The Blog That Goes Ping

Two days ago, about 4PM, I was working, with a drink nearby, on my macbook, as I have every day for years without problems, and for some reason I spilled the drink. Not on the mac — near it — but a few drops got on the keyboard and I freaked out. Swabbed every possible key it could have hit out around the edges with a paper towel, blasted it out with all the canned air I could lay my hands on — went to the store, bought more canned air, and blasted away further –

There was no effect on the operation of the computer that I could tell, but I know from personal experience* that if any of that spilled bourbon** made it into the machine and left a visible spot on the interior, my expensive AppleCare will be null and void should anything happen to this machine in the future. And there’s no way of knowing whether it did or not, short of ripping the machine apart, which would also not do good things for my AppleCare. So… I may have done immense damage, or maybe none at all, and there’s no way for me to tell.

I bought a silicone keyboard cover as a defense against something like this happening in the future. Ironically I’d had the keyboard replaced a couple days before (free, under Applecare) for unrelated reasons, and at that time I had considered buying the silicone keyboard cover and decided not to.

So yeah — spilled drink near macbook, total freakout. Two days ago.

Yesterday my phone stopped working. Looking up the error I was seeing on the web, it turned out to be associated with the phone getting wet. I then remembered that I had lay down by one of my kids last night to help them get to sleep, and that kid later that night awoke after the mother of all late night accidents, and my phone had fallen out of its holster into the child’s bed and was present for the deluge, and — yeah. My phone had met its death at the hands of pee.

I went in to Verizon and bought a new phone yesterday. If this had happened a month later I would have qualified for the “new every two” plan and got a nearly free phone, because I had purchased the phone one year and eleven months ago. But no. So, I paid. Got a good phone, it’s really cool, but… it was not anything close to free.

That was yesterday.

I started thinking in terms of avoiding using my macbook when it wasn’t absolutely necessary. I had recently rehabilitated an older work machine, a Gateway laptop, and put Linux on it, and I really enjoyed using it. I thought maybe I’d use the old Gateway most of the time, and protect the mac that way. So I’ve been pimping it out, making Linux work really smooth on it, installing all my favorite software, etcetera.

Tonight just after I’d tried and failed to install some new RAM (don’t know why that failed), I was seated on my bed with the Gateway laptop on my lap, I was reaching over to a bookcase to look for a book, and the laptop slipped to the ground and hit… hard.

I opened it up and the screen was destroyed.

I give up.

I am become Death, the destroyer of technology.

[*no, I hadn't spilled on the machine before. The time it happened it was one of my kids who did it.]

[** just kidding. Diet Coke.]

Added another Shoes app to the Shoebox; this one makes mazes.

Just put up my second Shoes application in the Shoebox!

This one rolls pretty dice.

I added an app to the Ruby Shoebox.

A while back I happened across this article on programming.reddit.com — “Moving the ‘C’ in ‘MVC’” — about web applications whose logic is implemented primarily on the client-side, in javascript, as opposed to the server-side. Interesting stuff, the sort of thing that’d bubbled around my head at one time or another.

That article mentioned clipperz.com and their concept of a “zero knowledge web app.” The idea here is to implement client-side cryptography in javascript and store nothing on the serverside except wads of encrypted data. Data that is encrypted on the client, that is. So it never passes over the wire in the clear, and it’s never decrypted on the other side of the wire.

That’s pretty cool. In fact, clipperz.com hosts their own best shot at a zero-knowledge web app, a password manager. A web-based password manager seems insanely insecure, but not so if you implement it as a zero-knowledge web app. It’s basically like keeping a local HTML with all your passwords and javascript which allows you to click on those passwords and have it launch the appropriate page and log in to the service in question (Google, Facebook, whatever) — except that instead of keeping it locally you’re keeping an encrypted version of it on clipperz.com’s servers.

As far as usage goes, it’s pretty simple, but unusual. In a normal web app, you log in once, after which you are recognized by cookies until some timeout period. That’s because you’re logging in to an app running on the server, and cookies help maintain the illusion of a persistent connection. In clipperz, the app is running in your browser. So if you close the page and come back to it, you have to log in again. But you can leave that page open forever and it never times out, because there’s a real connection between you and the app (an open browser window) so there’s no need for the whole cookie deal.

Adding logins to the app is an unusual process but easy once you get used to it. When you’re on the login page to the service in question (myspace, yahoo, whatever) with your username and password typed in the blanks, you can click on a bookmarklet you’ve previously saved from clipperz, and it will extract a chunk of JSON data from the page you’re on, representing the login form, your username, and password. You cut and paste that into your running clipperz session in another tab or window, and it takes that JSON chunk and adds that to its data store, and now you have a clickable link on your clipperz page which will log you in to that service.

Knowing I’ve got an instant one-click login to a service makes it easier for me to make a habit of logging out of a service when I’m not using it.

It’s also easy to maintain more than one login to the same service using clipperz. Each is just one click away.

Clipperz has a sometimes-friendly, sometimes not-so-friendly competitor named “PassPack,” whose authors consider Clipperz.com’s zero-knowledge thing “fallacious” in some way, though reading through it I’m still not sure exactly what they think is wrong with Clipperz’s way of doing things. I guess the idea is that any privacy and security that Clipperz provides for you that PassPack doesn’t is just silly and you shouldn’t worry your pretty little head about it, for such worrying is a “fallacy.” I don’t know. It sounds like PassPack might be easier to use, and harder to understand what they’re doing. With clipperz you just have a username and passphrase; with PassPack you have a username and password and an additional crypto key. (UPDATE: see comments below, from Tara from PassPack for clarification of what they were getting at.)

In any case, PassPack and Clipperz have each posted a list of the pros and cons with their respective services. Overall I have to say that having actually used Clipperz for a while I don’t see anything about PassPack that encourages me to explore it as an alternative.

Anyway, my review of Clipperz after a couple weeks of use — thumbs up! It’s unusual but worth getting to know.