different uses for SSL Client certificates. For VeriSign they work much like a hardware token, meaning you have to posses the client certificate and your username and password to gain access. If you don’t have you client certificate installed you can have a temporary access code sent to your phone via SMS or your email account.

myOpenID uses the SSL as a way for you to login to the site without entering your username and password. So in a way, it’s a replacement for your password credential and works a bit like an Information Card.

Image Authentication

Some services like myVidoop.com (another OpenID provider) use images as a two-factor authentication. After you login you are presented with a series of images from categories that you pre-selected mixed with pictures from random categories. Since only you know the categories you picked, you enter special codes corresponding to those categories. There is no password per se, your selection of the right images from the right categories is your password. Clever.

These images work in conjunction with specialized code they have to “activate” a browser. In other words, you only get to go through the image identification once you’ve confirmed the browser to myVidoop. If you have not you can use SMS or email to temporarily activate your image authentication.

So in this case, your two-factors are 1) provide identity of browser to service and 2) authenticate using images.

I have to admit, I’m still getting my head wrapped around this one. I haven’t yet figured out how they “identify” a browser.

Phone Based Authentication

There are two forms of Phone authentication that I’ve run into. Voice authentication that myOpenID uses and SMS based authentication that a number of services use.

CalVerifID is a service myOpenID runs that allows you to use your plain old telephone to authenticate. When you signin to myOpenID and when you receive the phone call from them, press #. Very simple.

SMS verification is currently supported by VeriSign and myVidoop to allow authentication in the case where your primary two-factor mechanism is not available. This comes in very handy say if I am not near my hardware token or I’m too lazy to go get it from my wallet and my iPhone is right in front of me .

Final Thoughts

As you can see, there are numerous options today for two-factor authentication. You can immediately secure such assets as your PayPal and eBay account with any VeriSign VIP product. Furthermore as OpenID continues to gain in popularity, you’ll have more options for securing your Identity on other services.

I’d say this is progress.

Over the past few months I’ve been thinking A LOT about passwords and how broken the Internet is right now with respect to authentication. Expect a number of posts over the next few weeks about my thoughts on the matter (timely since this NYT piece came out this past weekend).

For the record, I have over 266 unique passwords for websites and currently use RoboForm to manage them all (I actually ran RoboForm for over a year so that I could capture every site I entered credentials into). I would like a solution that roams with me, but Dual Factor authentication and strong password reset mechanisms are a requirement.

Why is VeriSign’s role here important? For one thing, they have a fairly important role in how the Internet runs and have a distinguished history with respect to Internet security technology.

I’ve been playing around with VeriSign Personal Identity Portal (PIP) the last few days. VeriSign PIP is an OpenID provider with a number of novel features that make it far and away the best OpenID provider out there.

They support:

1. OpenID 2.0
2. SSL Client Certificates for authentication
3. VeriSign Identity Protection (VIP) security key products for dual-factor authentication
4. Information Cards
5. OneClick Sign-in access for over 80 popular websites (like Facebook, Google, Windows Live)

Item #5 competes directly with PassPack, which is a cool web based service for storing your usernames and passwords (secured by a password and a “packing key”). I haven’t moved over to them yet because I’m taking my time to understand the options out there.

VeriSign takes a similar approach to PassPack in that to get to your data you:

1. Login using your username and password or Information Card
2. Optionally enter your Security Code (if you don’t have your FOB you can fallback to SMS)
3. Use your encryption key to “unlock” your OneClick passwords.

This all seems good. It's important to note that all your username and password credentials for OneClick are encrypted using a key that only you know. If you lose this key, or someone managed to get access to your account, they will NOT be able to get to your OneClick passwords unless they also know this key. There is no mechanism to "reset" this key. If you lose it, then you lose all your passwords and need to start over.

This is why I believe that in the long run OpenID is far better than anything that has been proposed. For one thing OpenID is flexible enough to support multiple authentication mechanisms like Information Cards, Dual factor authentication, SSL certificates and are now backed by a number of big players in technology (Google, Microsoft, etc).

IMHO one of the best features of OpenID is that you are not generating some random password (or worse giving the same password you use on every website) and handing over to a stranger who for all you know doesn’t encrypt or secure your identity.

While there is still a long ways to go, I consider this progress. VeriSign’s product is something my family can understand and use.

So happy that Amazon now supports adding products from anywhere on the Internet to your wish list. Amazon has become my defacto place for storing things I want, or things I want people to buy for me!

This replaces Google Shopping List which wasn’t very good anyway.

Get your Amazon Wish list Bookmarklet.

Earlier this year I wrote:

2008 Will mark the end of Personal Finance Software. Quicken will de-emphasize being offered as a shrink wrapped/downloadable product and move to a subscription model.

Mint.com and Wesabe will continue to steal users away from the shackles of Microsoft Money and Quicken.

I look forward to this...

And this morning I read this:

“Microsoft Money Plus continues to be a valuable tool for our customers; however the feedback we are hearing is that the incremental updates to the software don’t merit a new product every year. Given this, we have decided against releasing a 2009 version of Money Plus. .. We are moving off of an annual release cycle for Microsoft Money Plus (no Money 2009 version in the fall), with future release dates TBD” (to be determined).

Good time to switch to Mint.com or Wesabe.

I’ve been using Mint.com for over a year now. Earlier this year I switched “full time” as it sort of crept up on me. They finally have all the features I required in a personal finance package:

• Budgeting
• Investment accounts (401K etc)
• SMS and Email alerts of transactions / balances
• Auto-Updating balances
• Amazing self correction of merchant names
• Cash Flow tools
• Accounts are always reconciled
• Zero Configuration Installation (no DRM).
• Mortgage and Loan accounts

I seriously love Mint. Now if they could just make an iPhone app!

Here are some very easy steps for how to tether your Vista laptop to your iPhone.

First you need to get the following pieces of software:

1. NetShare – this is an iPhone application that bridges your 3G and WiFi radio on the iPhone and creates a SOCKS proxy for your PC. Apple has been publishing and removing this application over the past day, so it might not be available in the Apple Store. Sorry!
2. Proxifier Standard – this is a Windows application that routs all internet traffic on your laptop to your iPhone via the ad-hoc wireless network.

Here is how it works:

[Internet] <-> [3G <-> iPhone running NetShare] <-> Wifi <-> [SOCKS PROXY <-> Vista]

Step 1: Install NetShare and Proxifier

This is easy, install NetShare on the iPhone, and install Proxifier on your laptop.

Step 2: Create an ad hoc wireless network

On your laptop go to the Network and Sharing Center and click Set up a connection or network

Select Set up a wireless ad hoc (computer to computer) network

Give it a Network name (I use iPhone) and set the Security type to No authentication (Open) and click Save this network

note: I plan to test this later using WPA2 Personal since that is far more secure.

Now you are connected to your ad hoc network. In the future you can re-connect to this network by going to the Start Menu and clicking Connect To and then selecting iPhone.

Step 3: Connect your iPhone to the ad hoc wireless network you just created

On your iPhone go to Settings select Wi-Fi and connect to iPhone (or whatever you called the ad hoc network in step 2). Your connection should look like this:

 

Don’t worry about the IP address , we are going to use a feature called Automatic Private IP Address or Zero Config Networking which will allow iPhone and Vista to talk to each other even though they don’t have a router.

Step 4: Launch NetShare

Now that you have connected your iPhone to the iPhone ad hoc network you should launch NetShare. When you’ve done that you will be greeted with this screen:

 

Step 5: Launch and configure Proxifier

You’re almost done!

1. Now launch Proxifier and select Proxy Settings… in the Options menu.
2. Click the Add button and type the Proxy IP address in the NetShare application on the iPhone (169.254.206.139 in my case)
3. Enter Port 1080
4. Select SOCKS Version 5
5. Click OK

Step 6: You are done!

If you want to make sure that it’s working you can select the proxy entry you just created and click Check

and go to speedtest.net and measure your performance!

Step 7: Cleanup

When you are done tethering, you should do the following:

1. Disconnect from the iPhone ad hoc network
2. Select Exit from the File menu in Proxifier. If you don’t do this it will continue to run preventing your normal Wifi connection from working.

Notes

• I found that Outlook would not connect to our corporate Exchange server via HTTPS, it was trying TCP/IP. I suspect this is some kind of problem with the SOCKS proxy server. To remedy the problem I forced Outlook to use HTTPS on Slow and Fast connection.
• The iPhone will go to sleep while the NetShare app is running. You need to periodically wake it up.
• the above wireless configuration is an Open network. I plan to test this using something more secure like WPA2.

Couple of months ago I wrote about how these guys can’t get Calendar Sync to work.

Well, it’s taken us a long time (cause sync is hard), but by partnering with the Outlook team we now have Mail, Contacts & Calendar sync for all Windows Live Hotmail users via Outlook Connector 12.1.

Previously calendar sync was a “premium” feature that only worked with the old MSN Calendar service. Now it’s free for everyone, like it should be!

The Calendar sync now part of the Outlook Connector will sync “all” your Windows Live Calendars in Outlook allowing you to view them side by side or overlaid. This includes any calendars you have shared or are sharing with others giving you read/write access to your calendars online and offline.

Another benefit is you get a Birthday Calendar for all your Windows Live Contacts. This is a great way to stay on top of Birthdays (in addition to fbCal for Facebook, which you can now subscribe to in Windows Live Calendar).

Read more on the Hotmail team blog.

Download the new connector here.

PS – Calendar Sync is done using FeedSync formerly known as SSE.

There are few things that bother me more than cables and cords, especially Wall Warts. Why does my camera charger need a 6ft cable?

Well, I’ve been searching the intertubes for almost a year to find “short power cords” to use with my many chargers, dc adapters and so on. This was made difficult by the fact that I had no idea what to search for.

A few months ago my quest was complete. Behold the C7 Figure Eight Plug from Cyberguys.com. At $1.79 each get a bunch of them!

I ordered a dozen 1 ft power cords. These are suitable to replace any 2 prong AC plug (NEMA 1-15 ungrounded plug) with a C7 figure 8 ungrounded plug. I went around my house cleaning up cable disasters everywhere.

Here you can see the diversity of my long cables that I no longer use:

and this is what I replaced them all with:

I started a wiki to collect all the Exchange iPhone issues (bugs, feature requests etc). It needs better organization and layout but it works for now (using jot spot, aka Google Sites, since I can’t find any other free hosted wiki).

The reason I set this wiki up is that I’ve used a number of Exchange Active Sync (EAS) devices in the years (Nokia N61, Palm Treo and of course Windows Mobile) and am very sensitive to not “meeting the bar”.

Since Apple doesn’t use Exchange for corporate mail, it’s hard to expect they will reach the same EAS perfection as Windows Mobile, but I hope they can at least address the bugs and issues we call out.

Special thanks go Tim Heuer for helping put this list together

Wow. It has been a long time since I’ve been so excited about a piece of technology. Perhaps when I first got an iPod nano.

This is not a review. I expect to post something more detailed later. This is a more of what I know, and what I don’t know .

note: this is my first iPhone. I have been using Windows Mobile for the past 5 years since the release of the original MPX-200. I currently own a Samsung BlackJack II and prefer the “standard” over the “professional” incarnations of Windows Mobile. I own 2 iPods, a Touch and 3G Nano and have owned 8 iPods in my life. I have used almost every PDA (Zarus, Newton, Palm Pilot, various Palms, Treo(s), PocketPC(s)).

I’d also like to point out that at least 5 people I know insisted that they were not going to get iPhone 3Gs. By Sunday night each of them were proud new owners. I expect this number to grow.

The Good

It’s an iPod!

The iPhone is a fantastic iPod. Better than the Touch for a few reasons:

1. You can double tap the round button to shortcut to the iPod app
2. You can press the mic on the headphones to pause/play or double press to skip. The touch can’t do this and as such it’s a terrible iPod since you have to touch it just to skip a song.
3. Hardware buttons for Volume. Enough said. pressing the Touch to do this sucks.

And it goes everywhere with me, which my iPod does not.

It’s a Computer

The things I can do with it are awesome. Real Web Browser. Install great applications that take full advantage of the hardware (location, wifi, touch).

Everything is consistent. It’s a thing of beauty.

You know it’s good when all the Applications consistently adhere to a set of guidelines.

It Sync’s to Exchange

Yipee, for now it works well with our corporate Exchange servers with a set of notable bugs (below under the bad).

Reading mail on this device is a thing of beauty. The rendering is much better than Windows Mobile.

The Applications

The whole experience around Apps is awesome. I’ll cover my favorite applications later. Some are just fantastic (SmugShot, OmniFocus, New York Times, Apple Remote). I have many more to try out.

A big plus is that like FireFox Add-ons there is a centralized update mechanism so that you can ensure you are using the latest version (like websites!). So long 90s era check the web site to get an update.

Location

Wow, every app pretty much supports this. It’s a phenomenal feature to have baked in. From Yelp, to Maps, to GeoTagging of Photos…

The Keyboard

Much better than I thought, although it’s hard to use the iPhone in bed since the weight is pushing it out of your hands.

The Experience

The UI is fluid, emotional. The Hardware is like artwork. It’s a joy to interact with.

The Bad

Hardware Issues

It appears Apple deprecated a common way of charging iPods and iPhones. Every recent iPod/iPhone till now has supported charging via FireWire and USB. Many after market accessories have always used FireWire interfaces to charge over the Apple Dock Connector even though Apple has suggested that they switch to USB. Well, iPhone 3G removed support for FireWire and as such my 2 car kits will not charge my iPhone. Since FireWire is 12V vs USB 5V you can see why maybe the car folks weren’t in a hurry to switch. This is a bummer.

Exchange Issues

I have noticed the following bugs with Exchange ActiveSync:

1) When you reply all to an email your own address is included in the CC line. This is not expected behavior. Email clients always strip out the recipient's address from Reply-All. See Outlook, Windows Mobile 6 (previous versions of WM had this same bug) and every other email product.

2) by default iPhone sync's all the Contacts on the Server in every folder rather than just the default Contacts folder. This behavior should be modified to only sync the default folder or should be configurable for the user. To make matters worse, the Contacts app is dog slow on iPhone.

3) The reply/forward status of a message is not sync'ed with the server. When you reply to a message on iPhone the exchange server does not have the reply flag set on the message. As such in Outlook the message does not look like there was a reply. Can’t believe they missed this one.

4) No Peak/Off Peak schedule. On my Blackjack I would sync using a schedule during peak hours and use Push off-peak. This saved my battery and I really didn’t need push during the work day since I sit in front of a computer all day.

Battery Life

Hmm, it sucks. Ok? If you want Good Battery Life here is a guide on how to make your iPhone 3G exactly like an iPhone original.

I’m trying a number of things to see if I can get it to last a day. Step 1, turn of Push email. I don’t need that anyway. Step 2, turn off Wifi. Lets hope I don’t have to since I’m addicted to controlling my Apple TV with the Remote.

Performance and Stability

Not perfect. Lots of times the iPhone hangs. Loading Contacts is glacial. Unlocking entering PIN stutters.

Applications crash. Sometimes the cause the whole iPhone to reboot (what is this, 1998?). My Windows Mobile Phone NEVER rebooted because of a crash… it just stopped working and I rebooted it!

Also today my Location services totally stopped working. No idea why. I had to reset my location settings to get it working.

Pausing/Playing audio via the headphones is buggy. Sometimes the iPhone goes dead till you wake it from Standby.

Album art on the Apple Remote is flakey at best, and you can’t control the volume of an Apple TV.

Tethering

There is of course no tethering support for the iPhone meaning I cannot connect it to my laptop to surf the web like a Windows Mobile Phone. I hope an app comes out to support this in the future.

Since around 2001 I made the switch to digital flat panel displays and never looked back. My first display predated DVI by about a year instead utilizing a Digital Flat Panel (DFP) adapter.

I was always annoyed by the whole Digital <-> Analog <-> Digital process when using an analog VGA adapter with a flat panel. I found it crazy that you had to convert to analog when the display was digital to begin with. All Laptops have always had a native digital interface to their displays. So why should external displays be any worse?

When DVI hit the scene it got much easier, but it’s rare to see a laptop with a DVI adapter (that’s not a Mac of course). This always annoyed me.

Now some docking stations for laptops do have DVI, which is great, but not all (like my Lenovo X61).

The reasons why laptops don’t have DVI adapters? Size. It’s much larger than VGA. Although DVI is backwards compatible with VGA, and Apple has figured out a way to shrink DVI, PC maker still don’t bother and stick to Analog. Another excuse? projectors are mainly VGA at most companies.

If size is a problem, you could theoretically add HDMI ports (which is backwards compatible with DVI) but apparently many laptop makers don’t do this either due to cost and needing to also have VGA (projectors).

Supposedly, DisplayPort will solve this all, but I have yet to see someone like Lenovo move to DisplayPort even though Dell is.

DisplayPort is a digital display interface standard (approved May 2006, current version 1.1 approved on April 2, 2007) put forth by the Video Electronics Standards Association (VESA). It defines a new license-free, royalty-free, digital audio/video interconnect, intended to be used primarily between a computer and its display monitor, or a computer and a home-theater system.

[wikipedia]

In the meantime, what can you do if you want DVI on a laptop that only has a VGA port? And what are the advantages to DVI anyway? Well I like DVI because:

1. Ghost Free images (no horizontal or vertical sync)
2. No calibration necessary (only brightness and contrast)
3. Pixel for Pixel perfection

A few months ago I purchased a novel solution to this problem, a DisplayLink Adapter made by Sewell.

DisplayLink is a company that produces the chipset that supports DVI and VGA over USB and it’s licensed to a number of companies including Samsung, Sewell,

When I first got it I had a number of problems mainly due to their driver. The good news is that in the last few months, their driver support (particularly on Vista) has improved a great deal. In fact when I got the device the driver didn’t even work, but their tech support staff is extremely competent and they fixed the driver in a matter of days.

So how does it work? Well, it’s OK. The main issues I have with it are:

1. It uses quite a bit of CPU, and the CPU usage will occasionally spike which interrupts my Bluetooth mouse which I find annoying.
2. Occasionally when undocking I get a message saying the USB device is in use and I can’t undock.
3. It doesn’t work during boot of course, which means that if you need to interact with your BIOS or say enter your BitLocker PIN you are SOL.
4. Max resolution of 1600 x 1200.

I hope that in the future that Windows adds native support for USB style display adapters, but for now, these are some serious limitations.

Furthermore, USB doesn’t have the same bandwidth as DVI so no high frame rate activity like Games. Video works ok (not HD) though.

I should have blogged about this earlier, but I saw Ed Bott referenced DisplayLink on a post about using 3 monitors.

In closing, this technology is pretty good today but not perfect. If you are a VGA snob like me, then this is a viable alternative with some gotchas.

Wow, what a long day.

It started like this:

7:30 am

Drive to the Belmont AT&T store to meet a co-worker (Andy). Waited in line for 5 minutes and aborted.

8:10 am

Arrived at Stanford Shopping Center, witnessed the 500 or so person line and aborted.

8:30 am

Arrived in the parking lot of the Mountain View AT&T store, did a U-turn an went to work.

9 am - 5 pm

Was ridiculed by co-workers who were looking for my shiny new iPhone. One co-worker (who shall remain nameless) convinced his 12 year old son to wait in line for close to 4 hours and got an iPhone! Then he called me in a meeting from his new 3G iPhone to taunt me.

6:00 pm

Arrived back at the Stanford Shopping Center. Got in line and it was moving really well. after 1 hour I had moved half way up. Then it turns out that a bunch of Apple employees went off shift so the progress in the line slowed. It took me 2 more hours to move the same distance I did in 1 hour.

Anyway, while in line I was instructed to call 611 on my phone and remove my 15% corporate discount or I would not be walking out of the store with a phone. I was told I'd have to do that or else my transaction would fail. I was also told I could call back on Monday and add it back??? WTF. Weird.

Anyway, when I got in the store I answered a bunch of questions.... yes, yes, yes, yes, 16GB Black. They only had a few yet, and had not sold out of anything yet.

A few minutes later I was $550 poorer (no worries, my iPhone fund has exactly $550 in it) because I did not qualify for a subsidy... half the price my ass.

What is interesting is that they did not unbrick or activate my phone. I just walked out with a shrink wrapped box. The minute I walked out my BlackJack II stopped working. I guess they nuked my SIM. Anyway, 10 minutes later I was home, accepted the 500th Apple EULA of the year, and have a working 3G iPhone with my corporate email and a bunch of cool apps like SmugShot.

I'll post more info when I've played around with this thing.

I feel like I did back in 6th grade when I got my first Mac! (A Mac II cx with an Apple 13inch RGB monitor).

When our daughter was born and we moved to the burbs, I longed for a product that I could use to keep lists of errands and it would tell me when I was near a store that I could purchase them at.

This is basically “location” or “context” based tasks…

Looks like OmniFocus for the iPhone will do the trick.

Can’t wait till tomorrow!!!

I knew this would happen. As time went on and details emerged, my prediction of how miserable it’s going to be trying to buy an iPhone is going to come true.

You see, now that AT&T is wearing the pants, it’s doing it’s usual business of making things as complicated as possible ensuring that it’s making as much money as possible and making your job as a consumer as difficult as possible.

According to a few sites, including Engadet, there are a few different prices for the iPhone depending on your situation.

• iPhone 3G will be available for $199 (8GB) and $299 (16GB) for iPhone customers who purchased an iPhone prior to 7/11, customers activating a new line with AT&T and current AT&T customers who are eligible for an upgrade
• Existing AT&T customers who are not currently eligible for an upgrade discount can purchase iPhone 3G for $399 for the 8GB model or $499 for the 16GB model. Both options require a new two-year service agreement.

So how do I know if I’m eligible for an upgrade discount? Who knows. I can guarantee that the dude at the AT&T store is going to do everything in their power to make sure I pay the full non subsidized price. That’s been my experience for the past 6 years (starting with Cingular and now AT&T). I would sometimes even bring printouts from the AT&T website showing the price of a device with my corporate pricing etc and they would ignore it and refuse to sell to me.

So this begs the question. How are the Apple employees in the Apple store going to know how much to charge you for the phone? Are the tapping into the state of the art AT&T Siebel Customer Database? I don’t think so.

I think this pretty much ensures that I’m going to go to the Apple store to get my iPhone because I’m betting that the Apple employees are going to be more motivated to sell me an iPhone and get my but out of the store. But really, I’m not sure how this is going to work out.

In fact I am 100% certain I am not eligible for the upgrade price. How do I know this? Well I logged on to my AT&T online account and clicked “Upgrade Phone” and it told me:

 

Not sure where it’s getting the 04/15/2009 date. Apparently a number of factors picked a pretty arbitrary date. All I know is 04/15/2009 is > 7/11/2008 and that’s all I care about .

I’ve made it very clear to everyone I know that I’m getting an iPhone v2. Now that the iPhone has Exchange support, there is no reason for me NOT to get one. I’ve been using Windows Mobile since my Motorola MPX-200 (Windows Mobile 2002 I think) and it’s time for a change. I want, no I NEED an iPhone .

Personally, the most exciting things about the iPhone are:

• The long tail of applications that will exist. It’s clear that the iPhone is going to get the lion’s share of attention and everyone will be popping out iPhone apps.
• Safari for browsing the web (and great optimized web apps)
• Touch
• the features of an iPod

To be honest, I have an iPod Touch right now and I actually consider that the music playing experience sucks pretty bad when compared to a Zune or an old skool iPod. There is simply no replacement for having hard buttons to control audio and the whole screen flip thing is annoying.

And while I am at it, iTunes has turned into a slow bloated buggy application that I can’t stand to use any more… and the new Zune Player kicks its butt. Apple needs to throw away the Windows code base and start over with something that is actually a Windows App and not as terrible as QuickTime on Windows.

But anyway, it won’t change the fact that I have $400 earmarked for my iPhone v2.

As I watched the WWDC keynote on Monday I could not help but notice a few things.

1. Apple is an incredibly childish company. Apple always used to take pot shots at Microsoft (even though the Mac would have died a slow death a few years back w/o Mac Office) but I find it amazing that they still say things like “ActiveStink” even though they also need “ActiveStink” to be relevant to any enterprise or edu. I find that the Apple commercials are funny and generally in good taste, but not these kinds of comments. I’ve always believed this comes from their resentment of having to rely on Microsoft for anything.
2. They always talk about how this version kicks the pants off the last version. They do this with a straight face even though the joke is on you because last year they were selling you the same crap telling you how you don’t need 3G or Video or Intel Processors and how RISC is going to take over the world and put Intel out of business. You know what I mean, all that baloney about how PhotoShop is 100x faster on a PowerPC than an Intel chip and at the end of the day, guess what’s powering a Mac now.
3. Then there is stuff like “look, this company wrote this crazy cool application in 2 minutes! Our dev tools are so easy, you can lean Objective C and crank out an iPhone app and port your application in a few days”. This reminds me of when Apple had Adobe on stage and convinced the world that recompiling PhotoShop for Mac OS X took them only 2 weeks. It took them 2 years I think to actually ship.

But nevertheless, it doesn’t matter. People in the audience and most folks can’t help but be fanboys. I mean the Cult of Macintosh/Apple/iPhone is a powerful thing, and if Apple has shown anything over the years it’s that they are only increasing the number of folks who fall in line and eat this stuff up. Who can blame them? Apple makes me excited about hardware and technology. I almost always walk into an Apple store when I am near one just because.

In my mind there is nothing more exciting to a geek than sitting at a keynote and watching the grand master walk you through each and every new feature you are going to get your grubby hands on in a few short weeks. If I could get this for every product I cared, or loved I’d be so happy… especially if they could do it like Steve Jobs! Tell me what other product out there gets such a careful and anticipated unveiling than every single thing Apple makes?

I know you got excited that the new headphone jack now allows for normal headphones w/o an adapter even though this is a bug and never should have been that way in the first place, but you don’t even think about that because you’ve already forgiven Apple! When Apple got rid of SCSI and nuBus and moved to USB we all said “thank you Apple, now I can purchase all new peripherals!”.

See how it works?

Anyway, I’m looking forward to my 3G iPhone.

I’m NOT looking forward to the big ass disaster it’s going to be purchasing one on July 11th. AT&T is going to screw this up, in my case I bet they will tell me I’m not eligible for an upgrade since I got a phone less than 2 years ago. So I really have no idea what’ it’s going to cost me and more than likely they will completely bullocks up my account adding the right data plan and all that nonsense. I do know I’ll probably spend a few hours in an AT&T store and some amount of time arguing with them.

BTW, the new iPhone isn’t cheaper and if you think so then you can’t do the math.

Graffiti CMS is a pretty awesome blogging tool published by the folks at Telligent. I started playing with it a few weeks ago and immediately fell in love. I knew that others would as well.

Of course I knew that there would be a lot of folks running dasBlog who might want to move to Graffiti, after all, Graffiti 1.1 has built in import for dasBlog posts.

When I learned of this I contacted the folks at Telligent and got a pre-release beta version to play with. After exchanging a few dozen emails with Jayme at Telligent I sent them some fixed up import code that would allow a dasBlog user to import all their posts and maintain their dasBlog permalinks as well as categories. Moving from one blog engine to another is generally a PITA so my goal was to make it pretty painless and since I've spent a few years working on dasBlog I figured it would be pretty easy for me .

Moving from dasBlog to Graffiti is a two step process:

1. Import your posts using Graffiti 1.1 (sorry, if you imported earlier the plugin won't work).
2. Install and configure the plugin I wrote.

You can get the dasBlog301 plugin from CodePlex.

Enjoy!