I hate having to use registration codes when installing software, but have accepted it as the way things work.
Today however I got to enter one that’s 80 characters long. That’s right, 80.
Nothing says “we hate our customers” more than making them enter 80 random characters into a text field before they can install the product they purchased.
This is just silly, but it’s pretty interesting to watch. They really were rock stars of their time.
Gatekeeper is without question a bold move to prevent malware from impacting Mac OS X, but it will likely turn into a legal and ethical mess. Before I explain why, I’ll give a very high level overview. There are three options:
The default in Mountain Lion is App Store and identified developers. As MacWorld’s Jason Snell explains:
Apple says, if a particular developer is discovered to be distributing malware, Apple has the ability to revoke that developer’s license and add it to a blacklist. Mountain Lion checks once a day to see if there’s been an update to the blacklist. If a developer is on the blacklist, Mountain Lion won’t allow apps signed by that developer to run.
It’s worth noting that at least today the authentication is only done on first run from what I’ve read. However it’s not impossible for Apple to later check an application on each run to make sure it’s not on the blacklist. That could even happen before the feature ships this summer.
What’s concerning is that Apple will now essentially be the gatekeeper (get it?) and thus pressured to control what users can or can’t install on their computer. Lets be honest, most developers will never get their users to open system preferences and change this, so getting “identified” is essentially required to develop on Mac OS X if you want more than geeks to use your software.
Apple in the past has been pressured to remove Apps from the iOS App Store. It’s likely (read: guaranteed) to be pressured to blacklist developers who write apps which are controversial. Anything that could be used for piracy from a BitTorrent client to VLC which uses libdvdcss (the library hasn’t been legally challenged ever AFAIK but pressuring Apple is a way around the court system) could be targeted. Apple has a bit of a history banning apps for all sorts of reasons including being negative towards Apple.
How would Apple deal with pressure from patent claims? What about a desktop client for WikiLeaks, like the one that was pulled from the App Store? What about a game distributed by Planned Parenthood or some other organization that tends to draw controversy? There’s also the international issues here (Nazi images and Germany, privacy violations and EU). What about more indirect things like Firefox which can run 3rd party code via plugins and addons. Mozilla refused to kill MaffiaaFire. Could the Feds have went to Apple?
These are all hypothetical situations technically since the feature hasn’t even launched and Apple hasn’t given any clear policies. That in my opinion is the big problem. Apple as far as I know hasn’t given any guidelines to what would put a developer on the blacklist? Is there even an appeals process?
I’m pretty sure we’ll learn more over the coming weeks. The cool guys over at Panic are pretty optimistic about the feature, so I guess we’ll see.
I’ve been doing some reading up on best practices for SSL. From what I can gather, and seeing what other big sites are doing this seems to be the best practice as of today. This is assuming you’re in an OpenSSL 0.9.x (via mod_ssl) and Apache2 world, which is the majority of Linux/Unix based environments. Use a 2048 bits key SHA1 signed cert. Which is now pretty much standard.
SSLHonorCipherOrder On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
That will disable potentially insecure cyphers and help mitigate a BEAST attack. Note that this disables SSL 2.0 which shouldn’t be necessary for the vast majority of visitors. I don’t think many websites still support it.
Tim Cook spoke at the Goldman Sachs Technology and Internet Conference. Everyone was paying attention to information about Apple’s cash, and labor issues. They overlooked this juicy nugget of information:
Still, Cook doesn’t think the iPad will lead to the death of the personal computer as we’ve known it for the past 25 years or so. “I don’t predict the demise of the PC industry, I don’t subscribe to that,” he said, although admitting that tablet sales were eating into Mac sales and were likely having the same effect on the PC industry, which is essentially stagnant. It seems pretty clear that Cook thinks of the iPad as a different product from the PC/Mac, unlike some industry observers who would prefer to lump the two together.
While everyone is insisting Mac OS X is just going to merge into iOS and talking about iOS-fication of Mac OS X, clearly Tim Cook at least for now sees it differently.
I don’t think Apple would benefit by cannibalizing the desktop/laptop market. It’s somewhat high margin and eventually the tablet margin will drop as competition ramps up. Tim Cook knows that. Apple’s PC market share was never huge, but it was enough to grow the company for many years, and has been quietly gaining strength, even in the corporate world.
PC’s are still much more flexible and capable than any mobile product. Keep in mind almost nobody can take a photo they took on an iPhone and put it on paper without a desktop. Printing had been figured out by the time the IBM 5150 shipped. It’s worth noting however that this is likely at least in part due to patent wars and not really a technical limitation.
Like many in my trade, I keep a Twitter client open all day. 140 characters works very well between compile times, reloads, uploads. I still use RSS extensively, but Twitter fills the gaps nicely as my brain is always looking for information to absorb (feel free to follow if you don’t).
To this day it amazes me that I can’t find a perfect Twitter client. Tweetie back in its day was pretty damn close, but since it was bought by Twitter, it went downhill to the point of being unusable on the iPhone. Amazingly priced at “free” it’s not worth the price. These days TweetBot is as close to perfect as I can find on the iPhone and I’d recommend it to anyone who is frustrated with Twitter for iPhone.
Largely due to neglect the Mac client is still usable to me, however it’s hardly awesome. Why doesn’t “command /” reliably bring the window to focus? Why can’t I set my preferred url shortener? The developer console has lots of weird select and focus issues. I could go on…
From where I sit, these are the most annoying things Twitter still hasn’t figured out:
So what am I ignoring in terms of annoying Twitter client things?
Twitter is now the latest site defaulting to HTTPS. Kudos to them. I love seeing the web get more secure, even if it’s one site at a time.
If you’ve got a site where login is required, please make sure to use SSL. It’s not that costly anymore. Even this blog uses SSL where necessary.
It’s not needed for general public consumption things (like this webpage), but anywhere a session can be hijacked or confidential data could be transfered, SSL is a good idea. When not possible to default, at least make it an option (I do this for safepasswd.com).
Assuming this isn’t faked somehow, this is pretty impressive.
Programmer’s Curse [proh-gram-er-s kurs] – When a professional programmer sees a problem they think “I can solve this by implementing ________”. They then go on to build something in a manner similar to a mad scientist in an old sci-fi movie.
It’s often associated with eccentric behavior, ingestion of caffinated beverages, late nights and repeated cursing during debugging because it’s “so close”.
Screen capture from the awesome Young Frankenstein
Path uploaded address book data from its users in order to provide “social” functionality. After this became public they deleted all address data and apologized.
Everyone is ignoring the worst part of this. While very bad, it’s not that Path actually uploaded their address book (I’d venture most store it in “the cloud” already, so true privacy is out the window). The worst part is that Path didn’t even think this would be a problem until it became news. Even 2 years ago I don’t think there was anyone other than malware developers who would think uploading an entire address book of contacts without an explicit approval would be an OK practice. That is a huge cultural shift.
If Path were a desktop app in 2010, they would be competing with AntiVirus and Spyware blockers who would be racing to provide protection to their users.
In just a short time, a practice that would be reserved for illegal and dubious software was adopted by what seems like a mainstream startup. It’s electronic moral decay.
Apple doesn’t get a free pass either. Why in iOS 5 a sandboxed app can access an address book without alerting the user is beyond me. Addresses, calendar data, geolocation, and the ability to make a call are sacred API’s and should have obvious UI and/or warnings. Geolocation does have an interstitial alert. Phone calls have an obvious UI. Address and calendar data need to have an alert before the app is granted access.