Is Apple's MobileMe Secure?

Daniel Eran Dilger A recent article presenting how MobileMe works was been roundly criticized by at least three different bloggers. While the original article did not primarily address MobileMe security, the statements made about MobileMe's security do warrant some additional detail and clarification. In contrast, much of the criticism was wildly overstated to the point of actually misinforming users about the actual state of MobileMe and email security. Here's a look at what's involved. Inside MobileMe: Web 3 and Web Client-Server apps MobileMe's Web App Data Transactions are not SSL Encrypted. I enjoy reading John Gruber's excellent Mac resource, the Daring Fireball. It initially stated, “AppleInsider reports that the MobileMe web apps supposedly do use SSL, even though you don’t see 'https:' URLs or the 'secure' lock icon in your web browser.” However, the referenced article did not ever state or even suggest that MobileMe's web apps use SSL or other forms of encryption when accessing the web apps for email and other services, outside of login and account settings. Gruber corrected the misstatement after being notified of this. For the record: Apple's MobileMe desktop email can be secured via encrypted SMTP and IMAP; Apple presents details on how to ensure this is set up, as users may not have this enabled by default. Address Book and iCal sync on Mac OS X is secured automatically when it transacts with Apple's server cloud. Windows apps use the same security when syncing their data via Outlook through iTunes for Windows. The iPhone and iPod touch also support encrypted email and all push messages are also secured via encryption. However, the MobileMe web apps are only secured by SSL through the initial login authentication session and again only when users access their account information to do things such as change their password, update their billing information, or order additional services. Outside of that, all email, calendar, and contact data that is exchanged between the web client and the cloud is not encrypted, and can be sniffed by anyone with access to the network (below, click to enlarge). What Unencrypted Web Apps Mean for Users. This means that as you send email, read emails, create new calendar items, view calendar events, and view contacts, that data is being sent in the clear across the Internet between the web browser and the cloud. This does not mean that if you access your email, anyone who might be sniffing traffic could intercept your account information, your login, your credit card information, or change your password. They also could not access anything you did not access yourself, so creating an email does not automatically allow them to read through your contacts, for example. MobileMe's limited SSL protection on its web apps presents a real (albeit unlikely to be widely exploited) security hole. However, it is important to note that Microsoft and Yahoo provide the same, limited level of SSL protection for their web services as Apple does; both Yahoo Mail and Microsoft's Live Hotmail send data in the clear after the initial login. Google has just started offering SSL protection by default for Gmail (below, click to enlarge). A followup article recommended that Apple should use the same IPSec-type of security for its MobileMe web services as it does for desktop sync. Other critics have noted that because Apple charges $8.25 per month for MobileMe, it should provide a better level of security than Microsoft or Yahoo and at least match Google. At the same time, it is important to recognize that adding SSL encryption does not automatically or even fully secure email. Apple’s secret “Back to My Mac” push behind IPv6 SSL is Not a Panacea. Blogger Jens Alfke, who works for Google, also took the MobileMe article to task. Alfke wrote that Apple's MobileMe apps not only do not perform data encryption, but also leave open the potential for rogue hackers to perform DNS forgery or phishing attacks that SSL could help prevent, or at least flag as a problem for the user when they occur. For example, a user trying to access webmail at me.com could hypothetically be redirected to a fake me.com by a bad DNS server, Alfke wrote. With SSL in place through the entire transaction, the user should at least be warned that the impostor me.com site did not match its known certificate. Without SSL, MobileMe web apps could therefore theoretically fall prey to a man in the middle attack, where all transactions were passed through a malicious user's third party control for tampering or viewing. Additionally, Alfke theorized that the web apps themselves could be replaced entirely by a fake site that pretended to be MobileMe in an Invasion of the Body Snatchers scenario. There are two problems with these scenarios. Alfke's assumption that MobileMe's “unauthenticated JSON exchange” could be easy to exploit, allowing redirect via bad DNS, is based in conjecture not fact. In response to his posting, Andrew Jaquith of the Yankee Group pointed out “there are lots of ways for two parties keep rotating secrets on both sides of the wire without disclosing them. See, for example, RFC 1938. I don’t know exactly what Apple is doing with JSON, but dismissing it just because it isn’t encrypted doesn’t prove anything.” Jaquith also described why SSL is not good for “verifying that software is 'genuine' or that a website is what you expect,” as Alfke claimed in dismissing Apple's security architecture for its MobileMe web services. Jaquith presented a scenario that would result in “a supposedly sniff-resistant [SSL] session that is still nonetheless 100% hosed.” Re: MobileMe Webmail Security — There Is None — Thought Palace Security through False Assurity. On top of that, even in cases where SSL could identify that something bad was happening, the only protection SSL really provides is to throw up a warning about security certificates that most non-technical users browsing at Starbucks would likely just click through to dismiss before happily giving away their credit card info, thinking they are safe because they are interacting with the “SSL” icon on for a website. When Apple transitioned from .Mac to MobileMe, users were presented with a SSL warning related to mac.com being redirected to me.com, and nobody seemed to even notice. SSL warnings are similarly not going to secure users who do not understand the security issues involved when they are sent to me.info or me.192168.com, or redirected by a malicious DNS to a server pretending to be me.com but failing the SSL check. Therefore, the benefits of adding SSL were greatly overstated by some critics, who also failed to even consider its drawbacks and limitations. If Apple simply added SSL, it certainly would, as stated in the original article, provide a “false sense of security that distracts from real security threats.” At the same time, the original article also understated the value SSL would provide web browser users. Adding SSL security throughout MobileMe's web apps, particularly those that deal with private data, would likely provide benefits that overshadow the added overhead. Despite that, it would not “secure” email for users, as described below. Never Cry Poppycock. While the original article was not purporting to be a tome on security, another response to it claimed special expertise in security. However, the author not only greatly overstated his case, but also resorted to unprofessional language in demeaning and dismissing the whole of an article just because he took issues with a minor portion of it. Rich Mogull's “MobileMe Web Interface Insecure, But Other Apps Get It Right,” published by Tidbits, provided some interesting comments on the subject, but began with an unnecessarily arrogantly overstatement of criticism that misstated the point and the context of the article in order to attack it as “patently false” “technobabble” “poppycock” and so on. Mogull didn't contact the author of the original article prior to writing about what he claimed was so wildly inaccurate. In addition, his own presentation is flawed and overstated in ways that are far more misinforming than any disputed details in the original article. TidBITS Safe Computing: MobileMe Web Interface Insecure, But Other Apps Get It Right Consider the Context. Mogull jumped upon a quote taken out of context, which was actually talking about how MobileMe and other JavaScript apps manage security related to JSON transactions. The context of the quote was the potential threat posed by sending self-executable JSON as opposed to simple XML data: “Being able to inject executable code into a system from malicious sources is a primary security problem. For that reason, web apps that transmit data using JSON have to authenticate with the server and regularly perform security handshakes to ensure that the data being sent back and forth is indeed coming from and going to a trusted source.” Mogull not only ignored that context, but only linked to the second page of the article, where the quote appeared without its immediate context. This enabled him to present that the comments on how JSON is secured were entirely about “why SSL was unnecessary,” which was not the point of the text at all. Quibble vs Patently False. The article presented that there was “unnecessary panic among web users who have equated their browser's SSL lock icon with web security;” that is accurate. While SSL encryption provides an additional layer of security, is not infallible. SSL security requires faith in fallible architectures that have regularly published vulnerabilities. Suggesting that SSL would be a panacea for webmail is false for a number of reasons: SSL can be spoofed; the browser only presents a cryptic warning when that happens, which many users would not know how to handle if it were being spoofed; and the larger fact that even SSL-secured web email is not really secure. The original article also correctly pointed out that SSL could provide a “false sense of security that distracts from real security threats.” Users who think that SSL web-based email is secure and therefore appropriate for sending confidential information are in for a rude awakening. Email is not secure, and carefully securing part of the email transmission is like only locking three doors of your car. It's better to understand that thieves can take anything in your car rather than to lock three doors and assume that you can leave valuables on your seat that cannot be taken. Mogull is arguing that Apple hasn't provided a functional lock on the driver side door of its webmail service, ignoring the fact that Internet email has no locks on the tailgate or the rear doors at all. This is penny wise and pound foolish security, and can be judged as the “patently false technobabble poppycock” that he quickly used to dismiss an article that was only touching on one aspect of security in a larger piece that was really addressing how MobileMe works as a service and the future potential it holds out. Mogull's reply was entirely about security, but it delivers the wrong message. It's not just easy to quibble about some of Mogull's details; his primary argument that the original piece was ridiculously wrong is just false, primarily because he overstates it in such an over the top, arrogant way. SSL is Not Evil. Having said that, the original article did understate the value SSL can add in securing webmail. SSL is useful in protecting users at the point where they will be most vulnerable when checking webmail, as they are more likely to be at a public terminal or perhaps using unsecured public WiFi when using the web rather than desktop clients (which are secure using encrypted transmissions) or an iPhone (similarly secured). SSL web apps would provide MobileMe users a similar level of security; Apple currently does not present this throughout the entire webmail session, only when the user authenticates and if they enter account details to change their password or order new services, as noted previously. With SSL, webmail addressed to other MobileMe users, as well as access to one's own contacts and calendar would be very secure. Email to other domains would continue to be exposed to Sending email is like sending a postcard: anyone intercepting the postcard on its way to the post box, from there through the mail system, or on the way to the recipients mailbox will be able to read what's written on it. Encrypted email is more like a letter written in code inside of a security envelope: it would be far more difficult to view its contents. However, SSL email only provides security for part of the trip; it's like carefully guarding your postcard until you drop it in the mailbox. This will prevent casual eavesdroppers from seeing what you've written, but won't protect you from having your postcard read from that point on, because it is wide open throughout the rest of the trip. In addition, when using a public computer or improperly secured WiFi network, the SSL security provided to a webmail user can't be trusted. A public PC is just as likely to have a spyware keylogger installed (if not more so) than a malicious hacker listening in on the transmission remotely. Your emails could therefore be spied upon before they were sent through the secure SSL pipe to the cloud. Similarly, using an unsecured WiFi connection opens a user to security issues that far outweigh having your email transactions possibly sniffed. Additionally, across the industry there are few webmail providers who deliver greater security that Apple's MobileMe. Google just recently added SSL, while Microsoft and Yahoo provide similar security to Apple's web interface in MobileMe: SSL encrypted authentication and account protection (you can't change your password in the clear on MobileMe, only in an SSL session). Doth Protest Too Much, Methinks. So while SSL isn't worthless, it does not present the bulletproof panacea that Mogull suggests it would in his over the top, excessively arrogant, one-sided attack piece. While the original article's understatement of the benefit that SSL could bring to Apple's MobileMe webmail could rightly be criticized, it did not say that the existing webmail service was secure. Instead, it said email was not secure and shouldn't be trusted, and that SSL could provide webmail users with a false sense of security. Mogull presented this in a mocking, simplified paraphrase as, “we think SSL would bog down performance without providing security.” He then concedes that he has overstated his own arguement by agreeing that SSL would have a limited impact on securing users, saying, “While there's a reasonable, if small, risk someone might sniff your connection when you are out in public, the odds of a redirection attack are extremely low.” Mogull could have presented his last paragraph, essentially warning users that MobileMe's web interface exposes them to unlikely but theoretically possible dangers, and explain that Apple's expanded use of SSL could help secure its webmail service from some of these kinds of attacks. Instead, the solution he demand would only provide limited benefits to users, while providing that suggestion that webmail is more secure that it really is in practice. This would suggest to user a greater level of security than would actually suggest, a far worse problem than acknowledging that email is simply not secure and should not be treated as such. Ridiculing the original article for presenting the fact that SSL is not a panacea, explaining unrelated facts about JSON, and describing that email shouldn't be trusted was all entirely unnecessary, and really just presented in a unprofessional fashion. Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast (oh wait, I have to fix that first). It's also cool to submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!

• RoughlyDrafted Magazine on August 21, 2008
• More Details
• Related News

August 2007 Zoon Awards for Technical Ignorance and Incompetence

Daniel Eran DilgerIn an effort to recognize the spectacular efforts of individuals and organizations promoting the regression of human achievement in the field of technology, a series of nominations await your vote to determine the recipients of August 2007 Zoon Awards.Meet the Zoons.Segregated by color, the various Zoons highlight the world's absolute worst in small minded ignorance, paid to say propagandism, and blind devotion to products without merit.The Pink Zoon is awarded for a spectacular effort in fear-based propagation of uncertainty and doubt, or efforts to infect headlines with false information with the primary goal of preventing innovation, competition, and the emergence of new ideas, or simply to make a quick profit.
The White Zoon is awarded for the blinding glare of a shiny blank brain, particularly when such ignorance is presented with authoritarian emphasis by an individual or news source operating well outside its abilities. This award may also be assigned to a company or organization in recognition of epic failure.
The Brown Zoon is awarded for squirting extraordinary amounts of intentionally noxious misinformation, whether dredged from an impacted recollection of twenty years ago, sucked from the trusty bucket of canned responses, or simply invented as needed to create an intolerable outburst of stink.These should not be considered as first, second and third placements, as each tie for an equal standing in the Zoon Hall of Shame. It is also possible to award multiple parties for the same award, either as shared participants or, in the case of an unclear majority vote, tied nominations.Meet the Zoon Nominees.As one might imagine, determining the most fitting recipient might be difficult given the wide range of potential candidates standing in line. Here's a brief background on the nominations for August.Troy Wolverton, San Jose Mercury News.A writer for the Street and most recently, the San Jose Mercury News, Wolverton always manages to dig up an unattractive headline for any news related to Apple. A series of articles documented his negative spin and inaccurate reporting, particularly when the subject related to Apple.Wolverton promised me and other readers that he would answer the questions related about his shoddy journalism record, then cowardly ran away. He also wrote emails to RDM readers assuring them that he was only ever honest and unbiased, and that RoughlyDrafted should be read with great suspicion.[10 FAS: 8 - San Jose Mercury News’ False Apple Scandal][Troy Wolverton Documents Faux Apple Shareholder Outrage]Wolverton is nominated for a White and Brown Zoon.Neil Cavuto, Fox News.While actually based on reports from the end of July, I wrote about Cavuto in August, qualifying his nomination for arrogantly complaining about how Apple purportedly over promised iPhone shipments it then failed to deliver. In reality, Apple didn't indicate any sales goals for its first weekend. Cavuto also confused AT&T authorization numbers with Apple's sales figures. Fox News subsequently corrected his comments to suggest that he hadn't made the error, but still failed cover up the core problem that Cavuto's entire rant been a specious bit of ignorant rambling delivered--rather hypocritically--with far too much arrogance than the subject required.Cavuto is nominated for a Pink and White Zoon.[10 FAS: 9 - Troy Wolverton, Neil Cavuto, and the Apple Stock Scandal]Jim Cramer, Scott Moritz and Brett Arends, the Street.After documenting how he would spin false information to manipulate the market as a hedge fund manager, Cramer praised his apprentice Moritz for publishing a string of articles dredging up or simply inventing false information about the iPhone with the intent to knock value from Apple and suggest that Apple's phone was not competitive, not selling as expected, and that Apple's deal with AT&T was an unprecedented deal earning unconscionable profits. Arends is thrown in for good measure after delivering similar work directly from the mouths of Street-savvy Verizon shill, Roger Entner of IAG Research.Cramer, Moritz, and Arends are nominated for a White and Brown Zoon.[More on Scott Moritz and the Jim Cramer Street Misinformation Engine][The Street's Flaccid Campaign Against the iPhone][Unraveling Anti-Apple Panic: the iPhone Launch Success]George Ou, ZDNet, CNET.Nominated in August primarily for his article misrepresenting typography technology and falsely portraying Mac OS X as incompetent in the area of text rendering, Ou deserves extra reason to earn your Zoon vote for failing to admit that he falsified his report, and instead attacking those who pointed out his error.[Tech: Zoon for George Ou]After posting the article detailing why he was wrong and establishing a pattern of his consistently inaccurate and tilted writing, someone who appeared to be Ou emailed me to say:“If you're gonna do a hit piece, at least do it accurately... I'm not going to get uptight about a little man like you chewing on my feet and I'm not even going to bother cursing at you for writing a blatant hit piece on me. It's not worth my time.�?Assuming that the author was unlikely to actually be Ou, I did a search on the email and found an online comment from the same address mentioning being a former ballet dancer. To determine if the author was Ou or just simply a joker trying to get a response, I wrote back, “Hi George, What was inaccurate in my article? Are you really a ballet dancer?�?Ou tu?In reply, Ou wrote, “I was a professional Ballet dancer up till 2000 and I still try to perform now and then,�? but didn’t note anything that was incorrect in the article. When I asked for the correction again, I got two emails, one insisting that, “The 'FreeBSD community' is essentially Sam Leffler. Sam pretty much wrote all that wireless code. Sam is an employee (contractor) of Atheros. Atheros is involved in that FreeBSD code.�?The second said, “You don't even understand the fact that the same Atheros ‘team’ led by Sam Leffler that wrote Apple's wireless drivers is the same team that wrote the open source MadWiFi drivers for Linux and FreeBSD. The same wireless drivers Apple said there was no problem on had to be patched three times a month later. And here you are slandering me because I defended two researchers against a billion dollar corporation.“When you smear my photograph and slap a "SHILL" on top of it, that is slanderous and insulting. You're accusing me of taking payola which is a crime and only a ‘little man’ would slander someone like that. It's one thing to disagree with me or not like a certain piece I wrote, but smearing someone's photo with accusations of shill is nothing but the act of a coward. Unprofessional? There's nothing unprofessional about calling trash like you little and I'd say that to your face.�?Pearls Thrown.How could a professional writer fail to understand his subject matter, fail to grasp basic logic, and then be so arrogant about it on top? I wrote, “George, I don't have to prove that people from FreeBSD did not contribute to Apple's driver. I never stated that, and it has no relevance to statements I made. You had to prove that Atheros did not deliver the driver, and that it came directly from FreeBSD without Atheros' involvement. That was the question, and your misunderstanding of the architecture of Mac OS X helped you to confuse the situation.“The truth is that Atheros contracted with an expert to port some of the FreeBSD code for use in its driver for Mac OS X, which only shares significant similarities with FreeBSD in its userland environment. Atheros had to deliver unique work for Apple to offer a working driver for Mac OS X, and paid a contractor to complete that work.“You maintained that Atheros simply wasn't involved at all, and that Mac OS X's driver just came from the FreeBSD repository. That was wrong. Your explanation of why this was the case was also wrong. It is clear you still do not understand the situation entirely. That's why you shouldn't be writing about it as if you are an expert, simply because someone told you something that sounded believable off the record. You don't understand the issues involved, but operate under the assumption that everything you think up as a plausible idea is also the truth. It isn't.“Slander, as noted in my article, is spoken. Libel is written. Just FYI. Also, a shill doesn't necessarily need to be paid, so calling you a shill isn't ‘accusing you of payola.’ Also, payola really only is illegal in broadcasting. There are plenty of people who are paid to say things, and nobody is arresting them. The company you work for largely serves advertisers; that isn't illegal, or all of CNET would be shipped off to jail.“There is nothing cowardly about pointing out that you are a shill and then documenting your attempts to spread misinformation in efforts to make Vista look good and Apple look bad. There is something very cowardly about fuming that you've been outed, and rather than apologizing and correcting your error, and then maintaining that you're simply better that others so your misinformation campaigns don't matter.“I don't have a little man complex, so repeating that doesn't really bother me. It does make it clear that you have some size issues in addition to your general lack of professionalism and technical incompetence.�?To which Ou elegantly replied, “Go find yourself a bathhouse in the city where you belong. You have no business writing.�? Using the same address, Ou responded to several other online sites defending himself and ignoring the errors of his article. How does Ou have a job? Ou is nominated for a Pink, White, and Brown Zoon, and his winning will also earn a Zoon for ZDNet and its CNET parent.Windows Genuine Advantage, Microsoft.After choosing a delightfully ironic name for its software DRM system, Microsoft then bungled its validation system for users worldwide. The hundreds of millions of PCs running Windows XP and Windows Vista phone home to Microsoft at regular intervals, but the company set up the system with a single point of failure. An inevitable failure prevented the company from maintaining resilience to downtime--something the company highly touts as an Enterprise feature of Windows Server--but it also highlighted the problem of validating software in general using a system that assumes guilt when there is any question in reaching the validation server. Windows users who tried to verify their genuine software had software features remotely turned off because of the WGA problems.[Tech: WGA the Dog]WGA is nominated for a White Zoon.Oliver Rist, InfoWorld, IDG.Suggested by reader Robert de Bie, Rist yesterday wrote an article titled “Does Mac OS X suck? Apple's desktop platform has impressive technical chops, but it falls short from a business perspective.�?Never mind the sophisticated and professional headline, the real question is, did Rist back up his headline, or simply cower in a bed of second hand fear, uncertainty and doubt? No need to guess, really; this is InfoWorld, a rag primarily useful for its ads. No competent IT manager wastes much time reading the ramblings of such stuffshirt columnists.Rist brings up the idea that Mac OS X is really just Unix with some frosting, making it easy to coo about, but not really ready for real business. Unfortunately, Rist offers no basis for anything that he says. In fact, his headline and (forgone) conclusion don't even match what he writes in between. Under the subject of networking, Rist says, “OS X has an excellent networking client, both wired and wireless — due in large part to FreeBSD rather than anything coming out of Cupertino.�? But wait, does FreeBSD write the Mac’s Apple File Protocol? Does it maintain Samba for Windows networking? Wrong on both counts. By spouting the dittohead myth that Mac OS X is just FreeBSD with an Apple logo, Rist has already established that he knows nothing about the subject he's pretending to be an expert in. He then says nothing else about networking, granting that Mac OS X has no real issues.Security Absurdity. On the subject of security, he says “It's a pretty secure system. Yes, ever since OS X has become more popular, attacks and breaches on the platform have become more numerous. And, yes, those numbers are high enough that if I were managing a portfolio of MacBooks I'd be installing anti-virus on them.�? Rist linked his comment to another IDG article reporting on a Mac OS X worm threatened by the anonymous "InfoSec Sellout," which turned out to be a fraud. That's the extent of the acceleration in Mac OS X “attacks and breeches,�? a crank call? There are yet no viruses for Mac OS X, and all the malware that exists is proof of concept ideas hatched in a lab. Strike two for Rist in trying to write about security issues. Even so, he concedes, “once the personal firewall is up and the AV installed, I'd fully expect to see far, far fewer security-related problems from my Mac clients than my Windows clients.�?[10 FAS: 10 - Apple’s Mac and iPhone Security Crisis.]Many Words, Little Point.On the subject of reliability, Rist beats up Artie MacStrawman for insisting that Mac OS X apps never crash. He then provides some recollected figures for estimating how many times he has noticed a Mac app crash compared to Vista crashes. He passes by saying, “Apple's probably less crash-prone overall.�?On the subject of software compatibility, Rist says Apple “treats third-party developers like the proverbial redheaded stepchild, which results in significantly fewer third-party software options for Apple users than Windows users,�? then follows up with the genius, “When it comes to mission-critical, vertical-type business software, Windows clients far outnumber Apple clients. If they didn't, Macs would be populating a much larger number of corporate desktops.�?How does this guy get work writing? By the end of page one, Rist had said nothing at all. On page two, Rist really gets going. He starts off referring to "Apple jihaders," as if he has a fundamentalist shock radio show rather than a column designed to inform IT managers. Rist says people don't want to retrain employees to use Macs, and then suggests that retraining users for the significantly different Vista would not be an issue. He gives the Mac a “grudging�? pass again and moves to hardware. [Paul Thurrott's Merciless Attack on Artie MacStrawman]Mac OS X’s Hardware Features.He says that Gateway has more USB ports and a finger print scanner in the same form factor for less cost, without outlining his comments with any factual basis. He then complains that his MacBook suffered a hard drive failure after four months. “That's a pretty short time frame for serious hardware failure,�? Rist wrote. It's odd that hardware issues are being outlined in an article about “why Mac OS X sucks,�? but someone writing to an audience of experienced IT users should be aware that computing hardware--particularly hard drives--is most likely to fail in its first few months. Past that break in period, most hard drives typically have a relatively stable three year life span, after which problems become statistically more likely to occur. It's called the bathtub lifespan curve, because like the contour of a tub, it starts high, then drops low for a long stretch, then begins to rise again. Clearly, Rist doesn't know what he's talking about at all, even when complaining about consumer Mac hardware in the context of Mac OS X as a business operating system.Dude, You’re Being a Shill.After "passing" all of his categories, Rist then fails Mac OS X in “business orientation.�? There are good and justified reasons for faulting Apple in the IT arena, but Rist doesn't mention a single one. Instead, he prattles on about Apple's consumer ads, and how they portray the typical Mac user with a “SOHO, I'm-cooler-than-you, coffee house image.�? For all the dittoheads who like to repeat this idea, I'd like to remind you all that Dell's memorable mascot was a smirky pothead who couldn't finish sentences beyond, “Dude, you're gettin’ a Dell! (excited thumbs up).�? That had no impact on Dell's Enterprise sales, because serious enterprise users don't make their decisions based on watching prime time TV and deciding whether they like the advertisements targeted at families. So please shut up about the Justin Long and John Hodgman Get a Mac ads. Enterprise Worthy Dell Pothead Vs. the Too Good for You Coffee Drinking Mac.Highly Unqualified.Rist is a “senior senior contributing editor�? at InfoWorld. With this sort of incompetence and ignorance, it makes one wonder what kind of single celled organisms must pass for junior editors at IDC and its various ComputerWorld, PC World, and InfoWorld properties.While writing “a column devoted to running Microsoft technologies in medium and large enterprise environments,�? Rist only notes experience in running a small Microsoft-oriented software business and writing for rags like Computer Shopper. That qualifies him as a Microsoft shill, but not as a columnist offering advice about ‘medium and large enterprise’ IT environments.Rist is nominated for Pink, White and Brown Zoons.Microsoft’s Pseudo-Philanthropy in New Orleans.Bob Emery notes that Microsoft is offering free software for hurricane-hit businesses in the devastated New Orleans area. However, in order to qualify, users have to sign up for a three year plan, of which Microsoft only covers the first year. A local paper noted “For the typical small business of 50 employees and 25 personal computers licensing Microsoft Windows Vista and the Office 2007 suite of programs, the free year can result in savings of as much as $12,050.�?Of course, what that really means is that recovering small businesses will actually have to shell out $24,100 just for software licenses, in addition to buying computers capable of running Vista. One might think that a company earning $50 billion in revenues might be able to offer more than an advertisement to struggling businesses, particularly since software costs Microsoft nothing to deliver.[Microsoft gives free software to hurricane-hit businesses - New Orleans CityBusiness]Votes toward Microsoft's headline friendly, fake philanthropy will help the company earn its White Zoon for its WGA fiasco.Vote in the Forum and add your comments.Official awardees: Pink : George Ou, ZDNet, CNETWhite : Windows Genuine Advantage, MicrosoftBrown : George Ou, ZDNet, CNETWhat do you think? I really like to hear from readers. Comment in the Forum or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

• on August 30, 2007
• More Details
• Related News

Forbes' Fake Steve Jobs Is Also Fake On Apple

Daniel Eran DilgerDaniel Lyons is the author of the Fake Steve Jobs blog and a columnist at Forbes. After developing a reputation for attacking bloggers, open source, and any alternatives to Microsoft, Lyons has shed his skin to escape from one scandal while at the same time squirming into position to choke the truth out of his next victim: Apple.Reader Marc Elson sent in a link to Lyons' “Snowed by SCO,�? an article Lyons wrote to both apologize for and marginalize his years of articles in Forbes that misrepresented the issues in the SCO Groups' attack on Linux. He blamed his reporting on bad information he'd been fed by SCO. It's easy to backtrack now that SCO is toast; in fact it's rather impossible not to. However, neither Lyons nor Forbes can erase the years of false information and misleading spin they published, which not only idealized SCO but also lambasted any individuals critical of the company. He described anyone supporting Linux as religious folk "convinced of their own righteousness."While fighting for SCO, Lyons also attacked “bloggers�? in a front page article in Forbes that screamed, “they destroy brands and wreck lives. Is there any way to fight back?�? as if everyone who writes on the Internet operates as a class that can be summarily judged and dismissed at once. [Snowed By SCO - Forbes]Daniel In the Lyons Den Again.Lyons' lack of hesitation in throwing out poorly conceived attacks is getting him into trouble again. He seems to be working frantically to spin together a bizarre new tale of how Apple is going to simultaneously be torn apart by the can-do-no-wrong Microsoft while also turning into a shadow of the evil monopolist itself, threatening us with its fearsome dominance.Lyons resurrected the identical, wholly illogical conundrum of a paradox posited last year by Windows Enthusiasts, principally Paul Thurrott, who spoke in fear of a threatening monopoly position achieved by Apple's iTunes while--puzzlingly--also describing Apple's music business as a pitiful failure that could never withstand the market dominance of Microsoft. Is it part of a new Forbes campaign? Lyons' new work echos other regular articles from Forbes writers, all attacking Apple and reality in the same breath:Presenting Apple TV a supposed flop, despite its profitably outselling the TiVo this year without incurring the tens of millions in losses TiVo has suffered in the last quarter and in every one of the last several years.
Promoting MusicNet Digital's failed Microsoft partnership in selling music against iTunes and describing the Zune as something other than a spectacular failure. Even the most giddy Zune fan sites are appalled by Microsoft's lack of support in providing updates and fixes for the Zune's major failures. How is Forbes framing it as some kind of sleeper hit?[The iTunes Monopoly/Failure Myth][Scott Woolley Attacks Apple TV in Forbes, Gets the Facts Wrong][Forbes Prints Insanely Self Serving Attack on iTunes by MediaNet CEO Alan McGlade]When Cost Is No Object: Microsoft Media Center.Reader Robert de Bie forwarded a link to Lyons' breathless accolades over Microsoft's Media Center software, which opened with the line, “Guess who's got the slickest software for handling TV, movies and music? Not Apple.�?Lyons compared using a Mac and Apple TV with a PC running Vista Ultimate with Media Center features and an Xbox 360 to relay content to a TV. He raved that the Microsoft solution “can do things with digital media that even Apple can't match.�? That's true, as Media Center is principally a DVR, a software version of the TiVo; Apple doesn't sell anything the works like a TiVo to record TV. However, Lyons only noted in passing that “Microsoft charges $400 for Vista Ultimate--$300 too much,�? failing to add up that a Mac comes with free Front Row features. Apple TV hardware costs $300; it supplies ultra fast 802.11n wireless and, at a minimum, a 40 GB hard drive.In contrast, an Xbox 360 with a 20 GB hard drive costs $350, and another $100 for slower 802.11b/g wireless. So as a wireless media extender, the Xbox 360 costs $450 (50% more), but gives you half the disk capacity and slower networking.Additionally, the required Media Center software that costs another $400 in Vista Ultimate doesn't magically provide you with a TV tuner, so you still have to buy one.In other words, all the money you throw at Microsoft only gives you software that is otherwise free. Without having to pay for all that software licensing, you can go buy whatever TiVo-like TV tuner for the Mac fits your needs, and solve the problem for hundreds of dollars less.Of course, what Apple wants you to do is go without a TV tuner and an expensive cable subscription and simply buy the TV and movies you want to watch from iTunes. Of course, that's not necessary to use Apple TV; you can also rip your own DVDs or even use it to manage your home movies and free podcasts, something Media Center isn't really designed to do because there's no money in it. Don’t forget that there are more fees involved with Xbox Live services, and that TV downloads are more expensive. You’ll also need to pre-purchase Microsoft’s points, converting your cash into Microsoft Live currency that’s subject to change. And once you buy Xbox Live TV shows, don’t expect them to play on your Zune or Windows Mobile phone the way iTunes content plays on Apple’s iPods and iPhone.Of course, when Microsoft sends writers all this equipment to try out for free, then it’s easy to gush over how great it all works and report, "No crashes, no reboots, no blue screen of death. Stunning," as Lyons did. Had he actually been forced to pay the $840 premium to actually use Microsoft’s system, perhaps he’d sing another tune.While Lyons is certainly entitled to his opinion, he should at least present the facts correctly. Outlining any Microsoft product without a consideration of its true cost is always a mistake, because the true cost is almost always hidden. Lyons also wrote “Microsoft's system supports high-definition video; Apple TV does not,�? a line that isn't true. Content from iTunes isn't yet available in HD, but the Apple TV does support HD video from other sources and comes equipped with support HDMI, which only the newest Xbox consoles have. Considering that Microsoft has barely sold any new Xbox 360 units this year, fewer than 20% of installed Xbox users even have HDMI outputs. [Windows XP Media Center Edition vs Apple TV][Forrester Research: Epic Terror of iTunes and Apple TV]Big Brother Says: Apple is the New Microsoft.Since publishing that “Media By Microsoft�? article a couple weeks ago, Lyons has ramped up his attack on Apple into a web of false information that approaches his SCO shilling. He even exploits his popular Fake Steve Jobs blog for dramatic effect.Lyons starts his newspeak reporting, ironically enough, in an article titled “Big Brother,�? with a comical juxtaposition of Apple's 1984 Macintosh ad and a modern screenshot of Jobs presenting the new 3G iPod Nano against a huge video screen of his own image. Lyons had earlier published the images on his Fake Steve Jobs blog after a reader had submitted them.This is funny stuff, because in both images, there's a greying white man with glasses on a huge TV screen talking. But in 1984, the man is talking about universal ideology to a numb audience, while in the modern scene, Jobs was talking about changing the market for mobile video with a 6.5mm device, and the crowds were enthusiastically applauding.There was one other amusing similarly however: shortly before eating the hammer thrown by the Macintosh girl in orange hotpants, the 1984 Big Brother screen says, “Our enemies shall talk themselves to death and we will bury them with their own confusion. We shall prevail!�?In 2007, Jobs has said some similar things about Microsoft, but the Macintosh hammer is actually being thrown at Vista. So while it’s not exactly the same thing, it is a funny coincidence. Along those lines, Lyons provided some examples of how, as an enemy of Apple, he can talk himself to death and be buried in his own confusion.[Big Brother - Forbes]Here's What You Believe.So far, we've just covered the photos on the article. Once Lyons started writing, it was like SCO all over again. He says early iPhone buyers “were threatening to take to the streets again--only this time with pitchforks and torches. They were furious because Apple Chief Steve Jobs slashed the phone's price to $400 from $600, making early adopters look like suckers.�?If Lyons really wants to make up garbage and rewrite history, he should confine himself to Wikipedia where he can't do any damage. The people complaining about getting what they paid for were a whiney minority amplified by a desperate press trying to find something wrong with the most successful electronics product launch in history.Anyone who thinks buyers who paid $600 for the iPhone to get the hottest new device available--and who ended up with a phone that cost less overall than even the $99 Motorola Q, and further got a $100 refund credit--are “suckers�? needs to reevaluate what being a sucker might mean. Perhaps paying Microsoft $850 for the equivalent of a $300 Apple TV with less storage and a slower network, and then still needing to buy a TV tuner is a better example of being a “sucker.�?The only difference is that Lyons didn't get a free iPhone from Apple, but did get a bunch of Microsoft Media Center stuff to try out without having to pay for any of it as the rest of us would have to do, were we inclined to let Microsoft control our TVs.[Ten Fake Apple Scandals: 1 - Phony Rage About iPhone Price and Profits]The SCO Shill Lines Up Behind Microsoft, AT&T, and the RIAA.It might not be a surprise that a writer who identified SCO as safe to cheerlead for because of its seemingly legitimate corporate position would similarly jump at the opportunity to weep crocodile tears for some of the other most reviled companies doing business on the planet. Lyons is apparently not very smart about picking corporate favorites.“It looks like an anti-Apple backlash has begun,�? Lyons wrote, noting that NBC Universal pulled out of iTunes to partner with Microsoft's Windows Media DRM-based Amazon UnBoxed store. He didn't mention that NBC also partnered with Fox in setting up a joint Microsoft store, and then went solo on its own website trying to offer ad-encrusted, Microsoft DRM-ed, exploding content. No doubt all of those efforts are going to work out well for NBC.Lyons also said “Vivendi's Universal Music Group also reportedly won't renew its contract with Apple,�? without clarifying that only refers to its long term contract; Universal music hasn't budged from iTunes. He also cites unhappy noises from Hollywood about Apple's desire to lower prices to make content more desirable to consumers, who can already obtain movies and TV programming free over the air or via unauthorized downloads.Omitted from Lyon's one-sided overview of the iTunes Store is CBS executives' comments that they are very happy with its deals with Apple, and that both CBS and Fox are offering free season premieres through iTunes.And what about Viacom billionaire Sumner Redstone, who was recently cited by BU reporter Jessica Ullian as saying that “iTunes has 'resurrected the music industry' by creating a legal, affordable, instantly gratifying purchasing system for fans. The challenge now is for the film industry to catch up, he said, and for competing companies to work together to establish new standards and practices.�?[CBS and Fox offer free TV through iTunes US - iPod/iTunes - Macworld UK][How iTunes Saved the Music Industry - BU Today]Pity the Poor AT&T.Lyons wrote that “Jobs isn't known for treating partners well,�? noting that the iPhone doesn't sell AT&T's worthless media services or overpriced ringtones. That's really an example of Jobs treating the customer well, and the Fake Steve Jobs should know that. Why repeat the “Apple can’t partner myth?�? AT&T is making a major turnaround, funded by record numbers of headlines fawning over the iPhone. Apple has propelled Cingular from a middle of the road brand into its new AT&T name, which the company purposely rolled out in conjunction with the iPhone to benefit from the excitement surrounding it. Should we be aghast that Apple declined AT&T's own overpriced MEdia Net TV clips and ringtones? Is AT&T even worried about it?The service provider reported that the iPhone has outsold any phone it has ever introduced. Does that make Apple a bad partner? Would it be better if Apple really was the New Microsoft, extending its support and then yanking it back in a PlaysForSure/Zune style move? Does Lyons really have the extra credibility to burn in making such ridiculous comments? [How AT&T Picked Up the iPhone: A Brief History of Mobiles]More of the New Microsoft Meme.After noting some of Apple's recent successes, Lyons wrote, “the flip side of Apple's success is that Apple has started to seem scary.�? Scary, uncertain, and doubtful! “No longer is Apple the plucky underdog out to save the world,�? Lyons fears. Oh really? Has evil been vanquished? Is there not still the inky black bile of Windows Media DRM dripping from every alternative store in the universe? Does not Microsoft still have the remains of that $50 billion it took in last year from its monopolies--real monopolies, not the imagined fantasy kind pinned on iTunes by the media? You know, the monopoly in PC desktop operating systems held by Windows, the monopoly in servers, and the monopoly in desktop Office software? The monopolies that earn Microsoft overall profit margins as high as 81% on products that are over a half decade old? From that perspective, Apple could really turn evil over the next twenty years and still not compare to the wrongs we've suffered from Microsoft. Even so, Apple really isn't doing wrong by its consumers. If the best Lyons can do is to suggest that some RIAA labels and Hollywood executives are miffed by Apple's push for low prices, he'd better scramble to find something more problematic than that. I like low prices in content. I don't long for access to AT&T's expensive ringtones.iPhone Price Problems.Apple's iPhone was a better deal at $600 than Microsoft's Windows Mobile Motorola Q at $99, because Apple twisted AT&T's arm to provide lower priced service, making the iPhone around $200 cheaper across two years of use. Apple then dropped the iPhone's price by another $200, making it now almost $400 cheaper than the nearly free phones on the market.Is this wrong? Did Apple harm those of us who recognized value in the iPhone back in June? Did Apple defraud a million people who bought the iPhone at a good price when it lowered the price afterward? [Apple's iPhone Price Cut Unleashes Complaints]Apple TV Only A Flop For Forbes' Frauds.Lyons repeats in passing--without any factual backup--that the Apple TV is a flop. Oh really? Is that because it profitably sold a quarter of a million units with little advertising? Incidentally, that's nearly double the number of new customers TiVo signed up, as reader Timothy Bandy pointed out. He noted that “TiVo-owned subscriptions totaled 1.71 million, up 136,000 on an annual basis compared to the year ago-period.�?If Apple sold 250,000 units of the Apple TV, “it's already doubled the amount of new customers Tivo made last year,�? Bandy wrote, “or to put it another way, they already have 1/7th of Tivos' customer base without hardly trying. And as you pointed out, I doubt they've lost several million bucks in the process.�?TiVo lost $19 million in the last quarter, and $50 million last year. Apple sells the Apple TV at a profit, although not much of one. That's because the company is working to sell content that works on the Mac, and Apple TV only serves as a contributing part of that strategy. Apple is working to expand the market for fair priced Internet downloads, in opposition to high-DRM, high-priced alternatives.Microsoft has lost billions in its consumer electronics products, including the Xbox 360 that Windows Enthusiasts like to compare against the Apple TV. Microsoft also stomped on efforts by Linux users to recycle the old Xbox as a media playback system. Where's the outrage? Where's the “suckers�? blubbering? Where's the reporting that “Microsoft regularly betrays its partners?�? It's certainly not in the pages of Forbes. [Brent Schlender's Apple TV: Fortune Dud or Fortune FUD?]It's all Downhill From Here.Lyons then complained that iPhone sales must be fading because Apple dropped the price, neglecting to account for the fact that Apple met its million unit sales goal three weeks early. “The next version of OS X, called Leopard, has suffered delays,�? Lyons wrote, again failing to compare its 6 month delay to the six year delay of Vista. I guess Apple isn't the New Microsoft after all.Lyons begged for forgiveness after beating on Linux users for years and glorifying a bunch of greedy SCO investors trying to exploit intellectual property rights the company didn't even own. In describing his partnership with Rob Enderle, I downplayed his SCO role after he pleaded for evenhanded coverage of his past, noting that he did publish some correct information after the writing was on the wall for SCO.However, for his shameless attempts to present the same kind of one-sided, half-truth, negative-spin that praises the worst corporations on Earth while reviling the only company that seems to share any interests and values in common with its customers, Lyons has lost the bits of credibility he begged to retain. Shame on him, and Zoon on Daniel Lyons' head. [Daniel Lyons: Fake Steve Jobs and the SCO Shill Who Hated Linux]Thanks to John Schmidt for the “Big Brother�? link.What do you think? I really like to hear from readers. Comment in the Forum or email me with your ideas. Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

• RoughlyDrafted Magazine on September 25, 2007
• More Details
• Related News

★ The Fear

The NDA is dead, yes, and good riddance, but there remain serious problems with the way Apple is managing the App Store. It boggles my mind that there remain so many people who don’t see this. This piece by Dan Kimerling at TechCrunch is one example; various of the reader comments on Jason Snell’s piece for Macworld last week are another.1 One factor, perhaps, is the tendency to see everything in terms of extremes. Black or white, good or bad. But this debate is not about wanting Apple to make radical changes, such as, say, changing the iPhone from a closed platform to a more open platform a la Android. There are reasonable arguments to be made that a more open iPhone platform would be good not just for iPhone developers, but for Apple and its shareholders. But those arguments aren’t what this debate is about. This debate is about wanting Apple to make minor changes — a slight but very significant course correction. Put another way, this is not about the big picture scope of what kind of hypothetical App Store (or Stores, plural) Apple should have created. That train left the station long ago. This is about the specific details of the App Store that actually exists, and the rules that govern it. I believe that a closed, controlled App Store can work, but by definition that requires developers to place trust in Apple. The problem is that Apple is managing the App Store in certain untrustworthy ways. And I mean trust more in the sense of stability than honesty — like in the way you need to trust a ladder before you’ll climb it. Here is a complete list of what Apple must do to increase developers’ trust in the App Store system: State the rules. Follow the rules. That’s it. This is so clear that even those who are arguing the other side — that Apple’s App Store stewardship is just fine as it stands today — have jumped through hoops in an attempt to argue that Apple’s exclusion of Podcaster was in fact in accordance with the iPhone SDK Guidelines. Kimerling, in his “Stop Complaining About Apple and the App Store” piece, writes: When you create the platform, you set the rules. If Apple wants to restrict iPhone applications to those that do not compete with features built into the iPhone, well, they can go right ahead and do so. It is right in the SDK’s user agreement. That’s just not true. The iPhone SDK Agreement, at least by the standards of legal contracts, is written in clear, straightforward English. (Apple’s lawyers, in the opinion of yours truly at least, are good writers.) The rules it lays down are clear. And Podcaster doesn’t break any of them. Given any set of rules, there will always be edge cases. Judgment must be rendered, and, inevitably, some will feel edge cases were judged the wrong way. But the reason iPhone developers (and prospective iPhone developers) are appalled by Apple’s rejection of Podcaster and MailWrangler is that neither app was near any edge defined in the SDK guidelines. Podcaster was rejected for duplicating the podcast features in iTunes and the iPhone “iPod” app. MailWrangler was rejected on the following grounds: Your application duplicates the functionality of the built-in iPhone application Mail without providing sufficient differentiation or added functionality, which will lead to user confusion. The word “duplicate”, in any conjugation, does not appear in the iPhone SDK Agreement. Not a word about it. And there is clearly no general rule about third-party apps duplicating the functionality of the iPhone’s built-in apps. PCalc, along with a handful of other calculator apps, duplicates every single feature of the built-in Calculator app. There are dozens of note-taking apps that compete with Notes; MagicPad goes so far as to use the same icon as Apple’s Notes app, just with different colors. There is an entirely category in the App Store — an entire category — for weather apps, several of which “duplicate” the entire functionality of the built-in Weather app. So, not only judging by the rules set forth in the iPhone SDK Agreement, but also by the existence proof of hundreds of apps currently published in the App Store that duplicate (which is really to say compete with) built-in iPhone apps, no reasonable person would have expected Podcaster or MailWrangler to be rejected. So their rejection is problematic on three fronts. First, the submission process is such that an app rejected at the conceptual level — one that cannot be tweaked or fixed to gain entry upon resubmission, but whose fundamental premise is rejected by Apple — such an app is only rejected after it has been written. The developer does all of the work to produce the app and only then finds out it was all for naught. Second, there are clearly rules which are not listed in the SDK guidelines. Third, in its explanations for the rejections, Apple is not stating what these actual unpublished rules are, and is instead offering as the reason this “it duplicates a built-in app” rule which, given all the aforementioned counterexamples that have been accepted into the App Store, isn’t actually a rule at all. The explanation is clearly false. Taken together, these three factors lead to The Fear, which is that developers cannot trust the App Store process. You can spend all of the time and effort it takes to build an app, follow every known rule, and still get rejected. From Apple’s perspective, especially, say, in upper management, it may be all too easy to look at what’s going on with the store — thousands of published apps, a ton of money changing hands — and not see the problem. In the big picture, from both a technical and marketing perspective, the App Store is a grand success. The problem is that the apps that are the most interesting, the most important, are the ones that take the most work to create. And the apps that take the most work to create are the ones that are most likely not even to be made in this environment, because the risk is greater. The more work it takes to create an app, the more you lose if Apple rejects it. Going back to the ladder analogy, the higher you’re trying to climb, the more you need to trust the ladder before you start. It’s not about a handful of developers who’ve had their apps rejected. It’s about all the other developers who are now spooked, and that the ones who are the most spooked are the ones who harbor the grandest, boldest, most innovative ideas. Interpolation Regarding a Theory on Which Apps Apple Won’t Allow Developers to Compete With In the absence of revised iPhone SDK Agreement from Apple, we can attempt to guess what the unpublished rules are. With Podcaster, for example, the “follow the money” rule of thumb leads to the conclusion that Apple will not allow any competition with iTunes, because iTunes is a profit source. This is why MailWrangler’s rejection is the one that puts The Fear in my heart. As unjust as the Podcaster rejection appears, if Apple really wants to prohibit competition with iTunes, even anti-competitively, you can at least see the thinking behind the decision. It’s foolish and unnecessary — the fact that iTunes is wide open to total competition on both Mac OS X and Windows hasn’t hurt it at all — and it also quite possibly invites some sort of legal challenge, but at least there is a logical idea behind it. But Mail? Why on earth should Apple care if some third-party email client for the iPhone becomes wildly popular? It makes no sense. iPhone users who use the built-in Mail app don’t pay extra to do so. Mail doesn’t tie users to Apple’s own MobileMe service. In fact, Mail offers specific setup help to work with Gmail, the service MailWrangler is optimized for. If you can make a replacement for Notes and Weather and Calendar, why not Mail? I have a theory. It is more, well, emotional than logical. But it’s the only theory I can think of that makes any sense at all and fits the available evidence. The theory is that there is an unpublished rule that Apple — and in this case, where by “Apple” I really mean “Steven P. Jobs” — will not publish third-party apps that compete with or replace any of the four apps in the iPhone’s default “dock”: Phone, Mail, Safari, and iPod. Go back to Jobs’s original iPhone introduction at Macworld Expo 2007. It was a masterful presentation. Carmine Gallo, writing for BusinessWeek, calls it Jobs’s greatest presentation; I agree. Gallo describes the moment it was unveiled: After laying the groundwork, Jobs builds up to the new device by teasing the audience: “Today, we are introducing three revolutionary products. The first is a wide-screen iPod with touch controls. The second is a revolutionary new mobile phone. And the third is a breakthrough Internet communications device.” Jobs continues to build tension. He repeats the three devices several times then says, “Are you getting it? These are not three separate devices. This is one device … today Apple is going to reinvent the phone!” The crowd goes wild. This “three revolutionary products” pitch was inordinately effective. For one thing, live, in the hall, Jobs completely fooled the crowd, yours truly included. But then as he repeated the three product ideas over and over, while icons representing the three products rotated behind him on screen, faster and faster, it started dawning on us how we’d been tricked. By the time Jobs came out and said that it was just one device that encompassed all three products, everyone in Moscone West had come to that conclusion on their own — a nifty little way of making the crowd feel clever, as though we’d figured out a riddle. But this pitch also worked because it was true. All three of those products sound good on their own. All three in one device sounds insanely great. Jobs was introducing the iPhone simply by describing precisely what it was. A phone, a widescreen video iPod, and a breakthrough Internet communicator. The icons in the iPhone’s default dock represent the core functionality of the device. Phone, Email, Web, iPod. With nothing other than those four apps, the iPhone still would have been a hit. Not as great, but, still, great. Everything else the iPhone’s built-in apps do could be done, to some extent, through Safari: notes, calendars, weather, maps, stocks. There are a few minor exceptions. SMS is one example, but that’s really just an adjunct to the Phone app. Anything that relates to the phone network — voice or SMS — is unavailable through the third-party iPhone SDK anyway. You couldn’t write your own SMS app even if you wanted to. (Apple clearly has no problem with competing chat apps — there are several IM clients available in the App Store. That’s the same basic concept as SMS, but using IP networking.) And so my guess is that while there may not be any logic, there’s at least a notion, if only in Jobs’s mind, that these four apps are sacrosanct because they define the iPhone. Everything else, both from Apple and from App Store developers, is piffle, secondary to those four apps. Harry McCracken’s recent iPhone user survey indicates that iPhone users agree that those four apps comprise the most-used features of the iPhone. But the least essential of the four is Mail. You cannot place phone calls or play music and video from your personal iTunes library using a web browser, but can read and send email through it.2 Millions of people do just that every day, including, I’m sure, many of you reading this essay. And Google’s iPhone-optimized version of Gmail shows just how well it can be done. It’s not just good for web-based mail, it’s just good, period. And so this idea that Apple seems to have that Mail is particularly special is misguided. The Phone and iPod apps are special, because at a fundamental level they perform tasks that cannot be duplicated in a web app. But there’s nothing any more special about Mail than there is about, say, Calendar. Calendar, if anything, is more closely tied to Apple’s proprietary and commercial MobileMe service — Mail works great with any IMAP server, including Gmail, but Calendar only works for online syncing with MobileMe or Exchange. But Apple doesn’t seem to have any problem allowing Calendar competitors into the App Store. Notes Calendar is a $3 Lotus Notes calendaring client. Exchange Remote Calendar is a $10 is a $10 calendaring client for Exchange. If these are OK, why not a dedicated Gmail email client? The only explanation is that Mail is deemed untouchable and Calendar is not. The real test would be for someone to write a dedicated Google Calendar iPhone app — but given what happened to MailWrangler, it might be hard to find someone willing to try it. In short, my theory is that Mail is on the do-not-compete list not because there’s any strategic reason for Apple to do so, but simply because of a vague notion that Mail is one of the iPhone’s defining apps. This notion is wrong. Mail is important, but there’s nothing about it that needs to be protected from competition. End of Interpolation, Back to the Three Problems, Which, Due to the Grotesque Length of the Above Interpolation, I Will Remind You Are: (1) App Ideas Are Rejected Only After the Apps Are Actually Built; (2) There Exist Secret Unpublished Rules Regarding What Is Allowed; and (3) When Apps Are Rejected for Violating the Unpublished Rules, Apple Refuses to State Just What These Rules Are One thing that would make a difference would be a submission process whereby developers could submit their application ideas to Apple in advance, to find out if they’re OK. That’s how it works on game platforms from Nintendo, Sony, and Microsoft — developers submit a detailed proposal and wait until they get the green light before actually building the game. That sounds good, but there are problems with the idea. For developers, it would require an additional level of trust in Apple. Ideas are less valuable than actual implementations, but the more original an idea is, the less comfortable you are to share it. And for Apple, it would require significantly more work. They’d still need to examine and approve the actual shipping applications, but now they’d also have to examine and consider application proposals. The world’s hard drives are littered with abandoned unfinished software projects — there would surely be far more proposals submitted for consideration than there are actual iPhone applications. As it stands today, Apple is already struggling mightily to keep up with the work of approving new and updated application submissions — the typical turnaround time is between one to two weeks. Perhaps Apple could offer this as a service limited to ADC Select ($499) or even Premier ($3,499) members. The service is needed most by the developers who are considering the biggest apps, most of whom either are already paid ADC members or wouldn’t bat an eyelash at the cost of joining. It wouldn’t be democratic, but it might make it feasible. Platforms like Wii and Xbox ship maybe a few dozen titles a month, tops. The App Store has published 3,500 titles in just three months. (And it costs far more to join the developer programs for gaming consoles than the $100 iPhone SDK fee.) More important, though, is for Apple to address problems 2 and 3, by publishing in the iPhone SDK Agreement all of the rules they’re using to evaluate applications. If we’re not allowed to write email or podcast clients, say so. If something unforeseen comes up, Apple should make a decision, and then publish the new rule. Rules you disagree with are frustrating. Rules you don’t know about are scary. I will also note that, to my knowledge, not a single published iPhone developer has spoken out in favor of the App Store’s current rejection policies. Those developers who have spoken are against it. Those who see no problem are not themselves iPhone developers.�↩ Even if Apple were to come to its senses and allow third-party developers to write competing email clients, the built-in Mail app would hold one significant technical advantage, which is that it runs in the background. In fact, background processing is the one factor that unites the four dock apps. Phone, Mail, Safari, and iPod all continue running the background; no other apps, including those from Apple, do.�↩

• Daring Fireball on October 2, 2008
• More Details
• Related News

Consumer Reports pans Safari's lack of phishing protection

Filed under: Software, Internet Tools, Security Consumer Reports, in its annual internet security survey, recommended that Mac users avoid Safari because of its lack of phishing protection. Instead, they recommend users install Firefox 3 or Opera 9.5 as their default browsers, since both will warn users before displaying the contents of sites known to be source of scams and personal information theft. Jeff Fox, technology editor at Consumer Reports, noted that "e-mail is the weak vector on the Mac," meaning that most successful phishing attacks on Mac users arrive via email. "Windows users are used to being paranoid about not clicking [links in phishing emails]," he said. "Mac users aren't, even though they say, 'Antivirus software, who needs it?'" As we've mentioned before, 1Password does a great job of adding phishing protection to Safari. Also, always be extra-wary of clicking links in emails from people you don't know. [Via Computerworld.]Read�|�Permalink�|�Email this�|�Comments

• The Unofficial Apple... on August 5, 2008
• More Details
• Related News

Phishing Scam: Apple Store

Trend Micro, the antivirus company, has a Malware Blog where they track all the bad stuff that can happen to your computer. Although the screenshots come from Windows machines, they did have one up this week that showed the Apple Store. Sneaky (and smart) phishers are sending emails that say there is a problem with your billing, and they weren't able to process the payment. Pretty sneaky considering there are likely a lot of people who have just purchased a 3G iPhone. Very smart timing, if you ask me. The email takes the user to an Apple look alike site that asks for the “user’s credit card type, credit card number, expiration date, security code, billing address and social security number.” In addition to the grief that comes with having your identity stolen, this info could give the phishers full access to all purchases that can be made from Apple: hardware, software, iTunes account, and iPhoto products. This is one of the drawbacks of Apple's great success. Unix is pretty solid and secure, but people have never put much effort into attacking Macs because of the economies of scale. Now that Macs are becoming more popular, we will likely see more malware attempts aimed at Apple hardware, software, and customers. Hopefully, it won't ever get as bad as it is on any PC. Don't click on those links in emails. Go to the site directly. Be sure to check and make sure it is a secure website you are using. You can tell because it will start with https:// or have a lock in the status bar (not in Safari).

• TheAppleBlog on July 5, 2008
• More Details
• Related News

★ Let the Tea Leaf Reading Begin

The best thing about being an Apple observer is that even when the company does make a long-awaited announcement, it inevitably leads to new questions regarding what exactly they mean. Apple punditry is the Kremlinology of the tech world. So it is with this week’s announcement from Steve Jobs1 that, yes, “We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February.” We now know two new things: (1) that there will be “native third party applications on the iPhone”; and (2) that the SDK is scheduled for February. That leaves a long list of questions. Whither Widgets? For one: What exactly is a “native third party application”? The obvious answer is the sort of UIKit-based Cocoa-ish applications that underground iPhone hackers have been creating over the last two months — the exact sort of native apps that Apple has itself already written for the iPhone and iPod Touch. For all we know at this point, though, it could be something more like Dashboard widgets — but I think that’s unlikely. Jobs wrote: > With our revolutionary multi-touch interface, powerful > hardware and advanced software architecture, we believe we > have created the best mobile platform ever for developers. JavaScript, HTML, and CSS are cool in that they’re widely-used, widely-known coding standards — but they’re not a good way to create user experiences that take full advantage of the iPhone, and would be pretty hard for Apple to pass off as an SDK for “native apps”. Third party developers want access to the same dog food Apple’s own iPhone engineers are eating. Plus, there’s the issue of performance. Iconfactory developer Craig Hockenberry, who has been tinkering with the unofficial iPhone developer tools to create an iPhone-native version of Twitterrific, wrote a splendid weblog entry titled “Benchmarking in Your Pants” regarding the lackluster performance of JavaScript code running in MobileSafari compared to compiled Objective-C code running in a native iPhone app. Function calls, for example, were 226 times slower in JavaScript. (Hockenberry also benchmarked JavaScript running on the iPhone compared to the same code running in Safari on an Intel-based iMac; the code ran about 80 times faster on the iMac.) Back in January at the iPhone’s introduction in the Macworld Expo keynote, Jobs described some of the apps on the iPhone, including Weather and Stocks, as “widgets”. My somewhat-informed understanding is that Apple’s original plan was for the iPhone to ship with its major apps written in Cocoa and with a handful of smaller apps written as Dashboard-style HTML/CSS/JavaScript widgets — but that this plan was scuttled for performance reasons, and the Weather and Stocks widgets2 were rewritten as UIKit Objective-C apps sometime this spring.3 My guess is that they ran into what Hockenberry documented: JavaScript on the current iPhone just isn’t fast enough to provide an iPhone-caliber user experience. So my money is that the iPhone SDK that Apple plans to release this winter is the real thing — Cocoa-style UIKit apps written in Objective-C. Security? Jobs wrote: It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target. External security — the threat of vulnerabilities that would allow malfeasants to compromise a victim’s iPhone — is a serious matter. There have already been several published exploits against the iPhone, including an as-of-this-writing open vulnerability in TIFF-processing code in the current iPhone OS. So clearly there is some merit to Jobs’s stated security concerns. As it stands in the current iPhone OS, all processes run as the root user; in broad layman’s terms, any process has access to everything else on the phone. So when a buffer overflow can be exploited to allow remote code execution, that code can do anything. To allow third-party iPhone apps to run today would be to trust those third-party developers not to write code with any security flaws. What the iPhone needs before Apple will allow third-party apps to run is some sort of sandbox, a way to prevent application processes from being able to access things they shouldn’t be allowed to access. But iPhone Cocoa apps are no more inherently susceptible to buffer overflow vulnerabilities than Mac Cocoa apps. And the hysteria over the iPhone’s current “everything runs as root” situation is overblown.4 Applications on your Mac don’t run as the root; they run under your user account. But all of your data — your email, your address book, your documents, everything your apps can read or write without administrator authentication — is vulnerable to any sort of hypothetical buffer overflow exploit on the Mac, and would be on the iPhone, too, even if iPhone apps didn’t all run as root. Sure, root privileges allow an exploit to do anything, but the most important thing on your system is your personal data, and an exploit doesn’t need root privileges to access that. I’m thinking Apple is more concerned about internal security — about having third-party apps limited to a sandbox so that user-installed code has no access to things like, say, the phone network modem’s firmware (the component that you need to diddle with to create SIM unlocks). That’s the key difference between the iPhone and the Mac, security-wise. Which Third-Party Developers? Mac OS X is pretty much completely open to development; even the developer tools are free, and anyone is free to write whatever software they want for the Mac. It seems unlikely that iPhone OS X development is going to be like that. One possibility is that the iPhone SDK will only be available to developers with ADC Select ($499) or Premiere ($3,499) accounts. (Premier and Select ADC members are the only ones with access to pre-release Mac OS X seeds, for example.) If that’s the case, it’s not going to be popular with hobbyist developers, but most professional Mac developers already have paid ADC memberships, and, let’s face it, we all know most iPhone apps are going to be written by Mac developers. Interviewed via email, Craig Hockenberry told me, “If there’s a simple way to get third party apps on the iPhone, you keep 90 percent of the developers happy and jailbreak/unlock has much less momentum. Sure, there will still be people that want to ‘buck the system’ but they’ll be in the minority rather than the majority.” The most intriguing part of Jobs’s announcement was this section, regarding security: Some companies are already taking action. Nokia, for example, is not allowing any applications to be loaded onto some of their newest phones unless they have a digital signature that can be traced back to a known developer. While this makes such a phone less than “totally open,�? we believe it is a step in the right direction. We are working on an advanced system which will offer developers broad access to natively program the iPhone’s amazing software platform while at the same time protecting users from malicious programs. It’s hard not to interpret the scare quotes around “totally open” as a reference to Nokia’s recent “Open to Anything” ad campaign — sort of a you guys aren’t completely open either call-out. This seems like a pretty clear indication that Apple is working on a similar signing system for iPhone apps. Restricting development to paid ADC members would instantly allow Apple to associate app signatures “back to a known developer”. Here’s more information from Nokia on the signing program Jobs mentioned; here’s similar information on the Symbian site. Which Apps? Another question is whether Apple is going to allow participating (trusted-by-Apple) developers to write whatever apps they want, signing the apps themselves, or if apps will need to be approved case-by-case by Apple before being signed. Mac OS X Leopard includes a new “application signing” feature, described by Apple thusly: A digital signature on an application verifies its identity and ensures its integrity. All applications shipped with Leopard are signed by Apple, and third-party software developers can also sign their applications. That same page describes a “sandboxing” feature that seems applicable to the iPhone, too: Sandboxing prevents hackers from hijacking applications to run their own code by making sure applications only do what they’re intended to do. It restricts an application’s file access, network access, and ability to launch other applications.” The prototypical example of a potentially popular app that Apple might refuse to approve would be a VOIP app like, say, Skype, in that it would undermine the need for the phone network, which in turn undermines Apple’s revenue sharing with the iPhone’s exclusive network partners. Or, say, instant messaging, the omission of which from the current iPhone is seen by many as a concession to the fact that heavy SMS users pay handsomely for extra monthly messages. (Personally, I suspect iChat for iPhone simply didn’t make the cut for 1.0 but is planned for a future update.) “Nokia’s model is to run as trusted/untrusted,” said Hockenberry. “Trusted apps get to access more than untrusted ones. This model could be extended to allow different levels of access based upon whatever Apple wants (as owner of the root certificate.) Basic access for Wi-Fi, extended access for EDGE, hardware access for deep pockets, etc.” That makes sense, and strikes me as a likely course for Apple. Development There’s a question, then, of how developers will write the apps in the first place. If iPhones only run third-party apps that have been approved by Apple, how do you develop an application in the first place before it’s been approved? Steven Frank — who, as co-founder of Panic and an unrepentant gadget hound, may well be the single most interested person in the world in a supported iPhone SDK — described to me via email the development process for the Danger Hiptop/Sidekick: “The Hiptop/Sidekick platform has a Java SDK that abstracts away all the low-level hardware stuff so you can’t touch it, while still providing everything you need to write an application.  You test and debug in an emulator/virtual machine that can simulate edge conditions like loss of cellular network availability and so on.  When you’re almost done, and ready to try on real hardware, you apply for a ‘developer key’, which is a small certificate that you install on the phone that enables you to run third-party apps that didn’t come from the on-device for-purchase catalog.  To get the developer key, you have to prove to them you actually have an almost complete app, and aren’t just some kid who wants hot Yung Joc ringtones by submitting a build of your application.  You also have to sign a waiver that says you are no longer eligible for support from your cellular carrier.” The iTunes App Store? Which leaves us with the question of distribution and installation. The obvious route is the same one Apple has taken with iPod games: the iTunes Store. Apple, in this case, would likely get a cut of every sale. From a user’s perspective, it’d be easy and obvious: shop and pay for apps in iTunes, and iTunes takes care of installing the software, and, perhaps, synching data. This is similar to the Danger model — where apps must be approved, and can be sold only through the official channel. Limiting, to be sure, but as Frank put it, “The process [of developing for Danger] is somewhat tedious, but still an order of magnitude better than not allowing third-party applications, period.” Frank also pointed out the most glaring downside of Danger’s pay-to-play development model: “One drawback to this approach from the user’s perspective is that there is basically no free third-party software. Everything costs at least a couple bucks.” The announcement appeared on Apple’s Hot News web page, but with no permalink, so it’s likely to disappear from Apple’s web site in a week or two as newer items appear. I’ve saved a plain text copy here for posterity.�↩ I wonder if the Calculator app was originally a widget, too. UI-wise, it’d certainly be a cinch, because just like with the iPhone’s Weather and Stocks apps, it more or less looks and acts exactly like the corresponding widget in Mac OS X. So my theory is that when Apple made the decision to rewrite the iPhone widgets as native iPhone Cocoa apps, they used the widgets as the specs for the apps. “Make a native app that looks and acts exactly like this widget,” more or less. One thing that makes me think this is that the iPhone Calculator app doesn’t make any sounds when you press the buttons. Pure JavaScript/HTML widgets can’t make sounds when you click or tap buttons. I find typing on the iPhone keyboard to be much more satisfying with the sound on; with the sound off, because the keys are virtual, there’s no sensory feedback at all. The Calculator app would feel more real if it simply made the same button-clicking noises as the iPhone keyboard.�↩ That this change was — I believe — made rather late in the game might explain why vestigial references to “widgets” remained in the shipping iPhone 1.0 software. (It could also mean, of course, that Apple plans to re-expose this feature at some point in the future.)�↩ It certainly is a curious question why all iPhone apps run as root. I don’t know the answer. But I’ll bet there’s an interesting engineering trade-off involved somewhere. If you think the reason is laziness or ignorance on the part of the iPhone OS X engineers, you’re an idiot.�↩

• Daring Fireball on October 19, 2007
• More Details
• Related News

Will Google's Android Play DOS to Apple's iPhone?

Daniel Eran Dilger Today's broad array of smartphone operating system contenders are offering lots of potential answers to a problem that only requires one. It appears the market has two options ahead: either pool generic hardware makers behind a single operating system and deliver a smartphone marketplace that resembles the Windows PC market, or watch them fall to a dominant leader and have a smartphone market that resembles Apple's iPod ecosystem. This decision isn't going to be made by a class of intellectual elite, or by government mandate. it's going to be made by the market itself. Here are the factors that will influence the outcome, either marginalizing Apple's iPhone into a niche as the company has twice experienced previously at the hands of DOS in 1981 and Windows in 1991, or positioning it as the dominant leader as Apple has achieved for itself with the iPod since 2001. The third segment in this series looks at Google's Android and the Open Handset Alliance as a possible “DOS-attack” against Apple's iPhone. Subsequent segments will look at Nokia's newly opened Symbian and other mobile contenders challenging the iPhone. Will the iPhone Meet its Match from a Modern Day DOS? Will Windows Mobile Play DOS to Apple’s iPhone? Will Google's Android Play DOS to Apple's iPhone? Will Symbian Play DOS to Apple's iPhone? Google Acquires Android. In 2005, Google purchased a startup named Android, which had been in business for nearly two years. The secretive startup was known only to be working on software for mobile phones. It was being run by a who's who of mobile industry veterans, including Andy Rubin, the founder of Danger. Rubin had earlier worked at WebTV along with Chris White and Andy McFadden, both of whom had also joined Android. Richard Miner of Orange and Nick Sears of Tmobile also brought their mobile provider experience to Android. At the time of the acquisition, Google didn't announce any plans for Android and instead only told BusinessWeek, “We acquired Android because of the talented engineers and great technology. We're thrilled to have them here.” It appeared that Google was only going to be expanding its search services for mobile phone users, along the lines of the Google SMS answer system it had recently released. Google Buys Android for Its Mobile Arsenal - BusinessWeek Windows XP Media Center Edition vs Apple TV: The Fall of WebTV The GPhone Myth. As reports began to leak out about talks between Google and hardware makers throughout 2007, rumors began to fly about “the GPhone,” a competitive offering that was supposed to take on the iPhone. Some phone enthusiasts hoped Google would jump in to rescue the struggling OpenMoko project and turn it into a viable project that could attack Apple's new smartphone. In October 2007, I printed the Great Google GPhone Myth, taking apart the idea that Google would be directly competing against the iPhone, and describing that Google was really working on a free alternative to Windows Mobile as a conduit for getting its search and related services on a broader variety of mobiles. Google's services were already on the iPhone. In November, Google played its hand: it had organized a consortium of companies called the Open Handset Alliance to develop open standards for mobiles. The first product from the group would be Android, a mobile operating system built on the Linux kernel. Google wasn't getting into the phone handset business at all; it was only making sure that its mobile search products would not risk being marginalized by the threat of Windows Mobile on phones in the same way Microsoft had been working to leverage its PC monopoly to push Google search off the Windows desktop. The Great Google gPhone Myth Introducing Android: Leader of Linux. Two weeks later, Google released an early version of the Android software. On top of a Linux kernel, Android uses a specialized version of a Java Virtual Machine that takes Java language code and turns it into what Google calls “Dalvik bytecode” rather than Java bytecode as a standard JVM would. This allows Google to leverage existing and familiar Java language tools without paying Sun for a Java license. Like Mac OS X and its fraternal iPhone OS, Android includes a variety of open source libraries, including SQLite and WebKit. On top of that, Google developed a series of frameworks that handle the tasks Cocoa Touch does on the iPhone. Android also bundles a set of applications. While Apple adapted its existing Mac OS X to work in a mobile environment to create the iPhone OS, Android is more like a customized Java environment running on a specialized mobile Linux variant: elements of maturity in an otherwise experimental new platform. What is Android? -Google Android was by no means the first mobile OS using Linux. Both Palm and its amputated ACCESS software arm have Linux-based mobile platforms. Nokia has Maemo, which it uses in its Internet Tablets, and also recently acquired Trolltech and its Qtopia mobile Linux platform. Motorola has teamed up with MontaVista Software to use its Mobilinux. Intel created the Moblin project for mobile Linux, aimed at Internet devices. Google's OHA also isn't the first consortium to attempt to standardize a mobile Linux platform. The OSDL started the Mobile Linux Initiative to define requirements for hardware; the Consumer Electronics Linux Forum (CELF) then worked to define various phone profiles aimed at the Japanese market; the Linux Phone Standard (LiPS) Forum tried to do the same thing in Europe. In 2007, LiPS was folded into the new LiMo Foundation, along with the OSDL. All of these committees have had some overlap and some complementary features. Several of Google's OHA partners are also LiMo members, including NTT DoCoMo, Wind River, and Motorola. So why didn't Google just join LiMo? “LiMo, very candidly, wasn't moving fast enough,” OHA board member John Bruggeman told CNET. Google hopes to herd the Linux cats into a progressive, structured platform that can battle against Symbian and Windows Mobile to succeed as the new DOS of smartphones. Will Google fracture or unify mobile Linux? The Presumption of the Necessity of DOS. The previous segment examining Windows Mobile pointed out how the PC industry as a whole assumed that Microsoft's desktop Windows monopoly would easily take over dominance in the MP3 player market, pushing Apple into a niche position. This was expected because DOS had pushed Apple's early computers into a reduced role starting in 1981, and Microsoft had repeated this again in 1991 when the DOS world migrated to Windows, effectively pruning Apple's Macintosh into a Bonsai platform. The inability of one company to dominate any product category has been frequently repeated by PC industry pundits as a given, despite the fact that history is full of examples of this happening. Sony dominated personal music players for two decades under the Walkman brand even while equally large competitors tried to push it from this position; Nintendo has similarly owned handheld gaming despite ill-fated efforts to grab a piece of its pie by products running a generic platform such as Microsoft's WinCE (Gizmondo), Linux (GP32), and Symbian (N-Gage). In fact, outside of the Windows/DOS PC, there are actually few examples of a generic platform taking over an industry. Nearly every other consumer-facing product uses proprietary platforms: car makers, stereo equipment, appliances and so on typically all use designs custom to their maker. The paradox of the Windows PC market has been that Microsoft's broadly licensed software supposedly saves hardware makers from investing in software development while ensuring compatibility, when in reality it adds significant costs to PC makers while limiting their ability to differentiate themselves. That explains why PC makers have been perpetually merging together and going out of business while Microosft has rolled in money over the last two decades. Parallel efforts to copy Microsoft in broadly licensing an operating system have regularly failed: IBM's OS/2, Apple's Mac OS, Palm's PDA OS, even Microsoft's own efforts to duplicate Windows dominance in other markets, from copy machines to PDAs to smartphones to SPOT watches to music players. The closest copy may be Symbian, but its customers are partners, not simply consumers of a generic third party's operating system as Windows licensees are. That indicates it is not necessary to duplicate the dominance exercised by Microsoft over the PC industry in the smartphone market. Google's Android and Symbian exist more as technology sharing pacts among manufacturers, but both aspire to take Microsoft's DOS role among smartphones. However, the idea that Apple's iPhone must be dethroned by a modern-day DOS, whether Windows Mobile, Android, or Symbian, is not just debatable, but does not sync with the reality of more recent events. Apple's recent history of the iPod further refutes the idea that a software analog to Microsoft is needed. The iPod Emergence: Apple & Pixo vs IBM & Microsoft. Apple's iPod in 2001 made no effort to clone the DOS business model; it actually did the opposite. When Apple entered the market, there were a number of existing MP3 devices using custom software, hardware designs, and DRM codecs. The iPod used off the shelf components to deliver a custom MP3 player using third party software, but Apple also added its own technologies: easy to use sync with iTunes, a fast Firewire interface that made uploading music far faster than the prevailing USB 1.0, and an attractive industrial design. With the iPod, Apple played the role of IBM in 1981, using Pixo's embedded operating system to enter the market quickly, just as IBM had used DOS. The difference was that Apple didn't direct any market attention toward Pixo and added a lot of value on top of that core embedded OS. A modern day Compaq couldn't simply clone the hardware and license Pixo to run on it in order to compete against the iPod, because the iPod was much more than just generic hardware running Pixo software. As the iPod developed, Pixo's role diminished and was eventually displaced. Just like IBM, Apple jumped into a new market just as demand was beginning to explode. Apple made MP3 players far more attractive to a general audience by delivering greater playback capacity than most entry level devices offered, along with an ease of use that encouraged buyers to jump in at the higher end of the market. That left Apple with not only the lion's share of the market, but also by far the most profitable segments of the market. Two decades prior, IBM badly fumbled its play with the early PC and ended up irrelevant in the PC world by the late 80s, sideswiped by Microsoft's DOS and the cloners who were licensing it in parallel, notably Compaq and later HP and Dell. Steve Jobs had witnessed that happen, and was determined to not let it happen again to Apple. Rather than being manipulated by a software middleware vendor as IBM had, Apple worked to incrementally develop the iPod market itself. After consuming the hard drive-based player market, Apple took on the Flash RAM-based market with a tiny hard drive system used in the iPod Mini, and followed up with Flash-based devices of its own in the Nano and Shuffle. This allowed Apple to progressively serve an increasingly wider market, incrementally growing upon an established foundation. With the iPod, Apple became, in effect, an IBM with its own internal Microsoft. Microsoft's Failure Despite Features. In contrast, Microsoft entered the music player market by promoting music player hardware reference designs around WinCE. However, it was unable to ship a finished design until the iPod had become firmly established around 2005. Later branded as PlaysForSure, the devices were sold by various hardware makers and all purported to support the same DRM and the same music subscription services while also offering a broader array of hardware that presented video before the iPod did, supported wireless before the iPod, and so on. Despite these unique features, all of those PFS designs still failed. Microsoft blamed the failure of PFS upon its music store and hardware partners and decided to take Apple on itself in 2006. It relaunched a Toshiba PFS player as its own device under the Zune brand, adding WiFi music sharing features and a larger display than the current Pods had. It failed dramatically as well. Did Microsoft's attempts to float a new DOS among music players fail because of Apple's success, or due to Microsoft's own problems? The failure of the Zune, which followed the iPod model rather than the DOS model, seems to suggest that Microsoft itself was to blame. Consider too that Microsoft's Windows Mobile phones, which use the same underlying operating system as its failed PlaysForSure music players and the Zune, had similarly flopped even before Apple could release a charismatic phone equivalent to the iPod. Of course, when the iPhone was released, it hit Windows Mobile hardest. The iPhone made Windows Mobile Smartphones look ridiculous and underpowered, and made Windows Mobile Pocket PC phones look clumsy and awkward, despite the fact that they both supported a variety of features the iPhone didn't, including the ability to edit documents, capture video, send MMS, and so on. Simply adding on features did not enable Microsoft to compete against Apple. The only conclusion that can be drawn from all this is that competing against Apple requires more than just having a feature arsenal. Microsoft's failures in themselves do not necessarily mean that Google's Android will fail in its attempts to float its own smartphone platform. Why Microsoft’s Zune is Still Failing Microsoft’s Zune, Vista, and Windows Mobile 7 Strategy vs the iPhone Will Google Succeed where Microsoft Failed? Microsoft's demonstrated inability to successfully enter consumer markets for MP3 players and smartphones has given observers little faith that the company will somehow turn things around in late 2009 when its next generation of devices are expected to be released. However, prior to that the first fruits of Google's efforts to build its own smartphone operating environment will arrive. Will Google's Android take over Microsoft's crown as the “DOS vendor” among smartphones? Supporters of Google's Android project point to some parallels between Android for smartphones and Windows on the PC: Android will allow hardware makers to differentiate in ways that can offer features Apple can't (or doesn't want to); it should allow software developers to offer features Apple does not allow on the iPhone; it embraces open, hobbyist experimentation in ways that Apple currently isn't; and it opens the potential for content providers that Apple is not interested in allowing. Openness is Android's key competitive feature. Will all this openness allow Google to unseat the iPhone to become the primary platform developers want to participate in, and subsequently soak up the market for third party hardware makers that Windows Mobile serves? While Google currently has no market share due to the fact that no Android phones have yet shipped, it does have broad vocal support from a variety of the same kinds of hardware manufacturers that supported DOS and Windows and helped to make those platforms successful in the desktop PC market. HTC and Android. The first Android phone is expected to be the HTC Dream; Taiwan's HTC (High Tech Computer) also manufactures Palm's Treo Pro phone as well as many of the most visible Windows Mobile devices. In addition to models produced under its own name, HTC also sells Windows Mobile devices under the Dopod brand, as well as no-name phones branded by providers, such as AT&T, Orange, Sprint, T-Mobile, Verizon Wireless, Vodafone, and others. HTC will also be building the XPERIA X1 Windows Mobile phone for Sony Ericsson. HTC was quick to throw its support behind Android despite its long term alliance with Windows Mobile. Why would it so enthusiastically support an unproven platform from a company that has no experience in consumer hardware platforms? One can only assume that HTC is not happy with the current state of Windows Mobile, and desperately wants another “DOS” to succeed where Microsoft's has so spectacularly failed. As an Original Design Manufacturer for Palm, HTC watched as Palm adopted Windows Mobile in place of the Palm OS and subsequently fell even deeper into crisis. Palm's only successful phone since has been its Palm OS-based Centro. HTC undoubtedly sees Android as its ticket to becoming the next Dell, but without a similar dependance upon Microsoft. Android for mobile phones is essentially playing the role of Linux for PCs, except that it has the backing of a major company behind it. Can Android Take on the iPhone with Openness as its Feature? As great as this sounds, it's important to consider that Linux on the desktop has made no significant progress in eating into Windows dominance after a decade of trying. Being open, free, flexible, and decentralized hasn't been enough of an advantage to get consumers to migrate from Windows to Linux in any fraction of significance. Similarly, in the music business, Linux-based MP3 players have had no impact on the iPod, despite offering more features, flexibility, support for additional codecs, and so on. In the mobile phone area, Linux enjoys a sizable portion of the smartphone market, but this is almost entirely due to phones sold by Motorola in China, where the advantages of Linux' openness are void. Motorola's Linux phones offer nothing to users in terms of openness or flexibility, and are really no different in terms of features than other appliance 'feature phones' based upon closed operating systems. And again, a key problem with assaulting Apple in a feature war is that neither the iPod nor the iPhone became popular by being “highly featured.” They both delivered perhaps 80% of the functionality found in all other devices in the market. Rather than trying to match every feature and cater to every niche as Microsoft had with Windows Mobile, Apple's devices did a few things very well at launch, and incrementally developed into full featured devices that still lack some of the more unique features of their competitors. Further, in terms of openness, the demographic that embraces Linux' characteristic freedoms is not the same as the demographic that buys smartphones in quantity and then pays for data service. This is a critical fact to consider because a big part of the iPhone's success stems from the fact that it is being pushed by mobile providers who want to capture the cream of the market willing to pay a premium for data services. The Frankenphone. Combining the fractured aesthetic of HTC's Windows Mobile phone hardware with Android's software, based upon Linux' perpetually unfinished DIY openness and Google's Java-like development platform, will not result in a product similar to the iPhone. Instead, it will look a lot like phones that have already failed in the market. Apple's advantage comes from slick hardware designs with a close attention to detail, combined with software that purposely does less so that it can do what it does better. Even Apple's own conservative attempts to broaden its software capabilities with iPhone 2.0 have resulted in instability problems that can be blamed upon both Apple's early releases of its phone operating system and software from inexperienced third party developers new to the platform. Would the current frustrations with iPhone 2.0 be somehow mitigated by additional openness that also embraced all kinds of variables from different hardware makers with less quality control than Apple, a loose committee of additional cooks working to serve up operating system features targeted at every possible conceived need, and a wider third party software group with fewer constraints on illegal behaviors? The Failure of Open. While it is politically unpopular to criticize the well meaning efforts of open source contributors, the failure of Linux on the desktop, the failure of the vaporware Indrema game console, and the failure of the OpenMoko project to deliver a workable phone within a year of its deadline all underline the serious problems open development faces in the world of consumer oriented devices. Open has simply failed to deliver on its promises in the world of consumer hardware. OpenMoko was supposed to release its first mobile phone to consumers for $250 several months in advance of the iPhone. When the iPhone shipped, the group then announced new plans to get its phone out by the end of 2007. Instead, this spring the group announced new plans to move to an entirely different development platform, and ship its phone mid year for $400 with limited functionality and incomplete software outside of basic GSM phone features. Linux's notable successes, from Motorola's Linux phones to the Tivo DVR to Linksys Routers, have often come without any associated openness or freedom, and were instead delivered simply to provide their manufacturer with a free kernel to build upon. This indicates that while Linux may find its way into an increasing number of smartphones, it will likely not be accompanied by the glorious freedom of an open development environment Google has said it would offer with Android. Apple iPhone vs the FIC Neo1973 OpenMoko Linux Smartphone Can Google Succeed Where Open Has Previously Failed? Despite “openness” being Android's strongest competitive feature compared to Apple's iPhone, Google recently revealed that its wide-open development model is intentionally gravitating towards a closed association of top tier partners due to practical considerations. In July, Google accidentally sent out a notice that revealed that it had been seeding private SDK updates to only a subset of its contributors, angering those who believed that Android would be as open as Linux on the desktop or the OpenMoko project. Further, Google has restricted initial development to higher level APIs just as Apple did, further indicating that Google itself realizes that being wildly open to impress a minority of hobbyists will not result in the commercial success of its new platform. That serves to neuter Android's primary advantage over the iPhone. Without delivering on the premise of being wide open, Android is really just a less mature set of Java libraries used to create a specialized binary that runs on a Linux foundation. Unlike Apple's iPhone, Android phones won't have a slick user interface developed by professional artists, nor the iPhone's legacy of mature software development frameworks crafted over the last thirty years, nor the iPhone's tightly integrated hardware with award winning industrial design, nor its marketing power tied into the iPod and Apple's retail stores. Android won't be an open iPhone, it will only be a Windows Mobile phone with a better kernel that runs specialized Java software instead of Win32 or .NET code. Don't expect consumers to be impressed by that. The Biggest Missing Feature. There is one remaining factor that strangles to death any last remaining hope that Android might assassinate the iPhone and assume the crown of the “DOS of smartphones.” That is: Android delivers zero price advantage to consumers. In 1981 and 1991, consumers who wanted Apple computers faced the sticker shock of a somewhat arrogant price tag. Apple sold its computers, as it still does, at the higher end of the market, but there was simply far more range in prices available. In 1981, that meant the Apple II was $2600 and the new Apple III was $3500, even before you added a monitor. On the low end, Commodore sold its far less powerful, but “still a computer” Vic-20 for $300, while IBM entered the market with the IBM PC at $3000. Over the next few years, Apple focused on delivering additional sophistication at the same price, releasing the $10,000 Lisa and then the $2,500 Macintosh. IBM continued selling PCs in the same $3,000 to $10,000 range, but other DOS PC vendors began selling machines at prices that ranged as low as $1500. That left Apple with a roughly $1000 price premium over low end PCs. The products weren't really comparable, but consumers only saw the huge price difference. In 1991, Apple was still selling moderate to high-end Macintoshes for $3,800 to $10,000; the crippled Mac LC was $2500, and obsolete-at-birth Mac Classic ranged from $999 to $1500. Windows allowed PC makers to ship a functional $1500 PC and claim a rough approximation to Apple's $2500 entry level system, maintaining that apparent $1000 price premium. Today, pundits are lucky to find a Dell or HP system that is even a couple hundred dollars less than a comparable Mac. However, in the smartphone business, the iPhone 3G is now the same price, if not less, than generic competing phones on the market. Even more significant is the fact that the price of the phone hardware is nearly nothing compared to the cost of the service plan. This fact simply eases any price premium that could cause buyers to flock to a smartphone running a generic operating system over buying the iPhone 3G, regardless of whether it runs Windows Mobile or Android. 1990-1995: Planting Software Seeds Android Partners Have Already Failed. That same pricing principle similarly prevented buyers from considering many of the alternatives to the iPod. While Apple's original iPod models were more expensive than many of the first MP3 players on the market, they were price competitive with models offering similar features. By 2004, it was Apple who was undercutting MP3 competitors on price. Microsoft offered zero price advantage when it began selling the Zune, a major factor in its failure, but Microsoft simply couldn't out-price the iPod; it was already losing money offering the Zune at the same price as the iPod. Apple now has tremendous market power in buying RAM and other components that will prevent any competitors from being able to offer a huge discount over the iPhone's $199 price tag. Even if competitors were to give their phones away, they would only offer a $200 discount to users who would then still need to pay the same mobile fees to use the phone. Android's other partners, including Samsung and LG, have already failed to capture any significant market share in the music player market. Are they going to maintain their position as smartphone makers now that they face similar competition from Apple, its iPod ecosystem, its iTunes Music and Apps Store, Apple's retail store experience, and other factors that are pushing the iPhone? If they can, it is not obvious how partnering with Android will help. Other Problems for Android. Android was announced in early November 2007 and was followed with an early preview SDK within a couple weeks, a month ahead of Apple's initial announcement of the iPhone 2.0 SDK. However, between March and July 2008, Apple delivered nine progressive releases of its SDK, opened its App Store, and sold 60 million apps, raising $30 million to support iPhone software development in just the first month. It has since released three more SDK updates to developers related to iPhone 2.1, which is expected next month. Android just published its first open SDK beta update earlier this week, warning developers that “applications developed with it may not quite be compatible with devices running the final Android 1.0.” Additionally, Android still has no phones available. By the time the HTC Dream is expected to launch, Apple will have an installed base of around ten million iPhone (and iPod touch) users supporting software development through iTunes. The business model for selling Android apps is no better than that for selling jailbreak iPhone apps: there is no iTunes Apps Store to promote them, so users will have to track them down on their own. Android developers also have no real freedom that jailbreak iPhone developers lack. The only difference is that there are ten million iPhones to sell jailbreak apps to, and currently zero Android phones. If selling a jailbreak iPhone app sounds like more trouble than its worth, imagine trying to sell Android apps to a non-existant audience. Now add the official iPhone App Store into the mix, where publicity, promotion and profits are booming. What platform is going to have the most applications? How many users will flock to a smartphone platform with no apps? The wisdom of releasing a desirable phone and achieving a significant installed base before releasing an SDK makes a lot more sense in retrospect. Additionally, while Apple has a decade of experience in shipping regular updates to Mac OS X and its Xcode developer tools, Google has only shipped a random assortment of web-oriented SDKs (a number of which have been abandoned) as a tangent to its core business of selling advertisements. When the Android SDK 1.0 is finished later this year, developers will not only lack an installed base to sell their apps to, but will also have no high profile market for selling their apps in, and subsequently no financial incentive to develop applications that add value to the Android platform, just like Linux on the PC desktop. Around the same time, possibly within the next month, Apple will be shipping its second major OS release: iPhone 2.1. Apple will also be upgrading its entire user base to the new software so that developers will have a cohesive platform to target. This mirrors the efforts Apple has taken to upgrade its Mac OS X users to the same reference release. Mobile developers will be seeing money pouring in via iTunes while crickets chirp in the Android section of various mobile online stores. Apple’s iPhone Vs. Other Mobile Hardware Makers: 5 Revenue Engines Same Same, But Different: DOS Model Problems. Android developers will also have a series of other problems to manage. Like Windows Mobile, Android is intended to support everything, from BlackBerry-style keypad phones with a small touchscreen to the simple Windows Mobile Smartphone form factor lacking a touch screen to iPhone-like full size touch screens. Also like Windows Mobile, Android phone makers will have the option to leave off Blueto