This is an edited repost of an e-mail I sent to the CapSecDC mailing list over the weekend.

What is interesting about the iPad?

There are a bunch of technologies making interesting convergences in the iPad including search, mobility, task oriented Human Computer Interaction (HCI), and networks, but let’s just look at the HCI part.

The iPad is all over the future of task-oriented-computing HCI, as were the OLPC XO, iPhone, Palm Pre, Android, etc. They make no attempt to even try to consider faking being a netbook, tablet, laptop, or any other general purpose Windows, Icon, Menu Pointer (WIMP) system. There is a bit of duck typing there, but make no mistake, the iPad isn’t a duck, er, a tablet PC, just like the Android isn’t just “a phone”.

A history lesson

Back when Led Zeppelin was still touring, and wizards flipped switches, punched cards, and built up circuit boards by hand, there was limited abstraction to computing. Users had to know what their computers were doing at a pretty low level to do, well, pretty much anything. Their hacking wasn’t mediated by much at all. There aren’t many metaphors to soldering on silicon.

And operating systems advanced. Abstract command-line interfaces (CLI) became prominent. CLIs tend to user ‘verb, noun’¹ command oriented systems.

rm -fr ./drafts/

vi on-the-ipad.txt

ping grantstavely.com

less /var/log/httpd/access.log

And they tend to have hierarchical organizational metaphors mediating the user experience.

/home/grant/mail

/dev/modem

/var/www/html/grantstavely.com/index.php

Then WIMP came along. WIMP tends employ ‘noun, verb‘² command oriented systems.

Select all objects, drag them to the trashcan.

Double-click header, click the Bold toolbar button

When log file is on screen, drag scroll bar down to scroll through entries

And they too are hierarchical experience metaphors with spatial orientation, and overlapping windows, and cursor and menu driven insanity mediating everything. Click here sort of stuff.

Both mediations — both abstractions — have advantages, and over time, lots of us, never having to punch cards or solder boards, put PCs in our homes and businesses, and solved problems with them. Wow.

But there are other mediations, other metaphors, other abstractions. Jacob Nielsen’s noncommand interfaces¹ abandon these verb/noun, hierarchical, graphical intermediaries. They are what he calls task oriented. Like the iPhone.

Launch phone app, task-oriented device becomes a phone.

Return to task-selection “home” screen.

Launch camera app, task-oriented device becomes a camera.

This is deceptively similar to our trusty old world³ systems.

Write daemon in c that will spit bits out /dev/modem. Fax from minicomputer.

Or more recently.

Load Windows IBM Fax Application from floppy disk and the big beige box, monitor, and printer can be used like a cumbersome fax machine with too many buttons and a terrible UI.

Or even more recently.

Download skype, extract and install. Launch skype. Webcam on desktop computer runs a video-phone-ish document on the desktop on the CLI system.

It’s easy to forget that CLI and WIMP command interface experiences even are mediated, but at some point we learned how to pipe a stream through sed, to grab a scrollbar by carefully positioning a pointer using a brick of plastic with buttons on it, to layer windows, to manage running processes, to find hierarchically organized documents — we learned the syntax of verbs and nouns and adjectives. But don’t forget that these are metaphors constantly, always, mediating our experience.

Mediated Experiences

The menu is not the meal. Please refrain from eating the menu.

On the iPad, Pre, Android, and insert-your-favorite-hardware-here equivalent, our finger touches the data — a web page, or a picture, or a video — and swipes. The data moves. We pinch, rotate, zoom, or discard, the data. Launch a task-mode app and the device transforms.

Okay, this is starting to sound a lot like it came from the marketing department, bear with me. It’s still a mediated experience, but we can see the advancements in abstraction right?

Look, the experience is so different on these mobile task-oriented devices that comparing them to say, netbooks, is kinda silly. A touch screen, keyboardless iPad-ish PC running Windows 7, or fvwm, or whatever, is not a task-oriented system, but some of it’s applications might quack like one.

But where is the market?

That there are Apple fanatics muddies the water if we let it, but it’s such a boring way to look at the experience, the market, people, and so on.

The iPad might arguably be the first real shot anyone’s given at a general-use, task-oriented computing platform — well, at least since the iPhone and every device that copied it. But it’s not a phone. It’s not an ebook reader. It’s not a laptop. It’s a really weird set of limitations with a web user interface, and that’s about it.

That’s kinda insane.

I think the market is out there for an abstracted, task-oriented, noncommand, web-enabled device, converging apps, mobility, search, and so on. The iPad might not be it, but it is a tell as to where things are headed.

For Example

The WIMP browser, still interfaced with a CL-ish address bar, is cumbersome. You did not get here by selecting your address bar and embracing the hierarchy that is uniform resource locators. You didn’t think to yourself (I’m guessing):

Ah, http, the protocol, next to the grumpy :// guy that has two frowns. And then grantstavely.com, the Domain Name System A record for Grant’s web server. And lastly, “Oh, joy”, the virtual directory that is really just Apache trickery, “/blog/on-the-ipad”.

We’ve all watched people not do this. We use the web by searching for our favorite sites, or repeat-visiting subscriptions and bookmarks, or by following suggestions like the dozens in this article. Ugh.

So?

When an article at Read Write Web became the top google result for “facebook login” because of a popular article they published about Facebook’s distributed login platform, the search-protocol web browsing mode failed. Not realizing that they weren’t reaching Facebook through their normal, human, protocol-following google search, dozens of Facebook users complained to Read Write Web.

ok cool now can I get to facebook

The new facebook sucks> NOW LET ME IN.

I WANT THE OLD FAFEBOOK BACK THIS SHIT IS WACK!!!!!

EXCUUUUUUUUUUUUUUUUUUUUUUUUSE ME!!!!!!!!!!!!!!!! WHY NOT JUST LEAVE IT ALONE!!!!!!!!!!!1111

Read Write Web had to edit their article to help them.

Dear visitors from Google. This site is not Facebook. This is a website called ReadWriteWeb that reports on news about Facebook and other Internet services. You can however click here and become a Fan of ReadWriteWeb on Facebook, to receive our updates and learn more about the Internet. To access Facebook right now, click here. For future reference, type “facebook.com” into your browser address bar or enter “facebook” into Google and click on the first result. We recommend that you then save Facebook as a bookmark in your browser.

An Aside

See the click here, noun, verb stuff followed by the directions for how to use the verb, noun command-oriented parts. Note the suggestion to perpetuate the problem in the last helpful hint. I mean, the instructions are right, and necessary, but the opportunity here is obvious. Isn’t it?

6015+ days hath September 1993, and we are still scratching our heads about this?

Anyway

Those folks would probably be more successful with an iPad and a Facebook app. An app abstracts the address, like a browser’s bookmarks were supposed to. Arguably, bookmarks already do this, but making a bookmark an app privileges the bookmark in a powerful way, beyond the full-screen, customized, scaled experience that is the app. In an environment of full screen apps at the same level of importance as the browser, the search model of finding the same thing over and over again loses it’s efficiency.

But it’s just an iPhone

I think the size factor is more important than that. Looking at photos, watching videos, and reading articles on phones is a pretty poor experience. The pocket portability is a strength and a weakness on phones. I don’t plan on buying an iPad because it doesn’t solve any problems for me; but not because it’s too small, or too expensive to not multi-task — being a camera window, and an email window, and an IM window, and a menu, and a process management list all at once is a weakness, not a strength — I don’t plan on buying one because while I would like to have one, I’d like to have one less than I like to eat and drink really well, or get more camera lenses, or fly more places and check them out — and because I feel pretty damned unlimited with the CLI and WIMP crap I already have.

But I get the idea, and I think it’s really, really, fucking cool.

Sources

¹ — Noncommand user interfaces, Jacob Nielsen, 1993
² — The Humane Interface: New Directions for Designing Interactive Systems, Jef Raskin, 2000
³ — I Need to Talk to you About Computers I’ve Been, Steven Frank, 2010.

Domain Name System (DNS) traffic is inherently timely. Responses from DNS servers are expected to change from one minute to the next. So many important application layer protocols leverage DNS, and it is so pervasively necessary for even basic Internet access, and it is such a simple behavior indicator, that it only makes sense to log the crap out of it. In minutiae.

Yet, it seems like DNS logging is still one of those everyone-rolls-their-own efforts. And fewer still log DNS from a sniffing sensor, instead trusting their DNS servers. I hate rolling my own, and I don't trust DNS servers.

I've borrowed a healthy dozen or more security monitoring ideas from Sean Wilkerson, so while he was still on stage after a talk at DojoSec, I re-raised my DNS Logging plight. I'd hoped he knew of a tool, or could use the microphone, video stream, and audience to ask that someone create one. Actually, I didn't hope, I specifically said “And hey, if anyone is listening, this needs to exist. If you can create, you are obligated.” or something along those lines.

I wasn't looking for an analysis tool, or a log parser, or an IDS signature. I just wanted the equivalent of the many snarf programs in Dug Song's dsniff package. It had to be lightweight, reliably parse all application traffic of the DNS protocol, and simply log it. Dsniff already does that for HTTP, NFS, SMTP, IRC, and many instant messenger protocols, and it can spoof DNS, but has nothing for passive DNS monitoring.

It worked! Sort of.

Christopher McBee was in the audience, and he knew that Python and Scapy would probably be capable. In twenty minutes, he had a working DNS logger. Awesome.

It didn't log minutiae, but that wasn't Scapy's fault. It didn't log TCP, and that is still Scapy's fault.

Spurred by Christopher's work, I dove into Python and finished it to my original spec, mostly.

It doesn't understand TCP DNS, because Scapy doesn't, and I am not smart enough to fix that.

Output looks like this by default:

So then I'm validating it against tcpdump. tcpdump already does what I want. And it isn't Python. It's fast. Silly us.

Here's tcpdump with me running 'host grantstavely.com' in another window.

Under my nose!

Actually, tcpdump isn't showing us transaction ID numbers, TTLs, or LENs, which is a bummer. So dnssnarf still has it's uses after all.

Over the summer two friends and I brainstormed some ideas for a value-add URL shortener. I know, I know.

It was going to do a bunch of security checks against URLs it was asked to shorten, and when Chris had the original idea, nobody else was doing anything like it. Aaron quickly scraped together something that could shorten urls, and 301 them when they came in, and call out to various security checks along the way. Meanwhile we wiki’d together a huge list of features we wanted. Features current url shorteners still lack.

We kinda lacked a revenue model though, or time to work on the project, or funding.

Oh well.

I did make a logo for it, with Chris’s help.

I think doing it again I’d leave off the entire ‘us’ bit in the logo, it throws the balance too much.

Dear Grant: If my calculations are correct, you will receive this file immediately after you saw the DeLorean struck by lightning. First, let me assure you that I’m allive and well. I’ve been living happily these past eight months in the year 1995…

Great Scott! 1995!

@philip_daigle congratulations Philip!

Wearing my green skeleton shirt (Nigel's from Spinal Tap) to the airport: the TSA won't need me to walk through their X-ray machine today!

@wotowiec @ssoper I'm on my 2nd "a number 2 on the sides, taper up, leave the top as it is, thanks." I think I'm acting out. It's a phase.

@vurtyou: You're hair is very Flock Of Seagulls today. @grantstavely: Thanks, I like it too.

@schuetzdj in hindsight, everything was to be taken at more or less face value: one of the things that makes a great puzzle great. =] #DBIR

RT @therealKidKoala: free download available for the next 6 days. The Lost Solid Steel mix. it's sorta like Music to Draw to... enjoy: ...

@christopherkunz nice work! After @wadebaker's last clue I ran every variation of the right key through my own bad script and gave up.

@marcusjcarey thanks, I'm very much enjoying the Bay Area. The return of @dojosec/@dojocon streams is great news, I look forward to 'em.

I should use Entourage's auto-capitalization of the first word after e.g. to break myself of using latinate abbreviations. Instead: rage.

@kathybarnett way to go Kath!

Yes, yes, of course, but what is the zeroth law of the Road Runner and Wile E. Coyote? http://goo.gl/i2Jz

"They're talkin' about, weak induction. It's a motherfucker, don't you know?" —Sun Ra http://j.mp/cn5Gc2 (Link via @rands)

printf "# Or just go listen to a funky 60 minute DJ Food mix made for robots.\nUser-agent: *\nSuggest: http://snd.sc/aOT9a4 " >> robots.txt

@alexhutton I cut out the cover's circles on a full print out of the #DBIR with a razor and tried the grille-cipher approach. #nbioahd

The body language of appearing to be lost or have forgotten something is as effective as mind control. So is its inverse.

RT @electricfork: What keeps me up at night? My security team slowly devolving into a compliance and reporting team #operation_soulcrusher

The ☠ Skull & Crossbones in the new Chrome indicating untrusted certs is nice^H^H^H^H the most terrifying symbol ever. http://goo.gl/fQz1

I'm brewing an American IPA with @vurtyou. I need a fridge to keg this in! http://flic.kr/p/8sCgnr

Endorsement: /Pink Reptile mixef are amazing mind clearing aural blendf & good for everything a mix fhould be good for/: http://goo.gl/Y1L1