The software basically works the same way for Macs as well. WinX DVD Ripper for Mac is an all-in-one DVD ripper designed to make 1:1 DVD copy to hard drive and rip your DVD movies on Mac OS to iTunes, MOV, MP4, FLV, etc that is playable on iPad, iPod, iPhone, Apple-TV, PSP. Also, It also supports extracting music from the DVD files and saving as MP3 format. In addition, the software enables users to rip DVDs of new generation copy protections with the fastest speed.

So what are you waiting for? Go snatch up your free code for the Mac. And if you still want a code for the Windows version, we still have some available.

WinX DVD Ripper Giveaway for Mac! originally appeared on The Coffee Desk on April 16, 2010.

When I first popped Star Trek in the drive, each of the titles that are stored on the DVD were presented with information including the title’s playtime, the resolution and format and audio, video and subtitle information. Within the “Copy” tab, where you make a straight copy of the DVD, there are no options. Just a 1:1 copy. While I know that this done is for speed purposes, I would still like to have the ability to force the resulting output to a 4.4 GB DVD for archive purposes.

A small selection interface below the title listing can be used to change the output settings including the audio used in the output (if multiple audio tracks are stored on the DVD), subtitles, an alternative start and end time plus the output folder. The default audio and subtitle language can be changed in the program’s options so that the preferred language selected by the user will be picked by the program automatically. The lower half of the screen contains the formats that the DVD can be ripped to. This is divided into general formats like avi, mp4, mpeg or flv but also device specific formats including formats for devices such as the iPhone, iPod, Apple TV, PSP, PDA or 3GP. Selecting a different video output format can change the available configuration options at the bottom of the screen.

I decided to put ripped the movie in iPhone format since I do have an iPhone after all. You would think it would be faster at doing the conversion, however, that was not the case. It took the same amount of time if not longer to create an iPhone version. It isn’t too big of a deal, but it would have been nice it were faster. However, If you are making a straight backup of your DVD, it can take as little as five minutes. After finished, I was watching Star Trek on my phone like a pro!

But what I really like about this application is the interface. The interface is very user friendly and easy to get around in and that is something I always cherish in an application. There are a number of other improvements to the interface that could make it a bit easier to get around such as when you are in the title browse window, you can’t scroll down using the mouse wheel. You have to drag the slider bar. When you slide the bar on the video screen, it highlights the start time box, but if you enter a start time, it doesn’t change the slider bar on the video screen.

Overall, WinX DVD Ripper Platinum provides an easy, wonderful interface to an awesome product that will provide you with backup and alternate copies of your movies. If you need to make a copy of one of your DVDs, especially one of the most recent ones with Fort Knox decrypting techniques, then I highly recommend this software. There is a free version and there is the paid version which I tested. If you would like nothing more than to get your hands on a Platinum copy of WinX DVD Ripper, then I ask you to tell me the best reason why you want a copy  in the comments leaving your name and email, and I will personally send you an activation code. I only have ten codes so I look forward to hearing your thoughts as they will go quickly!

WinX DVD Ripper Platinum Gets Reviewed originally appeared on The Coffee Desk on March 25, 2010.

Goober is an instant messenger developed by a team of Germans based in Delaware that’s going up against the big guys (Trillian,Adium, Digsby, etc.) with a desktop client that overflows with features. Available for Mac, Linux, Windows, and cell phones (like my handy dandy iPhone), you can practically use Goober anywhere. In addition, like many of the instant messaging apps, Goober incorporates their network, MSN, ICQ, Google Talk, and Jabber. Interestingly, AIM is not part of the protocol group which is somewhat of a deal breaker for some, but that is soon to change. For those of you with an iPhone, features include:

• Instant Chat
• Show your friends where you are and change your profile avatar directly with your iPhone
• Manage your goober galleries and enrich them with pictures right out of your iPhone. You can take pictures at a party and present them via your goober Widget directly on your profile or web page
• Have a look at the picture galleries from your friends
• Access files in your WebFolder (or those of your friends)
• You can be contacted directly from your goober Widget and chat
• Add new friends
• Change your status text while underway

The desktop application comes equipped with voIP, so making and receiving calls is a nice addition. Users can also send text messages, and MP3s. It seems like your normal application, right? Look a little closer and you’ll find that Goober differentiates itself primarily by providing a suite of widgets that can be used to communicate through the client. An email widget can be placed in the signature of messages and a “portal” widget can be placed on social network profiles and other webpages. This is rather cool because instead of the other person getting the application, they can instead go to your site, Facebook, or wherever else you placed the widget and chat with you. Both options present buttons for one-click instant messaging, VoIP calling, and file transferring with the user. An additional “classifieds” widget assists those trying to conduct business online who want to be reached through more synchronous means than email.

There is more – if you are looking to listen to a little music while you chat, so be it. Like AIM, Goober has also integrated entertainment music and video into the client. Goober scours the internet for free video channels and radio stations found on the internet and allows for the playback of them at the bottom of the client. I love this feature but unfortunately, the quality is subpar.

Overall, Goober is a pretty decent IM client. Those who regularly communicate across several protocols should check it out, especially once Goober adds AIM and Yahoo. If you are willing to test beta software like I always do, then you can experience both Yahoo and AIM, plus some additional features such as Twitter and Facebook support! Goober is not a well known program but as they start to make the software better, I am sure it’ll become a runner up in this competitive market.

Goober, The Instant Messenger, Gets Reviewed originally appeared on The Coffee Desk on February 25, 2010.

I’m a blogger, so this software has proven to be very useful. Once installed, I was writing notes in no time and saving them to work on later, or archives posts that I have already worked on. You can include, pictures and links, so it was even easier to to references to later. But NoteKeeper 2 isn’t just for bloggers. If you have been thinking about turning that journal of yours digital, then you can. If you are a student and would like to keep your research within NoteKeeper 2, you can easily do so. Professionals, students, bloggers, etc. can all benifit from this amazing software. Fortunately, FruitfulTime NoteKeeper 2 includes the same secure privacy features that TaskManager did so if you are worried about sneaky eyes, then not to worry – you can lock up your most sacred secrets.

FruitfulTime NoteKeeper 2 also helps in the following:

• Supporting documents, such as spreadsheets, can be referenced and opened with one click.
• Work offline with no internet connection.
• Access your notes anytime and anywhere when you install on a USB thumb drive.
• No need to worry where you saved your notes file
• Keep your notes organized in one place and never lose anything.
• Assign keywords and color tags to notes for quick reference.
• Style your notes with fonts, colors, and pictures.

And that is just to name a few. Being that it is FruitfulTime, they pack many features for a reasonable cost. I have been working with FruitfulTime NoteKeeper 2 for a good week now, and I absolutely love it. The only problem I have is that it isn’t yet available for Mac. Perhaps in the future, this will change, so until then, I will continue using NoteKeeper 2 on my Windows machine.

If you are interested in trying out FruitfulTime NoteKeeper 2 for yourself, then I suggest you do so. You have 30 days to play with it, and after 30 days, $30 ($29.99) will be asked of you. If you don’t like it, they guarantee 30 day money back. FruitfulTime NoteKeeper 2 is available now for Microsoft Windows Vista/XP/2000.

Notes Software: FruitfulTime Notekeeper 2 Reviewed originally appeared on The Coffee Desk on February 23, 2010.

To name a few, you can:

• Manage your to do list easily and quickly.
• Create / edit / delete tasks.
• Monitor the progress on each task / subtask.
• Assign tasks to different contacts.
• Set the priority for each task.
• Set up reminders for tasks.
• Assign tags to tasks.
• Password protect your tasks such that only you will be able to edit and view it.
• Carry your task list with you anywhere if you install FruitfulTime TaskManager on a USB.
• Tasks can be split into smaller manageable subtasks like paying telephone bill can be split to paying  landline bill and paying mobile phone bill.

So now that you have some basic features in mind, I would like to start off by talking about security. Trusting an application with personal data can sometimes be difficult. The paid version of FruitfulTime TaskManager comes with a built-in password protection, and immediately takes initiative by allowing you to pick a password. Your data file is protected with the Advanced Encryption Algorithm (AES) 256-bit encryption, but the password to your data is stored in a separate — also encrypted — file. The reason it’s done this way is because FruitfulTime TaskManager offers a unique combination of security and safety, but if you forget your password, sending your password file back to the company will allow them to decrypt it and send it back to you. It is a clever idea that not only keeps you protected, but also in the event you forget your password, will not keep you completely out.

When you start the Task manager and begin creating tasks, you will notice tasks and subtasks. I did not realize tasks could be broken up, but with this program you can create tasks and on top of that, create tasks (subtasks) that you need to take to get to the ultimate task. Tasks and subtasks lists are always shown in your FruitfulTime TaskManager window, so it is rather easy to navigate. Each task and subtask can have its own priority, status, start and due dates, and a progress.

In addition, when making a task, it would probably be a good idea to tag your tasks. Tagged tasks can be quite helpful in allowing you to be a little bit more organized. Tags are found in the special Tagging tab which is always shown in your FruitfulTime TaskManager window. Not only tags are shown in your Tasks list, but you can also use them for searching through your tasks list. It is even possible to edit the names of all the default tags, and you can add or remove as many of them as you like. This also makes it possible to filter using the tags.

Now, I just scratched the surface with this program, but I am going to stop now to keep myself from writing a four-page report on everything that FruitfulTime TaskManager has to offer.  Now, I must point out that this program is Windows only. I, like many people, use both Windows and Mac OS, and although I would have enjoyed sharing it with my fellow Mac, I am perfectly content with it is Windows. More features are said to be coming soon, so perhaps this will change.

While there is a free version (with a slight difference in the feature set), there is a $30.00 version that, in my opinion, you should absolutely purchase. There are not too many applications out there I can say that, not to mention, it is relatively inexpensive compared to some with little features. Overall, FruitfulTime TaskManager exceeds my expectations and I recommend you put this application on your current to-do list.

Task Management Software Review: Fruitfultime Manages Your To Do List originally appeared on The Coffee Desk on February 19, 2010.

As our digital media grow, it is imperative that we all find ways to keep it forever. I was once a strong believer that I could never be a victim of hundreds of important files lost. I saw more clearly my mistake when I lost some of my most valuable pictures, videos, and music years ago. To keep that from ever happening again, I backup to several places so in the event that anything fails, I have a backup somewhere else. SpiderOak has made the list of saving my most important files, and doing it well.

For For $10 a month, you can store up to 20GB; this can be further increased with another $10 per 100GB increment. If you are like me, then you’ll take the free 2GB and run with it. Although not much, 2GB will definitely help. If you need more, prices get a little high, however, you get what you pay for, and one thing that $10/month will get you is advanced security. SpiderOak has one of the most advanced security systems that I have used in a backup service. Many people have their security concerns, so the SpiderOak team takes great pride in protecting their customers. In fact, because of its strong encryption, the program is currently available only in the United States. MacNN mention says “While it’s unlikely that employees will browse through your files, the possibility is always there, which means you lack true privacy. That’s why the site uses the Advanced Encryption Standard (AES), a US government algorithm, for encrypting your data on its servers. In theory this not only halts local access, but means that if the password is lost or forgotten, even you will never be able to retrieve your files ever again.”

I would probably suggest you always remember your password, of course. Also unique to SpiderOak is a feature I absolutely love. Versioning is a wonderful feature that all backup services should use in my opinion. Imagine you save a document, and you decided to change some things within the document and resave it. Most services would replace the backup copy with the new one, however, SpiderOak not only keeps that version, but any previous changes you have made or will make. Brilliant. SpiderOak also takes great pride in giving users the ability to share their files. You can designate specific files to share, assign a password to them, and then anyone with the right password can access your files over the Internet. Simple as that! With such a simple program, anyone can use it and not only am I talking about any person being able to use this program but any operating system can use it as well. This cross-platform program can have you backing up on your Mac laptop, Windows PC, or your Linux computer.

I am not particularly fond of the look and feel of SpiderOak, but in my conversations with Oberman, he made it easily understandable when he said, “this has been an issue that we have discussed at a great length internally. However, given that one of our top priorities from the beginning was to be completely cross platform, we wanted to provide a consistent look and feel within the application regardless of platform. Therefore, if you are on a Mac, a Windows machine, or working in Linux, the SpiderOak application will look and feel the exact same.”

That is when the saying, Never judge a book by its cover comes to mind. Despite its unpleasing facade lies a great functional program that not only backs up your files (as it is suppose to do) but also does so with security that even you cannot access without the password. If you are looking for a secure backup service, than this is for you. Either way, I encourage you to try them out. As of now, there is not unlimited backup like you find with Mozy or Carbonite, however, there are a world of differences when compared that Oberman would be glad to explain any day. Given the many services there are to do online backups, I’d say they are heading in the right track and I will be by their side for many years to come.

Online Backup Services. Spideroak Reviews originally appeared on The Coffee Desk on February 16, 2010.

The people over at PCPhoneSoft.com have come out with a new plugin for the magic jack to unlock some advanced features that have been long requested. Magic Jack has been in the news a lot especially since they recently released information on the new version of the product which has been dubbed “femtoJack”. Need to know more about the Magic Jack? Check out our comprehensive review.

So what are the bells and whistles that come with this new Magic Jack plugin?

Caller ID (Name + Number)
Call Waiting Caller ID
Talking Caller ID
Last Number Redial (dial 66)
Call Return(dial 69)
Voice Mail(dial 98)
7 Digit Local Area Dialing
Automated Extension Dialing
Automated Phone Card Dialing
Speed Dial 50
Priority Call Special Ringing
Priority Call Waiting
Double Ring So Answering Machine can pickup
Call Forward Assistant
Selective Call Rejection
Accept Only Priority Calls
Anonymous Call Regection
Do Not Disturb
Blocked Call Chime / Caller ID
Call Recording On Demand.

The software can be downloaded here www.pcphonesoft.com and does come with an uninstall utility. The MagicJack features plugin does cost 9.95 if you decide to keep it. If you would like to see some screen shots of the product then they can be found here www.pcphonesoft.com/featuredetails.html

We think that the Caller ID feature is helpful but it only pulls the contact names from your contacts list and your speed dial, which is rather limited. Another feature that is sure to be popular is the double ring which allows the call to ring 7 or 8 times instead of 4 which will allow your phones answering machine to pick up and take the message.

So far users have reported very positive reviews for this magic jack software and the developers have been very responsive listening to users feedback and adding functionality when appropriate.

“MagicFeatures” Released for Magic Jack Phone originally appeared on The Coffee Desk on January 24, 2010.

See, I’ve been working on this draft for about three weeks now which covered all of the bases of the concept of hypervisors and a look at the security involved with them and various modes of attack – all of about 3,000 words according to the draft’s word count. But then…

Stuff Came Up

…I got really really busy. The 3,000 word article was seemingly nowhere-near completion, despite it’s length and broad (yet, incomplete) coverage of all the concepts that this article needed to “touch up” on, and yet my non-blog activities continued to grow in time consumption. So I’ve chosen to scrap the borderline-eBook draft entirely and to just sum it up here without going on for ages.

Oh, and just so I can finally publish this article without deferring it to an even later date, I’ve merely placed my sources at the very bottom under their own heading. In other words, if you don’t take my word for it (and why should you?) then hunt for a reliable source in those links. Properly placing them within the article inline with the rest of the text is simply too time consuming since this is being written in raw HTML; this thing would never get published if I had to place them all in the actual text Wikipedia-style.

All That Aside

The basic idea/thesis of this article (and the previous, unfinished draft) is this: hypervisors are getting more and more common, and are growing in deployment in everything from datacenter systems to embedded consumer electronics. But, as their deployment increases, more and more security concerns come into play, including a variety of attack methods and the dire consequences of a compromised hypervisor.

If you know what a hypervisor is, then skip this paragraph: A hypervisor is basically a very minimalist operating system designed with the purpose of abstracting real, physical computer hardware from one or more virtual machines running “above” it (from a layered perspective) – if you’ve ever run VMware player/workstation/Fusion/server atop Windows/Linux/Mac OS, a hypervisor is like that only analogous to running VMware player/server/workstation/fusion directly atop the hardware in the form of an operating system, cutting out the “middleman” OS to favor performance.

What some don’t know about hypervisors is that they utilize a few “dirty hacks” in order to implement some features and optimizations, which aren’t always security-hardened. And I don’t say “dirty hacks” in the sense that the programming is bad – the code is as good as it can be, as far as open source hypervisors can show – but the very practice of their implementation is what I consider “dirty” given their attempt to make the x86/x86-64 architectures do things they weren’t designed to do, therefore leaving a gaping security flaw capable of compromising many systems at once, including the hypervisor itself and all VMs running atop it.

A Likely Scenario

I’ll cut the crap and present a common scenario for you to more easily visualize this: say we have a hypervisor running Windows Server 2xxx (version doesn’t necessarily matter), a Unix OS, and Netware or whatever else your “dream datacenter server” would run. As many seasoned security professionals can tell you, each of these systems are potential attack victims with many possible unpatched exploits running on each system: each platform is running it’s own flawed kernel, flawed processes/services, flawed drivers etc.

Why do I outright accuse them of being flawed? Not to get into the philosophy of IT security, but it’s because they were designed by humans. Unless a team of gods designed everything from the kernel to each device driver to each individual process running in the OS userland, the system will have flaws with necessary patches in the future of the running system. That’s not even considering possible exploitable flaws within the underlying hardware itself, hypervisor-emulated or not.

So if one of these naturally-flawed systems were to be compromised, as is a likely scenario considering that it happens all of the time, then only the individual VM is affected – right?

Wrong.

A New Definition of “Privilege Escalation”

Say for example a bug in a service running on the Windows server were exploited by yours truly, and I gained administrator/root access to the system (or even simple non-administrative code execution, for that matter – read on!)

What follow between the acts of compromising a single hypervisor-controlled VM and the entire series of running systems is largely product-dependent at this point, so I’ll use generic terminology to provide a vendor-independent route of attack that falls just short of actual proof-of-concept code. Again, if I had enough time, I’d actually submit some code proving this…

Basically, a VM communicates with the underlying hypervisor via a “hypercall,” which is essentially the same thing as a system call made by a usermode program to request some I/O service of the OS kernel, only it is made between an OS running atop virtualized hardware to request a specific operation of the underlying hypervisor OS. This is usually accomplished via some code the hypervisor vendor provides for each supported guest OS to enhance performance or it is written by the OS developers themselves using the vendor’s API documentation.

Note that hypercalls and paravirtualization are not the same thing, but are somewhat related in how they operate at the assembly-level and how they are recognized/interpreted by the processor or hypervisor, depending on the operation being streamlined as a paravirtualization optimization.

Right, so there are lower-level system call-esque operations a guest OS can perform to trigger some functionality/behavior from the underlying hypervisor. The key thing to highlight here is that hypercalls are, in most cases, unchecked by the hypervisor as to whether they were invoked by a kernel or usermode program within the guest OS, and also rely on data inputted from the actual code invoking the call. If you have any experience with buffer overflow attacks or anything along those same lines, there’s an alarm going off in your head as you read all of this.

And it gets better – sometimes, the guest OS may not be necessary to compromise prior to the hypervisor’s attack: with VMware’s hypervisors being the most notable case for doing this, hypervisors many times will allow a direct (bypass-the-guest-OS) interface into the hypervisor to allow for remote settings changes as the VMs run. Remote is the key word here: all that code that accepts incoming connections, accepts user input, relies on the flawed SSL/TLS system for encryption and authentication, and which filters packets before routing them via internal virtual networks emulated within the hypervisor using it’s own code are attack vectors that, if exploited, allow the direct compromise of the hypervisor and all running VMs without the need to compromise a guest OS using one of their many flaws as discussed earlier.

Real-World, Documented Example of Such An Attack

Maybe you think all of this is a crock of B.S., and after all, the chances of BOTH a guest OS and the hypervisor itself possessing vulnerabilities serious enough to compromise an entire series of systems are slim, right?

Allow me to refer you to this guy: http://blogs.gartner.com/neil_macdonald/2009/02/20/hypervisor-attacks-in-the-real-world/ – this is a real, documented attack acting on a buffer overflow exploit that allowed an attacker to compromise the hypervisor of a rather unlikely victim for this sort of attack: The Microsoft Xbox 360.

The Xbox 360, as you may have read from that link above, is merely a hypervisor itself: the “Dashboard” presents the hardware in emulated form to the currently-active game, which functions as a heavily-sandboxed guest OS atop the dashboard (presumably, it makes hypercalls to the Dashboard to draw graphics and accept input from other hardware)

This is just one example of how hypervisors are increasing in deployment and thus increasing in security concerns as well. I mean, who would think, after growing up in the Atari/Nintendo era of gaming consoles that something as advanced as a hypervisor would be allowing us to enjoy the games we play? If you look around, you can find even more shocking examples of hypervisors in unlikely places – even mobile phones.

Attack Consequences

So if one were to breach the hypervisor running several varieties of guest operating systems, as in my example earlier, one could use said root access to the hypervisor to commit dirty deeds such as planting rootkits into the memory of running operating system kernels, performing filesystem trickery as a side-effect of having direct, unabstracted/raw access to nonvolatile storage mediums, and pretty much anything one wished to do – after all, you have more control of the running guests than you would in any other scenario.

It’s like having full debugger capability with a running OS kernel (something Linux kernel debuggers may want to look into as a desired scenario)

Final Notes

Please understand that this article isn’t meant to be FUD against using hypervisors or a “we’re all gonna die” cry for attention – I can already predict that somebody will get about halfway down the article, without reading a further-down support of the presented thesis/scenario and immediately flame away within a comment. And I can already predict that said person’s comment will magically disappear during the moderation process with an email sent to said person asking them politely to finish the article before flaming.

The sources I will list below are other blog posts I read as research into this subject in addition to actual practice with a few hypervisors myself, back when I still had some free time. Also linked to is some source code from the open-source Xen hypervisor, which allows a direct look into the process of detecting/validating and processing a hypercall (which is also briefly defined in another Xen Wiki link below)

Much of the standing-flaws with hypervisors and research into the like have been performed against either Microsoft’s Hyper-V or any other private Microsoft-made hypervisor (such as the Xbox 360 Dashboard). While I certainly don’t doubt that Microsoft’s hypervisors are just as (if not more) flawed than the next hypervisor, all of them should be researched and hardened against attacks and as frequently patched as one made by a different vendor.

Don’t let the vendor’s name and image/history provide a false sense of security or cause one not to patch the hypervisor any less than the next product or OS: they all are vulnerable, and as more research is performed to test their security, applying vendor-released patches remains essential in this day and age of rampant exploiting by even more juvenile and not-so-juvenile hackers as each day passes in the sea of limitless information provided by the Internet.

With that final word of advice, I’m ending this article. If it seems long, consider the fact that this after the process of whittling away at my previous, unfinished 3,000 word draft in a desperate attempt to finally publish this thing and get this information out to those who need it the most. Like I said before, this is the article that almost didn’t happen…

Sources/References

Xen Wiki Hypercall formal definition
Securing Hyper-V: a generic overview of potential hypervisor security issues and prevention (Hyper-V specific)
A basic analogy to apply a fundamental security principle to Hypervisor security (“if it’s possible to exploit, don’t assume it won’t be”)
Secunia Advisories for Microsoft Products (dig through here for some MS-specific virtualization exploits, or even other vendors)
A real-world hypervisor security breach: the Xbox 360 Dashboard
Xen source code index for xen.h, the Guest OS interface to Xen (for version 3.3.1; details hypercall parsing and operation)

[Finally, the end of this article...]

Hypervisor Security Concerns originally appeared on The Coffee Desk on December 1, 2009.

On Bootup: First Impressions

So fellow editor Anthony sends me this VMware image and asks me to write a review about this OS given our shared fascination about it and his lack of time to write one himself (and I humbly accepted ). I fired it up after writing a .vmx configuration file to go with it, logged in using an anonymous Google account and was immediately greeted by this:

Welcome to Chrome OS.

But wait, let’s rewind a second here: before I reached the “omg your security is at risk – run for your life!” Chrome OS greeting page, I had to log in and remotely authenticate to Google using a Google account. So right away, Google receives my IP and subsequent location information upon computer bootup/login.

(refer to another article here, which criticizes Chrome OS for being too big brother-ish)

Of course, if you wanted to badly enough, you could root the system yourself by mounting it’s disk elsewhere and forcing all networking to go through a proxy system such as Tor for the ultimate privacy, but that would also make the system slow as hell and is too difficult for most users. You win, Google: here’s my location and the typical time of day that I boot up/log in to my computer running Chrome OS.

Chrome OS Settings

Moving past the “holy shit” tabs, I proceeded to open my own and start using the OS:

Well, go on, start being amazed already!

I found the menus to appear kind of Windows 98-ish what with the gray color next to all the shiny chromeyness and all, but whatever, it’s still an alpha testing build and probably can be skinned to hell and back at the OS level too.

Note where that menu is, too: there are three little menu buttons (which are hard to click when the mouse moves way too fast) in the corner that allow a window into the OS settings. They allow you to turn on/off your NICs, view your battery life, and the typical help/about pages etc.

But one thing that it lacks: an off/shutdown button. Once you are booted up, there IS no turning off the computer without holding down the power button or pulling the battery out (both of which are bad for the filesystem). I guess this is considered a “feature” of Chrome OS. How revolutionary!

Incognito Browsing = Porn Time!

In the screenshot above, you may notice the “New Incognito window” button underneath the usual “New tab” and “New window” selections. So what does this do?

It opens up a new chrome browser window, only completely sandboxed from the browser history and cookie storage for an “off-the-map” browsing experience:

Incognito browsing welcome page. Note how specific it is about the smiley thing.

The first thing that came to my mind: “they’re actually catering to porn watchers.” Yes, that’s right: take your netbook running Chrome OS into the bathroom, fire up an incognito window, and when you come out two minutes later (or longer, depending on chrome’s speed) there will be no trace of your activities. Just be sure to close the incognito window, of course!

But in order to accomplish this, one needs plugins installed for Flash or Java to view videos on the Web:

Chrome OS Plugins: Flash and Java

In my tests, the builtin Flash plugin didn’t work due to excessive crashing:

Note the “flash crashed” and Linux path notice under the toolbar, and the incognito icon in the corner ( )

But, it worked fine in YouTube (a Google-owned subsidiary):

Spaghetti beats cheerleaders any day of the month.

So Google got in bed with Adobe for out-of-the-box Flash integration pretty early, it seems. But Java? No. Silverlight? Don’t even joke like that. Stand-alone (.mp4/.mpg/.ogv etc.) videos? Forget it: even Google video removes the downloads for videos in these file formats upon detecting the Chrome OS user agent.

The Chrome OS useragent, by the way, is the same as Chrome’s only with “CrOS” thrown in there to shown that it’s the operating system and not just the browser. Adjust your shitty browser sniffers accordingly.

Where’s the Applications Menu?

I find references to an “applications menu” and “desktop” all over, but can’t find one:

The WHAT?

If I can’t find the applications menu as an experienced user/programmer having looked all over the place, then how can they expect netbook-using housewife users to locate it? Or maybe it just isn’t implemented yet since this is still technically an Alpha release.

And closing all browser tabs, instead of dropping down to a “desktop”, simply turns the screen blue under the cursor for a few seconds before launching a new Chrome window, restoring the last URL you closed.

Builtin Advertisements

Ironically, I discovered this while trying to install the Adsweep plugin for Chrome OS to remove ads from pages since they were slowing down my 300MB RAM virtual machine. The DNS resolution (over NAT) was so slow that the download page timed out and I saw this:

Note the first link: paid-for ad?

They suggest another site for you, based on their top search results for the URL’s terms. And if the top result happens to be ad-funded, then guess what? So even WITH my Adsweep installed, if a page times out due to Chrome/Linux’s apparent shitty DNS resolution, I am suggested a paid link. Great.

Other Miscellaneous tid-bits

Other than these issues, I overall enjoy the OS as a whole, even though I’m no Google fan (too big-brother-ish for me). I have always thought the idea of the web as a platform and a computer that could boot straight into a browser seemed like a great idea with the great proliferation of web apps in recent years, and Google delivered.

And Chrome couldn’t be a better browser to put on top of it all, using Webkit for pristine rendering:

Chrome OS passes the Acid 3 test 100%

Overall I was pleased, and look forward to future builds when the project continues to improve and gets better nearing release. With that said, I leave you with a final screenshot to demonstrate Chrome’s window manager’s appearance:

Chrome OS “About” screen

You can find the image floating around the web, if you wish to try it yourself

Google Chrome OS Review: The Housewife’s OS originally appeared on The Coffee Desk on November 21, 2009.

Twitter’s Retweet (beta) feature: note the “ReTweet” link next to the reply link.

The “New Feature”

So, what happens if the little link in the above screenshot snippet is clicked? Well, if you are “lucky” enough to be testing this feature, you will see the following within your timeline:

(note the image instead of the letters “RT”. That’s the innovation here, apparently.)

Everyone else sees the usual “RT @[user]: [Tweet]” format, without the fancy shmancy image to go in place of the “RT” part.

Management Screen

One more official part of the new feature, however, is the “ReTweet management screen”:

See who re-stated what

Here, you can see who has ReTweeted what, who has retweeted you, and so on. This tool only supports the usage of the “official” RT link; old-style manual “RT”s are not tracked here in bit.ly-like fashion.

My Verdict

I’m being a dick about this new feature, I realize this, and here’s why:

Bet your Twitter web client doesn’t do THIS, huh? More screenshots: The Coffee Desk Twitpic

Twitter user @troynt pretty much ruined Twitter for me: his Firefox Greasemonkey script added “group” support before the Lists feature was added for all to use, it hides the stupid Twi-ter pronunciation ad box thing, it nests timeline replies (seen in the screenshot), it allows you to add “notes” about a user to this profile page, it allows you to automatically see new Tweets upon reaching the bottom of the timeline screen in the web client, it can embed images (e.g. Twitpic) and YouTube videos directly into the timeline under the corresponding tweet, it has auto-complete for @ notation, and it allows you to turn off pretty much any aspect of the site via a nice checkbox-system within it’s in-Twitter management console.

The biggest thing Twitter should adopt here, while remaining optional and customizable of course, are the nested replies, image/video embedding, and auto-completion. Until then, this script makes Twitter’s web client 100% more usable for me.

One thing the script doesn’t do that I would like to see in Twitter is auto-updating times: Facebook does this in their newsfeed: when a minute has passed, the “posted at …” is updated to reflect how much time has actually passed, not how much time has passed since the status/post was last loaded. Nothing grinds my gears like trying to figure out when a tweet occurred upon returning to my computer after 5 minutes of being away (simple math shouldn’t be necessary with Web 2.0)

So while this article started as a critical review of the new ReTweet feature within Twitter’s web client, it’s quickly turned into praise for the @troynt Greasemonkey script instead, since it pretty much makes Twitter 100% better and adds more features to make it actually worthwhile. Use Firefox, get the Greasemonkey add-on, and get the @troynt Greasemonkey script from userscripts.org – it will change your perspective about Twitter’s web client moreso than their useless ReTweet Feature.

Twitter’s (Beta) ReTweet Feature Review originally appeared on The Coffee Desk on November 17, 2009.