Security Now! - Episode 328
SERIES: Security Now!
DATE: November 24, 2011
TITLE: Listener Feedback 131
SPEAKERS: Steve Gibson & Leo Laporte
SOURCE FILE: http://media.GRC.com/sn/SN-328.mp3
FILE ARCHIVE: http://www.GRC.com/securitynow.htm
DESCRIPTION: Steve and Leo discuss the week's major security events and discuss questions and comments from listeners of previous episodes. They tie up loose ends, explore a wide range of topics that are too small to fill their own episode, clarify any confusion from previous installments, and present real world 'application notes' for any of the security technologies and issues we have previously discussed.
LEO LAPORTE: It's time for Security Now!, the show that talks about security online, privacy online, and a few other side issues like Vitamin D, eReaders, and science fiction. And that's all because our guy, Steve Gibson - the man, the myth, the legend - besides being a security expert, is a man of the world and has many interests. Good cabernet, we should include. We've yet to do a show on cabernet, however.
STEVE GIBSON: Oh, we'll let John handle that. Dvorak.
LEO: Hey, Steve. How are you? Yeah, Dvorak is the wine wiz.
STEVE: We're sneaking this in under the wire of the Thanksgiving holiday. Elaine, in fact, shot me a note, since she does our transcription, saying, uh, it might be a day later than usual for the transcript. And I said, well, yeah, of course. You need turkey along with the rest of your family.
LEO: Oh, yeah, a holiday, that's fine. I do hope everybody's planning - everybody in the U.S., anyway, is planning a good Thanksgiving. You have to say that because in Canada they had Thanksgiving last month. And the rest…
LEO: Yes, they do it in October. And the rest of the world's going, Thanks-who-ing?
STEVE: Yeah. I also got some reminder of what an international audience we have when I guess I tweeted, yeah, it was, I tweeted a reminder about daylight savings time on Saturday afternoon.
LEO: I saw that, yeah.
STEVE: And I got a lot of people saying, eh, we did that last week. It was like, what, uh, what? Where?
LEO: Yeah, the U.S. changed it…
STEVE: I know.
LEO: …a couple of moons ago.
STEVE: That was an annoying year.
LEO: Broke a lot of things, yeah.
STEVE: Lot of machines didn't know yet, so.
LEO: That's right, that's right.
STEVE: In fact, I have a clock that says, “New daylight savings time or old daylight savings time?” It was built at a point when it was before the switch, but it knew it was coming. So I thought, well, that's pretty cool.
LEO: I think there are two interesting movements afoot that have no hope, but I would - actually three. I'm going to give you three movements that have no hope because we're so entrenched in our way of life that I think just anybody with common sense supports. One is getting rid of daylight savings time.
STEVE: I'm there. That's my choice, Choice A.
LEO: Eliminate it. Two is getting rid of the penny, which nobody uses, and that copper is expensive.
STEVE: More than a penny.
LEO: More than a penny, right. But still, no point. And three, get rid of the electoral college because clearly that does not work.
LEO: And all three, any thinking person - actually, though, of the three, daylight savings time might be the one that somebody could dispute. Any thinking person I think would agree on all three. And there's not a chance in hell that any of them will happen.
STEVE: No. I would also argue that, well, there's many problems with our political system. But it is a problem that the Senate has as much power as it does because you get overrepresentation of very low…
LEO: Low population, yeah.
STEVE: …low population states.
LEO: And that's exactly why, to really go off track, you'll never get rid of the electoral college because it gives these states like Wyoming more power than a state like California because they're a small population, but you've got your two senators, so you've got your two electoral votes guaranteed. And they're never going to go for it. So anyway…
STEVE: I promised Eileen that we would remember to tell our listeners about the TWiT plan for the holidays as it affects Security Now!.
LEO: Oh, good.
STEVE: And that is, apparently we're not going to, I mean, we couldn't run the Portable Dog Killer episode again anyway because we got away with it once, and I got a lot of complaints saying, well, Steve, you broke your “we've never missed a week” commitment. It's like, well, okay. But so tell us all what it is that you guys are going to do.
LEO: Do I know?
STEVE: Yeah. It's like a “best of.”
LEO: Oh, yeah [laughing]. Oh, that. I'm looking, “Eileen? Eileen?” Yeah, we're doing - so this is actually - it's good. I'm glad you mentioned it because I do want to send people to the “best of” page so they can help us because - I would say cast your vote, but it's more than that. Help us by picking your favorite moments from the past year.
STEVE: But it's moments. It's favorite moments.
LEO: We don't want to do a whole show like we did last year. We want to get bits. Now, this is a little to tougher on this show because this show is really very fact-based, and there's not a lot of wacky, Steve dresses in a kilt moments. So…
STEVE: Well, and, yes.
LEO: We may do the Portable Dog Killer if we don't get enough votes. Let's put it that way.
STEVE: Someone commented that when you, a couple weeks ago, told me that it wasn't just iOS that was being sandboxed, that the announcement was affecting the App Store for the main OS X, apparently my look on the camera as I just stood there with my mouth open, looking like a moron…
LEO: That's a moment.
STEVE: He said, oh, now, that's one we've got - the problem is it doesn't translate very well into audio. All you get is silence from me, so.
LEO: It may be - we may have to punt on this one. But if we can come up with a half an hour to an hour worth of great Steve moments from 2011, we'll do it. TWiT.tv/bestof. And it's not just this show. We're hoping to do every show a “best of” because we like to take the week after Christmas off. I'm going to go back East and visit family. And so we want to give all our hosts the time off, as well. So…
STEVE: Well, we certainly - I was going to say, what we certainly can do, although this doesn't help us this year, is everyone be cognizant of this approach for 2012 and make notes of things that you think would fit.
LEO: We did it last year, but nobody remembered. It's always a last-minute thing. At least we're planning this one in November instead of the last week of December. So TWiT.tv/bestof. Your help is much appreciated. Favorite moments. And it could be - in this show it wouldn't be, like, wacky moments. It would be important security news. Your Bitcoin piece, for instance, I thought was very interesting. I wasn't here for that. Should be - I think parts of that should be repeated. I think we should probably repeat your discussion of Stuxnet. There are certain things that were newsworthy. So it doesn't have to be goofy. It really could just be the big…
STEVE: Things that bear repeating.
LEO: The big stories of 2011 I think would be perfect. So keep that in mind. And of course…
LEO: Yes, I'm talking to you, folks. And if nothing happens, Portable Dog Killer. The problem is, repeats of a podcast are kind of silly because you can download that episode and listen to it anytime you want. That's why we prefer the “best of,” because that's something that we put some work into. Then one episode has just the highlights of the year, and I think that's a really great thing to do.
STEVE: Let's hope we can have it.
LEO: Yes. The passwords would be good. I mean, I can think of a lot. Actually, I'm going to probably sit down and go through and say this one, this one, this one, this one. Because I think there's some really important newsworthy things that we covered this year. But…
STEVE: In the meantime.
LEO: In the meantime, all that aside, I think you and I have some stuff to talk about from this week.
STEVE: We do indeed. We're going to follow up on - I have some statistics from what happened to the SOPA, the Stop Online Privacy Act event which you and I covered as it was happening, on the day of it, last Wednesday, when I was up in-studio with you. And some interesting tidbits of news. Some feedback. Also we'll talk about my experience with the Kindle Fires that arrived. I had ordered two of them. And so forth. So I think we've got another great podcast for everybody.
LEO: You know what arrived today? A Nook tablet. So we might compare the Kindle tablet to the Nook tablet. Very similar, actually, in hardware. This one's a little faster because I think the extra RAM has made a difference.
STEVE: It might, although it has the same dual-core OMAP processor.
LEO: Processor's the same. But I noticed the page turns are much more smooth.
STEVE: And I notice that it's being advertised by your friend from Glee.
LEO: Yes, it is, Jane Lynch. Did a great job. No matter what she does. So let's talk. What's new in security news? I guess we'll start with SOPA.
STEVE: Well, yeah. This was the reaction to this legislation, which was being viewed by many very popular websites as the most onerous and worrisome, sort of over-the-top government privacy-violating legislation yet - more so than the Protect IP legislation, which is probably, hopefully, thankfully stalled in the Senate.
LEO: That's the Senate version. Ron Wyden, all praise to Ron Wyden, who said “I'll filibuster it. I'll stop it.” So we know that's not going to get through. Although the thing is, these keep coming up. I mean, maybe there'll be another one.
STEVE: Yes. I mean, one of my favorite slogans, unfortunately - I'm very active in following U.S. politics. And my favorite phrase is “The best government money can buy.”
LEO: Yeah. Bought and sold. But the thing that - I think this is a very good lesson. The thing they do with that money is essentially get votes; right? So ultimately we have more control as a group because our vote is the final arbiter of whether somebody gets in office.
STEVE: That is true. And so of course, well, we don't really want to devolve into a political discussion.
LEO: No, please.
STEVE: Special interests end up with disproportionate strength.
LEO: But we are special interests when we act in concert. And that's what the Internet has done, and that's what's so exciting.
STEVE: Well, the bad news is we're fighting the MPAA and the RIAA and these large organizations that keep putting pressure to make these things happen. And in fact…
LEO: They want to break the Internet, frankly.
STEVE: Lamar Smith, who is the Texas Republican representative who's one of the sponsors of this bill, the SOPA, Stop Online Privacy Act bill, he said, “Well, you know, I'm not technical.” Well, okay. And this is the problem, is that one of the many things this does is it breaks DNSSEC. That is, DNSSEC is all about preventing DNS spoofing, which is essentially what this is, is legislated, government-backed DNS spoofing. And so many of the people have been concerned because essentially it means we can't have DNS security if we're going to have a mandated, legislated, deliberate breakage of DNS.
LEO: Because Lamar Smith says it's one quarter of all the Internet traffic is offensive infringement, and we're going to stop it.
STEVE: Yeah. He said one quarter of Internet traffic…
LEO: One quarter.
STEVE: …is infringing.
LEO: And you know he's being spoon-fed that from the RIAA.
STEVE: Precisely. Now, the good news is there was a serious groundswell that resulted, peaking last Wednesday during this day of everyone being called up and out to act. One million emails were generated to U.S. representatives by people around the country that cared about this. I don't know how they have this number, but 87,834 telephone calls.
LEO: That was from Tumblr alone. Tumblr…
STEVE: No kidding?
LEO: Yes, that's the Tumblr number. Tumblr.com was very aggressive because they would be one of the companies that would really be screwed by this. They'd suddenly be responsible for every bit of content on their - and they're one of the biggest web hosts in the world. And they didn't want - so they were very aggressive. And that count comes from Tumblr.com alone. Talk about a great response.
STEVE: Wow. So the average length of those phone calls was 53 seconds. The longest one was 31 minutes. Got to feel sorry for the representative who got on the other side of - hello? And a total of 1,293 hours of phone calls were spent talking to representatives.
Now, I wanted to give our listeners who care about this, as you and I do, a URL, because this is being organized around AmericanCensorship.org is the website. And at the top of their website they mention, essentially, distill it down to three bullet points that I thought were worth sharing. So under “Website Blocking” they explain that the government can order service providers to block websites for infringing links posted by any users. And they said “Risk of Jail for Ordinary Users.” They explain, “It becomes a felony with a potential five-year sentence to stream a copyrighted work, even if you are a totally noncommercial user, for example, singing a pop song on Facebook.”
LEO: Well, and we do this all the time, and it's our position that it's fair use as a news organization. It's protected. But that doesn't mean that they don't take our shows down all the time. And we would be faced with prosecution. And we might be able to defend ourselves; we might not. But it would certainly cost us a lot to do so.
STEVE: And remember, it's certainly possible for people to take the position, oh, well, yeah, but that would never happen to a regular user. But let's remind everyone of the case of the innocent mom of, like, I think her kids were, like, three and four years old, who was attacked by and sued by the MPAA for movies that were found on her machine which were loaded and being redistributed by malware that she had no idea was there. And some huge, tens of thousands, for some reason the number $64,000, I mean, literally, the courts were coming down with cash judgments against her, requiring her to pay this money. So this kind of thing does, I mean, and can happen, and apparently will. Anyway, I don't mean to…
LEO: I think the most important thing…
STEVE: …get worked up.
LEO: …for people who listen to this show is the message that it would break DNS, that it isn't a good solution. It would - and I didn't know, but that it would impinge on the ability to do DNSSEC is huge. I mean, we have a fight on our hands to get everybody to implement DNSSEC as it is. But it's clearly…
STEVE: And we need it to prevent spoofing. And this is mandated, legislated spoofing.
LEO: It's incredible. It's incredible.
STEVE: Yup. And finally, the last bullet point on AmericanCensorship.org explains, under “Chaos for the Internet,” they said, “Thousands of sites that are legal under the DMCA” - which I already have big problems with because it prevents, for example, researchers from being able to reverse-engineer crypto technology in order to research it - “would face new legal threats. People trying to keep the Internet more secure wouldn't be able to rely on the integrity of the DNS system.” So it's just - it's bad. And I think the point you make, Leo, is I don't know if we're going to win this, ultimately. There is such continuous pressure from the powers that be, that do not want the Internet to be free and open, that want control over it, I don't know. I mean, I'm glad everyone's putting up a fight.
LEO: I think we can win this. I think we won this round because I think enough members of Congress got the message. When you get 87,000 phone calls, that's a significant number. Now, somebody in the chatroom said, well, it's not the people who listen to this show, it's the dumb people we have to convince. That's not true. There are 70,000 people listening right now to this show. There are plenty of technically sophisticated people. There are more than enough. Because remember most people never call their member of Congress, never have anything to do with them. So each call counts a lot. So we do have the power. We can fight this. And I think we will win in the long run.
STEVE: And the other thing all of our listeners are, are opinion leaders. I have, in a Q&A that we'll get to later, a point is made - and I chose this because I wanted to make a point to our listeners to tell their less security-aware friends, to remind them of the importance of something. So that really does need to happen.
LEO: As Puppy says, though, really the problem is complacency more than anything else. Let's not be complacent. We've got to continue this fight, continually vigilant, because it's our Internet. And, yeah, most people may not realize the threat. We do. So we're the ones who have to fight.
STEVE: Yes. Yes. Now, a ton of news was made in the last week, and my Twitter feed was full of people bringing this to my attention, about something that may or may not have happened. And that was the news that an Illinois based water district had its SCADA system, the industrial control system for running it, hacked. And the consequence of that was that a critical water pump was burned out.
Now, the question is whether this was true or not because now the Department of Homeland Security, who has a division called ICS-CERT, which is the industrial control systems cyber emergency response team, emphatically says that there is no evidence whatsoever of any external intrusion from Russia or anywhere else. And what's odd is that the original blog posting that got picked up by the news organizations, and even an executive at that water district, who was then on, I don't know if it was radio or TV, but on some public live media, contained all kinds of information about log entries that were found, and IP addresses belonging to Russians. And that for two or three months there was, like, odd behavior being observed by this system, and that apparently it was that the SCADA system was being, like, shutting down and then coming back up. It was the fact that it was offline for a while that caused this pump to burn out because it wasn't - it lost its supervisory control technology that it was relying on and overheated.
So I don't know what to think. You could see some pressure on the part of the Department of Homeland Security because this news got so much press and so much attention that they could be wanting to tamp down on anyone worrying that, okay, well, a water pump today, a nuclear reactor tomorrow. Which of course…
LEO: Right. In fact, break a water pump…
STEVE: …is the concern.
LEO: Right, break a water pump in a nuclear reactor, you could have a meltdown. So this is not insignificant.
STEVE: Yeah. So I don't understand.
LEO: The DHS and the FBI say that we found no evidence of a public water utility hack. We also read that their password was three letters.
STEVE: Actually, it's not their password. There was some other confusion there.
LEO: Oh, okay.
STEVE: It's that there are SCADA passwords in use actually in other places, as I understand it, that are three letters. And in some cases they ship with three-letter passwords, and no one changes them.
LEO: Oh. Oh.
STEVE: Actually I think the one I saw was “100” was the - it was one zero zero was a sample three-letter password that was in use somewhere.
LEO: Somebody needs to remix the Michael Jackson song. “Breaking into SCADA's easy as 1, 2, 3, A, B, C.” Oh, boy. Oh.
STEVE: Yeah. Yeah. So we don't know. There was some good news, and that is that Google is moving forward with some efforts to increase the security of connections to them when using either their browser or Firefox today. And apparently there's support for this in - and I think it was one of the later versions of IE under Windows 7. And that is, remember how we've talked about the way SSL works, where you have a suite of available cipher systems which a web browser offers to the server. And we were talking in the context of CBC, the one particular protocol used by block ciphers, had a problem under SSL prior to version - or actually TLS v1.1 and 1.2. So TLS v1.1, which is SSL 3, had this problem, and that it was possible to simply fall back and not use the CBC technology, but use RC4 as your block cipher, which then would keep you from having this problem.
Well, in a different sort of tangent off of that, the guys at Google have implemented something known as “Ephemeral Diffie-Hellman” encryption. And actually that's a key agreement protocol which is very efficient. The efficiency of that allows them to change keys often. And changing keys often, that is, like for every secure session that you set up, is very good because that creates something known as “perfect forward secrecy.” And several articles that I saw talking about this were written by non-crypto-savvy people who said that forward secrecy was a protocol, and it's actually not. It's a feature of - it's something that you get which is a good thing when you change your key often because the point of it is that it keeps you from ever going back in time. If someone were to hack a key that is now in use, they wouldn't be able to go backwards and hack stored encrypted sessions because those would have been encrypted under a different key.
So what Google has done is they've augmented the normal security suites that are available with some new ones which inherently use ephemeral keys which are easy to compute and won't load down servers. They have built this into some updates to the OpenSSL suite and made that publicly available. So what'll happen is this will filter back into OpenSSL with a future version of it. It'll be available. It'll then get pushed out and built into next-generation fundamental SSL suites that are available in the UNIX flavor OSes. And apparently Microsoft is already in the process of adopting this. And then, as our browsers are made aware of this, and currently Chrome and Firefox both are, we'll just all start using this, and that'll be a good thing.
So this is just a really - it's a perfect example of when a protocol was thought out well, and it was inherently designed to be upward compatible, how you can slipstream good evolution into that protocol, never breaking anything, and just automatically taking advantage of innovation in the crypto that just sort of filters out into everything.
LEO: Maybe Vint Cerf was right. He said it's the self-healing Internet.
STEVE: Don't throw it away, yes. And I did want to make a little TSA announcement. I saw for holiday travel that children under 12 no longer have to take their shoes off.
LEO: Yeah. I know that because I traveled with a child under 12 about a month ago.
STEVE: And has that always been the case?
LEO: Nope, just happened. Literally about a month ago, yeah.
STEVE: That's what I thought, yeah. So although people…
LEO: So I guess they figure there'll be no shoe bombers under 12.
STEVE: Well, the bad news is I think today, as we're recording this, people are probably already in line, so they may not be hearing this announcement.
LEO: Oh, they put - the way I found out, they put big signs up at the airport.
STEVE: Oh, good, good.
LEO: Yeah, yeah. So but you still have to do all the other stuff. In fact, those security lines have gotten crazier and crazier and crazier. I got - usually I get scanned. SFO uses millimeter wave scanning, which is not an X-ray and supposedly not dangerous. But I got a backscatter scan in Vegas, the last time I left Vegas.
STEVE: Actually I got a backside scan.
LEO: I don't want to know.
STEVE: I'm not kidding. I guess - it was one of the trips I had taken recently. And I thought I did everything right. I raised my arms above my head and stood there. And then the person said, “Do you have something lumpy in your right back pocket?” And I had some, just some bills folded in half. And it was sensitive enough that I took my wallet out of my left back pocket where I normally keep it, but I didn't realize that just folded paper would upset it. Then I had to go through the whole pat-down routine because now suddenly that sets off their alarms, and they're like, okay, well. So I guess that was a backside scan that I had.
LEO: That happened to me, and I turned out - I think it was just my shirt was bunched up when it was tucked in. I had nothing in my pockets. I didn't have a belt on. It was all fabric. And they still said, we've got to scan this back here. And I think it was just probably my shirt was bunched up. I mean, this is ridiculous.
STEVE: Well, and Leo, I don't want to get off the track, but I haven't ever said this before except to friends of mine. All of these problems that we had were from foreign flights coming into the country. The fluid mixing thing was - I think that was - was that out of London that was coming into the U.S.?
LEO: Yeah, I think it was.
STEVE: And the shoe bomber, the underwear bomber, all these variations of bombers, they were not when people were flying from Orange County, California, 500 miles north to Northern California. I mean, think about it.
LEO: It's security theater. I mean, that's what Bruce Schneier calls it. He is, of course, a great security expert. And he is very vocal on what we could do to have effective security as opposed to what we are doing, which is essentially theater.
STEVE: Oh, and look at the cost to us, to us citizens. Anyway. So last Wednesday you were showing off your Fire, your new Kindle Fire, and I was drooling over it and telling you that mine were waiting for me. I was so excited about it, back when it was introduced, that I bought two of them under the theory that if one is good, two would be better. They've both been returned to Amazon.
LEO: Yeah. What happened?
STEVE: Well, in fact I tweeted. I said a couple days after that I saw a Kindle Fire teardown where its cost was estimated, and it was estimated at cost, that the $199 Kindle costs Amazon $201.70. And so I tweeted that. I said the Kindle Fire teardown shows it costs $201.70 to make. Of course that doesn't factor in the cost of return shipping.
LEO: Oh, interesting. You had to pay for return shipping?
STEVE: Oh, no, no. They did. But I'm saying that that was also their cost, which wasn't factored into the Kindle…
LEO: Right. They lost more money on you than anybody else.
STEVE: Well, I mean, and in fairness - okay. So I plugged it in, charged it up overnight, and went to Starbucks bright and early on Thursday, the next morning, to have a nice sit-down with it. And I started not being that impressed with it. The power button sticks out, so it will turn itself on or off if you rest it on its lower edge, which is why many people have power buttons that slide, because that's not something - that's not as natural an action. But and many of the Kindles, the early Kindles slid. The newer Kindles at least don't stick out, except the Touch's sticks out; whereas the regular, what they call the Kindle now, just the Kindle Kindle, its button does not stick out. But then little things.
LEO: It's a little easy to hit that button, I agree with you, though. I think that that's not a good place for it.
STEVE: Yeah. And unfortunately that's maybe the only thing which doesn't fall into the category of they can fix it, because the beauty of any of these…
LEO: It's all software.
STEVE: Yes. Any of these state-of-the-art devices is that it is software. And so everything I'm going to complain about, I understand can, hopefully will, get fixed. But, for example, the bright - and these are, as I was playing with it, I was thinking, Steve Jobs would have never shipped this. And so, like, it wouldn't have gotten past him. For example, the lower 25 percent of the brightness control is defective.
LEO: Is black.
STEVE: It does nothing.
LEO: Does nothing.
STEVE: The lower 25 percent, you slide it back and forth, it has no effect whatsoever. It just bottoms out. And so they need to rescale that.
LEO: But that's, as you say, easily fixed with a firmware upgrade, yeah.
STEVE: Easily fixed. Also on the title page of a book that I was experimenting with, as I dragged it back and forth with my screen, I was able to get it to leave debris behind. So it wasn't properly refreshing the screen as I moved it. And it was jerky and not very smooth.
LEO: I think you got a - more bad ones. I think that's another bad - I haven't seen any of the graphics issues that you just described. And while the screen is not quite as fluid as an iPad, admittedly, I haven't - it's pretty fluid. I haven't seen any issues with it at all.
STEVE: Well, I wanted…
LEO: I think a lot of people are having trouble.
STEVE: I wanted - oh, they are. I wanted to see whether the cover flow was better in landscape orientation than it was in portrait because it is unusable in portrait. It is just - it's awful. Now…
LEO: Oh, you know what, Steve, you have a bad machine. No, I'm not kidding. I wish I had mine here that I could show you. The cover flow works fine in portrait, in landscape.
STEVE: I've had other people complain. I've seen other people complain about the cover flow. It just, the way it works - now, maybe it's that I have 247 things in the archive.
LEO: Well, that could be it.
STEVE: Except that ought to make it just deeper. But, I mean, it doesn't - it's difficult for me to, like, bring something to front. It was snapping off to the left prematurely. And again, fixable by software. Font selection…
LEO: I think fixable by getting one that works. I think you've got - I'm not kidding. Let me - here. I have one here. Let me - I have to set up the screen so you can see it. Let me just see if I'm getting the same effect on this Fire. Because it's completely smooth on both portrait and landscape mode. Let me pull up a shot of it. I don't have an over-the-shoulder shot. I wasn't planning this. Here, all right. Here is - this is not my Kindle Fire. This is Liz's. I mean, it's a little slow updating the image the first time through, but that's completely fluid to me. Are you seeing it?
STEVE: I actually can't. My video from you froze quite some time ago.
LEO: Oh. These things do happen. So, I mean, I feel like that they may have a lot of hardware defects, and that you may have a bad graphics card in there. Interesting, yeah.
STEVE: Well, I think it's design. I think it's a very bad UI. I was unimpressed with its navigation, which seems inconsistent and often unclear.
STEVE: Like how to move around. I mean, I'm asking a lot from it. I will say, yes, it's $200, and that's an amazing price for a tablet that has this much potential. But at this point I'm very unimpressed. It needs major revision. For some reason it's already at Rev. 6 when it comes. And it may be that both of mine - because both went back. Both of them hung completely. And I did order instantly, so maybe they were literally the first ones off the assembly line.
LEO: That's what I think. I think there are probably several sources for these. And I'm wondering if some of the sources are just not making good ones.
STEVE: Yeah, well, as I mentioned to you before we began recording, when I Googled “Kindle Fire frozen,” I immediately found other people having the problem, and I made three postings in an online Amazon-based thread that drew attention. I tweeted about the problems. And I just considered it, unfortunately, a very bad launch failure. But I did hear that you and Paul talked about it that same day, on Thursday, and really liked the Kindle Fire.
LEO: Well, what's interesting to me is I'm hearing very different experiences from people. To me, I mean, I was just showing the page turn and the cover flow, and it's snappy. There's a little tiny bit of hesitation, tiny. I mean, you'd have to be a little picky in the page turn. Certainly nothing like the actual physical hesitation in a page turn or like a Kindle. I think for 200 bucks this is, well, I think for any price this is an amazing product. It's certainly the best Android tablet I've ever used. I agree there are some flaws. I think the on/off switch is a little easy to hit, although I don't hold it that way, so I never hit it. I really like it.
STEVE: So you would call it “the best Android tablet to date.”
LEO: Oh, easily. But that doesn't say much because most of them are pretty horrible. I mean, that's really literally not saying a whole lot. But I just feel like…
STEVE: I think I'll probably wait three or four months for them to settle down, for whatever problems they're having with production to, I mean, I wouldn't want to get one and then have them improve the hardware design. And they do tend to do that.
LEO: I'm wondering, I'm thinking that there's a variety of hardware out there, or manufacturing problems with some of them. And might have something to do with that. I mean, I found this to be - and Kevin Rose was on TWiT saying the same thing, “This thing is horrible, I can't….” And people like Paul are saying things like, well, compared with the iPad, of course it's not as good, but for the price it is very good. But I actually, even, I mean, at 200 bucks I think it's amazing. And I've been recommending it to people. So I just have a very - I have a very different experience.
STEVE: Well, I would not recommend it as a book reader.
LEO: Well, I like the eInk. And I do say that. I mean, I do point out that, if you're reading in daylight, or you want really crisp text, then this is probably not a good choice. There is also an issue with this, it signs you into your Amazon account. So I had a caller on the radio show, said “I want to get a tablet for my girls.” And while I would recommend this for kids because the price is right, and I don't think they'll have the same issues that we have, their problem is you can't lock down the purchases. So you're giving a kid basically a device to buy anything they want at any time. And I don't know if that's such a good idea.
STEVE: Yeah, you're giving them your credit card with no controls over it.
LEO: Right, right.
STEVE: Yeah. Also the Touch I have a problem with, which is that - and again, fixable by software. But first of all, I'm not a big fan, I think, of touching the screen in order to change pages. I really like having a physical button. And my favorite Kindle of all time actually turns out to be the DX. I've been reading, I mean, a lot recently because I'm just so in love with these Honor Harrington books. And I've come back to the DX, just because of its large screen, which is so comfortable for me. And in fact I have two of them. I'm probably going to bring one up to Northern California and see if my mom wants to upgrade hers from the one that I got her a couple years ago, which was probably the Kindle 3, to the DX, just because she's in her 80s, and…
LEO: It's big, yeah.
STEVE: …I think she would probably appreciate the larger screen.
LEO: My wife has inherited the $70 or the $80 Kindle, the basic Kindle because I've got the Fire, and she loves it. I think the Kindle is a very accessible product.
STEVE: Yeah, now, my problem with that one is I think it's almost too small. My favorite practical Kindle, I recognize the DX is not for everyone because it's $379, and that's really pricey. But my favorite one is what they now call the Kindle Keyboard, which is what they used to call the Kindle 3, because it's got that paddle at the bottom to hold onto. For me it's just easier. I like having switches on both sides, which of course the $80 Kindle also does. But it's almost - there's almost nowhere to hold that little Kindle, the newest one, because it's just like they've removed the margins, and there's no more keyboard at the bottom. And so it's sort of a little difficult to, like, get a grip on it. But again, it is super small, and they really have improved the page turn, too. They no longer do the big whole screen inversion paint. They only do that every six page turns. So five out of the six page turns just change the text. And it's very pleasant.
LEO: Oh, I didn't notice that. I didn't notice that.
STEVE: I first saw that on the earlier Kindles in the Table of Contents. I noted - or maybe it was in magazine reading. It was something - or news, news subscriptions. There were several places where they weren't doing the whole big black inversion. And I thought, wait, a minute, how are they getting away with that here? And what they've done is they've extended, well, they've extended it so that it - I think what happens is there's, over time, there's some buildup, sort of like some drift. And so they said, okay, well, we'll let you do sort of the easy-on-the-eye page turn five times. But when you do it a sixth time, we're going to sort of like, like the Etch-A-Sketch, erase the whole screen and then redraw it in order to clean up anything that might accumulate.
LEO: Now, I'm curious. I just got, to compete with the Kindle Fire, I just got the Barnes & Noble Nook tablet. I thought, if I'm going to review the Fire, I should review the Nook. And some of the things that you'll like immediately, first of all, it feels thinner and lighter. It's got beveled edges instead of square edges. It's got an on-off switch here, where you're less likely to hit it. It actually reminded me a lot of the Kindle Fire, with one kind of small exception. It's a little faster, and I think that's because it has more RAM. It has the same processor, but it has more RAM in it.
STEVE: Yeah, I think the Fire has 8GB of RAM?
LEO: No, RAM is 512 on the Fire. RAM.
STEVE: Oh, 512. That's right.
LEO: Yeah. And this is a gigabyte of RAM.
LEO: Yeah. But it's very similar in a lot of ways. It's funny, and I'm not sure why this is, its refresh rate is not the nominal 60Hz that most screens are. You notice we didn't get any - you can't see it, but we didn't get any flicker on the Kindle Fire. We're getting, on all our cameras, we get a lot of flicker on the tablets. So they've got an odd refresh rate going on here. I'm not sure why. But I do think it's a very similar product, maybe a little faster. So if you could live with the fact that it's not Amazon…
STEVE: And the price?
LEO: 50 bucks more. Which is not, in my opinion, a good idea because people are going to pick the bigger brand for 50 bucks less. I don't think very many people say, oh, it's got double the RAM. I don't think that comes up at all. Anyway, enough about eBook readers.
LEO: I think you still got a hardware malfunction in yours. Your new one.
STEVE: I don't think so. I think I'm just picky.
LEO: Okay. When you come up here next time we'll have a head-to-head faceoff.
STEVE: Well, I'll have my own. I mean, I will, I ought to have one. I have multiples of all the other ones.
LEO: Might as well; right?
STEVE: Ultimately I think I should have one. I would like to have an Android tablet. I don't have an Android tablet yet, so…
LEO: It's, in my opinion, the best Android tablet. It's limited in some ways. It's not updatable. Amazon has to update it. And you don't have access to the full marketplace. You have to get stuff from the Amazon store. But it's still an Android tablet.
STEVE: Yeah. And again, I'm also in a position, as are you, of being able to buy individual devices for individual purposes. So I have a DX because I like reading on that large eInk screen. And I have the smallest Kindle because it's nice to have one that goes in my pocket. And I've got my iPad for everything else. But if someone had to just choose one device, and budgetary concerns were forefront, then I think this does it all for 200 bucks. You get a tablet half the price of the iPad or less than that, and also a useful reader.
So some tweets. David Wright, who tweeted - he said he's an Englishman in Germany. He sent a mention to @SGgrc: “SpinRite saves the day again. 2004 laptop back up and running again, ready for another couple years of faithful service.” And David Ward, tweeting as @DaveQB11 from Sydney, Australia, said @SGgrc: “Left Firefox 4 open overnight at work. And today we have it consuming 4.6GB of memory.” 4.6GB. So, David, you get the record. He says, “Only about 85 tabs.”
LEO: Well, look on the bright side. At least it's a 64-bit app.
STEVE: Exactly. I will mention something that I caught it doing, and that is, I watched it as I was in Task Manager. I had Task Manager open, watching the memory just, like, kicking up over time in Firefox, just going, like, every time Task Manager would refresh, like very few seconds, it would be larger. So Firefox was just growing continuously. And I thought, you know, I wonder. And I closed an open PDF, and it stopped.
LEO: Adobe! Blame Adobe. Oh, that's interesting.
STEVE: Yeah. So, and I wouldn't be at all surprised if among those 85 open tabs that Dave Ward had, some of them were PDFs that were being viewed. Often the case for me. So that may be part of the problem. And then Simon Zerafa, who is a frequent Twitter and contributor, he send a fun quote that I liked, attributed to Samuel T. Redwine, Jr. The quote was: “Software and cathedrals are much the same - first we build them, then we pray.” So…
LEO: Love it. So true.