Personally, I use a password protected secure not in an OSX keychain. Fine, rail me for that, but if someone gets into my keychain, I already lose anyway.

For work, I've been trying WebPasswordSafe for the last several months. This is to get away from the melange of different un-sync'd password lists in various password managers people in the IT department had. So far it works well, it offers group policies, so theoretically it could be rolled out company wide and each user and group could have their separate password lists.

I'd been guided to look at SecretServer, but the features I need are in WPS, and it's easier to sell Free in my company than Several Hundred or Thousand dollars, for many things at least.

I use a personal domain for my actual mail, but have accounts at all the major free mail sites too, just for spam or whatever.

I started getting mail to my Yahoo account which wasn't spam, but clearly not for me, as part of a group of people participating in a medical imaging conference. For a while I just blew it off, but eventually the organizer mailed my actual non-yahoo address by mistake as well. So I decided to be swell about it and let her know that I'm not the person she's trying to reach. She said "Oh, I'm sorry, I meant to do (yourname)@yahoo.com, thanks!", and so I told her "well no, that's also me, sorry". I proceeded to tell her an address which would work for her intended recipient (work email for the person she was trying to mail, who isn't me).

Basically she refused to believe she has been sending to the wrong address, and said "I had no idea two people could have the same email address, I guess Yahoo must allow it or something". At that point, I gave up and just let it go again. It's not high-volume enough to matter.

I've been training for this mission since I was 9. I'm ready, put me in coach, I've got this!

So now the arms race escalates to USB ports that cut holes in the USB Condom so the contacts work again, and they can go back to sucking down all your data.

There's a lot to do to SA to make it "good". I shared your opinion a year ago. I run a relatively low volume personal mail server for a few domains and a few users. I had SA, but it didn't do much, and I had bigger fish to fry dealing with much larger mail sites than my stupid personal nonsense. I typically get about 300-500 spams a day, and very few legit mails. I was getting false positives, so I'd just never see the mail, and tons of false negatives. About 20% of the daily spam was hitting my inbox, making it unlikely that I'd ever even check my personal mail. If you mailed me, and I didn't have an existing filter from you, there was maybe a 60% chance I would notice your mail in time for it to matter.

I decided one day to fix all this, regardless of what that entailed. I lowered the threshold for SA to a score of 4 (which they bark at you not to do, but fuck 'em, I've seen maybe 6 legit mails with a score higher than 4.5, in my world anyway). The key components were: enabling remote checks, RAZOR and DCC, and having SA train its filters off of my false negatives. I use the Train SA script, so I drop any false negatives in a Train Spam folder, and this picks them up and runs them through SA's filters to train it.

My false negative rate dropped pretty much immediately from 20% to ~3% to 5% on weekdays, and zero to 1% on weekends, which I can live with. In the year or so since I actually put my back into fixing this, I've gotten maybe 2 false positives.

I don't see long processing times, mail comes through pretty much as I send it in my tests on my VPS, but again, I only get a few hundred mails/day. If I had volume over a few dozen thousand/day, I'd probably just bite the bullet and pay Google (Postini) to make it go away.

PuTTY is actually a terrible example, since, you know, it's not American software to begin with. The only caution on PuTTYs use is that it may be illegal to possess in countries where encryption is illegal.

Since Pre-Orders arrived a couple of days after you could buy these in the stores, I had seen the videos of reviewers trying to unbox their tablets. Since I abhor the fetishization of consumer electronics garbage, I intended to make two videos:

• My wife unboxing hers in the semi-sexual consumer garbage nerd way and having a hard time due to over-tight packaging.
• Me unboxing mine in a 5 second flash of steel from a boxcutter. I mean, the name kind of gives it away there. Cut. The box.

I sadly canceled movie time when the outer sleeves of both devices slid cleanly off as soon as we tipped them upright, and the inner box opened just as smoothly. I'm guessing that sometime between shipping devices to Gamestop and Staples, and the time they shipped to pre-order customers, the packaging problem was resolved.

OTR does work, however, since probably 5% of FB users will use OTR, that's not going to convince me to use FB for chat.

For what it's worth, I just confirmed that it's the "junkie" part that MSN has a problem with. Changing the URL to writingmonkey allows the IM. However, sending an IM of "You fucking junkie" goes through no problem.

MSN Messenger also censors their chat traffic, though I wouldn't pretend to know if it's to this startling degree. They do do active scanning and will silently drop and reformat messages containing keywords (and technology) they don't like. Here is an example of a URL which will be dropped if you send it through MSN Messenger:

http://writingjunkie.net/images/stlouis10-18-08/obama-cool-again.jpg

Yet another reason for ubiquitous crypto usage in IM. Use a libpurple-based client with OTR (Pidgin, Adium) and you can avoid much of this mess.

I have to wonder why anyone listens to Steve Gibson about anything, ever. He goes back a long way, making sweeping claims about things he kind of understands based on research done by actual security professionals. Has he gotten better at things in the last decade or so? He always had a tendency to hear something, run off on a tangent creating press releases and small tools, and then get shouted down by the security community at large. Examples including who did the heavy lifting: Raw Sockets (l0pht/@stake IIRC [and whoever the initial researcher was, they did NOT spin it as the apocalypse, as Gibson did), WMF (Ilfak Guilfanov), SYN Cookies (djb), DNS (Dan Kaminsky), and this article right here.

Slashdot always seems to be his willing dupe and publicizes whatever he is concerned with at the moment.

Absolutely right, that's why I hesitated to even say the words. Clearly though, someone "designed" the "user experience" to such a degree of polish on Palm, and it's a shame to lose it down the memory hole of ex-smartphones:

Video showing card based task switching. It's important to note that these aren't launching, things in cards are apps that are actively running. Also, by throwing away the card, it quits the app, that simple. In Android, some apps have a quit menu item, some don't. By using the "Recent Apps" feature (holding down the home button on my Evo, for instance), it will show you recent apps, but not their state, and it's not known if they're still running or have been shut down or what, it's not a task switcher as much as a history button.

I mean things like the card & stack model of multitasking / app switching. The way the Palm mail app worked with several accounts, which was better than anything I've used on Android, and better than the IOS mail.app.

Photography is all rights reserved by default. So unless he specifies otherwise, he's completely within his right to ask that other people not use his work to make money for themselves.

Artists have the right to specify their own copyright terms and to some degree limit the degree to which their works can be used, or whether they want attribution.

In other news, if you make a detailed blog post on your personal site, with 3000 well-researched and cited words about the state of natural language writing tablets, and then Wired comes along and scrapes it off your site and prints it under someone else's byline, that's fair game to you? What, you weren't trying to make a profit off it, so why the fuck should you care?

Good to know, hopefully he can continue to improve things. I don't have a phone that will be getting ICS and don't want to deal with the hackery to get it installed with an unsupported build, so I can't comment. But yeah that's definitely a good sign.