Song Sender allows you to pick a song from your iPhone's song library and send it to a friend via email. If you'd like to use a song from your library as a ringtone, you can do that too. Install the package into your iPhone using your favorite installer application. When run, the software reads through your library, creating a scrolling list of your songs. Tap any song and you'll be prompted with three choices: play it, send it by email, or add it to your ringtones.

It practically reaches Zune-levels of squirting functionality! Small print: Fair use only. This software is not intended for pirating purposes. Use your powers for good, not evil. Do not take internally. Software is not a substitute for advice provided by a doctor, lawyer, or the EFF. In case of rash, itching, or swelling seek medical attention immediately. This software was brought to you by the letters E. r. i. c. and a. Do not use SendSong to install iTMS-purchased tracks as ringtones.

Update: Version that does not rely on whether you've installed /bin/cp is found here.

Anne Onymus (get it? hehe!) over at LowEndMac is hypothesizing that the entire Asteroid fiasco was all part of an evil Apple plan to quash rumor sites. The assumption is based on the fact that two years after the Asteroid leak, Apple still hasn't released a GarageBand breakout box. If Apple had actually put work into Asteroid, surely Jobs wouldn't be so petty as to shut down the entire project because of a leak? (Jobs is rumored to have pulled some product announcements at the last minute during MWSF2006 as a way of punishing the development teams for the leak.) Despite the fact that Apple's competitors then knew what was brewing in Cupertino, the company still had a good head start, and could surely have pushed the product to market well before anyone else. Anne postulates that Apple never had the slightest intention to release Asteroid, and created the product for the precise purpose of the leak. After the leak, Apple expected it would be a piece of cake to squash the rumor mill with a flood of law suits requesting the names of the mole. Instead, the EFF took over the case of the rumor sites, and a federal district court recently ruled that online journalists have all the rights and protections as the traditional media, effectively destroying Apple's claims.

While an interesting idea, I think LowEndMac might have the paranoia meter set a bit high this week. Apple may be secretive, but until I see evidence to the contrary, I'm sticking with Occam's razor.

With the nonsense on Capitol Hill this week, and discussion of DMCA revision and funding ramping up, I thought it would be a good time to talk about Tor, the award-winning privacy protocol and software from the EFF. Unlike other anonymizers that work by encrypting or proxying particular services and protocols, Tor's TLS-over-onion routing scheme works by re-routing all TCP traffic through a complex network of Tor nodes. Packets, including routing information, are encrypted between each node and each node has access to only very limited information about the next hop. Furthermore, packets pass through a random number of nodes (the more the merrier) and not all packets from a single session need follow the same route. This makes it very, very difficult (it's tempting to say impossible, but that's probably not quite true) to trace the ultimate origin or destination of any packet on the network unless the contents of the packet divulge revealing information.

There are drawbacks, of course. Although the onion routing algorithms are good, onion routing certainly has the potential for higher latency that traditional RIP and OSPF routing. Tor is also not an end-to-end solution. If the ultimate destination of a packet is a machine that doesn't support Tor, the packet is in the open from the time it leaves the Tor exit point and using traditional end-to-end encrytption on top of Tor is advisable.

The gains are significant, though, and as the protocol becomes more widely adopted the advantages will become even more pronounced. Aside from privacy protection, Tor's "next hop" TLS encryption virtually eliminates the potential for traditional "man in the middle" attacks within the network because such attacks rely on knowing the origin and destination of packets, and capturing a usable data stream. Tor, particularly if combined with end-to-end encryption, also makes encrypted data less susceptible to brute force attacks; it is much more difficult to capture a complete data stream, and data is encrypted multiple times with short-lived session keys.

Even though Tor is still in beta, it's well worth a download (The Windows version already won a PCWorld "Best Products of 2005, Security" Award). Take a look, and if you have a public IP, think about setting up a server.