3G probably doesn't have the same coverage as the old GSM. If you turn off 3G (if it's possible) then you should get the same signal strength (in theory).

Stig

I've similarly observed a lack of 3G coverage. It seems like the phone is preferring crappy 3G over good old-school GSM, which could explain part of the battery drain phenomenon.

It is. I believe it's Settings - General - Network.

Yeah, you should definitely check the coverage map before purchasing. On the data side, only 10% of the country is covered by ATT's HSDPA. EVDO currently has far more coverage. I'm sure ATT will expand pretty quickly, though. T-Mobile, OTH, is way behind.

Given my limited needs outside of my area, I'm curious to see what happens with WiMAX and what types of devices will come out of it. But that's pretty far down the road. It won't even be release until the end of the year, and I'm sure it'll take a while for manufacturers to catch up.

Meanwhile, on the battery drain front, 9to5mac was republishing this graph from PC World:

"Wow! Three times as good as a Treo 750!"

Except it's not, of course. Even if it's too much to ask for error bars on this sort of graph (the Iphone's lead over the Samsung appears to be about three minutes in five-and-a-half hours: is their testing really accurate to the nearest 1%?), surely it's not rocket science to start the graph at the origin?

I think statisticians are like Empegs: most of the people who direly need one, don't even know it...

Peter

Honestly, I still don't understand why an entire day isn't long enough for most people. Here's a simple idea: put a charger by your bed. I have a chord draped over my nightstand, and when I get into bed, I plug in my phone. It's pretty darn easy. My phone hasn't run out of juice since I got it in October. Between my car charger, a USB data cable, and that home charger, I don't see any way I could run out of power.

Also, I had the Treo 750w, and never thought the battery was a problem. Then again, I seem to be the only person on the planet who liked that phone...

Going away for a weekend without a car, forgetting your mains charger and finding no one else with you has a matching charger ? It has happened to me at least once.

I hear you. I was going to say exactly that before I read your email. That sorting of graphing is clearly misleading to people who don't recognise that kind of twisting of results.



Because it would be nice to go away for the weekend and not have to remember the charger - or go away for work (particularly with a business oriented phone) for just 2 days (i.e. one overnight stay) without having to remember the charger etc

At least a number of the newer ones can charge from USB allowing charging from laptop (another charger to remember)

I can do without 7 days standby (which I used to get on my 6230 sans 3G, sans email checking etc), but I'd like to see 2 to 3 days with some use as a target for battery life.

5 hours simply doesn't cut it although that is solid use. The problem is they cram so many features in you use them more and more resulting in less and less battery life.

I guess the question is: "Is the extra 3G speed inversely proportional to the battery life. i.e. you do more stuff in a shorter time so need less battery life..."

I suppose those graphs are all about talk time. What they should well have measured with the iPhone is talk time on GSM vs. 3G, since they're quite different. For that matter, if they truly wanted to do apples-to-apples, they'd have to make sure they were the same physical distance from the cellular towers.

Meanwhile, my iPhone is continuing to impress. It's nice that they got little details right (e.g., when I was listening to music and a call came in, the phone faded out the music before playing my ringtone). So far, the only problem I'm having is that it refuses to connect to our 802.1x wireless at work (i.e., I put in my username and password and it just sits and spins). The Enterprise Deployment Guide talks about an "iPhone Configuration Utility" that you can run (available here).

This is a fun little utility. For eample, you can read the syslogs on your iPhone and see all the access points that you've bumped into. It has a notion of "configuration profiles", which my employer would presumably configure for me. (The Help Desk responded saying "come on over and we'll get it working for you.")

So it's a decent little toy. Muchly like it. 3G network works good for me.

Not so much liking the real-time features of the mapping software. They really need to work on that. No *way* can it replace my GPS unit in its current state. It's funny, though, the mapping application is just on the hairy edge of being useful for navigation. Just a few tiny little things to fix up and it would be useful.

Once Garmin or Magellan or Nuvi or whoever comes out with nav software for this thing, though, I'm so *there*.

Does the new OS update (for the iPhone) allow you to disable password masking? I hated the fact that the WPA settings masked your password. I can't understand why you'd need the password masked on a device with with such a small screen. At least in Mac OS you can turn it off.

With the masking in place I was unable on at least 10 attempts to get my brother's iPhone to join my secure network. I have a really long password phrase and we both found it impossible to type into the iPhone without seeing what characters we were typing.

The iPhone shows you the last character you typed and leaves it up, in cleartext, for a few seconds. It's tolerable.

I know. It wasn't enough help to get us onto my network. Without being able to see the whole pass phrase in clear text we couldn't determine if it was a typo or something else. There little to no need to visually mask a password on a hand-held device. I'd go so far as to say there's little to no use masking them on your personal computer either. I suppose if a particular field were to encrypt/hash as you type so that it never held the clear text even internally, there's some benefit to executable exploits.

Anyway, the whole "it's Mac OS" BS just kept getting on my nerves because nothing about the iPhone is anything like Mac OS from a UI or usability point of view.

I'm with you, Bruno.

These days, WEP and WPA keys can be pretty byzantine, and I'd really like to see them optionally show clear text. To answer your question directly: No, it's not an option in this version of the software. And the aforementioned 2.0 feature of the last character hanging around for a second or two is utterly useless.

The following things need to happen on this thing to make entering WPA keys more friendly:

1. Optionally show clear text characters when entering WPA keys.

2. Make the caps lock feature (double-clicking on the shift button) stay "sticky" when toggling back and forth between the numbers and letters panels. If you don't understand why this is needed, try entering the following as a WPA key: CD19DF45ABBA5B5CD5A1

3. When entering passwords or WPA keys, it needs a different keyboard entry panel that includes numbers and letters on the same screen so that you don't need #2 above.

Without these features, entering WPA keys is do-able, but a huge pain.

My pass phrase is 44 characters long and includes both lower and upper case, numerals and and a few non-alphanumeric characters. It's super easy for me to remember, but would be very hard for anyone else to guess or brute force attack.

The only error we received from the iPhone was that it couldn't connect and my best guess was something was mistyped in the pass phrase. If I could have verified it was typed correctly, then I could have gone onto other trouble-shooting steps.

With a clear text display it would then have also been possible to restore the form with the text that was just typed, making it easy to correct instead of having to try typing the whole thing again.

I can somewhat understand that scenario, but on the other hand I doubt any of these phones will last that long. Of course, we could get down to specifics, like "does this weekend start on Friday night or Saturday morning? Does it end on Sunday night or Monday morning or later?"

I can definitely commiserate on the forgotten charger part, though. That's happened to me before certainly. Fortunately my current phone has a really decent standby time, so I limited my usage, turned off the bluetooth, and got through. But it's not a smartphone

Out of interest (because I don't think we ever came up with a satisfactory answer to this, back when we were designing Sapphire), how secure is the WPA key once you've entered it? Do you have to enter a PIN, or similar, to decrypt the key each time you connect? What happens if you've got your work WPA key on your Iphone and then lose the device or get it nicked?

(On Sapphire we thought about having the WPA/WEP keys in a "safe" which you open using the rotary controller as a tumbler -- the "15 left, 34 right" and so on would be formed into a local key to decrypt the WPA key. But it's hard to come up with strong enough keys from the UI: there's little point having 256-bit WPA on the network if you only have 20 or 30 bits of variety in Sapphire's local key.)

Peter

I don't know how the WPA key is stored on the phone itself, i.e., I don't know if they save it in a clear text file in memory.

However there is currently no way from its normal user interface to view the key after it's been typed in. (You can't even view it WHILE you're typing it in, which was Bruno's complaint.)

If you wanted to prevent a nicked phone from being used on your WPA network, you can PIN-lock the phone's UI, but I think that an "awake" phone will still connect to a known WPA network in the background, with the anticipation that someone will want to start using it as soon as they enter the PIN.

Peter brings up a good point about device loss. You don't want people getting access to passwords when they find your device.

When I was mentioning clear text password fields, I didn't mean they should be pre-populated with the clear text password at a later date/time. Only while you're actually entering new text or making a correction on the password you just typed.

I'm fine with obfuscated password fields for times where the password is stored and recalled in the OS as a shortcut (hopefully it's stored in an encrypted state or the whole "security" thing is rather moot.

So I guess that means they haven't thought about the problem at all: if your Wifi is accessible from your Iphone, your 256-bit WPA2 encryption has just become (assuming a 6-digit PIN) more like 20-bit encryption.


With penny-plain mobile phones, a crack or firmware reload to the device that obviates PIN entry doesn't actually buy the criminal all that much: just a list of contacts, and phone service which can swiftly be revoked by the network based on IMEI number. With a smartphone (or other Wifi device; the problem isn't restricted to Iphones) a crack or jailbreak that can bypass the PIN and/or load software on the device, can confer considerable criminal advantage. It doesn't matter whether the WPA key is stored obfuscated, if the hooks that cause the OS to fetch, uncloak, and activate it are there for the calling by UI code.

I think advanced EAP-type WPA might be able to revoke access on an client-by-client basis, but normal PSK WPA certainly can't.

Peter

I don't see that as being any more or less of an issue than it would be for a stolen laptop. Other than the fact it's easier and more common to lose or steal a cell phone.

I also don't see much difference in the way that the iPhone handles that security than it would be on a laptop. The laptop is protected by a (usually weak) user name and password, not much better than a PIN.

It isn't secured in any particularly good way on the iPod touch or iPhone. Its just kept in the keyring.

If your iPhone is compromised, you also lose the passwords to log into your Gmail or whatever provider. WEP/WPA keys are the least of your worries.

One possible workaround for typing in huge WPA keys is to use Apple's iPhone Configuration Utility. You could create a profile for your local network, including all the key bits, and just email it to yourself. The mail client, when it sees those config files as attachments, does the right thing when you click on it, including a nasty warning message. (That's how our IT people set up my iPhone to use our 802.1x system.)

That's interesting. I wondered how the XML got into the iPhone after the configuration utility created it. I was skimming the dox on the utility earlier today after following the link to it. I missed the part about how it got onto the phone. Nifty.

You can also post it on a web site and set a mimetype to have the iPhone recognize it.

Yes, but with Gmail accounts and the like you presumably have to enter your password each time you connect -- or at least, presumably there's an option for setting it up like that. I'm just saying that, for the paranoid, there ought to be the option of similar security for WEP/WPA "accounts".

It's true in a way that the situation is no worse than for laptops, but laptops have keyboards and it's more acceptable to leave these things in "password required each time" mode. And if I was sysadmin somewhere which had an internal Wifi network, I'd be expecting to change the WPA codes and cause a flag day every time any laptop was stolen or lost. (In that situation I'd want to roll out a per-client-revokable version of WPA, but I've actually no idea how hard/impractical that is, e.g. whether there are Linux or Mac clients for any of the standards, or whether they need specific hardware support.)

IIRC (Mike) at Empeg we had WEP/WPA protection to get onto our external Wifi network and the Internet, and once there you had to use real SSH or VPN (which are, of course, per-client-revokable) to get in through the firewall to anywhere useful.

Peter

Most people at home using WPA are actually using WPA-Personal, which is just a simple password for authentication. Companies should be using WPA-Enterprise, which allows for a variety of authentication mechanisms, but regardless of the specifics, allows for per-user authentication.

While this is obviously useful for stolen laptops, it's more commonly useful for leaving employees. Just disable their account and you're done. No need to redistribute authentication parameters.

Most full-fledged computers do WPA-Enterprise just fine. Sometimes handheld devices don't. My PSP doesn't for example. But some do, like my (ugh) Blackberry.

Okay, so I just tried this today, and I can't find where in the configuration utility I'm supposed to actually type the WPA key itself. I find the screen that lets me tell it to connect to a specific named SSID, and it lets me spec the type of encryption (WPA/WPA2 is a pulldown list item) but no field ever appears asking me what the WPA preshared key is.

So, I called the local Apple store yesterday and was advised they had all 3 variants of iPhone. However, there was a 3 hour wait.

I ran down there expecting to blow the evening. Even though I was only about 20 people back from the front, the line moved incredibly slow. It even stopped dead for over 45 minutes at one point. The Apple store is still taking forever to get iPhones processed 2 weeks after iDay. Most of the problems are due to AT&T customers that don't qualify for an upgrade, and people that are mall-walking and just jump in line on a whim. In almost all those cases, the people were not prepared to pay a fee to cancel their current service (what did they expect?).

Once the store closed the line (so they can close around their normal hours), a staffer came out and started "pre-qualifying" people with his little handheld cash register thingy. I would say about 1/3 the people on line (not yet in the store) found out they would be paying "full retail price" for the phone which is $200 more than the upgrade price. Listening to my fellow line-mates bitch at AT&T to get their situation sorted out before getting through the doors provided much-needed entertainment.

I waited 4 hours on line before being served. Because I was an original iPhone owner, my transaction only took 10 minutes. When I left, the guy behind me was still in line! From what I could tell, they had 3 or 4 people doing iPhone activations. That would seem like enough, but obviously the system needs to be streamlined somehow.

Anyway, I got a 16GB Black and it's pretty nice. Feels lighter than the old one and also more secure in my hand. I was surprised to find that a dock wasn't included with the 3G. What a scam. Now I have to go back and buy one (for $30!). It will be satisfying just strolling through the door this time while more poor saps are standing in the iLine.

I got one on Wednesday in Boulder, I showed up early because they had them in stock (as shown on the Apple website) and they passed out tickets for the iPhones they had available - if you got a ticket you got to wait in line. They would pull you out of line if you were already with AT&T and pre-qualify you to make sure that you were eligible and then stick you back in line. I waited about 2 hours to get one, got a 16gb Black. I like it, it's my first real smartphone. I did notice a few people in line left the store without a phone and their tickets were returned to the line employee. They probably didn't pass the credit check or something. The thing is, a few people were walking by and they were able to snap up the tickets right away - they probably only waited 20 minutes tops!