Amazon, you've got competition

tl;dr I'm using a Chromecast and the Google Play store to purchase and rent movies instead of Amazon Prime Instant Video. This is a change from what I've been doing and unless Amazon makes it easier, faster or cheaper, they'll probably continue to loose business from me.

A few months ago I picked up a Nexus 10. I love it, it is great. A few weeks ago I made my first non-app purchase in the play store, some movies to watch on a flight to SFO. Watching movies on the tablet was a great experience. The purchase was quick, downloading them to the device was fairly simply and the battery life on the device let me watch several movies with plenty of juice left over.

I've also been an Amazon Prime member for a while and the whole family has been using Amazon's streaming video service through our PS3 for a few years now. In fact, between Amazon Prime and Netflix, we didn't have cable for several years. The selection of movies and TV shows on Amazon is great and the purchase/rent flow is really easy to use.

With the release of the Chromecast, Amazon has been put on notice. During the Super Bowl, I let Vanessa pick out a movie from the Google Play store on my tablet and with the Chromecast, she watched it on a TV that doesn't have any capability to stream Amazon/Netflix. Using the Chromecast to watch a video purchased and streamed from my Nexus 10 was super easy and my 7 year old figured out pretty quickly.

What the Chromecast does for me is make streaming something that I can do mobily within my house. I don't have to have the PS3 setup, I don't have to run any special streaming software or have video files on my Linux box, I don't have to deal with clunky Time Warner Cable software and most of all I don't have to have a device that is fixed to each and every TV. I have one Chromecast and it is small and light enough to move from TV to TV without being a big problem. I'd also rather own 2-3 of them than spending several hundred dollars to have a roku/PS3 on each TV.

Amazon is great and I love the selection of movies they have, but with my Nexus 10, our multiple computers, the Google Play store and my Chromecast, I'll probably continue purchasing movies elsewhere. I like the portability and versatility.

ElasticServices 1.0.0 RC1

A few days ago I pushed a project up to Maven central called Elastic Services.

This library provides a protocol buffer based framework for creating self coordinating asynchronous services.

This is an early release candidate and I'm very interested in getting feedback.

Smart Things

I've been playing around with Smart Things and wrote a few small applications for it. These are pretty specific to my needs (and my house), but demonstrate how easy it is to write custom applications for the platform.

This first application is used to turn the office lights on when I'm home and there is activity in the office. It makes use of a motion sensor in the office, a zwave lightswitch that I installed in the room and a presense sensor that I have on my keychain.

All of the code can be found on GitHub: https://github.com/ngerakines/miniature-dubstep

Using BitTorrent Sync, GPG and Linode for secure messaging and storage

There has been a lot of discussion lately on the state of privacy. I'm not going to comment on whether or not people who assumed that there was some notion of privacy and security between ISPs were right or wrong; I can only look at what has been made very clear and proven.

With that, I've been reading different opinions on things like lavabit and spider oak and how they compare to existing storage services like Hightail, dropbox, etc. I'm also very interested in BitTorrent and how it can be used and applied here.

All of this lead to me starting to phase out my use of dropbox and, in some ways, email. The problem with dropbox is pretty clear: Because they have absolutely zero support for encrypted, zero-knowledge storage, I can't use them and strongly advise anyone that does to move to something else.

The issue with email is a bit more complex but boils down to three big problems. SMTP, the protocol used to send email on the Internet, is a plain text protocol that (much like HTTP in some ways) and servers are not required to secure connections between each other when sending email. Some SMTP servers do support SSL/TLS but it is not required, and as far as I know the major providers like Google, Microsoft and Yahoo do not use TLS when sending and receiving messages.

The second big issue is that even if the servers involved in transferring a message do use SSL/TLS, that doesn't do anything about securing the message before and after it is sent. If I have a mail server running somewhere that Outlook or Thunderbird connect to for sending email, that server may store that email locally in a "sent" folder that is insecure. The same holds true for the server receiving the message.

The last issue involves the use of encryption technologies like GPG/PGP. When I send an email and encrypt the message, the only part of the message that is being encrypted is the actual body of the message. The subject, to and from parts of the message are untouched, as are the rest of the message headers.

So where does that leave us? Ideally a new, more secure message protocol will emerge that enforces server security as well as message security, but I'm not going to wait around for that. What I've done instead is much more simple and uses BitTorrent Sync, a linode instance and GPG.

If you aren't aware of what BT Sync is, it is a simple client that uses the BitTorrent protocol to transfer files between two or more devices that supports some basic discovery constructs. In short, if I have two computers configured to sync with each other, when I place a file in one of the sync folders on computer a, after some period of time it shows up in the sync folder on computer b.

Doing this between my laptop and desktop is pretty simple. Their website has a getting started guide that shows how this can be done. What I'm doing is taking things one step farther to make synced data available to other computers when my computer is offline. To do that, I'm using a linode instance.

My linode instance is running debian 6 and I've gone through the usual steps to secure it. On that machine, I downloaded the linux bt sync client and used the following config.

{
  "device_name": "host",
  "listening_port" : 4444,
  "storage_path" : "/home/user/.sync",
  "check_for_updates" : true, 
  "use_upnp" : true,
  "download_limit" : 0,
  "upload_limit" : 0, 
  "shared_folders" :
  [
    {
      "secret" : "FOLDER SECRET",
      "dir" : "/home/user/documents-btsync",
      "use_relay_server" : false,
      "use_tracker" : true, 
      "use_dht" : false,
      "search_lan" : false,
      "use_sync_trash" : false,
      "known_hosts" : []
    }
  ]
}

When the Linux BitTorrent Sync client starts, it forks itself and runs in the background. Meanwhile, on my computer I add a new direct host entry to the linode IP with the port specified by the config. Both locally and remotely, I can add files and then see that they are synced correctly across computers.

On the linux server, the sync directory that I'm using looks something like this:

./keys/DFAD0D40.gpg
./keys/0F751A8E.gpg
./keys/4F96B2E4.gpg
./messages/70b70a33086871aa9ac0c1538002162fad69556e.asc
./messages/a4e88213f8a2470e51af12f64ea125ef28016015.asc
./notes/e73ce84b1fdcd5b50aa1e39975747196d9fde3c5.asc
./notes/f36cf086a11af381301455e261e87e5e8231a845.asc
./software/gpg4win-2.2.0-beta34.exe
./software/GPG Suite - 2013.08.06.dmg

Files in the messages directory are GPG encrypted blobs of text. Here, the policy is that if there is a message that you can read, because you can decrypt it, then once you read it you can delete it from the folder and the delete gets propagated. Files in the notes directory are encrypted blobs of text that aren't meant to be deleted and may be read by a group/shared key. The software folder is just there to bootstrap a new sync.

This system is great if you've got a handful of people that want to send and receive encrypted notes and messages to each other. It takes a little bit of know-how to setup, but very little maintenance once it is up and running. I think bt sync has a lot of potential and I'm eager to see where and how it is used.

Firefox

When Google Chrome was released, it had some really cool features and abilities. Over the years support for hangouts, native extensions, Google made extensions for Google Apps, the javascript engine used and the improvements made to it to support the chromebook have made it a truly awesome browser.

In the meantime, the folks at Mozilla have really stepped up to make Firefox equally great. Hardware acelerated graphics, many improvements in memory consumption and management, enthusiastic support for privacy, safety and security and a huge base of extensions has made me want to go back.

  • Switching from Chrome to Firefox has been pretty smooth.

  • I made the right choice in not storing form information in the browser. A few years ago I started using 1Password on Windows and OSX and in Linux I use password-store. This made things a lot easier.

  • I was using the recent Google Hangouts chrome extension, but moved back to Adium and Pidgen. I really like OTR support and feel that it was a good move.

  • I did keep some bookmarks in Chrome, but most of my collection is on pinboard.in.

I'm also using a handful of addons: