John McAfee on Apple vs. FBI

In an interview given to RT, software legend John McAfee claims that unlocking the iPhone is a “half-hour job.” This part of the interview is just wrong: it may have been the case that passwords were stored in memory in the past, but I don’t believe that’s the case any more. For instance, if I were Apple and I was implementing the iPhone unlock system, I’d encrypt the disk without storing the password, and when the user enters the password I’d attempt to decrypt the disk with that key. I’d then check to see if some known (and non-sensitive) value in memory was correctly decrypted or gibberish.

He does raise an interesting dilemma, however, and that’s that either:

  1. The FBI does not know how to access the iPhone’s information, and they should because there a well-funded federal agency;
  2. The FBI does know how to access the iPhone’s information, and so they’re deceiving the American people.

I find (1) much more likely in this scenario, or rather, that they do not know how to access the iPhone’s information easily, and would prefer that they have a precedent to get Apple to do it in the future. I find this more likely because iPhone’s have zero day exploits: I don’t have one, I wouldn’t know one if I saw one, but it’s a massive user base with a large attack surface area, they undoubtedly exist and the FBI undoubtedly have access to people that can get them. But it’s hard, costly, and the best hackers smoke weed and don’t wear suits.

Playgrounds get video support

Playgrounds are such a wonderful feature of Xcode and the growing Swift ecosystem: they drastically lower the barrier for entry for learning the language and for experimenting. I have countless “experimental projects” that are just empty view controllers which have some interesting code snippet, and Playgrounds are a much better way of supporting this use case.

Erica Sadun has discovered an exciting new feature in Xcode Beta 5:

What you do is this, you add movie files to the playground’s resources. You can then add specialized playground rich text:

//: ![Alternate text](video width="width" height="height" poster="poster")

You won’t see the video until you render the rich text.

The markdown rendering and rich content embedded in Playgrounds is going to make them great for education. There’s nothing like running code to prove a point, and having educational content sit side-by-side with running code is a brilliant way to learn. I hope the project format for Playgrounds sees adoption on Linux and Windows so that more people can learn from them.

Proofreading software

When a company markets a product as perfect and constantly re-invents it, there will be growing pain. There are some issues that should almost never exist with even a modest QA process however, which includes proofreading, and here’s Stephen Hackett describing a grammar problem in Disk Utility:

  1. The first sentence should read “….destroy all of the data.” It currently transposes “all” and “of.”
  2. “Enter a name, choose a format” is a comma splice. Break it into two sentences or use a semicolon.

Even given Apple’s software woes, this is an unfortunate misstep for a core system utility.

App Store review and rule-of-law

The App Store review time is a contentious issue for iOS developers. As a user of iOS, I like it, because it means that I never fear downloading an app, knowing it has at least been vetted for the worst offenses. As a developer, the biggest obstruction to making iOS development as responsive to change as Web development is undoubtedly App Store review times. Here’s Dave Verwer from iOS Dev Weekly:

So, is App Store review still providing a useful service? Did it ever? My opinion is that at the very start it definitely set a tone and stopped the immediate flooding of the store with crap. However at this point, I’m not sure it’s really providing many benefits. Half finished and completely useless apps still get through all the time so it’s definitely not providing the quality control that was promised. More importantly, it continues to stifle innovation through fear of (and the reality of) rejection as we’ve seen time and time again.

I don’t think his points make the case to remove App Store review, but rather that there should be rule of law with regards to App Store review. Inconsistent enforcement is what’s stifling innovation through fear of rejection: multiple times in my career, an app has been rejected for something that had not changed since the last version, pointlessly slowing down development. These should have been cases of “approved, but make these changes for next submission.” Furthermore, I think that organizations in good standing should get approved-by-default status with periodic audits.

GovtOS and resignation as civil disobedience

In the debate between Apple and the FBI, the software giant has filed an appeal to dismiss the the court order. On page 13, there’s a very interesting section discussing what it would take to develop the custom version of iOS that would allow the government to brute force passwords on someone’s phone (which has come to be known as “GovtOS”):

The compromised operating system that the government demands would require significant resources and effort to develop. Although it is difficult to estimate, because it has never been done before, the design, creation, validation, and deployment of the software likely would necessitate six to ten Apple engineers and employees dedicating a very substantial portion of their time for a minimum of two weeks, and likely as many as four weeks.

Up to ten engineers for up to four weeks, Apple believe GovtOS will take. I have to wonder what I would do if I were given this assignment. I consider it similar in some respects to what must have gone through the heads of Volkswagen engineers that were asked to create a way to fake emission reports: it’s immoral and it’s my job. Unique to the Apple case, however, is the addendum that it might be illegal to not do it. I do not envy the engineers that get this assignment should Apple be compelled to create GovtOS, and I imagine that it would be given to their most trusted and senior members.

I’d like to say that I’d resign in that position, but the fact is, with a court order, if someone chooses not to do it, they will be replaced with someone that will. And a project of this fragility deserves to be in the most trustworthy and capable hands. Having said that, resignation as civil disobedience would weigh heavily on my conscience.

Microsoft support Apple in the right to privacy

After the Microsoft CEO and founder expressed at best lukewarm support for Apple’ defense of the right to privacy, Bloomberg report that they’re going to stand with Apple on encryption in a big way:

Microsoft Corp. will file an amicus brief next week to support Apple Inc. in its fight with the U.S. government over unlocking a terrorist’s iPhone, President and Chief Legal Officer Brad Smith said at a congressional hearing Thursday to discuss the need for new legislation to govern privacy.

Good for them. This puts them on the right side of history, in my opinion, and I hope it’s enough to sway our government. The US government should be a leader here, because other nations will consider what happens here when making their policy.

I've found that Apple's backup solutions have been too confusing to be reliable in the past, TJ Luoma at MacStories is having a similar experience. I recommend a hybrid approach of cloud storage and redundant HDDs.

I’ve found that Apple’s backup solutions have been too confusing to be reliable in the past, TJ Luoma at MacStories is having a similar experience. I recommend a hybrid approach of cloud storage and redundant HDDs.

Bill Gates on Apple v. FBI

Bill Gates weighs in on what he thinks about the Apple v. FBI showdown with regards to the San Bernardino massacre:

“This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case,” Gates tells the Financial Times, disagreeing with Apple CEO Tim Cook that the FBI’s request would create an iPhone backdoor.

How shamefully wrong. If this were in fact just a singular request for information, the FBI would not have done it so publicly, they would not have invoked the All Writs Acts, and if I’m to speculate a bit, they would not have purposefully sabotaged their chances at legal access to the phone’s information. What more, but the Wall Street Journal is reporting that the FBI already have twelve iPhones they would want Apple to compromise.

Certification of apps for Apple platforms

An app which allows users to pirate apps snuck onto the App Store by changing the UI based on a user’s locale, location, IP, or something akin. Macworld:

A Chinese iOS application recently found on Apple’s official store contained hidden features that allow users to install pirated apps on non-jailbroken devices. Its creators took advantage of a relatively new feature that lets iOS developers obtain free code-signing certificates for limited app deployment and testing.

Coincidentally, Apple have released some news a couple days ago of an upcoming certification renewal:

How will customers be affected by the certificate renewal?
Customers who have purchased and installed iOS apps, tvOS apps, or Safari Extensions will not be affected by the certificate renewal. Users running OS X El Capitan (v10.11 or v10.11.1) may receive a notification that your Mac app is damaged if it utilizes receipt validation to request a new receipt from Apple. They can resolve this issue by restarting their Mac or updating to OS X El Capitan (v10.11.2) or later.

It seem I’m not the only one that finds certification, provisioning, and code signing confusing …

As a side note, I ran into this bug this weekend.

Apple Pay launches in China

Apple has launched ApplePay in China:

You can now support Apple Pay for your customers in China, providing an easy, secure, and private way for them to pay using their China UnionPay credit and debit cards. Apple Pay lets users buy physical goods and services within your app without having to enter payment or contact information.  Learn more.

The O2O market in China is massive, and if Apple release a Venmo-like service for Apple Pay, this could change the way people do business.

Stand with Apple

Tim Cook has published a heroic defense of American’s right to privacy in the face of a court order Apple has been served by the FBI:

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Apple is doing this because this is the right thing to do: there may be not a lot a stake in unlocking this particular phone, but the precedent that the government wants to set is clear. There’s a lot of excellent journalism you can find on this topic, and I may publish a round-up post with some analysis later. But for now, I want to be absolutely clear about my support for Apple and my condemnation of any technology company which doesn’t stand with Apple on this.

Where there's no software problem: betas

Writing about Apple software quality woes, Michael Simon makes some really good points in his latest piece for Macworld. There’s something really problematic about the opening paragraph however:

Twice over the past month I’ve had to erase and restore my iPhone. Both times were related to an attempted install of the iOS 9.3 Public Beta; instead of upgrading my phone with Night Shift, secure Notes, and better News, I got stuck in an endless Apple logo loop that required plugging into the dreaded iTunes and wiping my drive.

Craig Federighi and Eddy Cue were recently on The Talk Show with John Gruber and argued that because more people are installing the software on day one more than ever, that this is one of the challenges that Apple has to contend with with regard to software quality. That was nonsense because it’s Apple themselves that are releasing more than ever, being more aggressive with upgrade prompts than they’ve ever been, and arguable seeking more users than ever. What Simon has to say about the betas being an indication of software quality is equally nonsense because they’re betas: the fact that his install failed is actually what betas are supposed to do. It’s fine that these problems crop up in the betas, the problem is that they also make it to the final build.

Watch apps worth making and the enterprise

Everyone, even Apple, still seems to be trying to figure out what people want or need to do on their wrist. Prominent WatchKit developer David Smith muses:

What doesn’t work is easiest to say. Apps that try to re-create the functionality of an iPhone app simply don’t work. If you can perform a particular operation on an iPhone, then it is better to do it there. The promise of never having to take your iPhone out of your pocket just isn’t quite here yet. The Apple Watch may advance (in hardware and software) to a point where this is no longer true but the platform has a ways to grow first.

In response, Federico Viticci:

[…] As I tweeted yesterday, my favorite Watch apps aren’t trying to mimic iPhone apps at all. If the same task can be completed on the iPhone, I don’t see why I would try on a smaller, slower device.

Something you might not hear elsewhere: I’m rather interested in the possibilities of fleets of watchOS devices in enterprise. I’ve heard of a real, albeit crazy, case of a company deploying a fleet of iPhones that workers wear on their wrists to inform them of certain events as they happen. Of course, the Apple Watch would be perfect for this, but it’s been billed and tooled to be such a personal device, I don’t think the platform is quite ready for enterprise needs like multi-user of deploying many of them.

But perhaps one day.

Sync is still hard

Sync is still hard. Versioning documents, resolving conflicts, and issues of connectivity still cause every cloud storage solution trouble. Even for high-profile software like iCloud and Dropbox. Consider that Federico Viticci just tweeted:

Just lost 1.5k words I had prepared for tomorrow because I wanted to try iCloud sync instead of Dropbox this week.

In response, Manton Reece writes that iCloud is too opaque:

I hear that people love iCloud Photo Library and Notes, and that the quality of these apps and companion services has significantly improved. That’s great. (I also think that CloudKit is clearly the best thing Apple has built for syncing yet.)

But to me, it doesn’t matter if it’s reliable or fast, or even if it “always” works. It only matters if I trust it when something goes wrong. Conceptually I’m not sure iCloud will ever get there for me.

This is absolutely right. I used to be “all-in” on Apple’s software when iPhoto was around, because I could back up the managed folder and still access that data in a directory structure that made sense to me. I migrated to a Dropbox and Adobe Lightroom based workflow because of performance, reliability, power, and predictability. Perhaps Photos is simpler and more convenient for most consumers, but it just is too risky and too opaque for me.

This discussion reminds me somewhat of why Marco Arment and David Smith use their own Linux servers instead of BaaS.

Creative professionals and the Apple Pencil

The iPad Pro was reviewed by Amanda Summers on Medium, titled “A UX Designer’s Review of iPad Pro”:

We are confident in saying we are able to sit down with iPad Pro and Apple Pencil and create something just as good, if not better, than sketching traditionally using pencil and paper.

Apple Pencil feels completely natural in our hands. There’s no latency and the shading and pressure points feel all too real. The palm rejection technology works great, allowing us to rest our palm on the screen without worrying if it will mess up our drawing.

This is the most consequential review I’ve ever read of the iPad Pro, all of the reviews which came out on the first day were mostly to the tune of “Yeah it’s a big iPad, and the Pencil is cool but rather expensive.” If creatives are successfully using professional grade software to get real work done, this is an excellent sign of the potential of the platform. I do wonder though: is this a good sign for the form factor of the iPad Pro, or is it a good sign for the utility of a stylus on tablets generally? I suspect the latter, and we’ll see what Apple have to say in March about it.

Unrelatedly, I found the article’s placement and production interesting as a published piece. It’s under Amanda Summers’ name, but it’s “published in” her employer’s “organization” entity. I suspect that what MindSea Development get from having their employee’s publish to Medium is status and marketing, and it’s yet to be seen how Medium will make money from this.

CloudKit now handles server-to-server networking

Right on the heels of Parse shutting down, Apple have announced they’re expanding the capabilities of their similar API, CloudKit:

In addition to providing a web interface for users to access the same data as your app, you can now easily read and write to the CloudKit public database from a server-side process or script with a server-to-server key. Learn more about generating a server-to-server key and composing web service requests.

Now users of CloudKit can interact with the data from their own server. To be a serious replacement for Parse, however, there needs to be a way for non-Apple clients to interact with it.