Home   RSS Feed

half serious, half half-serious

Content

File: Apple

Advertising, Apple, Marketing, Microsoft
2008-09-06 :: Kevin Murphy

Microsoft really needs to stop fucking around with its advertising.

Jerry Seinfeld? This is not a Bill Gates keynote.

Whether you like it or not, when it comes to operating systems it’s still a two-horse race, and the company needs to take a page from the Republican playbook.

“Go negative early and often.”

Apple did.

Here are some suggested slogans for a new Windows ad campaign.

*

Grow Up. Use Windows.

Isn’t It About Time You Learned How To Use A Proper Computer?

Stop Preening.

Deep Down, You Know Your Mac Blows.

Mac OS – Face It, Even Vista’s Better Than That Gay Shit.

Windows – If You Can’t Figure Out How To Use It, We Don’t Want You Anyway.

Hey, Dude, Pretty Mac! Compensating For Something?

[Image showing Speak-N-Spell evolving into Mac evolving into Gameboy evolving into Windows PC]

It’s A Computer, Not A Pair Of Fucking Sneakers.

Mac OS – More Expensive, Does Less Shit

“If I Wear A Black Turtleneck And Grow A Fucking Goatee, Will That Shut You Up?”


1 comment  ::  Read on

Apple, Journalism, Security, Techdirt, Unemployed, Web 2.0
2007-12-22 :: Kevin Murphy

About a year ago, I made a bunch of “unusually specific security predictions for 2007″. Given I’m no longer technically in the industry, I have no real business following up on this, but what the hell.

Here are the predictions I made, with a quick review of each one.

* Apple forced to ‘Do a Microsoft’. I’m not a Mac user, but if Apple’s attitude to its operating system security is as lousy as its attitude to Quicktime security, then the company will have to start taking security disclosures and updates a little more seriously soon or face the same kind of backlash Microsoft did five or six years ago. There will be one or two big Apple security incidents in 2007, and its reputation for being more secure than Windows will erode. If company is smart (and I’m not claiming it is), it will start being more like Microsoft when it comes to security. Apple fans will support the company regardless of what it does.

Hit? Miss? Apple had a shitload of security problems this year, whether it was the iPhone unlocking debacle, dodgy patches, or the seemingly incessant series of Quicktime problems, but I’m not convinced the company has learned its lesson yet.

* Patch Tuesday goes cross-vendor. I’m getting sick and tired of having to patch-and-reboot several times a month, whenever an application I’m running needs updating. It would make a lot of sense for users if software makers started pushing out patches coordinated with Microsoft on Patch Tuesday. I’m surprised this hasn’t happened already. I think it will start slowly. In Microsoft Update, Microsoft will publish links to recent patches for third-party Windows applications, starting with popular applications such as Acrobat Reader or Quicktime (which really shouldn’t need to have their own irritating update managers). Eventually, Microsoft will also offer to directly bundle and deliver these third-party patches to end users, but not until the cost, legal, testing and support issues have been ironed out.

Miss. I still think it’s a good idea though.

* Sales of Norton Confidential will be miserable. Few people will want this Symantec product. Most of the interesting features are already in the browser or existing security software. There won’t be a 2008 version.

Hit! While I have no idea if Confidential sold well or not, there is not a 2008 version, so I’m going to assume I was on the money with this one.

* A worm will spread through mashups. As more web services are mashed up via open APIs, hackers will find that compromising a single site can help spread malware to thousands of users via dozens of mashup sites. It’s not unprecedented. They’ve done it with banner ads before now. In 2007, they’ll do it via these newfangled web services APIs too.

Miss. Hackers clearly aren’t as inventive as I supposed. Only a matter of time though.

* TechCrunch will get hacked. During 2007, somebody will break into TechCrunch and post a fake item, probably about some two-man startup with a silly name being acquired by Google for a ridiculous figure. It will show up in the feeds but not on the front page. Robert Scoble and/or Om Malik will repeat the news on their own blogs. Dozens of B-list and C-list bloggers will repeat the item. One B-lister will notice more spelling mistakes than usual in the TechCrunch post, and speculate on its authenticity. TechCrunch will notice the fake item and delete it. Scoble/Malik will correct their items. Player-haters will say the incident proves A-list bloggers cannot be trusted. A-listers will respond that the fact that the item was removed so quickly shows that the blogosphere is intrinsically self-correcting. Tom Foremski will write a think piece about the fragile nature of truth and reality in a metaconnected social mediasphere. This will all happen in the space of three hours. A week later, the San Jose Mercury News, the New York Times and the Wall Street Journal will carry a lengthy piece on the incident. Nothing of value will be learned.

Miss. At least, I think it is. I didn’t read any of the aforementioned blogs for most of the year. Of course, it was only a half-serious prediction anyway.

* VoIP security will get reality-checked. At some point in 2007 the security industry’s collective consciousness will realize that a hacker using VoIP to call somebody up and ask for their PayPal password is not a VoIP security problem, it’s a user IQ problem. Similarly, we will realize that VoIP spam is not a VoIP problem, it’s a telemarketing problem. (As soon as these facts are raised on C|Net, this prediction can be considered accurate.)

Looks like a miss. At least based on the C|Net test. But News.com has been pretty blah on security for most of the year, so I’m not going to lose sleep over this. Now I think about it, getting a reality-check from a publication that renamed their security section “Threats” was probably overly ambitious.

* Prevx, DriveSentry and Sana Security will get acquired. These endpoint security firms have good ideas and decent technology, but consumers and enterprises really don’t need any more damn security applications on their desktops. These firms will all get bought by antivirus vendors.

Miss. Miss. Miss. Boy do I suck.

* NAC will remain “almost there”. In the last quarter of 2007, at least one article will be published in a widely read trade rag in which a vendor or analyst claims that network access control technologies are “almost ready for the mainstream”, or “ready to go beyond the early-adopter phase”, or words to that effect.

This is probably a hit, but I’m not going to do the legwork to verify it.

* Google will get whacked by its first major security incident. I don’t know what it will be, but Google is long overdue for a major security incident. Sure, it’s had its fair share of minor security blushes, but 2007 will be the year for the biggy. It’s too big a target to not get whacked sometime soon. We’re talking massive user privacy compromise, significant service downtime, major data theft. Something like that. Noticeable enough to go front-page and freeze its share price climb for a few days, at least.

Well, fuck me if it isn’t another miss.

* In December 2007, security reporters will be flooded with press releases about security predictions for 2008. I’m ending with the easy one. This is guaranteed to happen. 100% probability. Trust me.

Well, I haven’t been a security reporter since November 30, so I can’t accurately verify this. But trust me, it’s true. Hit.

So, this is like 3 or 4 out of 10.

Clearly, I was a terrible security reporter, and the industry is better off without me.


3 comments  ::  Read on

Apple, Blogging
2007-06-07 :: Kevin Murphy

Yay! Somebody thinks I’m Fake Steve Jobs. What a marvelous compliment. If only I were as funny as he.


 ::  Read on

Apple, Security
2007-05-30 :: Kevin Murphy

Steve Jobs must be out of his box if he thinks iTunes on Windows is “like giving a glass of ice water to somebody in hell”.

Only if we’re talking about Dante’s version of hell, mate.

iTunes and Quicktime are the two most intrusive, slow, bulky, badly interfaced, confusing, insecure pieces of crap I have on my computer.

Quicktime even seems to have developed the ability to crash my browser and disconnect me from the internet in recent days. It needs patching every three minutes, but doesn’t tell you this until weeks later. You don’t see other media players attempting to launch hostile Javascript when you’re just trying to settle down with a nice bit of feces-related Japanese porn.

I’m sure I’m can’t be alone in having these applications on my Windows desktop only with extreme prejudice.

Don’t get me wrong, I hate virtually every piece of software I have installed, but there’s a special place in the blackest part of my heart for Apple’s crapware.


1 comment  ::  Read on

Apple, Domains, The Internet, Web Development
2007-02-17 :: Kevin Murphy

.info users are a rare example of a minority group that the internet still feels that it is perfectly acceptable to discriminate against.

Craigslist, for example, appears to have been blocking .info email addresses for years.

Every time I’ve tried to post something to Craiglist from my .info address, I’ve been blocked, but the reasons given in the error message have been misleading:

* Essentially the same item has been posted to multiple cities or categories, or more than once in 48 hours
* Post contains a link or URL to a commercial website or auction
* Personal ad appears to contain a phone #, email address, or URL

None of those errors apply to my attempted posts — they all post perfectly well when I use a .com address. I always suspected it might be due to a blanket .info block, but I didn’t dig any deeper until today.

It appears I was correct. Craigslist has blocked the entire .info domain. That’s god knows how many email accounts under almost 4 million currently active .info domains. Including me.

It’s because of spam.

A trawl of the Craigslist support forums reveals that the site receives a large amount of spam from .info email addresses, so they decided to block the entire domain.

That’s about as dumb as an ISP blocking an entire continent because of spam.

I’m sure Craigslist gets a lot of spam from throwaway Hotmail and Gmail accounts too. Do they block gmail.com and hotmail.com? Of course not.

There’s got to be a better way to fight Craigslist spam than blocking an entire namespace.

At the very least, Craigslist should offer a decent explanation when they block a post from a .info domain, rather than the inaccurate error message currently produced.

I suggest the following error message:

“Hi! We’ve blocked your posting for no good reason other than you were dumb enough to register a .info address. Please use a .com address instead. You can get a free .com address from Hotmail, that way we know for sure you’re not a spammer.”

Craigslist is not the only outfit discriminating against .info users, of course.

Safeway won’t let you sign up for home shopping with a .info address either. No idea why. I emailed their support address to ask, and was thoroughly ignored.

And, as I noted in an earlier post here that Apple was giving out bogus domain validation information to webmasters, which surely served to exacerbate the problem.

Thankfully, Apple has recently changed its sample regex code to permit top-level domains longer than three characters. (I’d like to think this is due to me bugging Afilias last month to do something about it.)

BAD OLD REGEX: /^.+@.+\..{2,3}$/
GOOD NEW REGEX: /^.+@.+\..{2,3,4,6}$/

That should do the trick, unless some registry comes out with a TLD longer than six characters. But, frankly, given my experiences with .info, they’d be out of their fucking minds if they did.


23 comments  ::  Read on

Apple
2007-01-10 :: Kevin Murphy

Some very clever spinning going on at Cisco today.

Even though Apple very probably doesn’t have a leg to stand on in this trademark dispute, there’s always a chance of enraging the Mac nutters when you go after Apple.

So Cisco’s going after Apple’s soft spot. Everyone knows that Apple is a closed shop. Doesn’t talk much. Doesn’t like outsiders. Not keen on third-party innovation. So that’s what Cisco’s going to exploit.

Thus blogs Cisco’s general counsel:

Despite being very close to an agreement, we had substantive communications from Apple after 8pm Monday, including after their launch, when we made clear we expected closure. What were the issues at the table that kept us from an agreement? Was it money? No. Was it a royalty on every Apple phone? No. Was it an exchange for Cisco products or services? No.

Fundamentally we wanted an open approach. We hoped our products could interoperate in the future. In our view, the network provides the basis to make this happen—it provides the foundation of innovation that allows converged devices to deliver the services that consumers want. Our goal was to take that to the next level by facilitating collaboration with Apple.


 ::  Read on

Apple, Domains, Web Development
2006-12-29 :: Kevin Murphy

It seems Apple is one of the parties contributing to the lack of comprehensive domain validation in web forms.

Apple’s otherwise pretty good guide to JavaScript form validation, which ranks pretty high for Google queries such as “javascript form validation”, contains this pearl of wisdom:

Next we want to see if the email address the user entered is real… With JavaScript we can check to see if the email string looks like an email address. We want it to follow this format: some characters, then an at symbol (@), then some more characters, then a dot (.), then two or three more characters, and that’s it. [my emphasis]

The regex it suggests to achieve this is /^.+@.+\..{2,3}$/

This works fine if you’ve got a .com or .co.uk or .biz or whatever. Sucks if you’ve got a .info or .travel or .mobi email address, or any address with more than three characters after the last dot. Any site that implements this advice, as I almost just did, will tell users they have not entered a valid email address, when they have.

I have a .info email address, and this kind of thing drives me barmy. I expect the folks at Afilias, owners of .info, get pretty annoyed too, as it makes their product less functional than a .com domain.

Perhaps somebody at Afilias could call somebody at Apple and get this bogosity corrected?

I know for a fact that Apple’s not the only site giving out this advice, but it’s the highest-profile one I’ve come across to date.


30 comments  ::  Read on

Apple, Blogging, Google, Microsoft, Security, Spam, The Internet, Web 2.0
2006-12-07 :: Kevin Murphy

Around this time of year, security vendors start making dull security predictions for the following year.
Fucked if I know
There’s an art to doing this. You don’t want to say anything that can be proved wrong 12 months from now, and you don’t want to give the bad guys any ideas. So it’s best not to say anything too interesting.

At the same time, you need to shift some product, so you’d better make it sound pretty scary out there. No point saying “Email worms are history in 2007″. Much better to say “The IM worms are getting worse!” (as vendors have for the last three years).

So what you do is just list a bunch of things that are already happening, predict they will continue to happen and, if you’re feeling daring, say they will get worse.

McAfee’s 2007 predictions follow this fence-sitting strategy exactly. Even the one interesting item, about hacking with MPEGs, is already happening today. Postini’s five predictions are pretty dull too. There’s more of them out there, and I expect we’ll see many more before the year is out.

With that in mind, I shall here attempt to go against the grain and make some unusually specific security predictions for 2007, in no particular order. You can hold me to them on December 31 2007, and I will eat a hat* for every prediction that was wrong.

  • Apple forced to ‘Do a Microsoft’. I’m not a Mac user, but if Apple’s attitude to its operating system security is as lousy as its attitude to Quicktime security, then the company will have to start taking security disclosures and updates a little more seriously soon or face the same kind of backlash Microsoft did five or six years ago. There will be one or two big Apple security incidents in 2007, and its reputation for being more secure than Windows will erode. If company is smart (and I’m not claiming it is), it will start being more like Microsoft when it comes to security. Apple fans will support the company regardless of what it does.
  • Patch Tuesday goes cross-vendor. I’m getting sick and tired of having to patch-and-reboot several times a month, whenever an application I’m running needs updating. It would make a lot of sense for users if software makers started pushing out patches coordinated with Microsoft on Patch Tuesday. I’m surprised this hasn’t happened already. I think it will start slowly. In Microsoft Update, Microsoft will publish links to recent patches for third-party Windows applications, starting with popular applications such as Acrobat Reader or Quicktime (which really shouldn’t need to have their own irritating update managers). Eventually, Microsoft will also offer to directly bundle and deliver these third-party patches to end users, but not until the cost, legal, testing and support issues have been ironed out.
  • Sales of Norton Confidential will be miserable. Few people will want this Symantec product. Most of the interesting features are already in the browser or existing security software. There won’t be a 2008 version.
  • A worm will spread through mashups. As more web services are mashed up via open APIs, hackers will find that compromising a single site can help spread malware to thousands of users via dozens of mashup sites. It’s not unprecedented. They’ve done it with banner ads before now. In 2007, they’ll do it via these newfangled web services APIs too.
  • TechCrunch will get hacked. During 2007, somebody will break into TechCrunch and post a fake item, probably about some two-man startup with a silly name being acquired by Google for a ridiculous figure. It will show up in the feeds but not on the front page. Robert Scoble and/or Om Malik will repeat the news on their own blogs. Dozens of B-list and C-list bloggers will repeat the item. One B-lister will notice more spelling mistakes than usual in the TechCrunch post, and speculate on its authenticity. TechCrunch will notice the fake item and delete it. Scoble/Malik will correct their items. Player-haters will say the incident proves A-list bloggers cannot be trusted. A-listers will respond that the fact that the item was removed so quickly shows that the blogosphere is intrinsically self-correcting. Tom Foremski will write a think piece about the fragile nature of truth and reality in a metaconnected social mediasphere. This will all happen in the space of three hours. A week later, the San Jose Mercury News, the New York Times and the Wall Street Journal will carry a lengthy piece on the incident. Nothing of value will be learned.
  • VoIP security will get reality-checked. At some point in 2007 the security industry’s collective consciousness will realize that a hacker using VoIP to call somebody up and ask for their PayPal password is not a VoIP security problem, it’s a user IQ problem. Similarly, we will realize that VoIP spam is not a VoIP problem, it’s a telemarketing problem. (As soon as these facts are raised on C|Net, this prediction can be considered accurate.)
  • Prevx, DriveSentry and Sana Security will get acquired. These endpoint security firms have good ideas and decent technology, but consumers and enterprises really don’t need any more damn security applications on their desktops. These firms will all get bought by antivirus vendors.
  • NAC will remain “almost there”. In the last quarter of 2007, at least one article will be published in a widely read trade rag in which a vendor or analyst claims that network access control technologies are “almost ready for the mainstream”, or “ready to go beyond the early-adopter phase”, or words to that effect.
  • Google will get whacked by its first major security incident. I don’t know what it will be, but Google is long overdue for a major security incident. Sure, it’s had its fair share of minor security blushes, but 2007 will be the year for the biggy. It’s too big a target to not get whacked sometime soon. We’re talking massive user privacy compromise, significant service downtime, major data theft. Something like that. Noticeable enough to go front-page and freeze its share price climb for a few days, at least.
  • In December 2007, security reporters will be flooded with press releases about security predictions for 2008. I’m ending with the easy one. This is guaranteed to happen. 100% probability. Trust me.

*or hat-shaped edible foodstuff


6 comments  ::  Read on

Apple, Journalism, Microsoft, PR, Security
2006-07-06 :: Kevin Murphy

Sophos, the antivirus company, is getting a bit of press today for saying that people concerned about security should think about getting a Mac.

This was translated into “Ditch Windows” headlines for some publications, which is a bit of an exaggeration.

I think it’s a bit of a silly recommendation anyway. Like telling somebody their front door is vulnerable to compromise, so they should brick it up. It’ll stop the burglar, but you’ve kinda screwed up the functionality.

Most people don’t buy Macs because of the security anyway. That would assume they’re buying a tool, rather than a fashion accessory.
(more…)


 ::  Read on