If you’ve been wondering just what podcasting is, read on for Andy Affleck’s look at this latest of Internet phenomena. Also this week, Glenn Fleishman explains a visual, Unicode-based security exploit that hides deceptive pages behind apparently innocuous URLs. Adam chimes in with a cautionary tale about troubleshooting bad hardware and a tip about how iPhoto users can better work with Ceiva digital picture frames. In the news, Mac OS 10.3.8 is out and our servers are moving late this week.
TidBITS Servers Moving 18-Feb-05 — Both digital.forest, our primary Internet host, and Technical Editor Geoff Duncan, who runs our database servers, are moving, and (not-quite-coincidentally) our servers ended up scheduled to move at roughly the same time. We expect the downtime to be somewhere between 90 minutes and 3 hours during the morning and early afternoon on 18-Feb-05, Pacific time, but given Seattle traffic and the general orneriness of machines that haven’t physically moved in years, that’s just an estimate. The move also means our email will be down and no TidBITS or Take Control Web pages will be available while the machines are in transit. We know the downtime may be stressful for some readers, in that case, just take a few deep breaths and reflect upon how much more stressful it is for us! [ACE]
Mac OS X 10.3.8 Update Released — Apple has released Mac OS X 10.3.8, a minor bug-fix update to Mac OS X 10.3 Panther. Changes include faster DNS resolution that should enable certain Internet applications like iChat and Mail to open more quickly, more reliable restarting after power failures, fixes to DVD Player to improve compatibility and display performance in certain situations, a fix for PowerBook G4s that would wake from sleep with an unresponsive black screen, a change that may reduce "jumping cursor" problems on laptop trackpads, and theoretically more reliable fan operation on certain Power Mac G5s (although some MacFixIt readers report increased fan operation after the update). The problems addressed by 10.3.8 are sufficiently specific that if you haven’t run into them, updating is a relatively low priority; there’s no harm in waiting a few days and checking MacFixIt and MacInTouch to see if any widespread concerns have appeared. The update, which is available both via Software Update and as standalone downloads, is 28 MB for users of Mac OS X 10.3.7 and 103 MB for the combo update that can update any version of 10.3. [ACE]
The clever folks at the Shmoo Group, a bunch of interesting security folks who punch holes in assumptions about what’s secure on the Internet, have discovered a simple way to fool most browsers into believing that they’ve connected to a secure Web site when they’ve been spoofed into connecting to a rogue location with a different name. It’s ironic, but Internet Explorer is entirely exempt from this spoof. Opera, Safari and KHTML-based browsers, and all Mozilla and Firefox browsers suffer from this weakness on all platforms.
In brief, the Shmoos found that a poorly implemented method of allowing international language encoding within domain names, called International Domain Name (IDN) support, allows a malicious party to display what appears to be one domain name in the Location field of a browser while connecting you to another. Phishing scams have just become more difficult to identify.
This exploit is made possible by a system called "punycode," which has been widely adopted according to the Shmoo Group. Domain names that use characters outside of unaccented Western alphabet letters via Unicode/UTF-8 are converted into a string of Roman letters (see Matt Neuburg’s "Two Bytes of the Cherry: Unicode and Mac OS X" for more information on Unicode). This conversion isn’t a problem, per se: it means that domain names outside of the English character set can be used freely without confusing browsers and can be registered using simple English characters for backwards compatibility within the domain naming infrastructure.
The flaw is twofold: first, affected browsers display whatever the encoded version of the character is, which might look identical to another language’s character. For instance, the Shmoos use the Russian lower-case letter A, which is encoded as "&1072;" in UTF-8 using decimal (base 10) notation, and displays in browsers that support IDN as a lower-case A indistinguishable from a Roman lowercase A.
The second problem leads from the first: it’s possible to have a legitimate SSL (Secure Sockets Layer) digital certificate for the punycode-based domain name. Thus, in an example that the Schmoos posted for a while (now replaced), you see "https://www.paypal.com/" in your browser URL field, and the SSL signals are all there – you get no warnings, the lock icon is present, and Firefox’s Security tab in the Page Info window says the Web site’s identity is verified.
Click View in that same tab in Firefox, and you’ll see the full punycode name of the Web site, however, which is "www.xn--pypal-4ve.com". Copy the URL from the Location field and paste it into Terminal, and you’ll see the encoded version in standard UTF-8 format, too, which looks like "www.p&1072;ypal.com".
I don’t know that there’s an easy solution to this problem. It’s the result of choice by the developers of the various browsers to display precisely what a Unicode character looks like, which is reasonable enough. But at the same time they use a kludgy, opaque hack in the background to map that Unicode character to an English character to provide full backwards compatibility with what was once a U.S.-centric domain naming system, one that retains substantial vestiges of that history.
If you’re a Firefox user, I recommend obtaining and installing a utility called SpoofStick, which alerts you to what is being called "homograph" spoofing; that is, the character or glyph looks like another, unrelated glyph. If you visit the Shmoo site with SpoofStick installed, you get a big lovely warning.
Trust has gone out the window when you follow links in email or on Web sites. There’s no longer a way to be sure that the domain name you’re visiting is the one you think you are unless you check the URL out in Terminal or have SpoofStick installed.
Realistically, the upshot of this situation is that you must be even more careful about following links you receive in email to sites that ask for sensitive information. A message that purports to be from PayPal customer service, for instance, may look right and even use URLs that appear to connect to PayPal’s site, but could in fact be taking you to another site designed to capture your username and password. The likelihood of falling victim to a spoofed URL on the Web itself is less likely, assuming you start from a site that’s a relatively trusted source. When in doubt, fall back on common sense and check the URL by pasting suspect URLs into Terminal to see if they’re concealing any unusual Unicode characters. Hopefully we’ll see browser fixes soon: simply displaying the full punycode-based domain name alongside its actual representation would at least highlight what’s happening behind the scenes without interfering with navigation or Web pages.
As part of dropping our cable television subscription recently, I purchased a Mini-DVI to Video Adapter for my 12-inch PowerBook so we could watch DVDs on our TV (that’s right – we’ve somehow ended up with DVD drives in multiple Macs without ever having purchased a normal consumer DVD player for our TV). It’s a $20 cable, and seemed like an easy thing to order from the Apple Online Store, which was offering free shipping at the time. (Normally I’d order from Small Dog, but I needed an iBook battery too, and they were out of stock on that item at the time.)
The adapter arrived, and I plugged it into my PowerBook and into the S-video cable that had previously been used by the TiVo to send a video signal to the TV. However, when I woke up the PowerBook, expecting a picture to appear on the TV, I was disappointed – just static. Then followed two hours of troubleshooting, completely rewiring all our video devices (which needed doing anyway, given that I’d given back the cable box and could disconnect the TiVo’s IR blaster and the external Supra modem I’d used to replace a blown modem in the TiVo). But no matter what I did in terms of settings in the Display preference pane, using different cables (both RCA and S-video), and adjusting the TV’s settings, the best I could coax from the Mini-DVI to Video Adapter was a highly compressed, skewed, black-and-white image that was replicated three times.
I asked some savvy friends and all basically said, "It should just work," although Alan Oppenheimer, who’s paying a lot of attention to display devices now that his company produces the Envision Internet slide show program, pointed me toward the shareware program DisplayConfigX, which lets you adjust the resolution and refresh rates of your video signal to match your monitor in an optimal fashion. He had good luck with using DisplayConfigX to drive a large LCD HDTV that wasn’t working otherwise. Unfortunately, DisplayConfigX states fairly clearly that it doesn’t support standard TV output.
Luckily, Contributing Editor Mark Anbinder lives nearby and has a 12-inch PowerBook, a Mini-DVI to Video Adapter, and a different TV. So I went over to his house, plugged my PowerBook into his adapter and TV, and it worked perfectly. I then put my adapter into the mix instead, and saw exactly the same problem as at home. Case closed – my adapter was just broken. (As an aside, troubleshooting by replacing parts of any system is one of the best possible ways to narrow down the potential causes of a problem. Keep that in mind whenever you’re experiencing trouble.)
The story has a happy ending. Although it’s not spelled out all that clearly on the Apple Web site, you have to call AppleCare to return a product purchased from the Apple Online Store. I did so, and after a brief frustration with an automated phone system that wanted me to say the name of the product I was having trouble with (the system interpreted "Mini-DVI to Video adapter" as "DVD Studio Pro"), I finally was able to talk with a tech support rep. Thankfully, he didn’t argue with my testing, and after confirming a few things on the order, he sent me over to a customer service rep. She tapped at her keyboard for a minute or so, and then told me that she would be sending me a new adapter via two-day shipment and that I didn’t have to return the broken one. That made perfect sense – it was a $20 part, and all Apple would do is throw it out.
The moral of the story? Sometimes hardware is just broken. And unfortunately, when that happens, you can waste hours trying to figure out exactly what’s wrong. But kudos to Apple for solving the real problem quickly and efficiently once I knew what was wrong.
Oh, and the new adapter? It arrived, I plugged it in to the PowerBook and the TV, and it just worked. Like Macs are supposed to.
Maybe this is old hat to those in the know, but I’ve just discovered a neat workaround in my annual quest for an iPhoto export plug-in that would upload photos to Ceiva picture frames. For those who don’t know about Ceiva, it’s a digital picture frame with a built-in modem. It regularly calls home to Ceiva HQ and downloads new photos to display on the frame the next day. Anyone with the correct username and password can upload photos to Ceiva’s Web site so they can be downloaded the next day, so the Ceiva is a great way to share digital photos with elderly relatives, and my family has purchased Ceiva frames and service (it requires a subscription) for my grandparents.
As much as my grandparents all love their Ceiva picture frames and adore getting new photos from members of the family, almost everything about Ceiva makes my teeth hurt. The picture frame is tiny compared to any computer screen; it’s annoying to have to pay for what is essentially another Internet account; it’s nowhere near as visually interesting as the Mac OS X screen saver with its Ken Burns Effect; and most frustrating, the Ceiva Web interface, even though it has improved over the years, is one of the clumsiest I’ve seen. The poor interface makes me feel particularly bad, because it means that I don’t upload photos to my grandparents’ frames nearly as often as I’d like.
However, in October 2004, Ceiva added a new service, which, while it’s designed for people with camera-equipped cell phones to send photos to Ceiva picture frames directly from their phones, also makes it far easier for Mac users to email pictures from within iPhoto. The trick is that (after logging in) you must click the Send from Cell link on the main Ceiva page, then turn on a unique CeivaMobile email address for every album into which you wish to send photos. After that, it’s a simple matter of selecting up to 10 photos in iPhoto, clicking the Email button, specifying Medium (640×480) as the photo size, and then sending the email message that iPhoto creates.
This process may not be quite as elegant as an iPhoto export plug-in could be, but it’s easy once you’ve set up a nickname for the special CeivaMobile address. And even if Ceiva isn’t as cool as .Mac Slides, it doesn’t require a .Mac account to populate, nor does it require a Mac to be left on all the time to display the photos.
Few buzzwords surrounding Internet technologies have moved into the mainstream more quickly than "podcasting," but because of this speed and an only tangentially related name, few consumer-level technologies have engendered more confusion. So what is podcasting?
Quite simply, podcasting is creating an audio file (traditionally in MP3 format, though other formats can be used as well) and making it available online for other people to listen to. If that were all there was to it, you would probably say "So what? That capability has been around for years!" and you would be correct. What’s different now is that there are simple ways to subscribe to specific shows and have the audio files automatically downloaded to your computer and placed into your MP3 software – likely iTunes on the Mac – and, thus, if you wish onto your MP3 player – probably an iPod – without any effort. Simplifying and automating that task has made all the difference.
Right off the bat, I want to clear up one common misconception about podcasting: it has essentially nothing to do with the iPod, and you do not need an iPod to listen to podcasts. If another MP3 player was the cool toy everyone had to have, podcasting would have been given a different name.
But look how far podcasting has come in a short time! Since this summer when there were only a handful of people putting their audio files online for others to hear, thousands more have taken to the virtual airwaves and begun producing their own shows. "Podcasting" was coined in September 2004 as a term, and by December it had already gotten mention in major newspaper and news magazines. I can’t remember ever seeing a new technology go from grass roots to appearances in the legacy media that quickly.
Already there are over a thousand different people (no one really knows exactly how many) producing their own shows. Topics, when they exist at all, run the gamut from music to food to movie reviews to podcasting itself. Many are simply audio versions of weblogs where the content may only be interesting to a small circle of friends (and sometimes even that’s a generous characterization).
Some people have criticized podcasts on the grounds that it is far easier and quicker to read a Web page and scan or search for information than it is to download a huge audio file and listen to it to get what the creator is trying to say. That’s true, but it misses the point entirely – podcasting is to weblogs what radio is to newspapers. Podcasting represents a new form of broadcast media. You can think of it as an audio weblog, but podcasts can transcend that description. Perhaps a better analogy is with legalized pirate radio where everyone can have their own station and show.
Here are some samples of content which would simply not be as interesting (or, in some cases, even possible) in a text-only medium:
Adam Curry has been routinely playing music from a band called The Lascivious Biddies and has, as a result, gotten them not only a great increase in CD sales via their Web site, but even an interview on CBS News.
I first heard excerpts of Wil Wheaton’s books "Just a Geek" and "Dancing Barefoot" in a podcast put out by IT Conversations from a reading Wheaton did at Gnomedex 4 in late 2004. I immediately went out and bought the books.
Coverville plays only covers of songs in its thrice-weekly show (the music is fully licensed, so it’s legal!) and puts together some of the most interesting and strange mixes ever heard.
Mur Lafferty has been reading some of her essays (published and unpublished). While these are certainly something I could read in text only, there’s something compelling about hearing an author read her own works out loud.
I ran a series of interviews with singer/songwriter Robert Burke Warren throughout January on my Podcrumbs show. He talks, plays songs, and his mother (who was in the room with us) adds wonderful color to the conversation.
Interestingly enough, the vast majority of my use of iTunes and my iPod are listening to various podcasts. I’m watching less TV and I never listen to the radio (in fact, the few times I do, aside from NPR, is usually painful). I enjoy the fact that I am finally able to listen and enjoy content which was not produced by the giant corporate monoculture, but by regular people.
Podcasting History — The various technical pieces that make podcasting possible have been around for a long time. But the synergy that led to the explosion of podcasting began toward the end of 2000 when Dave Winer and Adam Curry met in New York City. Dave is the creator of the venerable outliner MORE, UserLand Frontier, the weblog system Radio UserLand, and the RSS (Really Simple Syndication) standard which is so critical to weblogs and, increasingly, news sites around the world. Adam is a former MTV VJ and founder of OnRamp, a New York City ISP from the early 1990’s. Adam wanted to move large files around (at the time he was thinking about video) and Dave didn’t see how it would work. Downloading large files was always a pain and rarely yielded worthwhile results. Often you’d spend ages downloading a tiny postage-stamp sized video which took less time to play than download.
But Adam had a brilliant idea: look at the speed of your network connection and how much time that connection is sitting idle (when you are away from your computer, doing tasks that don’t use it, etc.) You could download vast amounts of data during that idle time. Dave was sold on the idea and since he was working on RSS 2.0 at the time, he added the concept of an "enclosure," which would simply be a URL to a binary file such as a video file. In this way, programs that supported enclosures would automatically pick up any new enclosures uploaded to a Web site as part of a weblog entry and download them in the background, at night or whenever the user told the software to retrieve enclosures.
And thus, some years ago, everything that was needed for podcasting was in place. You could create the content, make it available for others to subscribe, and it could be downloaded while you were otherwise idle. So, why did podcasting take so long to catch on?
Before 2004, there simply was no critical mass in terms of people. Not enough people owned MP3 players, read weblogs, or had the motivation to create audio content.
In terms of content, Dave Winer himself was one of the first people to use podcasting. He began recording what he now calls "Morning Coffee Notes." He also worked with Christopher Lydon, formerly the host of WBUR’s "The Connection" in Boston, who began recording interviews and making them available in this way as well. At the 2004 Democratic National Convention in Boston, Dave walked around making audio posts from the convention and publishing them on his site. There was starting to be enough content to catch people’s attention. In addition, by this time, the blogging community had not had any major technology innovation in over three years. As Dave put it, "You’re looking at a community that’s hungry for some new ideas."
But one final piece of the puzzle was missing: It was still annoying to move the downloaded audio files onto an MP3 player manually so you could listen to them in the car, on the train to work, or while exercising, which are times when radio is traditionally popular. Adam Curry then wrote and released an AppleScript script called iPodder that simply went through the RSS feeds for a list of sites, looked for enclosures it hadn’t already seen, downloaded them, and moved them into iTunes (and therefore, his iPod). With that last problem solved, it became obvious that not only was it easy to distribute any content you created, but an audience could now find and listen to your work easily. The floodgates opened.
One of the interesting side notes to this story is the fact that without planning it, Dave and Adam reversed their roles. Dave says, "Adam is a radio professional and I’m a software professional, and by this point in time my major contribution to this was the radio side of it and his major contribution was the software side of it." Dave believes it was this very reversal that made podcasting possible. Adam didn’t know the rules of software design and thus could break them, and Dave did not know the rules of radio and could break them as well. This ignorance of the "rules" led to the critical breakthroughs which may not have happened had they not switched places.
(Note: The quotes from Dave Winer come from an interview with Dave via Skype from January 2005. The interview is about 20 minutes long and contains a wealth of interesting historical background on podcasting. It is available in its entirety as a podcast at my Podcrumbs site.)
Listening to Podcasts — A number of different Macintosh programs enable you to subscribe to podcasts and copy subscribed show content into iTunes, where you can listen to them on your Mac or later send them to your iPod.
First, there are the programs that are designed solely for podcasts: iPodder (free), iPodderX Lite (free), iPodderX ($20), PlayPod (free), PoddumFeeder ($5). These tools all help you subscribe to specified RSS feeds and copy to iTunes any and all MP3 files they find during periodic scans.
Next, there are more traditional RSS readers which have added the capability to manage podcasts on top of everything else they already do. As far as I know, only NetNewsWire Pro 2.0’s public beta and PulpFiction have added support for podcasting, but it’s only a matter of time before podcasting support becomes commonplace.
Finally, several programs for managing iPods directly (especially in terms of copying notes, calendar items, contacts, news and more to the iPod) have added support for RSS enclosures. These include Pod2Go ($12), and YamiPod (free).
Personally, I use a combination of iPodderX and NetNewsWire Pro. iPodderX manages the podcasts where I want to listen to every single episode as it comes. Then I use NetNewsWire Pro – which I also use for all my other RSS feed reading – for feeds where I listen only to occasional episodes. NetNewsWire Pro makes it easy to pick and choose, thanks to a convenient button that downloads an enclosure and moves it into iTunes automatically. It gives me an opt-in approach to individual episodes.
My advice? Try all the various tools and see what you like. There’s no way to predict which tool will fit your desired approach to podcast content.
Once you have one of the tools above installed, you can point it to any number of sites out there to find podcasts. Each come with some suggested feeds and iPodder and iPodderX both also offer integrated directories from which you can subscribe to podcasts. Outside of these, the iPodder and iPodderX Web sites both provide their directories online where you can find podcasts to sample.
It’s customary for people producing podcasts to announce them via a specific Web site, audio.weblogs.com. At any given time, the 100 most recently posted podcasts are listed there, making it another excellent way to sample new podcasts.
Lastly, if you don’t want to mess with any of the software above and just want to sample podcasts right in your browser, you can do that, too. All of the podcasts are presented as simple links on their Web sites (and on audio.weblogs.com) as clickable MP3 files which Safari will play for you right in the browser.
Signing Off — It will be interesting to see where podcasting goes. From one standpoint, it truly is the people’s radio: a chance for every person who wishes to have his or her own show without needing a radio station or being bound by FCC regulation. A.J. Liebling famously said, "Freedom of the press is guaranteed only to those who own one." The advent of individuals being able to publish on the Web meant that everyone could own a printing press; with podcasting, now everyone can have a radio show. Video is undoubtedly not far behind.
From another standpoint, podcasting reveals a new marketplace just opening up. Who knows how and when (or in many cases, if) people will start to make real money from podcasts? But it’s certain that some people will. And who knows what will happen when the media moguls become aware of the successes in podcasting? Will they try to stop it or co-opt it? Is there any chance they could succeed at either? If the past performance of the Internet is any indication, I doubt it. But that’s all speculation, and as with Internet publications, and then with weblogs, it’s likely that podcasting will have a very few commercial successes, many failures, and will in the process contribute a vast quantity of original content of widely varying quality to the Internet-connected world at large.
For now, I’m just enjoying hearing all of the different voices in all their wonderful cacophony.
[Andy J. Williams Affleck is a project manager for a U.S. federal government contractor and an expert in usable accessibility in Web design. He’s long been fascinated by any tool to allow the individual to communicate to others, be it newsletters, email, weblogs, podcasting, or whatever comes next.]
PayBITS: If Andy finally set your mind at ease with regard to what
podcasting is all about, say thanks with a few bucks via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
We continue to work on updates, with this week bringing a pair of small updates to Joe Kissell’s ebooks about Apple Mail.
Ebooks about Apple Mail Updated — Thanks to author Joe Kissell’s tireless efforts in keeping readers of his ebooks up-to-date, we’ve released minor updates to both "Take Control of Email with Apple Mail" and "Take Control of Spam with Apple Mail." Changes in "Take Control of Email with Apple Mail" include a new sidebar that details how to access Hotmail, MSN, and Gmail accounts from Mail; a new tip about what to do if Mail fails to show a new window after you click Reply; and new info about a bug with rules and color-coded messages. "Take Control of Spam with Apple Mail" has a few typographical corrections and a few wording changes to indicate directions that work with later versions of Panther than previously noted. Everyone who owns these ebooks is welcome to download these free updates, but they may not be worth the trouble of downloading because the changes are so small and so specific. In particular, we recommend that you don’t bother to download the update to "Take Control of Spam with Apple Mail" unless you’ve haven’t yet acted on plans to print it. As always, to download an update, open your existing copy of the ebook, click the Check for Updates button in the lower-left corner of the first page, and click the Download link on the Web page that loads in your browser.
Back in October 2004, we rolled both ebooks into a print title, "Take Control of Apple Mail." The print book already includes the typographical corrections in these ebooks, but it does not have the new information. If you own the print book, consult the "Free Updates" section on page xii of your copy to access these ebook updates. [ACE]
The second URL below each thread description points to the discussion on our Web Crossing server, which will be much faster.
Comparison of Macintosh eBay tools — Prompted by our DealBITS Drawing for iwascoding.com’s GarageSale, readers suggest other tools for working with eBay auctions. (5 messages)
Flickr: The next big thing? Is the Flickr photo-sharing service the next best thing since digital cameras? Or is it just a fad? (3 messages)
Recording with Microsoft Office — Microsoft Word 2004’s NoteBook feature includes the capability to record audio notes. What microphones, aside from the PowerBook’s lackluster built-in mic, work well for recording these notes? (5 messages)
Searching for Apple’s generic "apps" — Apple’s generic application names, such as Mail and Pages, make it difficult to search for application-specific information on the Internet. Readers contribute a few solutions. (6 messages)