MWJ The weekly journal for serious Macintosh™ users november 24, 2008 hidden safari shenanigans The laughable release notes for Safari 3.2 hide its new features, like the Extended Validation SSL support that Apple had shown no signs of adopting – until releasing that support. But our coverage is in MacCyclopedia so we can explain how phishing protection really works. Apple didn’t invent this stuff – in fact, it appears to be identical to a feature that’s been in Firefox since version 2.0, with data coming from the same source. Unlike the Mozilla folks, Apple won’t explain itself, explaining why you didn’t learn what Safari 3.2 is transmitting and receiving, silently, on your behalf concerning the pages you visit. We’re telling you – along with where the data is stored, how to browse through it, how the alert is implemented, and why Apple’s failure to disclose this is kind of a big deal. Phishing food for thought, page 1. executive shuffles When Apple chose to hire Mark Papermaster from IBM to lead its handheld devices hardware engineering, the drama-starved press must have done a happy dance. IBM doesn’t want to let Papermaster go, and is suing to keep him from working at Apple based on a non-competition agreement. For that to work, IBM has to explain how iPods compete with Papermaster’s former job of designing POWER architecture services – so they’re giving it a shot, even though there’s dispute about whether such agreements can be enforced at all. The press, for its part, immediately departed into palace drama and court intrigue, but it says more about them than about Apple or IBM. We have the full story in Business News. Drama-free zone, page 23. the rest of the news There’s so much in this double-issue worth of MidNovember News, in every section you like, that we can’t even begin to summarize it. You’ll have seen most of it if you’ve been reading the free issues of MDJ we’ve been distributing to subscribers in the MWJ RSS feed (for non-trial subscribers only, sorry), as we’ve been doing since April while getting both MDJ and MWJ rebooted. The product coverage from those issues is coming once we update it this week, so look for that, plus the foreshadowed entry from The Weekly Attitudinal on Apple’s pathology with release notes, this weekend. Thanks for your patience – after two weeks back on MDJ, we’re very tired, but still functional. Massive amounts of cool news, page 2. maccyclopedia™ safari 3.2 what you should know and weren’t told Although Apple rarely pre-announces software updates, the 2008.11.13 release of Safari 3.2 still somehow caught us by surprised. Although Software Update should offer you the right version for your system, you can also download individual updates for Mac OS X 10.4.11, for 10.5.5, and for Safari for Windows. Apple’s penchant for cryptic release notes (MDJ 2008.10.14) blooms again, as the company describes all three versions as featuring “protection from fraudulent phishing Web sites and better identification of online businesses.” You’d think that the browser now spoke the name of E-commerce sites aloud or something, but no: this is “better identification” in the eBay sense. We’ll look at that, as well as the hidden surprise in the new “phishing protection,” in order. 28 u 2 mid-november news business news MWJ 2008.11.24 Pundits may relish pretending to analyze Steve Jobs, but it’s still the financial analysts who invent new products and then demand that Apple create them or be punished in the market. Barclays Capital analyst Ben Reitzes expects Apple to sell fewer iPhones during the holiday quarter than last quarter, and says that if sales are soft, he wouldn’t be surprised by a price cut in early 2009 (perhaps from US$199 to free – where does he think this price is going to go?), or a new low-end model in calendar Q3 of 2009. Oh, and Reitzes, whose expertise in designing consumer products is apparently well-hidden on his résumé, says it “makes complete sense” to introduce a giant iPod Touch running Mac-style applications for US$600, because the gap between the US$399 iPod Touch and US$999 MacBook “needs to be filled and we think it can be with a premium ultra-portable device using multi-touch technology.” So, if you want a really big phone or a really small Mac that won’t run much software, Ben Reitzes has a touchscreen to sell you. It wasn’t a one-off throwaway line, either: Reitzes was pushing the same goofy idea a week later. What we find fascinating is that when Apple introduced non-GAAP results last month to show how many iPhones it had sold, and how much revenue would have resulted if the company didn’t use subscription accounting to spread it over a two-year period, the normal hedging was completely absent. One reason that iPhone sales took off in the September quarter was that Apple announced iPhone 3G in March 2008 and didn’t ship it until July. That created huge pent-up demand, demonstrated by people lining up for the device as it started to go on sale. It helped make Apple’s handset the most purchased consumer cell phone in the September 2008 quarter, displacing the Motorola RAZR for the first time in three years. Normally, when pent-up demand or other one-time events affect Apple’s sales so strongly, the company’s executives are all over it in the conference call, tamping down expectations. “Well, we had this pentup demand that resulted in a sales surge, but that won’t sustain through this quarter,” they’d say (to paraphrase). But none of that happened this time: no talk of the pent-up demand, no warnings that December quarter sales might not be up by the percentage you’d expect because September quarter sales were artificially high, none of that. And none of the analysts writing about it in the weeks afterward seem to have said much about it either. Apple’s financial statements are carefully constructed because the executive team has plenty of first-hand experience seeing what Wall Street does to Apple when it doesn’t meet expectations. That’s why the company’s guidance is always so conservative – they’re numbers Apple is reasonably confident it will meet, not what it expects to sell. That makes the decision to talk up how many iPhones were sold, without strongly emphasizing the role of pent-up demand, into a puzzling departure from the norm. We don’t know what to make of it, but we’re keeping an eye on it. A ChangeWave Research consumer spending survey found that only two computer companies saw an increase in the number of people who intended to buy their products in the next 90 days compared to last month’s survey: Apple and Dell. Apple’s boost appears to come from the new MacBook computers. Dell’s driving factors seem to be more mysterious, but we’d summarize them as “people are being thrifty and they think Dell delivers the cheapest options of acceptable quality.” The word “consumer” in the story rapidly got lost: MacNN ignored that the survey didn’t include business or education customers, downplayed that the survey was only of buyer “intentions,” and came up with the incorrect headline “Study: new MacBooks likely 33% of US sales.” If you ignore all the parts where they’re not likely to be 33% of US sales, sure. (Perhaps MacNN’s editors, aside from redirecting such stories to the “Electronista” brand they’re still trying to build, were thinking of Auguste Rodin’s description of how he made his remarkable statues: “I choose a block of marble and chop off whatever I don’t need.”) Sadly, MacNN didn’t figure it out even when ChangeWave released a separate corporate IT survey – the site didn’t cover this one at all. From Macsimum News, we see that 45% of the survey’s respondents will have lower (or no) IT spending in the March 2009 quarter, compared to only 10% of respondents who say they’ll spend more than in the December 2008 quarter. The site calls that “an accelerating collapse in US business spending that has now reached historic proportions – with record pullbacks occurring both in the current fourth quarter and going forward.” Isn’t that cheery? Although Circuit City has made plenty of management mistakes, it can’t be seen as a good sign for consumer electronics that the huge electronics big box retailer chain has filed for bankruptcy protection (if you purchased a Circuit City extended warranty, though, it’s still operative, as those are handled by a third-party company); CNET News has the FAQ about what to expect (hint: don’t count on massive close-out sales) Speaking of PC revenues and of IBM’s divested PC business: Lenovo posted a 78% drop in quarterly earnings, attributed to slower shipments and lower margins Speaking of Dell: Dell Computer posted income of US$1.015 billion on revenue of US$15.162 billion for the October 2008 quarter, and earnings per share of US$0.37, up 9% from the year-ago period, with income up 22%, even though revenue was down 3% and Dell warned of slowing demand in “almost all” of its businesses (EPS beat street estimates but revenue did not) MWJ 2008.11.24 It doesn’t get more cheery. Intel, currently Apple’s sole Mac microprocessor vendor, warned investors this month that its previous “gloomy” forecast for the December 2008 quarter “wasn’t nearly gloomy enough,” as Jon Fortt of Money Magazine put it, calling it “hard to articulate just how bad [the] news is” that Intel would see unheard of shrinking sales during the quarter compared to year-ago numbers. In more concrete terms, Intel’s previous guidance had a low end of US$10.1 billion in revenue. The new guidance from Intel is for revenue of US$9 billion. A billion here, a billion there, and pretty soon you’re talking serious money. We mention this because of September 2000, when the tech bubble was starting to burst. It started when Intel warned of lower sales, but analysts refused to see any larger trends in technology and largely ignored the implications. That same month, Apple warned that Power Macintosh G4 Cube sales were not meeting expectations, and the same analysts went crazy. They said these were entirely Apple’s problems, and that the technology market was healthy. 3 Apple was obviously in dire straits, they said, and in the next trading day, Wall Street chopped 50% off Apple’s market value. The stock price didn’t recover for four years. We mention this often because the observers who blew this would very much like for you to forget it. Apple had some problems, but they were related to the end of the technology bubble – and even when investors and analysts later realized the bubble had burst, they never went back and corrected their views on Apple. So when Intel warns of dire results again while analysts are wondering what Apple will do, we sit up and take notice. At least this time, observers like Fortt seem to realize that Intel’s warning means bad news for the entire market and is probably not something that can be ignored. (A similar warning from Best Buy helped hammer that point home.) If Apple’s results were to disappoint analysts, don’t expect that calm and reasoned approach to last. 4 u 4 t 3 Dell’s new chief industrial designer is making his presence known with new “splashy designs” for notebooks, but Dell still doesn’t seem to get the point – rather than designing systems as a whole like Apple does, Dell is still building the same kinds of systems and letting customers chooser their own colors or case patterns, but a skin does not make a computer’s design better (do you remember “Flower Power” or “Blue Dalmatian” iMacs? or wish you didn’t?) Elsewhere at Dell, chief technology officer Kevin Kettler is stepping down, although “multiple sources” tell Cnet News it’s not related to Dell’s ongoing reorganization, but rather Kettler picking this time to retire and focus on charitable activities MWJ 2008.11.24 Andy Zaks, who’s gotten some attention this year for accuracy in analyzing the predictions and results of financial analysts covering Apple, says he’s currently estimate that Apple will earn US$1.2 billion more in the December 2008 quarter than the consensus analyst estimate; Zaks says that analysts are generally bearish on Apple (MWJ has discussed those reasons many times), but that the “uncertainty regarding the degree of contraction in consumer spending” for November and December has led the analysts to the point of “irrational bearish exuberance, [in] that the estimates no longer reflect even a scintilla of financial reality” (we would have preferred “irrational inertia,” but we’re alliterative that way) Analyst Gene Munster of Piper Jaffray reads NPD market research data as predicting Apple will see 8% to 16% year-over-year unit sales growth in Mac computers during the December 2008 quarter, and iPod unit sales growth of -14% to -16%, which he still describes as better than the -16% predicted by Wall Street’s consensus estimates (we prefer to say that he expects Apple to sell 84% to 86% as many iPods as a year ago, because negative percentages don’t scale correctly – we’ve seen analysts use figures like “-200%” that have no literal meaning) As if Ben Reitzes wasn’t screwing with Apple’s potential sales enough with unfounded speculation, he’s also telling his clients that Apple will uncharacteristically offer “deep discounts on a number of Mac models” on “Black Friday,” 2008.11.28 (the day after US Thanksgiving that’s traditionally considered the beginning of the holiday shopping season), so how many budgetconscious consumers who read this do you think are now delaying their purchasing decisions until one insanely busy day? RBC Capital analyst Mike Abramsky has cut his estimates of Apple for fiscal year 2010 (yes, that’s the one that begins nearly a year from now), and thinks smartphone sales growth will slow for Apple in 2009 compared to 2008 (not a hard call to make, since iPhone sales were much lower in 2007 than iPhone 3G sales in 2008) Apple’s newest retail store, at Vintage Faire in Modesto, CA, is the company’s 250th retail store worldwide The company’s online presence continues to grow as well, with the recent introduction of the Apple Store (online) in the Philippines MDJ Staff member John C. Welch writes for Macworld.com about how Apple’s enterprise strategy hasn’t changed, which is news in the sense that no one was aware Apple had an enterprise strategy Since iSuppli’s estimates of Apple component and manufacturing costs are always ridiculously low, we see no reason to give the firm any more credibility on its slightly higher estimates of the cost of the T-Mobile G1 phone (the first device to run Google’s Android mobile phone OS) Apple Inc. stock closed on Thursday, 2008.11.20, at US$80.49 per share, not just a 52-week low but the lowest price since 2006.11.06, so it’s really a two-year low; it rebounded 2% on Friday to close at US$82.58 legal news 5 MWJ 2008.11.24 our downtime has left us without comment on Psystar’s ongoing attempts to profit from Apple Inc.’s software without any of the difficult steps like developing it, licensing it, or inventing anything. Great legal minds differ on whether shrink-wrap software licenses such as Apple’s are valid and enforceable, and while we know how to read a statute as well as anyone else, the courts that deal with Apple continually rule on those statutes in ways that make no sense to us. Therefore, we’re not going to speculate on whether or not Psystar is violating the law by installing Apple’s operating system on non-Apple hardware, even though that (among other things) is what the license agreement prohibits. We suspect that issue will be at the center of any trial that may happen, if Psystar doesn’t disappear and no settlement or summary judgment obviates the need for a jury. Whether Apple likes it or not, Psystar could legally purchase Mac OS X retail packages and ship them with non-Apple hardware, but that’s not what Psystar is doing. Instead, Psystar is opening those packages (presuming Psystar legally purchases an individual copy of Mac OS X for each machine it sells), installing the software for the customer on unauthorized hardware, and transferring the license (and the alleged violation) to the customer. If Psystar made its customers install Mac OS X themselves, the violation would be entirely on those customers’ shoulders – but it’s unlikely that retail Mac OS X discs would boot and install on non-Apple hardware without modifications to the installation discs, and Psystar has no license to modify and redistribute Apple’s discs, either. When this saga started, Psystar wasn’t even trying to avoid ripping off Apple’s intellectual property. At first, the company called its Mac OS X-capable clones “Open Mac” computers. That’s definitely prohibited: even if you can install Apple’s OS on your own hardware, you can’t use Apple’s trademarked hardware name as the name of your computer. After a quick visit from lawyers, Psystar changed it to “Open Computing,” a name so nondescript that it dares you not to yawn. At one time, Psystar also copied Apple’s software updates onto its own site, modified them (if necessary – most of them were completely unchanged), and offered them to its customers. The common term for that is “stealing.” Those updates do not appear to be available on Psystar’s site now. When the entirely predictable lawsuit from Apple arrived, Psystar chose the Chewbacca Defense, and countered by suing Apple for antitrust violations. Psystar’s idea was that Apple had a market monopoly on Mac OS computers, and therefore any license agreements or contracts that prohibited competition in that market could not be enforced. It’s equivalent to saying that since you’re the only person who writes your weblog, you hold a monopoly on the market of “your weblog,” so Psystar should be able to use all your content at reasonable rates or you’re a market-hating information robber baron. It’s attempting to define a “market” so narrowly that any given brand is a “monopoly,” so someone can steal that brand’s assets and use them without permission. MacNN reported that one Psystar employee (apparently Psystar had more than one employee at the time) supposedly said, “What if Microsoft said you could only install Windows on Dell computers?” If you forget that Microsoft has always sold Windows as an OS for any compatible computer; and forget that Apple has never done the same for Mac OS X, always treating it only as the OS for Apple’s own hardware, then the comment is only mildly laughable. The courts tend to frown on the idea that a monopoly market can be declared around one company’s product, instead of the normal view that a company’s product must defeat competition in a broad area to be recognized as a monopoly. Therefore, it was also entirely unsurprising this week when Psystar’s countersuit against Apple was provisionally dismissed, meaning that the judge said (to paraphrase), “If this is the best argument you have, we’re done here.” Psystar can amend its suit with new argu- 6 u 6 t 5 ments and refile it within 20 business days, so the cloner firm has about a month to see if it can come up with a legal reason why Apple shouldn’t be entitled to license its own products. It won’t be easy. MWJ 2008.11.24 If you like keeping up with Apple patents, and are tired of the endless “OMG APPLE PATENTED THIS THAT MEANS IT’S COMING THIS WEEK” reporting that often characterizes the genre, give Macsimum News a try. Dennis Sellers keeps a watch out for Apple’s patent filings and describes them (often directly quoting them) without the fruitless speculation that a company with a vast intellectual property portfolio has immediate plans to use all of it. Recently, Sellers has mentioned new Apple patents for vector processing improvements (think of what we used to call AltiVec, but in Intel-world we usually just hear it described as SIMD), allowing external administrators to create bundles of E-commerce products, remote control systems that distinguish and ignore stray light sources, and (somewhat opaquely) adjusting chroma and luminance for video signals via matrix math. To get the difference, consider Apple patent number 20080284696, “secondary backlight indicator for portable media devices.” The idea is to have more than one backlight on a portable device, so that while the main backlight is turned off to save energy, a secondary (dimmer) one could be illuminated through transparent parts of the main display, allowing you to see status indicators (like the current time, or “slide to unlock.” Macsimum News covered this with lots of verbatim quotes from the patent, after Sellers’ summary: “In other words, it’s for always-on status indicators for devices such as the iPhone.” MacNN’s article had more diagrams, more hypothetical uses, and warned that the patent “isn’t necessarily an indication of any future products from the company.” It also had a misleading headline: “Apple files patent for iPod background display.” If you’d rather read the facts than amped-up speculation designed to make you click through, you want Macsimum News’s patent coverage. The Industry Standard notes that the Psystar lawsuit reveals that Apple Inc. has no corporate-wide E-mail retention policy, a potential problem for future lawsuits (and Apple attracts lawsuits like TV cameras attract politicians) It’s hard to see exactly how people could be at work, and clocked in, but “not getting paid” for time spent booting their computers (which MacNN happily turns into “wait[ing] for their Vista PCs to boot up,” although the original source article mentions no operating system by name) in quantities sufficient to go to court, unless a startup item on their computers is what “clocks them in” and therefore they don’t get credit until the whole thing is started – but it still sounds odd to us More documents come to light in the lawsuit over Microsoft’s “Vista Capable” labeling program, in which plaintiffs allege Microsoft lowered its standards for PCs with a “Vista Capable” sticker ahead of Vista’s release to benefit Intel’s sales of lesscapable graphics chips – in one of them, Microsoft’s Jim Allchin says, “I believe we are going to be misleading customers with the Capable program” More of those E-mails from Microsoft disclosed in the “Vista Capable” lawsuit reveal that when Walt Mossberg told his readers to consider a Mac instead of worrying about Vista, Microsoft managers expressed concern that the “Vista Ready” labeling program would not provide the “premium” experience for customers that Mossberg was recommending press watch we were originally quite happy to ignore Adam Lashinsky’s article in a recent issue of Fortune magazine because on first reading, it looks like exactly the kind of Steve Jobsfocused drama that the press can’t help cre- 7 Of course, we’re not sure what we should have suspected. In a 2002 column noted in MWJ 2002.06.23, Lashinsky said he thought Microsoft’s meager US$150 million investment in Apple in 1997 “bailed out” the company, called Apple a “quasi-private” company that couldn’t be run by anyone but Steve Jobs, and allowed that Apple “[didn’t] suffer too badly for being a market share also-ran.” So, alas, to get to the useful stuff, you’ll have to wade through the Mythical Apple that people like Lashinsky and ElmerDeWitt construct so they can pretend to be experts on it. If you can do that, the parts just about Tim Cook aren’t so bad. Dan Lyons is discovering that it’s not nearly as fun or profitable to act like a spoiled ass when he has to do it under his own name instead of pretending to be Steve Jobs. After two years of grabbing attention by saying nasty and profane things as “Fake Steve Jobs,” Lyons cashed in earlier this year by writing a book, jumping from Fortune to Newsweek, and writing as “Real Dan Lyons.” We are far from humor impaired, but we rarely found Lyons’ schtick to be funny. Half the problem with press coverage of Apple is that reporters don’t want to write about facts – they want to imagine a regal court drama, with Steve Jobs as the love child of Henry II and Lisa Simpson (yes, ewwww), and other executives cast in the rotating roles of Richard, Geoffrey, John, Eleanor, and Thomas Becket. If you recognize this as the conflation of several semi-factual historical dramas, then congratulations: you’ve got the essence of most “analysis” of Apple Inc. The closer writers get to drama and the farther from fact, the more they seem to be rewarded and (prepare to groan) lionized. Then came Lyons, combining the worst of these stereotypes with profanity-filled references to current events, pushing this narrative even further. But part of the fun people seem to have had from Lyons’ writings were in trying to figure out who had “nailed Steve Jobs’s personality so perfectly,” as averred by dozens of people who didn’t work with Jobs (or MWJ 2008.11.24 ating. The takeaway line: Tim Cook “could be in line to replace Steve Jobs.” That would be a scoop if it were in a mid-November 2001 issue of Fortune, but unfortunately, Lashinsky writes as if he’s just figured it out, and assumes no one else has, either. However, if you can get past the opening page of useless Steve Jobs speculation, and ignore fourth-page errors (Tim Cook does Apple’s quarterly financial conference calls, not because “Jobs has seen to it that Cook is getting public exposure,” but because Jobs has always delegated that responsibility to the CFO, joined several years ago by Tim Cook in his role as head of operations and manufacturing), Lashinsky has other people saying interesting things about Cook, his work habits, and his compensation. The interesting part is less than half of the article and is hard to find – even if you pick the “print” option from the Web page, it only prints the current Web-divided page, not the entire article. The rest is the typical mass media echo chamber, reinforcing (without evidence) old stories of Steve Jobs as a “global brand” that’s consumers are really choosing. (In Lashinsky’s world, people obviously aren’t just buying Apple products.) In just one example of the Jobs-focus, Lashinsky mentions that Jonathan Ive’s appearance in last month’s MacBook production video was “a signal dissected in the same manner Kremlinologists once used to analyze the placement of Politburo officials at May Day parades.” Lashinsky failed to note that most of this “dissection” occurred in places that didn’t know that Ive has appeared in most of Apple’s new product videos when those products had entirely new industrial designs. Nor does he note that one of the most prominent people engaging in this speculation is Fortune’s own Philip Elmer-DeWitt, who “handicapped Apple’s back bench” back in June, and who nearly a year ago speculated that Ive could replace Steve Jobs. It’s not surprising, therefore, that ElmerDeWitt was hyping Lashinsky’s article a day or so later on his Fortune blog. 8 u MWJ 2008.11.24 8 t 7 hadn’t in decades). When it was revealed that Lyons did not work at Apple and had not met Jobs – was no insider – the praise only intensified to reduce the cognitive dissonance from everyone who’d been thoroughly had. Last week, Lyons learned that saying vicious things about people while throwing in profanity isn’t quite as easy when people know who you are. On Monday, when Jerry Yang resigned as CEO at Yahoo, Lyons was outraged – while working on a story for Newsweek in October, Yahoo chairman Roy Bostock, according to Lyons, “swore up and down to me that Jerry Yang wasn’t going anywhere because he was absolutely the greatest leader the world has ever known.” Lyons also wrote: post – as well as other potentially offensive entries – to avoid trouble with his new employer (he started writing for Newsweek in September).” Lyons didn’t stop groveling there: he’s giving up blogging altogether rather than face the music, telling the AP in E-mail, “I don’t want to jeopardize a job I like (and which feeds my hungry 3-year-old twins) over some blog that’s just a funny little thing I’m doing in my spare time. Or, to translate this into Fake Steve speak: I’m a coward and a whore who has totally sold out to The Man.” The sad thing is that Lyons was doing the right thing for publicly calling out sources that lied to him, either on the record or off the record if they asked for that confidentiality to be “honest.” And had he built up a portfolio like this writing for a Web site with a more aggressive tone, he might have parlayed it into a job where he’s free to call Yahoo’s PR people “lying sacks of shit,” especially if he can back up his implication that they knew they were lying at the time. Anyone can be wrong about how a deal will go. But it’s easy to be foul-mouthed and nasty when you’re hiding your identity. When your name is on it, people know who your bosses are – as Lyons learned the hard way. You can have it both ways, as occasional MWJ contributor John C. Welch demonstrates at his personal blog (soon to be moving to “adobe-eats-poo.com,” or so we imagine) and in mainstream articles like this one for Macworld.com on “Setting Up and Using SNMPv3 on Mac OS X.” You just have to work at it. It’s easy to be the smart-ass when you don’t have to be responsible for your words. It’s harder – and more interesting – to do it in the open. I’d never dealt much with Yahoo before, and I was stunned by their PR operators – they’re really an unsavory bunch. During that same reporting this crack team of lying sacks of shit put one of Yahoo’s attorneys in Washington on the phone to tell me, over and over, the true “inside story” of what was going on with the Google deal, which was, he informed me, that the deal with Google was a sure thing, definitely going to happen, no way in hell is the deal not going to happen, there are no real objections from the regulators, they’re fine with it, the objections from advertisers are not an issue, blah blah blah. Then that deal fell apart. And now Jerry Yang is out on his ass. The take-away: Do not believe a word that Yahoo says. Ever. You may have difficulty imagining this, but Yahoo objected to having its press relations team called “lying sacks of shit.” And unlike the days of “Fake Steve Jobs,” they knew where to register their complaints – with Newsweek, owned by The Washington Post Co. According to AP, “After Yahoo complained, [Lyons’] bosses agreed his language wasn’t appropriate for a blog connected to Newsweek. … Lyons decided to remove the Brian Caulfield, writing for Forbes, thinks that if OS X 10.6 Snow Leopard is fast and stable that it will “endanger” Vista – it’s nice to see that the computer press’s inability to imagine a market with more than one player extends both ways, for after years of implications that Apple would disappear if it didn’t dominate the market, Caulfield is now suggesting Windows will disappear under the mighty crush of Apple’s less-than10%-worldwide market share Dan Moren had been working with VoodooPad files on his iDisk for a long time when a sync error wiped them out – and he was dismayed to find that neither MobileMe nor Time Machine had any archives of older versions, and also surprised that the MobileMe support representative recommended against using files that you “actively manipulate, such as a database,” from your iDisk (we admit that Apple’s iDisk sales pitch does not exactly say “it’s just like any other disk,” but it doesn’t discourage the idea, either) It’s hard to take any story about Apple’s security policy seriously, even on a site named “MacNewsWorld,” when it quotes both Rob Enderle and Roger Kay, names that reliably indicate the absence of factuality Given its long-time disinterest in factual Apple reporting, we’d say the same thing about The Register, but this perspective on the Mac’s upcoming 25th anniversary has credibility because it’s by former MacUser and MacAddict editor Rik Myslewski – smart move on The Register’s part, because its breathless and largely inaccurate rumormongering in the early Mac OS X days made sure the site has no Mac credibility on its own Another long-time Mac writer, David Blatner, shares the lessons he learned a few days after having his laptop, with “virtually [his] whole business and personal life” stolen, advising how you can protect yourself against such an event At Macsimum News, Dennis Sellers cops to being wrong that Apple would announce new consumer Mac products after holiday buying season orders had already been placed, but isn’t let that dampen his enthusiasm for predicting next quarter’s products and release dates The Mac Observer, in a strange move, is touting its upcoming “Editors Choice Awards” for the best products of 2008 by telling developers that they should submit their products and explain why the editors Kirk McElhearn, a recent fixture on the MacJournals-Talk mailing list, explains for Macworld.com how you can add network attached storage (NAS) devices to your home network if you need more shared storage, noting the drawbacks (“Copying to and from an NAS device is not lightning fast; generally, these devices work well with large files, but copying lots of small files can be a drag”) DigiTimes, the Taiwanese newspaper that covers the electronics contract manufacturing business and is regularly a source of speculation about Apple’s intentions from its passing on unsourced rumors from companies that may or may not be building Apple’s products, says that another Chineselanguage newspaper says that Apple’s “main OEM partners” report that Apple has reduced its outsourcing for building notebooks in the current quarter by 20% to 30%; despite the multiple levels of indirection and lack of any concrete sourcing or verification, this has already gained traction from people who would like to make it into more drama that sells papers, but giving DigiTimes’ record and the sourcing, we see no reason to take it seriously Shawn King, host and executive producer of Your Mac Life, was “at sea” this month, but this description is apparently about the MacMania 8 cruise and not the more colloquial definition of the term (which could also apply) Now writing weekly for the MacUser blog (which today transitions to part of the main Macworld.com site), The Macalope this week looks at frenzied reporting about the Mac Mini, whose death knell was started because Gizmodo knew a guy who knew a guy who says he heard something about it (sadly, that’s not really much of an exaggeration), plus MobileMe melodrama and the analyst follies 9 MWJ 2008.11.24 10 u 10 t 9 MWJ 2008.11.24 Expos is running it, but “Appleworld” isn’t gonna happen – Apple already has a trademarked name for “Apple”-related trade shows, last seen in the early 1990s for the Apple II: “AppleFest”) should choose them (have they not been reading the coverage on their own site?) Ziff-Davis, fresh out of Chapter 11 bankruptcy protection, is ending the printed version of PC Magazine with the January 2009 issue; the title becomes all-digital with PC Magazine Digital (which we imagine to be some combination of PDF and Flash, but copy-protected and less friendly), and of course pcmag.com continues at full strength Arik Hesseldahl of BusinessWeek’s “Byte of the Apple” blog finds himself beset by critics after he says that HP’s Touchsmart tx2 notebook beat Apple to the market with a multi-touch device, defending himself against criticism he won’t name (it’s from MacDailyNews, and they’re right, it’s easy to contact them) that Apple added multi-touch trackpads to its notebooks earlier in the year; Hesseldahl argues that HP’s notebook counts because it’s a multi-touch display, not a multi-touch input device Over at Macworld Labs, James Galbraith obtains a build-to-order 2.8GHz 15-inch MacBook Pro and puts it through the benchmark tests, finding “one lively laptop” that compares very slightly favorable to an eight-core 2.8GHz Mac Pro on three of nine tests but loses on the other six, still turning in quite respectable scores – 26% faster than the top-of-the-line build-to-order MacBook Pro of June 2007 PC World, not content with those benchmarks, uses Boot Camp and tests the new MacBook Pro (Late 2008) running Windows XP (and Vista) playing 2008-level games – and while the system wasn’t knockyour-socks-off gamer fast, it was “comfortable” and, compared to the MacBook Pro (2.4/2.2GHz) models, “a performance leap that’s certainly worth crowing about” Ted Landau wonders if it’s time to change the name of the annual trade show away from “Macworld” since it’s becoming more and more about non-Mac products from Apple (probably not as long as IDG World Philip Elmer-DeWitt of Fortune admits to being fascinated by shifting circles in the New York Times internet news We’re all used to the idea that the vast majority of spam comes from botnets – millions of hijacked computers on the Internet (usually, but not always, running versions of Windows with unpatched security holes or insufficient virus protection), silently doing malicious things in the background without the user’s knowledge. If these infected machines are not rooting around for personal information to send back to the infector, they’re sitting as zombies waiting to receive a command, such as a message to send as E-mail using a spam-sending program provided by the botnet owner. The benefit of a botnet is that the infected computers are hard to trace to the botnet owner: they’re distributed all over the world, in corporations and in homes, on cable modems and on big university pipes, with no specific pattern. Only one machine on your residence’s block, or in your workplace, may be infected – but if that’s replicated on every block or in every workplace, that’s millions of vicious puppets. Yet the command and control centers of these botnets are more centrally located than you might have believed. Since the IP addresses of the individual bots may change over time, the attacker loses contact with them unless the infected programs check in with the botnet’s command and control center. Therefore, much like the root DNS servers, those controlling computers have to be at fixed domain names, or at one of a fixed list of IP addresses. (You’d think that the infection programs would have a facility to obtain new command-and-control IP addresses, but to get them, they’d have to check in with the existing command-and- In other news on the spam front, the Adium X developers have released an optional Challenge-Response plug-in that hides messages from people who aren’t on your contact list until they answer a simple question that you provide (with the answer that you also provide) Researchers have found a slim exploitable vector in part of WPA, the standard that encrypts 802.11 wireless networking transmission; Glenn Fleishman has all of the details you could possibly want in this piece at Ars Technica, but there’s not much to do – it’s not a big attack, you should use AES encryption instead of TKIP if you can, you should use long random network keys, and not worry too much about it WebMonkey’s article about how OpenID is suffering because “users can’t figure out how it works” is good, and worth reading, but it suffers from a bit of irony when you read the Web page’s title and URL, where the period in the article title is spelled as “DOT” Ted Landau, writing for The Mac Observer, explains what unites Rick Warren, Hillary Clinton, and Dolly Parton in opposition to using unlicensed frequency for wireless data transfer: the devices would interfere with wireless microphones Of course Steve Ballmer said Microsoft would look at open-source HTML rendering engines like WebKit when asked about it – the alternative would have been dismissing it altogether, which would have driven the press even crazier than not dismissing it did More interesting news via Ars Technica: Google says that 0.238% of all Google users worldwide have IPv6 enabled and prefer it to IPv4, thanks largely to increased market share for IPv6-capable Mac OS X, especially in the US: “In fact, no less than 2.44% of Mac OS [X] users are IPv6capable, compared to 0.93% for Linux and 0.32% for Vista” Adam Engst explains one of the deep mysteries in the interaction between HTML rendering and VoiceOver after finding that the Take Control site did not correctly read the “Download E-book” button on the final screen for purchasers using screen readers 11 MWJ 2008.11.24 control computers. Like DNS, if your first server is down and you don’t have others, you’re not getting anywhere.) A single firm allegedly was hosting a huge number of botnet command and control centers, as well as Web sites for other illicit activity. The McColo Corporation, located in San Jose, CA, was cut off from the Internet two weeks ago by both of its major Internet service providers, as reported by TG Daily, the daily news component of the Tom’s Hardware site. The Register reports on the names of the providers who cut off McColo when presented with evidence of the activities at the company’s servers, and a few of the domain names that were no longer resolvable after McColo’s connection was severed. How big a difference could this make? According to SpamCop.net, pulling McColo’s plug resulted in an instant drop in measured Internet spam of anywhere from 10 to 40 fewer messages per second. SpamCop’s graph of the past month shows a steep decline in detected spam at the time McColo was taken off the Internet. Two weeks later, TG Daily reports, spam levels still haven’t recovered. Ars Technica said that McColo tried to use its previously negotiated backup provider (Sweden’s TeliaSonera) to get back up and running on Saturday – during the weekend, when security forces would be less likely to react quickly. But they did react quickly, and “that window slammed shut much more quickly than the Russian thieves anticipated.” Phil Hay of Marshal8e6 (a security firm) estimated that shutting down McColo eliminated 70% of the spam on the Internet. As Hay told TG Daily, “Only time will tell if these botnets recover. The key thing is that the IT security and law enforcement communities learn from [these] events as well.” 12 u MWJ 2008.11.24 12 t 11 For assistance in deciphering the deep mysteries of HTML and CSS, explore NewsGator’s list of “Incredibly Useful Bookmarklets for [Web] Developers" Google decided to use a custom browser plug-in (the supported, content-area kind, not the euphemistic “Input Manager” kind) rather than Adobe Flash to add video and audio conferencing to its free Gmail service, and while the features are a bit limited at present, it’s still a new line in the sand for free Web-based communications: competitors need to understand that if they want to challenge Gmail, they have to provide at least this level of functionality, and not just on Windows We collected this several days ago, but for an example of the kinds of things people are doing with Flash, check out Sprint’s Now Dashboard – this is Adobe’s line in the sand, saying to everyone, “If your browser platform can’t easily do this, you should be using Flash” (but can you even imagine how awful this would be on an iPhone, if Sprint cared since it doesn’t carry the iPhone in the US?) A very good reason to have installed this Security Update 2008-005 or later updates including it: IDG News says that according a worldwide survey of public DNS servers, more than 10% of them are still “trivially vulnerable” to DNS cache poisoning attacks fixed (on the server side) by that update (remember that the client-side resolver cache was not updated until Security Update 2008-006 or Mac OS X 10.5.5, MDJ 2008.10.14) If you had “MGM” in your office pool about which movie studio would be the first to take advantage of YouTube’s decision to allow full-length theatrical movies, you win own installer that downloads its malicious payloads. Intego found it on a porn site that presented an alert saying the browser encountered a “Video ActiveX Object Error” and that the user needed to “download and install missing Video ActiveX Object” to play the video. The firm (makers of antivirus software, so sometimes we find their threat warnings to be overstated) classified the risk as “medium.” The next day, Intego said that “reports … circulating about a new Mac ‘malware’ or ‘Trojan horse’” are not a serious threat, with a risk level of “very low.” The “OSX.TrojanKit.Malez” tool, also known as “OSX.Lamzev.A,” does install a backdoor in an application that can give a hacker remote control of the computer – but the tool does not provide a way to get the infected application onto the computer. Or, as Intego phrased it, “Unlike true malware and Trojan horses, OSX.TrojanKit. Malez requires that a hacker already have access to a Mac in order to install the code.” At Webmonkey, Scott Gilbertson wrote, “Yes, that’s right, there’s a new Mac virus lurking out there in the wild, but unless you’re incredibly stupid there’s no need to worry.” In Wired’s RSS feed, his article showed up with the title, “New Mac Virus Threatens Only the Weak-Minded.” It’s funny, particularly since the article conflates both of Intego’s memos, describing the name of the second one but the attack vector of the first one. Oops. (MacNN’s headline for the former threat was, “New Trojan threatens Macs with installer.” We can just picture that: “Stand back! I have an installer and I’ll open it! I swear I will!”) The folks at Open Door Software, publishers of Internet Security for your Macintosh, call Macworld’s new Mac Security Superguide “a well-done, thorough guide to general Macintosh security” that’s “more complementary than competitive” with Open Door’s own book Cnet News found that Microsoft’s latest “Patch Tuesday” update includes a fix for a Windows NT LAN Manager reflection security news Intego released news of two new threats last week, where by “two,” we (and they) mean “one.” On 2008.11.18, Intego noted a variant of the “RSPlug” Trojan horse that has its If under-aggressively fixing problems is an issue, being too protective can have its costs also: a flawed signature on a mid-November update to AVG Technologies’ anti-virus software accidentally marked Windows XP’s user32.dll file as a Trojan horse and quarantined or “healed” it, rendering the computer non-bootable (although it’s not an exact analogue, imagine a Mac OS X antivirus program removing or “healing” the loginwindow program and you’ve got a similar idea, except without loginwindow you could still boot into single-user mode) tips and tricks Would you like to use a Drobo for Time Machine backups? Data Robotics’ little box is still making waves: add your own SATA drives to the US$499 Drobo and have instant “BeyondRaid” storage with data pro- MWJ 2008.11.24 We’ve noted before (most recently in a tweet) that MWJ doesn’t normally author “tips and tricks” because they don’t quite compute with us the way they do with normal people. A tip is basically an easier way to do something, but we never know that other people are doing things the hard way until we see it happen or we’re told about it. Something you already know is “basic knowledge,” while something you didn’t know is a “tip.” It’s not that they’re not useful – we’re just bad at predicting what people do and don’t know, and therefore we come off a bit pedantic at times. It takes the fun out of it for everyone involved. We were therefore surprised and delighted when we actually knew more about Cyrus Farivar’s Thursday Tip at MacUser two weeks ago. Echoing a post from Lifehacker, Farivar listed a series of “hitherto unknown-to-me” keyboard shortcuts using the Control key. Control, you say? That’s right – Farivar left out the magic word from the Lifehacker post (where it wasn’t emphasized greatly): Emacs. The classic Unix text editor, half of the eternal “vi vs. Emacs” wars of the 1980s, used Control-key equivalents for all its 13 commands, as did all computer editors of the time. (It’s only in fairly recent history that non-ASCII keys on a keyboard generate there own unique values – in terminal emulation and Apple II days, Left Arrow generated Control-H, Return generated Control-M, among others.) Since Mac OS X is based on OpenStep, which was based on nextstep, which was openly built upon Unix, the original authors brought in the default Emacs keyboard commands as well, and they work in all Cocoa-provided text fields. Those include the fields in Safari, for example, but not in iTunes (as of 8.0.2). If you don’t know about these, it’s because you never used Emacs and never thought to try them. A seven-year-old entry at Mac OS X Hints explains how to add Emacs meta key bindings to Mac OS X, referring you to a sample Key Bindings file you can install, and pointing you to gnufoo.org for more information. In his book Mac OS X Power Tools, Farivar’s colleague Dan Frakes noted that you can see all of those Emacs-style key commands by typing the command “bindkey” on the command line. Again, they may not be a big deal to you if you weren’t weaned on Emacs, but a few of them are reasonably useful. Control-K for “cut” and Control-Y for “paste” use a scrap that’s completely separate from the clipboard, so they don’t replace what’s on the clipboard when you use them. Also, Control-T to transpose the two characters on either side of the insertion point and reposition it one character forward (or transpose the last two characters, if the insertion point is at the end of a line) can be quite useful – if you remember it, and if you happen to be in a Cocoa text field. We eagerly await angry demands for a Control key on the iPhone keyboard so people can use these shortcuts there as well. vulnerability in SMB that was first discovered in 2000 – “That means a known security vulnerability related to a Microsoft authentication protocol sat on your Windows box for more than seven years, waiting for Microsoft to get around to fixing it” 14 u MWJ 2008.11.24 14 t 13 tection, striping, quick recovery, and all that fun stuff – with minimal setup and capabilities that do-it-yourself RAID implementations often lack, such as the ability to use drives of different sizes. While there’s absolutely no problem using a Drobo as a directly connected backup drive for Time Machine, you might want to get a little bit creative. Drobo lets you add more drives to a running device and, when it can integrate them, it makes the size of the drive “bigger.” You might want your Time Machine backup to get bigger, too, and it will – as long as you’re using all of the Drobo as your Time Machine backup volume, as Apple normally recommends (and Time Machine implements by default). If you partition a Drobo so that part of it is always reserved for Time Machine and the rest is free for other use, then adding storage to the Drobo later won’t increase the storage available to Time Machine. Eric Barzeski explored the issue this month, sharing his findings that in many cases, using Disk Utility to perform live resizing of a Drobo Time Machine partition worked just fine. That would let you partition a Drobo, then later add storage, and then afterwards increase the Time Machine partition size. Naturally, he shared this find. And what a fuss it started! First, what Barzeski described is explicitly not supported by Data Robotics. A Drobo is not a “simple” RAID implementation: the firmware on the device splits your virtual “volume” across all available drives, much like ZFS does (MWJ 2007.06.11), so not all of the drives’ capacity is available for data storage. Yet, as noted in that ZFS examination last year, most operating systems don’t have a built-in capacity for a volume to change size: Mac OS X really does not expect a 1TB hard disk to be anything other than 1TB as long as it’s mounted. Therefore, as Barzeski put it, “the Drobo, like virtually all expandable massstorage devices, ‘lies’ to the computer about its disk size.” You can have the Drobo tell the computer that it’s a 16TB drive even if you only have 500GB of storage in it, because Drobo expects you to add more drives if you run out of space. It reports the capacity you tell it to report, and starts slowing down and returning errors if you exceed your actual storage. This left him unsatisfied with its use in Time Machine. Apple’s backup solution automatically removes older files from backups when the disk is full, but Drobo doesn’t know that, and starts blinking its yellow lights when the disks get full, wanting a bigger drive or an extra drive. Barzeski wanted to avoid that by partitioning Drobo so that Time Machine would never fill it up. That works fine. It’s the “live resizing” that doesn’t work – Data Robotics does not support it, and warns that resizing a Drobo partition may result in erasing the partition even when Disk Utility says it will not. Therefore, if you ever increase the storage in the Drobo, you can’t necessarily increase your Time Machine partition to grow with it – and if you try, you may lose all your backups. To his great credit, Barzeski got massive feedback against this idea after posting it, and went back and “drastically changed the content” of his article to reflect better ways to accomplish the same goal – including creating a sparse disk image on the Drobo that Time Machine can use automatically, the exact strategy used on Time Capsule (which is really just an AFP server in an AirPort Base Station). He points both to Automator scripts and command-line instructions for doing it yourself, and it’s safe, supported, and easy to do. Since the Drobo is a plug-and-play device, the OS knows nothing about how it manages all the drives it contains. It just looks like a block device to the operating system, and the file systems are managed by the normal file system code (meaning HFS Plus for Leopard). When Barzeski resized his partitions, the OS rewrote the partition map to include more space for the partition, and then started adjusting the fixed volume structures (like the volume bitmap) to accommodate the new size. There aren’t many of these fixed-sizeper-volume structures in HFS Plus, but there are a few, and they have to be in a cer- You won’t find a simpler explanation of the difference between “Quartz Extreme” and “Quartz GL” than this one from Apple DTS engineer David Duncan, slightly modified: 15 “Quartz GL causes window contents to be rendered using OpenGL rather than the window being composited in software and then uploaded as a texture (which is what Quartz Extreme does).” Apple’s KnowledgeBase article explaining how to keep your hard disk data confidential when getting your computer repaired ignores one problem – if the disk is too damaged, you can’t back it up or securely erase the drive, perhaps leaving “removing it” as your only way to retain control of the data Mac OS X Hints explains how to replace a file attached to an iCal event with an alias to the original file, so that any changes made to the original file show up in the iCal attachment (but if iCal ever starts syncing those attachments to other computers, the alias file copied to other machines won’t do you any good) Adobe Fireworks CS3 and CS4 have different vector rendering engines, but the newer product includes for compatibility’s sake, and Fireworks engineer Sarthak Singhal provides scripts to toggle between the two renderers for selected objects, noting that the major difference would be “a one-pixel anti-aliasing added to vector objects for some objects” At Macworld, Chris Breen recommends the €15 HoudahSpot 2 utility as a replacement for “smart folders” in Mac OS X 10.5 when you want to search in some places but not others, since Leopard removed this capability from Smart Folders Breen also explains how to use lots of signatures in Mail, and have Mail alternate between all you’ve chosen, either in sequence or at random Elsewhere at Macworld, Rob Griffiths finds new keyboard shortcuts for setting the sizes of thumbnails in iPhoto ’08 Don’t like the Data Detectors in Mac OS X 10.5’s Mail application? Rob Griffiths shows MWJ 2008.11.24 tain place on the disk. If the blocks needed to grow those structures are already in use, Disk Utility has to relocate their data to a new spot on the disk, and update the extent records for the files that own those extents. If it can’t do that, it can’t “live resize” the partition: it can only erase the partition and write the new structures where they’re supposed to go. All the OS does is request the right block from the hard drive. The Drobo responds to that by figuring out which drives, of all those installed in the device, actually contains that logical block of data. Since the Drobo is not necessarily telling the truth about the device’s capacity, there’s a possibility that the live resizing code will try to use what it thinks is “free” disk space when that space doesn’t actually exist (for example, you’ve told Drobo to say it’s a 2TB volume when you only have 1TB of drives installed). In those cases, it appears that Drobo tries to do its best to shuffle everything around and fulfill all requests for disk space, but it may not be able to do that. That’s when you get unpredictable results, like what Barzeski calls “slows to a crawl” mode (when Drobo runs low on space), or perhaps erased partitions from Disk Utility due to unexpected errors. So while it’s all an interesting exercise and everyone learned a lot, it’s not the best idea: live resizing a Drobo partition will probably work, but not definitely, and you can’t exactly predict when it will fail. If you need resizable volumes on a Drobo, use sparse disk images – Barzeski has all the details you need not just to make one, but to make one that Time Machine will use. Sparse disk images can grow to use available disk space, so adding more space to Drobo increases the disk space available to Time Machine, but within the limits you specify when you create the disk image. Everybody wins! 16 u 16 t 15 MWJ 2008.11.24 requires an Intel chip, so the modifier may have been superfluous) how to turn them off via a hidden preference, changeable on the command line At Macworld-owned Mac OS X Hints, Griffiths reminds readers that adding the hidden “Debug” menu to Mac OS X 10.5’s version of iCal provides you with a “New Calendar Window” item that does exactly what it says – meaning that you can have multiple events open for editing at the same time, one in each window If you’re having AirPort connection trouble after installing AirPort Update 2008-004, MacFixIt suggests using AirPort Admin Utility to choose a new wireless channel for the Base Station Although it probably wouldn’t have crossed our minds to try to run a MacBook or MacBook Pro without the battery installed, except for brief periods while changing said battery, GearLog reports that doing so drops the performance by about 37% – not really surprising for a system designed around said battery and keeping it charged, but still useful to know MacCyclopedia wants to delve into WideArea Bonjour at some point, but until then, The Apple Blog discusses the US$30 ShareTool, a utility that you use at both ends of a long-distance (non-LAN) connection to have access to all the Bonjour services you want from anywhere on the Internet, even having automatic Bonjour service discovery work over VPN And in a story involving toddlers and hugtackles with an unfortunate PowerBookto-ground incident, Griffiths discovers that a kernel panic upon boot, and the error “ALLOC-MEM request too big!” in Open Firmware, really means “Your AirPort card has become loose” It’s not an all-Griffiths show: Friday at Mac OS X Hints, Kirk McElhearn finds that you can use the Keyboard Shortcuts tab in the Keyboard & Mouse preference pane to apply keyboard shortcuts to Mail’s dropdown menus, including outgoing mail account, outbound server, and signature At “The Apple Blog,” which is neither “the” blog about Apple nor a blog from Apple (how can you adopt a three-word name and get two of them wrong?), Tom Reetsman points to Apple’s wealth of free resources for its products and services, including free online seminars for most of the company’s professional products In case you missed the drama earlier this year, this brief Apple KnowledgeBase article explicitly states that Time Machine does not support backing up to an AirPort Disk (a USB hard drive attached to an AirPort Extreme Base Station), but does support backing up to hard drives inside of or connected to a Time Capsule device In Apple’s annals of “not supported” things that we didn’t know: “Boot Camp is not supported for use on Intel-equipped Xserves” (it’s not supported on PowerPCbased Xserve units either, since Boot Camp what a deal! the third edition of the Give Good Food to Your Mac promotion is currently underway. The “kitchen” opened on 2008.11.17 and remains so for three weeks. Organized by Aquafadas, makers of PulpMotion and BannerZest, the promotional idea is simple and flexible: build your own bundle from a list that currently includes more than five dozen applications. When you add three applications to your cart, you get a 20% discount on all of them. Make it four and it jumps to 30%, and for five or more applications, you get 50% off the total. Applications we note on the list include DEVONagent and DEVONthink Personal Edition (though we say DEVONthink Pro Office is the version you need for real shot at a paperless office), DiscLabel, the aforementioned HoudahSpot, MacPilot 3, RapidWeaver, the aforementioned ShareTool, SyncMate, You Control: Desktops, and even Toon Boom Studio (priced, before discounts, at US$400 – so if you’re in the market for Toon Boom Studio, it only makes sense to get it at Give Good Food to Your Mac and a few other utilities and still save about US$100). Other promotions shall certainly arrive as the holiday season begins, but this one’s here now and is worth a look. Our friends at TidBITS Electronic Publishing are offering their only cookbook, Joe Kissell’s US$10 Take Control of Thanksgiving Dinner, free through 2008.11.27 (US Thanksgiving Day) with the purchase of any other Take Control electronic book Other World Computing is offering rebates of US$20 to US$120 on some bundles featuring Hitachi hard drives, including everything from bare drives to rackmount 4TB RAID 0 arrays with FireWire 800 and USB 2.0 OWC also offers Prosoft’s Drive Genius 2.1, normally US$99, for US$50 when purchased with US$100 with of OWC or NewerTech hard drives, US$30 if on a US$100 to US$200 order, and for US$20 if you buy more than US$200 worth of eligible products Microsoft is offering the Microsoft Office 2008 for Mac Special Media Edition (that’s the one that includes Microsoft Expression Media, the digital asset organizer formerly known as iView) for “up to 50% off ” through 2009.01.10, but prices at outlets like Amazon.com have the package for US$180 (suggested retail price: US$500) and the upgrade from previous Office versions for US$110 (suggested retail price: US$300) Rob Griffiths (that guy is everywhere!) shares his experiences purchasing a refurbished computer from Apple’s Special Deals online Web store, finding real deals on refurbished equipment that came in plain brown packaging but in perfect condition, with Apple’s standard warranty but at significant savings – he went there to find a other macintosh news Ars Technica seems to have the lead on the story that the new MacBook Pro (Late 2008) models with DisplayPort 1.2 (an as-yetunreleased standard) include DisplayPort Content Protection as well, and iTunes uses it. DPCP is the DisplayPort superset of HDCP, and transmits protected content in encrypted form over the cables to the display or other viewing device. The point is to disallow you adding an unauthorized digital or analog device into the mix and making an unauthorized copy of the content – especially a pixel-perfect high-definition copy. Devices that support DHCP (and now, DPCP) usually refuse to play protected content on any device that doesn’t support the same protection protocol. You’re not limited to a given number of DHCP or DPCP devices, and you don’t have to “authorize” them to make them work like computers for iTunes purchased content: they just all have to support the standard in question so that the content is encrypted and can’t be intercepted for other purposes. The first catch, among many, is that iTunes has apparently been selling video marked with a tag to require DHCP or DPCP on systems that have those capabilities, and Apple didn’t bother to tell anyone. This has led to unpleasant surprises for new MacBook owners, who suddenly find that even their expensive 30-inch Cinema HD displays from Apple can’t play their legally purchased high-definition content from the iTunes Store. With echoes of the secret Safari 3.2 transmissions (see elsewhere in this issue), Cnet News notes a forum posting alleging a familiar problem: Apple did not update the iTunes Store Terms of Service to tell customers that their legally purchased content would no longer play on their legally purchased displays. Those terms were last updated on 2008.11.12, but the relevant MWJ 2008.11.24 17 matte-screen MacBook Pro, now that glossy is the one and only way, but he notes several other deals (and the rapidly changing nature of the store’s offerings) 18 u 18 t 17 (xv) HDMI. An HDCP connection is required in order to view movies (purchased or rented) and TV shows transmitted over HDMI. MWJ 2008.11.24 works fine for a company that’s on the rise, but when something breaks the wrong way and Apple needs a sympathetic hearing from press and customers, you have to wonder if the company will get it this time. section appears to be the “Usage Rules” in section 9(b). Even back in the 2008.02.06 version of the Terms of Service, the same clause was present in a different location: In the current terms, the same section is numbered “(xvi),” because Apple inserted a new section “(xiv)” explaining that you may manually sync purchased or rented movies to “at least one” device that has manual sync mode, replacing and expanding on a rule about syncing movies to iPods. The part that Apple apparently believes it had disclosed, and that customers think was not disclosed, is that DisplayPort counts as an HDMI interface, so any DisplayPort connection requires the DPCP for purchased or rented movies (even though some people have found some older movies that play over displays without DPCP or HDCP). The second catch is that since you can drag windows across monitors while they play movies, iTunes does not allow you to play these protected movies at all if a nonDHCP or non-DPCP display is even connected to the system. If you purchased a new MacBook or MacBook Pro with the intent of using it solely with an external display, you’re hosed with iTunes Store content protected in this fashion: it will not play at all until you disconnect all older displays (like the aforementioned 30-inch Cinema HD). This is the same kind of problem we’ve been noting with Apple: not telling customers what may be bad news and hoping no one notices – or, that when the news breaks, it’s contained enough to avoid uncomfortable questions. So far, the company’s policy on dealing with it remains the same: put the fingers in the ears and shout, “la la la, we can’t hear you!” (Or, as Cnet’s Elinor Mills more politely put it, “What does Apple have to say for itself? We don’t know and likely won’t. Apple representatives did not return repeated phone calls and e-mails seeking comment over two days.”) Such a strategy The 1394 Trade Association (that’s the FireWire industry group, named after FireWire’s standard name, IEEE 1394b) says that FireWire is alive and well, despite Apple’s decision to omit FireWire ports from the MacBook (13-inch, Aluminum, Late 2008) models. This created a lot of Sturm und Drang in the community, because it’s the first consumer notebook since the original iBook not to offer FireWire. That naturally led to lots of “FireWire is dead” speculation – not that the press objected, since any drama about Apple is money in their pockets. As with the 2005 decision to omit FireWire from iPods (MWJ 2005.12.17), we think this is overblown, and said so on the subscribers-only MacJournals-Talk mailing list. Apple had already signaled during its July conference call with analysts that it would be introducing a new product with significantly lower margins, and while it didn’t land in the September quarter, we now know that product to be the new “unibody” MacBook line. We know these machines are more expensive to produce at their sales prices than previous models. On notebooks, peripheral expansion buses like USB are typically handled by the chipset – the supporting chips working with the microprocessor to make a complete computer. It’s not like it was 10 or 20 years ago, where every connection required its own separate controller. Today, the system controller is responsible for most of the work – not just moving memory in and out of RAM, but also providing PCI, USB, audio, and more. The key engineering decision in the MacBook (13-inch, Aluminum, Late 2008) line was to use the Nvidia GeForce 9400M chip, because it’s both a GPU and a system controller in a single package. We find it extremely unlikely that this chip, designed to provide lots of power at low cost, includes 19 the theoretical performance of the specification: 5Gb per second. In fact, real world rates may be on par with FireWire 1600, even though that’s rated at only 1.6Gbps. It might be closer to the just-approved FireWire 3200, though. It’s hard to tell without real devices in actual tests. USB 3.0 controllers won’t ship until the second half of 2009, and consumer products probably won’t appear until 2010, according to the USB Implementers Forum. Until then, everyone’s touting speeds from a Microsoft Windows hardware developer conference (WinHEC) presentation earlier this month – not a live test, mind you, but a slide – that said copying a 25GB HD movie took 9.3 hours under USB 1.0, 13.9 minutes under USB 2.0, and 70 seconds under USB 3.0. That’s nearly a twelvefold improvement, but it’s due in part to eliminating some USB 2.0 inefficiencies. If you multiply USB 2.0’s theoretical top speed of 480Mbps by that twelvefold factor, you get over 5.7Gbps – faster than USB 3.0’s theoretical top speed. Either the new protocols are making better use of the wires, or the USB 2.0 bus wasn’t as optimized as the USB 3.0 bus was during the test. Nonetheless, the absence of FireWire on low-end models doesn’t mean it’s going anywhere in general, but the addition of USB 3.0 in the next year and a half definitely adds pressure to PC makers to justify including FireWire when USB 3.0 will outpace both FireWire 400 and 800 at lower cost. Either FireWire costs come down, or FireWire 1600 and 3200 become “professional” features – but FireWire is not going away. Apple’s Jordan Hubbard presented on the evolution of Mac OS X at LISA ’08, the Large Installation System Administration conference, and his sixth slide (publicly available) about release dates said that OS X 10.6 Snow Leopard has a release date of “Q1 2009” The Onion, America’s Finest News Source, offers an Infographic comparing OS X 10.6 Snow Leopard to Windows 7 MWJ 2008.11.24 FireWire capabilities because most low-end PCs don’t offer FireWire, and haven’t ever since Intel kneecapped the idea ten years ago in favor of the USB standard that Intel could make totally free. If FireWire isn’t built into the chipset, Apple would have to add a FireWire controller and physical layer to the logic board, at extra cost. It took that step for the MacBook Pro line, providing a FireWire 800 port (but no FireWire 400 ports, since all you need is an adapter cable to use any FireWire device on any FireWire bus). For the lower-end MacBook models, not intended for professional or “prosumer” use, they left it out. It creates real problems for people using MacBooks more seriously, as USB’s requirement of one device at the root of the tree means that there is no “USB Target Disk Mode” on the new machines. It also leaves people with camcorders out in the cold, because most DV camcorders have FireWire connections (usually only FireWire 100, believe it or not, because that’s all you need for real-time DV streaming) but only newer ones have USB 2.0 connections. We would imagine that if costs come down and Apple can provide the extra features at the same margins later, you’ll see FireWire returning to the MacBook. On the other hand, if Apple has the opportunity to create a great new consumer desktop machine using similar techniques, we wouldn’t be shocked (surprised, but not shocked) to see FireWire missing from a future iMac or equivalent model. It’s all about cost, and Intel’s relentless drive to make USB the standard means USB is cheaper and omnipresent. That’s unlikely to change with this month’s release of the USB 3.0, or “SuperSpeed USB,” specification. One thing conspicuous by its absence in the specification’s press release: speed claims, other than “significant … performance enhancements.” The bus protocol overhead, and the signal degradation problems inherent in backwards compatibility (USB 3.0 is essentially “SuperSpeed” and USB 2.0 running in parallel, at the same time, over the same cable) mean that consumers won’t see 20 u MWJ 2008.11.24 20 t 19 The Apple Blog notes that Apple’s Mini DisplayPort to Dual-Link DVI adapter, necessary for the new MacBook (13-inch, Aluminum, Late 2008) models to drive 30inch Cinema HD displays, is listed as shipping in “4-5 weeks” from the Apple Store At the SC08 conference in Austin, TX, last week, attendees celebrated the completion of the OpenCL specification for the C-like programming language, scheduled for OS X 10.6 Snow Leopard, which allows programs to run either on a CPU or on a compatible GPU at the discretion of the implementation, letting you take full advantage of both multiple CPU cores and untapped GPU power (this is just the specification, but it’s extremely rare for such a spec to be done so fast, and before the first implementation is released in a pre-emptive attempt to define it – and eyebrows shall certainly raise upon news that Apple is attempting to trademark the name OpenCL) “Macsimum iPhone Video” (an odd name, since as Flash video, it’s not actually playable on an iPhone – yes, we tried) explains how to disassemble the MacBook Pro (Late 2008) and install new RAM in about 15 minutes In another one of those technology breakthroughs that makes you wonder about electronics in a few years, South Korean researchers have replaced graphite in the negative electrode of lithium-ion batteries with porous silicon particles (because nonporous silicon expands when it contacts lithium), extending the battery life as much as eight times what it is in today’s lithiumion batteries developer news We don’t want to let the iPhone take over this publication like it seems to do everywhere else, but we think the recent discussion about whether or not Google is using undocumented APIs in its iPhone application deserves some clarification. John Gruber started the ball rolling by pointing out that Google’s new voice-enabled search disables the touch-sensitive screen when you lift the phone to your ear, just like the Phone application does when you’re, you know, using it like a phone. The proximity sensor that makes this work is not a public API, and section 3.3.1 of the current iPhone SDK Agreement says, “Applications may only use Published APIs in the manner prescribed by Apple and must not use or call any unpublished or private APIs.” At Ars Technica, iPhone guru Erica Sadun responds that, as with Mac OS X, there are different levels of “private” APIs. Linking to private frameworks is a very bad idea on “OS X,” no matter whether it’s on the iPhone or on a Mac. They’re for Apple’s use, and they’re not guaranteed to remain the same or even exist in the very next software update. What Google is doing, Sadun says, is calling an undocumented public API – a routine that’s in a public framework but not documented by Apple. This is a lot more common than you’d think. As Sadun phrases it, “The App Store is absolutely littered with unpublished APIs.” So is the “/Applications” folder on your computer – developers who decide they need (or sometimes, just want) access to an undocumented system feature often roll the dice and use undocumented APIs. The question, however, should not be whether Google’s use of the proximity sensor is “Sauron” level evil or “a minor jaywalking.” The issue is consistency, and hypocrisy. Apple has blocked more than one application in the App Store for “violating the iPhone SDK Agreement.” And yet when Google made a big press splash about its new voice-activated iPhone application, Apple let it through the App Store. Apple is free to offer Google separate SDK terms than it does to everyone else, and that may have happened, since the two companies are close partners in a wide variety of initiatives. Apple is free to poach features from its third-party developers, as it always has, and as it appears to have done in denying sales of Podcaster so it could incorporate the same download-podcasts-now feature in the iPhone and iPod Touch 2.2 software, available today. And other applications that use unpublished APIs are in the store: we can name another iPhone application that uses the proximity sensor, but we won’t, because we don’t want anyone vindictive at Apple to remove the application out of spite. But developers are also trying to earn money and make a living. If Apple is going to block their work from being sold at all for nebulous “violations” of the iPhone SDK Agreement, the company owes all developers clear explanations of exactly what does and does not violate those terms. If Google can do it, why can’t anyone else? If more companies than Google can do it, why were some developers blocked after their applications were finished, prohibiting them from selling their work in the only allowed method? As noted elsewhere in this issue, a company on the rise can get away with hubris like this (at times) without difficulty. When times get tougher, those companies rely on the goodwill of customers and developers who are highly invested in the company’s products. Apple is burning through that goodwill like it was heating oil at the South Pole, and like heating oil, there really isn’t an endless supply. Customers often forgive; developers have long, accurate memories. 21 MWJ 2008.11.24 Open Radar is the latest third-party attempt to settle another long-time developer problem with Apple: the company’s bug reporting system, Radar, is closed to anyone outside the company. The old “Roach Motel” slogan comes to mind: bugs check in, but they don’t check out. Developers can submit bugs, and get limited information back on the status of the bugs they file, but that’s it. Isn’t that enough? Often not: developers want to know if Apple already knows about the bug, because that way they could simply add their information (and urgency) to it, rather than file a completely separate bug report and wait for someone at Apple to merge them together. Bugs get “closed” without explanation, so developers don’t know what happened to their problems, especially when the status is “works correct- ly.” The bug gets fixed or it doesn’t, but either way, you’re unlikely to ever know what happened. Developer Tim Burks put Open Radar together using Google App Engine in an attempt to let developers build their own parallel version of Radar. Apple often tells developers, truthfully, that Radar can’t be opened to the public because the bug reports contain confidential information. If you’re reporting a bug in Snow Leopard for a new and unannounced program you hope to debut at Macworld Expo to huge surprise, you don’t want it to show up on AppleInsider three months ahead of time because someone figured out that reading the bug database was a good idea. Burks writes, “OK, but if there were a way for me to check a box to allow public disclosure of my submissions, I’d almost always be willing to do that.” So would other developers – but that’s only half the problem. The Radar information they don’t see includes Apple engineers diagnosing and trying to fix the problem. We haven’t seen an actual Radar bug from the inside in about 15 years, but the discussions were open and freewheeling. They include explicit references to proprietary techniques and sometimes the code itself, talk about other Apple projects that may not be announced (or that may never see the light of day in the form described in the bug report), and insulting references to other Apple engineers and especially to developers. Yes. Sorry, developers, but some of your bugs are stupid, and you all know it – you just hope that the stupid ones come from other people, but you know there are some stupid bug reports. Resolutions of these bugs in Radar, at least a long time ago, used to include such recognition. It also wasn’t uncommon for engineers to note that they weren’t going to take very complicated and rare bugs seriously when they came from developers with a history of breaking the rules and hoping everything worked out the right way. A favorite example from the Apple IIgs days came from a developer that had prob- 22 u MWJ 2008.11.24 22 t 21 lems with the desktop computer’s graphical toolbox – the human interface routines weren’t working correctly. They had to be started in a particular order, and he wasn’t doing that. Apple corrected his code and sent it back to him. The developer replied, “Thanks, but I don’t want to start them in that order. I want to start them in this order, and the system crashes when I do, and that’s a bug.” Well … no, it’s not. If you want to back a car out of a driveway, you have to do a few things: start the car, put your foot on the brake, put the car in reverse, release the brake so the car moves, put your foot back on the brake, put the car in drive, release the brake, and step on the gas. You can rearrange some of these steps if you like (such as putting your foot on the brake before starting the car), but if you try to rearrange too many of them, you won’t go anywhere – or if you put the car in gear before you have your foot on the brake, you’re going to do just what this developer’s code did: crash. That’s not a mistake in the implementation of the car. The question is not just what information developers are willing to share, but also what information Apple is willing to release, and how much effort the company is willing to take to sanitize its own implementation discussions at every level so that if AppleInsider reads them, there won’t be any disasters. That’s all aside from Apple’s other psychosis of pretending there aren’t any bugs so it doesn’t have to document when they’re fixed, but it’s not as simple as developers willing to disclose their own bugs. Programmer Peter Hosey, who’s written parts of Adium and Growl, attempts to explain the public but undocumented OSAKit framework for accessing the Open Scripting Architecture from Cocoa Macworld explains how developers exhibiting at Macworld Expo San Francisco 2009 can submit their products for consideration for the “Best of Show” awards Bill Bumgarner notes that Apple has released the source code to AutoZone, the Objective-C garbage collector in Mac OS X 10.5, part of the Objective-C 2.0 specification, but says it is “actually a fairly generic scanning, conservative, generational, multithreaded, language agnostic collector” that’s also used by MacRuby Programmer Matt Gallagher demonstrates a technique for using NSDictionary to eliminate state-based conditionals from your code by keeping an array of objects to maintain that state instead Gallagher also explains how to use singletons, application delegates, and top-level data instead of the traditional “global variables” in your well-written Cocoa application Tim Wood of OmniGroup shows how to create a superclass of CALayer in case you want Core Animation to animate layers whose content changes during the animation Brent Simmons’ advice to would-be independent developers is short and effective, but after we got restarted, we’d forgotten that the time it takes to read his advice is approximately how much sleep indie developers get each night, too Brandon Walkin has released BWToolkit, an Interface Builder 3 plug-in (under the BSD license) that allows drag-and-drop implementation of common modern UI elements such as tabbed sheets, transparent controls, preferences windows, button bars, “and more” Michael Tsai’s comments on Cathy Shive’s KTUIKit with a basic layout manager class seems as smart as anything we’d say about it, so read it and the comments (and chime in if you like) Nick Bradbury, author of FeedDemon (the Windows analogue to NetNewsWire) says that after adding automatic error reporting to the application, he discovered that “the top three most common problems were 23 never reported in our support forums,” adding, “If I [hadn’t] add[ed] error-reporting to FeedDemon, it’s possible that I’d never have known about these bugs” business news the papermaster chase ibm and apple tangle over executives Nothing sells papers (or Web page impressions) like drama, and Apple Inc. has unexpectedly created some with a shakeup in the executive ranks that doesn’t involve Steve Jobs or rumors about his health, clothing, parking spot, dietary habits, or vocabulary. While the saga provides interesting peeks into the executive suites in East Fishkill and Cupertino, there’s not as much drama as the papers would like you to believe. the story so far On November 3, 2008, Tony Fadell, Senior Vice President, iPod Division of the Company became Special Advisor to the Company’s Chief Executive Officer. In this new position, Mr. Fadell no longer will be an executive officer of the Company. In connection therewith, Mr. Fadell and the Company have entered into a Transition Agreement and a Settlement Agreement and Release (the “Transition Agreement” and the “Settlement Agreement,” respectively), under which Mr. Fadell will receive a salary of three hundred thousand dollars annually, and will be entitled to bonus and other health and welfare benefits generally available to other senior managers for the duration of the Transition Agreement, which remains in effect until March 24, 2010. The Transition Agreement also provides for the cancellation of outstanding and unvested 155,000 restricted stock units held by Mr. Fadell. Upon approval by the Compensation Committee of the Company’s Board of Directors, Mr. Fadell will be granted 77,500 restricted stock units that will vest in full on March 24, 2010, subject to his continued employment with the Company through the vesting date and MWJ 2008.11.24 Earlier this year, Apple thought about hiring Mark Papermaster, IBM’s VP of Blade [Server] Development. Papermaster was a college classmate of Bob Mansfield, who used to work at IBM but is now Apple’s senior VP of Mac hardware development. Papermaster is, according to IBM, the company’s top expert in the POWER architecture that, nearly two decades ago, became the basis for the PowerPC architecture shared between Apple, IBM, and Motorola. (That part of Motorola is now Freescale Semiconductor, in case you didn’t update your scorecards.) According to Philip Elmer-DeWitt’s chronology (and he’s so excited by the drama), Apple was interested in hiring Papermaster for “an unnamed ‘senior leadership position’ involving product development in consumer electronics.” Such a position would have had nothing at all to do with his work at IBM, so there would have been no problem with trade secrets or working for competitors or any of that. But “a few weeks” after Papermaster met with Steve Jobs, the company told Papermaster that the job was no longer open. He was offered a lower-level executive position, but Papermaster, who at that time had been with IBM for over a quarter of a century, declined such a move. In September (or so it seemed), Tony Fadell told Apple that he and his wife (a VP of human resources at Apple) were stepping back to spend more time with their family. This became public knowledge on 2008.11.04 (when most of the US was distracted by this little election thing) when Apple filed its annual 10-K report with the US Securities and Exchange Commission. Item 9B on page 91 says, in its entirety: 24 u MWJ 2008.11.24 24 t 23 further subject to accelerated vesting if the Company terminates his employment without cause. The restricted stock units are payable upon vesting in shares of the Company’s common stock on a one-for-one basis. The Settlement Agreement includes Mr. Fadell’s release of claims against the Company and agreement not to solicit the Company’s employees for one year following the termination of his employment. Some of you know that MDJ’s founders and early testers were among those who helped turn out the lights on the Apple II division at Apple back in the early 1990s. Back then, Tony Fadell was a college student enthusiastically working on Apple II hardware and software projects (MWJ 2004.05.26). If you’ve read the biographical articles about how his turbulent times at Philips, you would call this the “before he was sane” period. We’re not going to pretend that we’ve been in contact with Fadell in years, but everything we know about the younger Fadell, and everything we know about watching Apple’s executive movements for well over a decade, combined to give us absolutely no reason to doubt the story of his departure. The agreement keeps him from competing with Apple for a year and a half (and rewards him for not competing), and prohibits him from soliciting Apple employees for a year after that. Apple is making the kinds of products Fadell has always championed, and they’re doing it with market-crushing aplomb. If Fadell really is restless, then what he has in mind simply wouldn’t fit within Apple’s strategy at all, but he also wouldn’t accept a salary to “advise” Steve Jobs if he intended to pursue other projects. But more importantly, after the insanity of the past decade, the man deserves some time off with his family. It’s been seven years since Apple released the first iPod. It’s hard to even imagine the kind of effort that division has pulled off in that timeframe, from “it’s too expensive and no one will buy it” to dominating the world music player market and reinventing the product at least three times. Fadell’s employment agreement ends on 2010.03.24, and we originally suspected that date was a year and a half after he told Steve Jobs he wanted to step down. Apple had to find a new executive to lead the iPod and iPhone division, and that person had to fit in with Apple, be extremely talented, and know enough about hardware engineering to understand the problems and solutions of building powerful handheld battery-powered devices. Apple thought of Papermaster again, despite his work with servers over the years. Papermaster interviewed with Jobs and with the iPod team in Cupertino, and on 2008.10.10 (a Friday), Jobs made Papermaster a “once in a lifetime” offer to head Apple’s iPod and iPhone division – a title whose significance we originally missed (more on that later). On the following Monday, Papermaster told his bosses at IBM that he intended to take the job in Cupertino. There was, however, a small complication since Papermaster’s February experience with Jobs. In April, Apple purchased PA Semi, a maker of custom PowerPC chips. You may recall the speculation at the time that Apple was going to build its own chips for the iPhone, or the iPod, or for a new no-Intel line of Macs, or whatever else someone thought would make people read a story. Later in the year, Steve Jobs offhandedly said that the acquisition was to help create low-power chips for Apple’s handheld devices. Since Apple already has extensive experience in building, debugging, and shipping PowerPC-based operating systems and applications, this makes a lot of sense. However, the part of Apple that designs PowerPC-compatible chips is directly in competition with the part of IBM that designs POWER-based servers and microprocessors. This led IBM to try to get Papermaster to reconsider – first by offering him a large raise, and then by reminding him that he signed a non-competition agreement that bars him from working for an IBM competitor for one year after leaving IBM. The company offered Papermaster a year’s salary if he would honor it – that is, Papermaster would quit IBM, do nothing for a year, draw full salary, and then get to work for Apple in November 2009. Papermaster declined. And IBM responded by suing to enforce the non-competition agreement. To make the “competition” work, IBM says in its suit that Apple is going to start selling its own microprocessors, as well as servers using those new chips. That would make Papermaster an addition to a direct competitor of his old division, the very thing that the agreement Papermaster signed would prohibit. When the SEC filing became public, Apple similarly publicly announced Papermaster’s new job and Fadell’s transition. The lawsuit was already public record by that point, but the press really noticed it on 2008.11.07, when Judge Kenneth M. Karas of the US District Court of Southern New York granted IBM’s request for preliminary injunctive relief, ordering that Papermaster “immediately cease his employment with Apple Inc. until further order of this court.” Papermaster did not accept this silently: he counter-sued IBM to invalidate his non-competition agreement with IBM as “unreasonably broad in that it purports to impose an unreasonably lengthy time limitation.” IBM was ordered to post a US$3 million bond to compensate Papermaster for his lost employment time in case IBM’s lawsuit to stop him from working for Apple does not ultimately prevail in court, and IBM has now done so. or, maybe not. [K]eep in mind that when Apple introduced the video playback features on the iPod, the company was quite clear that they didn’t know if there was a market for handheld video playback or not. No other device has succeeded in that market. But as Steve Jobs put it, “Because millions of people around the world will buy this new iPod to play music, it will quickly become the most popular portable video player in history.” Jobs elaborated for CNBC, noting that Apple would sell millions of iPods this quarter whether or not they had video playback MWJ 2008.11.24 we would have been happy to stop thinking about the matter there, but that became difficult when we learned that John Gruber disagreed with our view. Gruber, who obviously has good sources within Apple Inc., as demonstrated by his September-October scoop on the MacBook (13-inch, Aluminum, Late 2008) announcements that stared a minor speculative furor, says he heard a different story. First, Gruber points out that Papermaster’s job title (until enjoined by a New York federal court from working for Apple) was higher than Fadell’s: Papermaster was (or is) to be Apple’s “senior vicepresident of devices hardware engineering,” where Fadell was “senior vice-president of the iPod division.” Since the iPod is now but one of Apple’s “devices,” the presumption (echoed by Gruber’s sources and common sense, but not officially confirmed by Apple) is that had both men stayed at the company, Papermaster would have been Fadell’s boss, or similar. If Papermaster were to be in charge of all of Apple’s device hardware engineering, there wouldn’t be room for Fadell, overseeing just one part of it, to report directly to CEO Steve Jobs. Gruber writes, “The word on the street in Cupertino is not that Fadell was pushed out the door, but that he was never offered a role like Papermaster’s, encompassing all of Apple’s handheld hardware engineering. The iPhone has eclipsed the iPod as the A-Team at Apple, and Tony Fadell does not sound like a B-Team sort of guy.” To support this theory, Gruber offers a story that when Apple first decided to do a phone, Fadell (and, “according to one source, former Apple ex- 25 ecutive Steve Sakoman, a NeXT veteran) wanted to build a device more like a traditional iPod using a Linux operating system, where Scott Forstall (#18 on the 2005-2006 MDJ Power 25, MWJ 2006.07.02) and Bertrand Serlet (#7) wanted to use a stripped-down version of Mac OS X on the phone. When the latter team won, and the iPhone became what it is today, Fadell’s star was fading in Cupertino – not because he “lost,” but because Apple had chosen to build devices down a path that didn’t interest Fadell as much. We can see that happening. We have long believed that Apple did not set out to build a phone running some version of OS X, but rather that once the company decided the phone needed to have wide-ranging capabilities, it went with OS X because that’s the OS it happened to own. A decade ago, Apple or any similar company would have written its own operating system for such a new device (think “Newton” or “Palm”), and it would have taken two or three additional years to get to market. Apple chose an existing OS because that’s what would get the phone on sale in 2007. “Linux” doesn’t mean a command-line phone. Lots of consumer devices use Linux behind the scenes, including the TiVo digital video recorders – they’re so popular that the company’s name has all but become a verb for “record on a DVR.” (We had to abandon a TiVo-powered DVR at GCSF World Headquarters to get HDTV from our satellite provider, and we miss it terribly.) But it also doesn’t necessarily mean “application platform” – Linux is the core of a lot of embedded devices that don’t accept thirdparty applications at all. So you can gauge our own track record, here’s something from MWJ 2005.11.16 about what Apple and Steve Jobs actually said about the iPod with Video when it was introduced that year: 26 u MWJ 2008.11.24 26 t 25 features. Now that they do, suddenly there will be millions of handheld video players in the world. He said, “Let’s see what happens.” If handheld video takes off, great. If it doesn’t, Apple still sold millions of iPods. The iPod with Video is smaller, lighter, and more powerful than the model it succeeded even without video playback features. Apple essentially found a way to add video playback for free. If no one uses it, Apple hasn’t lost anything – and imagining that the company is realigning itself around some imagined video strategy is farcical on its face. We believe that when video worked out reasonably well, Apple started making more video products to test the waters, starting with Apple TV. That product hasn’t taken off (Apple executives still call it a “hobby” when asked about it), but Jobs reportedly told employees at a company meeting that Apple TV was supposed to be the fourth leg of Apple’s revenue stool, with the first three legs being the Mac, iPod, and iPhone. Even though that hasn’t worked out, Apple is in good shape precisely because its executives did not bet the company on it succeeding. They put it out there at an affordable price with reasonable margins to “see what happens.” So far? Not much. The iPhone appears to have been conceived and executed the same way. Other than the massive R&D effort, Apple protected itself with the device’s introduction. With a US$599 retail price and an exclusive carrier partner that agreed to pay monthly revenue for the phone, Apple protected its margins – if the iPhone had failed, the company wouldn’t have been in financial trouble. When it succeeded wildly, Apple got aggressive on pricing and international sales. We believe this same philosophy guided the iPhone’s operating system. Functions for a phone, video playback, and iPod controls were a given. However, once the company decided to add Wi-Fi and Internet access (perhaps, originally, just to offer the option of purchasing from the iTunes Store), it made a lot more sense to go with the OS and applications it already had than to try to build something new from Linux. Using its own tools (like Cocoa) would accelerate development and make it easier to write new applications in the future, if that became warranted. The idea of third-party development became an option, but it didn’t require planning an SDK from the start. If the phone succeeded, Apple’s engineers could canonify the APIs available outside the company and allow third-party development. If not, they needn’t have worried about it. However, once Apple started allowing third-party software, the iPhone stopped being a device and started being a platform. That was new. The older iPods allowed some games from a few carefully selected developers, but general third-party software could not run on iPods. Not so with the iPhone, powered by a largely familiar OS. Once you’re making a platform, you have to keep it compatible with existing software. (The iPod games didn’t have this issue – Apple sold them as compatible only with the iPod for which you purchased them. Since new iPods often had completely different processors or operating systems, the games couldn’t be transferred to newer iPods, nor were they ever intended to be.) Platform engineering is a lot different than device engineering. Consider the next iPhone, whatever features it may have. We don’t know what processor it will have, or what hardware it will use, but we know what operating system it will have, what minimum features, and so on. People like Fadell had their biggest successes starting with blank slates and putting components together to build new things. Now that Apple’s device path is cemented with OS X iPhone, there’s no more of that. Papermaster, if he gets to assume his job, will get to consult on hardware and integration and stuff, but the OS is predetermined. Apple’s devices hardware engineering is now the same as Mac hardware engineering: making new hardware for one OS. They are their own clone makers. It’s easy to see Fadell not wanting that job, or Apple not thinking he would succeed in it. It’s also easy to imagine him really wanting to step back, spend time with his family, and rest after a whirlwind seven years that Gruber describes as, “without question … an enormous success,” whose iPod idea “turned into one of the biggest hits in consumer electronics history” and “reshaped the music industry.” So while we had no reason to disbelieve Fadell’s stated reasons for departing, we have no reason to disbelieve Gruber’s sources, either, since he (and they) have earned credibility. With that credibility comes scrutiny, though, and this video of Jobs “deleting” Fadell at the iPhone introduction is just silly. Even if Gruber means this as a lark, which seems likely, he’s now getting attention from mainstream reporters who aren’t quite as hip to the irony. With things like this on one of the most popular Macintosh commentary sites, is it any wonder that writers like Fortune’s Adam Lashinsky try to find hidden meaning in every gesture that Steve Jobs makes in public? Yeesh. (See “Press Watch” in “MidNovember News,” this issue.) (We do learn something useful from Gruber’s post, though: if you append the anchor “#5m15s” to a YouTube video URL, YouTube starts buffering and playing the video at the 5 minute, 15 second mark. It works for any time in the video, although times under one minute must be expressed as “#0m30s” or similar. Don’t be surprised if you didn’t know this – the feature apparently only went live a few weeks ago, and does not seem to be documented by Google itself.) full-court press 27 MWJ 2008.11.24 The press loves this drama because it gives pundits license to engage in one of their favorite effort-free activities: speculating that Apple is lying about everything it says and secretly has plans to build every product in the world and crush all markets with unstoppable design while Microsoft holds bake sales. There is simply no evidence, anywhere, to suggest that Papermaster – who was interviewed for what appears to be a job unrelated to PA Semi months before Apple bought PA Semi – is going to work on POWER-related products except as they relate to using those processors in handheld devices. IBM makes neither handheld devices that compete with the iPod nor phones of any kind. We should note that London’s Times Online reports that IBM claims to have invented a new kind of memory that stores bits based on electron spin, that can run “weeks” on a single charge with a “fraction” of the power requirements. It’s relevant, and now public, only because IBM says Mark Papermaster knows this new, unreleased technology and might take it to Apple with him. (We learned about this from MacNN, although shame on the site for not linking to the source article.) But that might actually be interesting, so your pundit corps has no use for that. Mark Stephens, still writing as “Robert X. Cringely,” produced a big steaming pile of glyphs saying that that Fadell was forced out due to the personality conflicts that Stephens constantly imagines are the entire contents of the business days at 1 Infinite Loop, based (once again) on exactly zero evidence, and then again jumps into Steve Jobs’s mind and tells you what Steve Jobs really wants, which is for Papermaster to produce products that compete with IBM, because Steve Jobs is always lying about everything. For Stephens, the great thing about being a pundit is that, to him and apparently to his bosses, a 0% accuracy record in Steve Jobs analysis in no way disqualifies him from making up new stories. Stephens’ view of Jobs was set in stone in the early 1980s, and it’s never, ever going to change. People who pay attention to Stephens’ rantings about Jobs and his motivations do nothing but waste their own time. It’s not just Stephens and his eternal Steve Jobs-didn’t-mature-past-1984 fixation that can’t resist trying to create more drama than exists. InformationWeek’s Paul McDougall cherry-picked a quote from Papermaster’s court response: “I do not recall a single instance of Apple being described as a competitor of IBM during my entire tenure at IBM.” The full statement was, “Aside from the divested IBM personal computer business and a single sale several years ago of Apple’s Xserve product to a university, I do not recall a single instance of Apple being described as a competitor of IBM during my entire tenure at IBM.” When the truncation that made Papermaster look daft was exposed, McDougall revised the article with the missing context and added a note that he updated the story on 2008.11.09 “to expand Papermaster’s comments on the competitive relationship between IBM and Apple in order to provide greater context.” It would have been nicer if InformationWeek had admitted to removing this context in the first place, and not tried to grant itself extra credit for “providing greater context” when caught at it. Similarly, we’re unimpressed by the revelations (in MacNN’s earlier story, among others) that Apple considered hiring people other than Mark Papermaster for the job. By everyone’s description, Papermaster is not a perfect fit for the position Apple’s trying to fill. Executive positions at Fortune 100 companies are hard to fill. (Remember how well Apple’s search for a CEO to replace interim CEO Steve Jobs worked out?) The only mildly intriguing part about it is the long list of people Apple had under consideration (ten seems to be a lot for a position of this importance), and how surprised the technology press seemed to be that Apple acted like a large corporation filling a senior executive position. The more interesting aspect is whether or not this case, filed in Federal court because IBM’s chip- 28 u 28 t 27 MWJ 2008.11.24 t 1 designing business is in New York and Apple’s headquarters is in California, will have any lasting effect on non-competition agreements (NCAs) in general. Earlier this year, California’s Supreme Court ruled that California state law “prohibits virtually all contractual provisions that purport to limit a former employee’s ability to compete with a former employer.” That summary comes from the law firm of Nixon Peabody, which recently had its own victory in having certain New York NCAs declared unenforceable. The opinion of law firms on the Internet is that you should hire a law firm to tell you if your NCA is enforceable or not. This page says that NCA enforcement in New York is “quite limited,” while this page says that in Ohio and New York, NCAs “are routinely enforced.” This page cites a New York case that the magic green bar eBay, along with other companies that have big money, have offered their own solution to avoiding phishing sites: spending big money. eBay is a leading proponent of Extended Validation SSL certificates, a special kind of SSL certificate only issued to companies that pass extensive vetting from certificate authorities, including an independent audit and possibly a physical inspection by the CA of the server being secured. Since these certificates validate more than the domain name of the responding server, browsers that support them display more prominent security verification. Because of the vetting required, EV SSL certificates start at around US$500 per year, and from top-name CAs like VeriSign, can cost as much as US$1500 per year. Domain-name only SSL certificates cost US$20 per year, or less. eBay believes that phishers can’t pass the vetting, and crooks that could pass the vetting won’t want to spend the money on a certificate that would get blacklisted as soon as illegal activity became evident. That’s why you’ve heard noise in the past year about eBay requiring all browsers to support EV SSL certificates, and prominently display the green bar of security that proves eBay paid for its expensive EV SSL certificate, or eBay will not allow those browsers to conduct transactions on eBay (and maybe on its PayPal subsidiary, too). Internet Explorer 7 and later on Windows do this, as does Firefox 3.0, as you can see on DigiCert’s test page. Safari 3.1 creates a secure connection to that page without difficulty, but it threw out an NCA because the duration of one year was considered too long when measured against the needs of the employee, an IT professional; the court found that in IT, a one-year hiatus “is a relative eternity as technology progresses so quickly in this field.” Another firm thinks you should attend its teleconference on 2008.12.11 to learn more about it. We’re fairly sure this isn’t as dramatic as storystarved editors will try to make it, but it should at least be interesting. Courts appear to be leaning towards narrowly interpreting NCAs or throwing them out altogether, and there’s at least disagreement about how far New York courts will go in enforcing such agreements. Plus, as long as people with ink get to imagine they’re explaining Steve Jobs to you, they’ll never tire of it. doesn’t show you the Green Bar of Security that eBay paid for. Apple had not announced any plans for Safari to add this important green bar. Therefore, eBay kept making noises about “banning” Safari in hopes of forcing Apple to play along – and then backing down when people heard about it and raised hell. Apple still has not announced any plans to support EV SSL certificates. Safari 3.2 simply does it, without even telling you. Once you’ve installed the update, visit DigiCert’s aforementioned test page (make sure it’s the secure, https version) and look at Safari’s padlock in the upper-right corner of the window. Well, look next to it – you’ll see the name of the owner of the EV SSL certificate in green, similar to the magic Green Bar of Security displayed in Internet Explorer 7 or later, or Firefox 3 and later. Keep in mind that the encryption level is the same as in previous versions – you can see that for yourself in an older Safari by clicking on the padlock on the same page and seeing that everything is encrypted perfectly well without EV SSL recognition. An extended validation certificate is just an SSL certificate at heart, and all SSL technology works with it. (One difference: Safari 3.2 contains the DigiCert High Assurance EV Root CA as a root certificate, where Safari 3.1.2 recognized that certificate because it was signed by another root CA, the Entrust.net Secure Server Certification Authority, but that makes no functional difference.) Those companies that have paid the bigger bucks for the EV SSL certificates will now see their names 29 (RSS syndication) frameworks. The version of WebKit enclosed with Safari 3.2 is behind the version you can get in nightly builds from the open-source Web Kit project that Apple founded and still shepherds, and Safari 3.2 does not appear to have many of WebKit’s latest enhancements. It’s missing the redesigned Web Inspector, it does not pass the Acid3 test (it scores 75/100, just like Safari 3.1.2), and it doesn’t seem to have the faster SquirrelFish JavaScript engine, much less the newer SquirrelFish Extreme version. If you’d like to dig around the changes yourself, we’ve posted an OPML-formatted hierarchical list of all the files in the Leopard version of Safari 3.2. Because the update changes both Safari and WebKit, you can expect that Input Managers and other patches to Safari’s code will break after installing the update – perhaps preventing launch, or perhaps not functioning correctly. If you’re lucky, the patch simply won’t load if it finds a new version of Safari, so you lose the features of unauthorized Input Manager patches but can still use the browser. You can expect a parade of updates from Safari-patching utilities over the next week. phishing protection At first, we thought the “protection from fraudulent phishing Web sites” promised in the three-sentence release notes referred to the browser’s new and unexpected support for Extended Validation SSL certificates. That was not correct. There is an entirely new anti-phishing feature, enabled by default in the “Security” pane of Safari’s preferences. When you try to visit a site that’s “known” to try to attack you, Safari stops and warns you with a pseudo-dialog box (in a Web page window or tab) about it. If the site is suspected of phishing for your personal or financial information, the text reads: MWJ 2008.11.24 displayed next to the padlock, in green. Again, this is really only anti-phishing technology if you know to look for the green indicator, and you don’t panic when you reach secure sites (like MWJ’s own subscription page) secured with a far less expensive “domain-only” certificate. If we’re very lucky, this will force the mushy middle of the SSL market to either offer EV certificates less expensively, or offer domain-only certificates competitively. It’s somewhat ridiculous in 2008 that VeriSign (and its Thawte) division would charge US$300 for an SSL certificate with validation that doesn’t show up in a browser, where companies like DigiCert can provide EV SSL certificates with visual indicators for only slightly higher prices. Now that all the major browsers display signs of EV SSL validation (excepting Opera, which has had partial nonvisible support since 9.5b1 and has announced plans for full support), there shouldn’t be much of a market for expensive certificates that don’t have enough validation to trigger the Green Bar of Security. The only other documented changes are security fixes, and most of those apply to the Windows version. The ones that don’t concern cached auto-completed form data that may be submitted even when you don’t see it, a boundary error in JavaScript, and a memory corruption problem in CSS handling. Over at TidBITS, Glenn Fleishman points out that several of the Windows fixes were due to Safari’s inclusion of zlib 1.2.2, a version that became outdated in July 2005. Mac OS X contains zlib as part of the system, and it got updated there through normal security and system updates over time, though we can’t tell you exactly when. Once again, you’ll notice that Cnet News implies that the list of security fixes are all the changes in Safari 3.2, not even bothering to mention EV SSL support – although, we admit, more people might have mentioned it if Apple itself had mentioned EV SSL support instead of using weasel words about “identifying businesses.” None of the articles we read on release day mentioned “extended validation” or “EV SSL,” save for the comments section at Ars Technica. (Jacqui Cheng’s write-up correctly described that eBay, or its PayPal subsidiary, had been pushing for the change, but only called it “phishing protection.”) The update requires you to restart because it’s not just a new version of the Safari application (though it contains that). It also contains new versions of the WebKit, JavaScript Core, and PubSub The website you are visiting has been reported as a “phishing” website. These websites are designed to trick you into disclosing personal or financial information, usually by creating a copy of a legitimate website, such as a bank. On the other hand, if the page you’re visiting is a “known” distribution point for malware (viruses, trojan horses, other programs that can control your computer), the text reads: 30 u MWJ 2008.11.24 30 t 29 The website you are visiting appears to contain malware. Malware is malicious software that may harm your computer or otherwise operate without your consent. Your computer can be infected just by browsing to a site with malware, without any further action on your part. We are unaware of any current method for an attacker to actually download and run code on your system by visiting a Web page “without any further action on your part,” but that’s always the goal of attackers, so it seems sensible to err on the side of caution. This is far more active and pervasive “protection” than we had found in our first look. Quite frankly, we didn’t go looking through the preferences or testing malware sites because nothing in Apple’s ridiculously minimal release notes suggested there was anything to find. The company couldn’t even bother to use the phrase “extended validation SSL certificates” even though eBay had been making a huge fuss about them for the past year, so once we figured that out, we thought that was the end of new features. We were wrong – once again, Apple’s refusal to disclose led us to incorrect decisions. But this time, the company’s intransigence in telling you what it has changed in the software you use may have further consequences. How Safari could “know” about these phishing and malware sites raises all kinds of interesting questions, so we spent last weekend in the office researching them (which is why this is a double-sized issue of MWJ). Now we can tell you with reasonable confidence how it all works – but because Apple has not done the same thing, we cannot say with certainty that it is completely private, or that Safari is not sending information about the pages you visit to a third party. We believe that Safari 3.2 is not doing that, but only Apple can say so – and you get one guess about whether the company has bothered to do so or not. Let’s begin with how these sites are “known.” the basic problem Phishing sites are designed to fool people into thinking they’re the real thing, so your computer doesn’t have much of a shot – on its own – of figuring out if a site that looks like eBay really is eBay. Remember, the people who designed the Internet (incorrectly) assumed that all computers on the network would be trustworthy, so the rules are pretty loose. There’s no rule that says an eBay Web page URL can’t start with a raw IP address. Even if eBay had a written policy that all of its URLs will be in an “ebay.com” domain name, your computer has no way of knowing that. Google’s computers, however, have a better shot at deciphering such attacks. As the world’s leading search engine, Google has figured out where eBay is, and knows that a single IP address in China is probably not one of eBay’s servers. Google knows what banks, credit card providers, insurance companies, and other firms people try to find, and it therefore has a reasonable idea that if their images show up in a page in the wrong part of the world, it may be bogus. It also helps that Google has something like six umpteen-gazillion times the computing power of the entire Apollo space program. You may have eight cores, but Google is still slightly ahead of you. About three years ago, Google Labs released the first test version of Google Safe Browsing for Firefox, an attempt to take advantage of some of this accumulated knowledge. The extension for the Firefox browser (which had then recently seen its 1.5 release) examined URLs as you visited them in Firefox, and warned you if any of them were on one of two lists that Google maintained: one for suspected phishing sites, and one for sites suspected of distributing malware. Google and the Mozilla Foundation have long been partners, so it was no surprise when Firefox 2.0 included Google’s “Safe Browsing” technology directly in the browser. To no one’s surprise, Chrome includes it as well. We were surprised that Safari 3.2 includes the same technology, especially since Apple’s minuscule release notes did not mention the word “Google” once. MWJ’s investigation convinces us that Safari 3.2’s “protection from fraudulent phishing websites” is, in fact, Google’s Safe Browsing technology. how it works Even if Google has a list of malicious sites, your browser can’t check in with Google every time you visit a new page. On the technical side, it would be a drag on slow connections, and some decent percentage of the world still uses dial-up Internet access. On the personal side, it’s somewhat unconscionable to imagine that your Web browser would report every page you visit to a central authority, whether it’s one as well-known as Google or not. 31 Anyway. Before hashing the URL, both Google and the client must convert it into a canonical form to make sure that all minor variations (such as using “~” instead of “%7E” are treated the same way, because otherwise hash values for the “same” URL would not match.) When you first launch Safari 3.2, it connects to safebrowsing.clients.google.com and requests information on the two main blacklists that Google maintains: a list of known phishing sites, and a list of known malware sites. Google returns the list of hashed URLs to your computer in chunks. The company’s first attempts at implementing this as an API for Firefox and other browsers required clients to begin by downloading a massive list of all the sites on the list (as of 2008.11.14, there were nearly 200,000 sites on the two lists combined). Clients would then have to ask periodically for updates to the list, removing those items that had expired and adding new ones. That’s still what Google’s Safe Browsing API Developer’s Guide describes, but there’s another protocol, listed as “experimental,” that more closely matches what Safari 3.2 is doing. You can read all the gory details for yourself, but the more important part is that Google sends the list to Safari 3.2 in chunks, not all at once, starting with the freshest information first and gradually filling in older information. The updates are in a more compact format that avoids having to send the hashes over the network again, and the hashes are just prefixes of longer numbers to avoid sending huge amounts of data over the wire. Hash prefixes aren’t hashes, so if you’re visiting a page whose URL matches a hash prefix, Safari 3.2 goes back to Google and asks for the full hash for the prefix in question. Google responds, and if the full hash matches the hash for the URL in question, Safari knows that this page is on Google’s list of malicious sites. MWJ 2008.11.24 The other alternative is for your browser to keep a list of malicious URLs itself, so it can compare each page you visit against the list. Such a list would need periodic updates from Google because phishers and other purveyors of malware often use compromised computers for their attacks – one computer may only be “good” for attackers for a few hours. But that poses its own problems – if network administrators know about some of these malicious URLs, then transmitting them over the network could trigger firewall problems. On top of that, many of the URLs might have variants that also get you to the malicious page. (You can typically append a useless parameter onto any static page and get the same results; some phishers do that in their URLs to avoid simple detection.) Google solves this problem by sending the browser a list of hashed URLs known to be phishing sites or distributors of malware. We’ve discussed hashing in these pages before, but as Wikipedia aptly puts it, “A hash function is any well-defined procedure or mathematical function which converts a large, possibly variable-sized amount of data into a small datum, usually a single integer that may serve as an index into an array.” More specifically, we’re talking about a cryptographic hash function. Wikipedia concisely says, “The ideal hash function has three main properties – it is extremely easy to calculate a hash for any given data, it is extremely difficult or almost impossible in a practical sense to calculate a text that has a given hash, and it is extremely unlikely that two different messages, however close, will have the same hash.” The Google Safe Browsing technology uses MD5 cryptographic hashes of every URL on the list so each one is of a known length and sensitive to any changes. Although MD5 is an older function, its nominal replacement, the SHA-1 function, has some theoretical vulnerabilities as well. A Bruce Schneier reports for Wired, that the National Institute of Standards and Technology has launched a competition to replace the SHA family of functions with the next generation of cryptographic hash algorithms. It’s fascinating stuff, because as Schneier says, “without cryptographic hash functions, the Internet would simply not work.” NIST got 64 entries for its competition; Schneier reports, “Twenty-eight submissions have been made public by the submitters, and six of those have been broken.” poking around You can see some of this at work for yourself if you want to play with the file system. Safari stores all of the data from Google using folder names that are difficult to decipher. If you look in the folder at “/ private/var/folders/”, you’ll see one or more folders with two-letter names. One of those that’s not named “zz” will contain another folder with a much longer random name. That folder contains a folder named “-Caches-”, and inside it, you’ll find a folder 32 u 32 t 31 named “com.apple.Safari”. The full path is “/ private/var/folders/xx/yy/-Caches-/com. MWJ 2008.11.24 apple.Safari”, where “xx” and “yy” are unique to your system. Once you find that folder, you’ll see two files within it: Cache.db and SafeBrowsing.db. The former is indeed Safari’s cache, which used to be located at “~/Library/Caches/com.apple. Safari” until Safari 3.1, and is now located here. (If you have a Cache.db file in that older location, it probably hasn’t been modified since you installed Safari 3.1, and you can safely remove it.) We only looked at this on Mac OS X 10.5.5 systems; Mac OS X 10.4.11 systems may store such information in a different place. We originally thought that these databases were created by Mac OS X’s Core Data framework, because they’re SQLite 3 databases, and that’s what Core Data uses for non-trivial amounts of data. Michael Tsai corrected this misimpression when it appeared in MDJ 2008.11.17, noting that these are pure SQLite databases, not created by Core Data. As Tsai notes, rather simply, “It has to run on Windows, too.” Apple did not port Core Data to Windows as part of iTunes or Safari, so Safari does without it for this function. We thought Core Data created the random names for the folders in which you’ll find the databases because Mac OS X Server has a similar way of naming folders randomly for its Software Update Server, but it’s not Core Data. We know of no rules that could predict how these names are formed. As for why the cache and the new Safe Browsing information is stored in “/var/folders” rather than in your home directory’s cache folder (“/varî is a link to “/private/var” on Mac OS X), we think Tsai is right again: “I think the rationale is that this location is more likely to be fast, local storage than the ‘~/Library/Caches’ folder.” If your home folder is on a network or using FileVault, the new location would almost certainly be faster. (You don’t have to publish mistakes to read smart comments from Tsai; you can just look at his blog or buy his products.) The SafeBrowsing.db file contains the blacklists from Google’s Safe Browsing initiative – you’ll notice that the file was most likely created right about the time you first launched Safari 3.2, and if you have the browser open, the file should have been modified within the past 30 minutes. Google’s rules do not allow clients like Safari or Firefox to warn you that a page may be malicious, even if its URL is on the list, unless the list has been updated within the past 30 minutes. Since this is just a standard SQLite 3 database, you can go looking through either the cache or Safe Browsing database by using an SQLite tool, such as the free, open-source SQLite Database Browser. (For £10, or about US$15, you can get a faster, more Mac OS X-friendly program like Base 1.0, released the same weekend as Safari 3.2 in a happy coincidence.) Inside the SafeBrowsing.db file, you’ll find all kinds of data that matches the “experimental” 2.1 specification mentioned above: hosts, lists using Google’s “-shavar” format, “add” and “sub[tract]” chunks, and so on. The list may be even bigger than our earlier experiments showed: on our production system using Safari 3.2, the Safe Browsing database has over 650,000 “hosts” records. The hashes or hash prefixes are stored as BLOB entries, so you can’t easily see their values. (You can use this same technique to peruse your browser cache, if you wish, but it’s far easier to let Spotlight search the files created for every entry just for that purpose.) If you quit Safari 3.2, remove the SafeBrowsing.db file (moving it to the desktop might be safer than deleting it), and relaunch Safari, it gets recreated, and will grow in size over the next hour or so, per Google’s updating guidelines. On our systems, it runs between 22MB and 26MB, so if yours is smaller, we suspect it just hasn’t been fully populated. The Google Safe Browsing API includes a way for clients to request a key from Google (over a secure, SSL connection) to use in authenticating the responses from Google, so that a client like Safari or Firefox can be sure that a response came from Google – it’s computationally infeasible for an attacker to be able to guess the right key to fool you into accepting a bogus update that might, for example, remove a real phishing site from the list. However, the data itself is not encrypted or transmitted over SSL, as such would be quite a load on Google’s servers for millions of users requesting large amounts of data that’s already hashed. Since it’s also computationally infeasible to turn a hash back into a URL, no sensitive data gets passed around – only hashes. We ran a network spy on Safari 3.2 while visiting suspected phishing sites, and when we saw it sending information to safebrowsing.clients.google. com just before displaying the “Suspected Phishing Site” warning, our first thought was that Safari was sending each URL you visited to Google to check it against a list. The developer’s guide to the 1.0 ver- sion of Google’s Safe Browsing API had nothing to explain this, but the “experimental” 2.1 version does: when the site’s URL matches the first part of a hash on the list, Safari 3.2 asks Google for the full 256-byte hash value for that URL alone, and then compares the two. Since the Mozilla Foundation points to this Safe Browsing v2.1 protocol as the technical explanation for how the feature works in Firefox, it seems a safe bet that it also works this way in Safari 3.2. If the structure of the “Suspected Phishing Alert” page itself intrigues you, you’ll find the source for it in the file “/Applications/Safari.app/ Contents/Resources/PhishingAlert.html”, presuming you haven’t tried to confuse Mac OS X by moving the Safari application. It looks something like a dialog box because it has default buttons, but those are simply rendered by WebKit. You can’t select any of the text because the body element has the WebKitspecific CSS attribute “-webkit-user-select: none” applied to it. (You similarly can’t resize it because it has the attribute “-webkit-text-sizeadjust: none”.) One implementation note of interest: if you run nightly builds of WebKit using the “WebKit.app” application as your browser, you’ll find after installing Safari 3.2 that WebKit suddenly has phishing protection as well. WebKit.app loads its code from Safari’s application bundle, but loads the WebKit HTML and JavaScript frameworks from the nightly builds that you download. Since WebKit’s code is really Safari’s code, WebKit gains all of Safari 3.2’s code changes. why we’re telling you this In addition, if you use Safe Browsing, when Google warns you about a suspicious site we may also log that site’s URL and whether you accepted, rejected, or closed the warning message. We will let you know when you are enabling a feature that automatically sends page addresses to Google, and you can turn these features off at any time. We know that Firefox itself does not do this because, as you would expect, the Mozilla Foundation’s explanatory pages spell out exactly what information gets sent to Google when you use phishing and malware protection in Firefox: There are two times when Firefox will communicate with Mozilla’s partners while using Phishing and Malware Protection. The first is during the regular updates to the lists of reporting phishing and malware sites. No information about you or the sites you visit is communicated during list updates. The second is in the event that you encounter a reported phishing or malware site. Before blocking the site, Firefox will request a double-check to ensure that the reported site has not been removed from the list since your last update. In both cases, existing cookies you have from google.com, our list provider, may also be sent. The Mozilla Privacy Policy expressly forbids the collection of this data by Mozilla or its partners for any purpose other than improvement of the Phishing and Malware Protection feature. The Google Privacy Policy explains how Google handles user cookies. The Apple Customer Privacy Policy says nothing about Safari sending any information to places other than the Web sites you’re visiting – but as of Safari 3.2, it does exactly that: it fetches lots of information from Google, and sends (non-identifiable) requests back to Google when you encounter a page whose URL is on one of Google’s blacklists. We must point out here that the v2.1 protocol has, indirectly, a way for Google to estimate what pages you’re visiting. If the URL of a page you want to visit matches the hash prefix of a known malicious MWJ 2008.11.24 Networking must be transparent to earn your confidence. That’s the point behind EV SSL – verified authentication that the company you’re talking to is who they say they are. On a lower level, when you visit a page in your Web browser, you expect your computer to get the IP address from your DNS server, get the page from the Web server, and get all of the assets for the page (images, movies, and so on) from their locations as specified in the page’s source. You do not expect your browser to also tell Google, or even Apple itself, what you’re doing. Safari is not the first browser with this feature, though. Although Safe Browsing is built into Firefox 2 and later, it was a Firefox extension before that, and later part of the Google Toolbar for Firefox as well. The Google Toolbar Privacy Notice says that, in 33 some circumstances, Safe Browsing collects additional information from users: 34 u 34 t 33 page, Safari 3.2 appears to send that prefix to Google and ask for the entire 256-byte hash to make sure that this really is a malicious page (and also to verify that the page hasn’t been removed from Google’s lists since Safari’s last list update). Millions and millions of URLs could produce hashes that start with the same 32 bits, but if Google gets several requests for the same value, the company could reasonably infer that people were visiting the malicious page it had tracked – and since the request from Safari to Google comes from your IP address, Google might infer data from that as well. Mozilla’s privacy policy would forbid use of that data except to improve the service, but Apple’s privacy policy does not. Neither Apple nor Google state anywhere that they would only such data to improve the phishing and malware protection features. We also note that the Safe Browsing v2.1 protocol mentions a third list beyond the list of phishing sites and the list of malware sites: a whitelist, “representing sites that are known to be trusted.” The spec continues, “Note that this list should only be used for ‘enhanced mode’ clients that do direct lookups to Google to determine which sites are phishy. In that case, if a site is on the whitelist there is no need to send the query to Google.” Safari 3.2’s “SafeBrowsing.db” file does not appear to contain data for Google’s whitelist, but the specification confirms that some clients can, with Google’s permission, use an “enhanced mode” that looks up each page you visit rather than maintaining the list on the client computer. This would be a serious change for Safari. If it were implemented, users would need to be told about it and how it worked, so they could make informed and intelligent decisions about whether to use this feature or not. MWJ 2008.11.24 the compulsion to hide And yet, we cannot conclusively tell you that it’s not implemented today, because Apple refuses to document its changes. Just a month ago in the pages of MDJ, The Weekly Attitudinal noted the company’s calculated-if-not-pathological avoidance of discussing flaws in its software. If you did not read that in MDJ 2008.10.14 from the MWJ RSS feeds, we’re planning to reprint it in MWJ 2008.11.29. This time, it should come back to haunt Apple. Even when phrased as friendly to Apple as we can manage, the fact remains that after installing Safari 3.2, then by default, your computer is downloading lots of information from Google and sending informa- tion related to sites you visit back to Google – without telling you, without Apple disclosing the methods, and without any privacy statement from Apple. This is not how companies like Apple are expected to behave towards their customers, even if Firefox already does it. Mozilla is very clear about how Firefox does this. Apple refuses to say anything about how Safari does this, and for no other reason than that the company simply thinks so little of its customers that it doesn’t feel the need to keep them informed about data Safari transmits on their behalf. For a Web browser to do things like this without explicit documentation is inexcusable. It also didn’t appear elsewhere: write-ups of the anti-phishing features in Cnet News and TidBITS, among others, without noting that by default, Safari 3.2 sends data related to sites you visited to Google without telling you. The question isn’t why we are telling you how Safari’s “anti-phishing protection works.” The question is why Apple didn’t, and you already know there is no good answer. We sent our analysis to Apple’s privacy and press relations folks on 2008.11.17 with questions about the latest consequences of the company’s continued decision to not disclose information to its customers. So far, it’s been 11 days since Apple released this change without revealing the information disclosure to its customers, either in release notes or in its privacy policy. Neither Apple’s public relations nor privacy departments have, as of press time, responded to MWJ’s queries about this. We’re not holding our breath. In the meantime, from what we can tell, the antiphishing features in Safari 3.2 looks as innocuous as it can be and still be reasonably effective. It does not send data about the pages you visit to Google unless one of the matches a hash prefix on Google’s list, and even then, it only gets the full hash value for the hash prefix in question – as far as we know. That alone might be enough for Google to do interesting things with the data, unless some unstated privacy policy prohibits it. If you have doubts, or simply don’t want to spend the network bandwidth on maintaining a 23MB database full of potentially malicious hosts, you can disable the feature in the “Security” tab of Safari 3.2’s “Preferences” window. It would be much easier to recommend leaving it enabled if Apple believed you had a right to know when its Web browser was collecting and sending information on your behalf. notes Contact us via www.macjournals.com. MWJ contains news, information, strong opinion, parody, biting sarcasm, and things you need to know. Those easily offended should seek information elsewhere. Publisher: Matt Deatherage Staff: Justin Seal, Jerry Kindall, John C. Welch Previous issue: 2008.04.23 MWJ 2008.11.24 Copyright © 2008, GCSF, Incorporated. All Rights Reserved. 35