IPhone further thoughts

In re: it's closed – yes, but, in at least one sense it's actually infinitely open, and more open than any phone before it.

It has a fully, 100% desktop-compatible, web browser – Safari.

This means it _doesn't_matter_ that you can't run MS Office on it – you should be able to run Google Docs just fine. And who cares if you can't run your little Atom API blog posting software on it – you can just log right into Blogger. But what if I want some kind of interactivey kinda application? XmlHttpRequest, baby! That’s “Ajax” to you less-webdev-oriented people.

This is all presuming that Cingular doesn’t neuter it by forcing everything through some aggressive kind of aching proxy, which most carriers do to save bandwidth. If they don’t this device could _really_ be revolutionary. You can develop a site for the always-connected Desktop, and have it work nearly 100% with the iPhone! How cool would that be?

Edit – considering neutered web-browsing experiences – my shitty Blackberry browser truncated the post when I went into Blogger to move it from Draft to Post. See? I want an iPhone.


The UI looks Great. I’m worried about fingerprinting up the phone, but we’ll have to see.

The one thing that I hate is that it’s a Closed System. You can’t go and download the Dev Kit and start writing software for it. This is likely to appease the carriers, but it’s very limiting. Yuck.

It’s way too damned expensive. My Treo cost around that much when I bought it, and it did a hell of a lot more. Of course, this is an OS X system (allegedly).

How the hell are they going to get it to run OS X? It’s bloated and huge on superpowerful modern hardware – what the hell is going to happen in this anemic phone world? They must be chopping OS X up into little tiny pieces to jam it into this phone. I bet they use a different kernel! And I wonder what CPU it’ll use – probably ARM, since everyone uses that.

Multi-year exclusive to Cingular sounds terrible. Terrible. I know why they chose GSM (quad-band GSM to be specific), that’s so they can sell the same handset to Europe and elsewhere. And I guess you might be able to buy unlocked handsets straight from Apple, but yeesh. Ugly. And will there be a CDMA version, ever? Who knows? That’s two more carriers you can’t use (Sprint and Verizon)…

The reason the little typing-on-glass thing actually seems to work is because there is some predictive text stuff in there – so if you happen to jam two ‘keys’, it can guess which one you probably meant. It may end up being right more often than not. That’s going to be another thing that we’ll have to try out to believe. Can’t wait till they show up in an Apple Store!

But if it’s sturdy enough (lots of glass there, dunno about that…) and flexible enough and can do what I need it to do (maybe not everything, but at least just what I need…) then I can see myself getting it. But I could see that a lot easier if it were cheaper. Bastards.

I wonder if the development model is actually Widgets? It looks a lot like it. Then your development doesn’t matter whether it’s an ARM or PowerPC or what?

Apple supports iphone? No, it has to be the carrier? I don’t know where Bryan gets this from, but he insists that the support will be done by Apple, not Cingular. That’s insane, if you ask me. If it’s true. I think he’s mistaken. I couldn’t find it in the Engadget article. If that were the case, Apple could just be their own MVNO and leave it at that.

As more details emerge, I shall ponder and write about them if I think they’re interesting.

More On Identity

Well, I was very excited to see that some people have created some pretty reasonable protocols to define what your ‘identity’ is in this whacky, Web 2.0 world we live in. Unfortunately, they botched. The protocols they define are based upon identifying yourself with a URL – giving the protocols near-complete decentralization. Yay! Except people aren’t URL’s. The closest thing they are is email addresses. Boo! Furthermore, the protocol adds lots of complexity in terms of what information you share or don’t share, etc. Signing up for an identity being completely separated from using your (completely separate) identity somewhere else. And the most damning thing, is that sites that use openid still retain their old username/password boxes from before. Yuck. Why wouldn’t they migrate everyone over? Because it can’t be done. Ugh.

So I was thinking about a radically simpler solution.

Here’s what I came up with:

#1) Guy gets to website he’s never been to before. He’s never used our system before either. He wants to do something that would require some kind of ‘identify yourself!’ thing. Maybe posting to a blog, maybe editing a Wiki article.
#2) The login thingee says ’email:’ and our guy puts in his email and clicks a button or something.
#3) The system emails him a big long ugly URL. Or maybe a short-and-sweet case-sensitive one. He clicks it.
#4) New window pops up saying, “OK, your info thingee has been validated or whatever. You may close this window”.
#5) He is done. He may even stay validated for another 30 minutes (hour? 2 hour?) or so so he can repeat this several times. On several different sites.

Let’s see what happens if he does go to another site –
#1) Guy now goes to somewhere else. He tries to do something else which requires identification.
#2) Login thingee says ’email’ which he puts in – or his browser auto-fills.
#3) A window pops up saying, “OK, you’ve already been authenticated as bobo@agladsfhlkyewiutykxjcnkjwheriwuehf.fromple, click here to use that identity on this site”
#4) User clicks. Is done.

Now if our user finds that this type of thing is happening to him all the time, he may get encouraged to ‘register’ so he can just has to put in a password to be identified. This encouragement might happen around step #3 above, once the dude has used this system a few times. There, instead of the email going out, a login screen would show up. He could log in, and be so identified for so long.

There! How’s that? Simple enough for ya!? OK, that’s how it acts, here’s how it should work.

When the user clicks the Login button it gets posted to my server. If his email address has never been seen before, it just sends him an email. Maybe after asking him questions like name or something. Maybe you can choose to make a password there too. When the user clicks on the URL he was emailed, he’s proven ownership of the email address, and a cookie is set on his machine, pointing to my domain. Probably set with a time limit or something. The page somehow gets magically redirected to where he was going.

The second time this happens the system has seen your email address before – it should consider asking you, “Hey, this keeps happening to you, do you want to set a password and use that instead?” If you’ve set a password, then you get a password prompt instead. Success implies cookie and redirection to wherever you were going.

Subsequent authentication attempts will still post to my site, but then your cookie will be detected, and you’ll just get a “OK, you want to auth to this site?” thing.

At some point something complicated will have to happen to inform the original site that you are, indeed, who you say you are. Ah! When you get redirected back, the original site gets URL parameters appended saying – here’s the dude, here’s a crypto hashey thing. Ah! You specify a ‘nonce’ thingee in your form which posts to me, upon return I hash the nonce, the date/time, your site URL, and your mother’s maiden name together into a big ugly base-64 thing which you are obligated to decipher. Hell, with the date/time, you can skip the noncery I think. Oh, no, you need it so people can’t just hash up gibberish and have you believe it.

You want the system to be super-duper simple, but not start forking over the dude’s identity willy-nilly.

So – I guess when you’re signing up, you can put in things like Full Name, city, etc – and maybe set certain things as private or public…?

Anyways, this version has these advantages –

#1) No differentiation is made between a ‘consumer’ and a ‘server’ – any site which uses this auth method can implicitly sign people on.

#2) People are E-Mail addresses.

#3) Minimal to nearly no commitment required on the user’s part – you don’t have to make much of an account, or anything.

#4) Easy(ish) to implement.

With the obvious disadvantage –

#1) No longer decentralized. But we’re not talking about lots of data here, it would be possible to scale a centralized identity service up.

#2) Phishing attacks – no more or less so than openid, but you still could find yourself a victim of a phishing attack with this system.

Edit – I found the idea for this stupid thing so simple and compelling that I just built it. It’s still in the conceptual/prototype stages right now, and I wouldn’t use it to secure anything I really deeply cared about just yet, but it’s there so you can look at it. It’s very early yet. Just look and think and stuff, don’t whine yet:

Desk.nu – Your new…desk…to be…uh…working on. Or something.

Google Everything

So, Google has pretty much done all the stuff I intended to do, oh so many years ago, with their very good and very clever web apps like Gmail, Google Calendar, Reader, Google Home Page, Docs & Spreadsheets, etc. So I’ve decided to wade in and start using all the great little applications – well, not little, big. A few slight snags – first, for Gmail to be useful, I’ve had to forward other mail accounts to it. Second, I had to change my name. My old Gmail name was something I thought was really cool when I was like 14 and into BBS’ing. However, I’m 900 years old now, and I have professional needs and stuff, so I had to come out with a slightly more regular-human-sounding name. Okay, easy enough, done. Now alllllll this crazy Google shit I’ve accumulated over the years I have to try and move over. Not so easy. Browser Sync? Easy, delete the service and re-add it. Email? Forward my old gmail to my new one. Docs? I guess I can share out all my docs to my new self (done), and this Blog here…well…I guess, I can invite my new self to collaborate with my old self…weird, because my old self is going to remain a weird vestigial account forever in the future, I guess…until Google lets ownership of things migrate back and forth. Some services of Google’s I don’t even mess with, but I’ve used at some point, so I don’t have here. But I don’t think that matters.

So, problem number one. My browser just hung while I was typing this. My opinions about browsers are well known, and I’m on a Mac, which can be less nice than using a Windows box when it comes to AJAX-heavy Javascript-ey stuff. So I had to actually type the first paragraph again while looking at the frozen screen in my other browser. This is why I always have 15 browsers available in my Applications.

Next – as much as I like to keep thinking of myself as ‘ahead of my time’, I’m not. Quite frankly, I never imagined that the Web, and regular-issue Web browsers, would ever be able to do the stuff we can do in a Browser today using Javascript and the DOM and such. I mean, don’t get me started on the fact that Javascript is an interesting language that’s just miserable to program in because the environment it lives in is so awful, or the DOM as being the worst API to do anything anywhere, but the end result is still insanely powerful.

But, now I got it all here, and I have to say, I’m a liiiiittle bit disappointed. Not very, but a little. Gmail isn’t as fast as I had wanted. It’s still fast – and really comparable with Mail.app, which is my favorite mail program up until now. We’ll have to see how it goes.

And I made my own custom Google homepage. That’s really, really, really great. I have a little box for my mail, my calendar, my RSS feeds…it’s pretty cool. I tried to do this with my Apportal software (one of the many failed or semi-failed attempts at making the NetServOS software back in the day), and it didn’t quite make it, but Google has completely nailed this one. Very impressive, guys. I’m even considering making a little doodad for it.

The only thing that bugs me – only slightly, but it does bug me – is that you only get what you’re given. What you get is what Google gives you. And that’s nice, Thank you Google, for giving us stuff, but I don’t think I can imagine a world where all software comes from one single great benevolent software entity. Even Google. Or Microsoft. Or MicroGoogleOracleIBM. Eventually, someone’s going to want something that doesn’t exist.

Proof: Let us posit that Google has made all applications that you could ever want, which all work in whatever fashion you desire. Ok, fine. So I want an application that lists applications that I want, but don’t exist yet. Ah ha! Wait, I guess that means Google might give me a nice Google-branded empty window which says, “Here are all applications you want that don’t exist!”…crap. Forget that proof.

Okay, just take my word for it. Nobody can make everything you want. So what’s going to be the solution for that? I think lots of that is tied in with Identity – and there are some stupid people working on it (Microsoft, Liberty Alliance), and some less stupid people working on it – http://www.openid.net – for example. But they insist on representing a user’s “identity” as a URL. Clever, but people tend to identify themselves more with email addresses, I would’ve gone with that instead. Though I guess “mailto:brady@sldkjskldjflskjglkjelkjsldkjflskdjflsdkfjsldkfjalkjdfalskdjgalskdldk.schlorm” is a valid URL. Who knows.

And after that, of course, we then come to interoperability. If the only thing that ties you together throughout all these applications is your identity – well, that’s kinda weak. Not terribly so – if you think about how you use your applications in your day-to-day life, you probably don’t chain them together that much (unless you use Unix, but that’s a perverse case). The big one is your Mail application and the rest of your OS in order to open documents on it. Or your web browser and documents or files you’ve downloaded from that. If you’re on a Mac, your Mail client and your Calendar work well together – but they cheat, I don’t think they’re using any protocol or anything to talk to each other. Or if you use something to transfer files to Important Places (FTP, SFTP), it might be nice to open the files after you get them. But I don’t think this is as important as I thought it was. I’m not sure, we’ll have to see how much my Google usage intersects with my Regular Computer Usage, and see. For the first time in literally years, I’m running with Mail.app shutdown, and it’s not bothering me in the slightest, so I think we may be off to a good start.

I will most definitely keep reporting in.

Call of Duty 3 for Wii

Caveat: I’m a weenie, and am playing on Hard. So it’s slower going for me than many.

Graphics: Pretty. For standard def, it looks pretty darn good! I’m glad to see the Wii can actually put out some decent images. You can barebly tell the difference between the prerendered stuff and the in-game stuff. No real jaggies that stick out. Nothing ‘pops’ out of the screen at all as strange. Textures are nice. Terrain looks good and isn’t too rectilinear.

Controls: Interesting – I normally never use ‘lean’ for example, but here, I might. Not super precise, but interesting. The little melee fight you have to do with the gun stock is pretty cool. Kinda immersive, and tiring – but not bad.

Gameplay: This is, alas, where I feel the game falls down. It’s a standard scripted roller-coaster ride through WWII. Little golden waypoint stars on your compass to tell you where to go. Little ‘trigger’ points which set the Krauts after you, or set off scripted events on the board. Maybe it’s me being a whiner, but I kinda feel like – haven’t we done this before? A lot? Repeatedly? Is this all there is? After the 4th or so time of having an explosion go off and one of my teammates pick me up, I start to tire of the scripting. After one of the assualts on a heavily fortified German position, I start to wonder – I keep killing them, and they keep coming back? What is it specifically that I have to do in order to advance? Go to my little gold star point? Does it matter if I kill the Nazis? Should I just go to where I’m told?

As in “Red Steel” there’s no health meter, just don’t get all shot up all at once and you don’t die. This solves the “Attrition Death” problem I blogged about before. But it feels wimpy. I dunno.

AI: Annoying. Teammates get into the line of fire, die, and then you lose due to friendly fire. And your teammates don’t help you when you actually need it. They may occasionally cap a bad guy. But that’s less often.

Conclusion: – A Console that allows for innovation does not necessarily cause innovation. It’s nice to see the games can be immersive, and the control scheme and sound effects and graphics feel pretty immersive – it’s just immersing me into a Disney ride where I have to shoot some baddies for the ride to move to the next thing. Feh. I’ll beat the game, mind you, as I always do, and I will enjoy it, and I am enjoying it now, but let’s see this for what it is – a decent game, not a great game, or even a good game.