The not-so-secret secret here is that most wireless providers assign their subscribers an email address based on their phone number. If you send an email to that address, it’ll get delivered as a text message—if you attach a photo to that message—say, using the iPhone’s built-in photo emailing—it’ll get delivered as a picture message.
He's suggesting that anytime I want a friend to send me an MMS, I tell them to send it to me at 6035579073@mms.att.com, and anytime I want to send an MMS, I instead send an email to 6035550000@mms.whoverthehelltheircarrieris.com. As Dan notes, this sucks.
The other long way around the lack of native MMS support on the iPhone is viewmymessage.com. It's a good idea in theory: When an MMS message is bound for an iPhone it is instead stopped at AT&T and posted on a website. A text message containing instructions for how to receive this message is then sent to the original recipient. The problem is in the implementation. Let me elaborate with a numbered list of greivances.
- Anybody got a pen?
Here's the workflow:- Receive text message
- Find a scrap of paper and pen
- Write down two arbitrary 8-10 character sequences (message id and password)
- Go to viewmymessage.com by clicking the link in the text message
- Type in both sequences
- See picture
Compare this to my suggested workflow:- Receive text message
- Click link
- See picture
These sequences of 8-10 characters for messageid are no picnic, by the way. 'o0nssy2jvm' and 'i06kdklv6' are two actual examples of message ids. Quick, look at the tiny text on your phone and tell me if that's an o, O, or 0! The passwords, however, are passably readable. Things like 'silk9aid' and 'guy7robe' are somewhat easily committed to short term memory.
The kicker is that the committment to memory or paper that these require is unneccessary. They can be easily encoded in the URL itself, so that the user never has to type them in. I'm pretty sure that's how my Samsung phone 'natively' handled it, and I was barely even aware of the fun I was missing out on. What I'm saying is that instead of the existing link to http://www.viewmymessage.com, include a link to http://www.viewmymessage.com/en/webnonsubscriber/msgidlogin.do?messageId=i06kdklv6&password=silk9aid , which works - or would if I hadn't changed a character to prevent you from seeing my message, in the text message. Poof! Fixed! - Receive text message
- Flash as an image viewer
The messages at viewmymessage.com can be retreived on any multimedia web browser. (I tried using lynx and the site practically scoffed at me.) Using a computer to access your message on that site will likely bring up a small 217x244px embedded flash movie containing the sent picture. I'm sitting here at a computer with 1600x1200 monitor, looking at a tiny picture that i can't even make out. I can choose to 'zoom in' via flash's right-click menu, but since my viewport is limited to 217x244px, I can only ever see a tiny square a time, like looking at a panoramic photo through a pinhole.
And there's no way to save the image from a flash, except screenshotting. Hey, guess what? People like photos. People like to save photos. It's what they do. The first MMS I got on the iPhone was a picture of Adam and Jess's newborn son, Cohen. I remember zooming to the native resolution of the image within the flash viewport jailcell, scrolling around and taking 6 different screenshots, and stitching them back together in paint to get a decent image.
Not only is there no way to save an image locally on your own computer, but messages are deleted from the server within 7 days. That sucks.
If you really want to save a photo from viewmymessage.com, here's what you do: Disable flash. Since the site was meant to be used on an iPhone, which doesn't support flash, it has flash detection built in. If the browser you use doesn't support flash, it instead returns the original JPG. Don't ask me why this isn't the default behavior, cause I sure don't know. Oh, and don't just download the FlashBlock plugin for FireFox. The browser needs to report up front that it doesn't support flash. All FlashBlock does is prevents flash from displaying on the screen. - From: +16035579073
Who the hell's number is that? (It's mine) Unless your name is Mike Williams and you pride yourself on being able to recall every phone number you've ever entered into a phone, you will not appreciate being told who each photo is from in numeric form. - Long delivery time, Long load time
The service is unreliable. It can be hours before a message is processed and a notification is sent to you. In addition, I don't know what kind of heavy lifting is going on behind the scenes, but it seeems unreasonable that it should consistently take a full 60 seconds to load the page once I do get a notification. That's on a computer, mind you, not my 2.5G iPhone. - Password field is not shadowed
Most password inputs on the web use input type='password'. This has 2 main advantages over input type='text'. Firstly, it masks your password on the screen as you type it. You see ******** instead of P4SSW0RD. (And by the way, if you are using leetspeak to obfuscate a dictionary word to use as a password, you should be shot.) The second advantage is special handling of your password with respect to AutoComplete. And by 'special handling', I of course mean 'no handling'. If you don't know, AutoComplete is Windows' way of storing input text from HTML forms (among other places, like the URL bar) for easy reuse. Any time your email gets filled into a web form after only a few keystrokes, that's AutoComplete. AutoComplete shouldn't, and doesn't, complete passwords. This would be silly. It detects passwords via input type='password', and does not store whatever you enter.
The interesting thing here is what happens when I use this particular password field - any password I may have entered in the past into a similarly incorrect password field shows up in the AutoComplete list for this field. Again, since the HTML author didn't use type='password', AutoComplete didn't know to ignore this field. So there, staring me right in the face are a few of my honest-to-goodness passwords.
These passwords, in fact every string AutoCompete stores, are in an encrypted file on disk known as the AutoComplete Data Store, or autoDS. But seeing them on screen is just unnerving, as is knowing that there are sites I trust with a password that are irresponsible about handling them. And I have no record of which site stored those passwords in the autoDS.
Greasemonkey to the rescue! I wrote a tiny GM script to pop up a javascript alert if it detects a password field without the proper type='password' setting. From now on it will lurk in the shadows of every page I visit, waiting to pounce.// ==UserScript==
// @name insecure_password
// @namespace http://sobohobos.com
// @description Identify forms that have password fields with type=text
// @include *
// ==/UserScript==
// Author: brett.schellenberg@gmail.com
//
// Alert whenever an input named 'password' is not of type 'password'.
// Inputs like this are undesireable because they may be displayed on
// the screen as they are typed in, and may also be stored and retrieved
// in AutoComplete forms.
var badform;
badform = document.evaluate(
'//input[@name="password" and not(@type="password")]',
document,
null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE,
null);
if (badform.snapshotLength > 0) {
alert('Brett says: A password input on this page is not type=\'password\'.');
}
2 comments:
Dude - you should've just gotten a G1. ;)
...And yes, I'm leaving comments on old blog posts at 1:30 a.m. WTF, you dissed l33t?
Have you tried http://www.getyourmms.com? It doesn't really shorten the workflow, but no more annoying flash and you get everything in your email.
Post a Comment