May 31, 2009
In a recent Computerworld article republished on Macworld.com, Ira Winkler called for the FTC to "...investigate Mac security."
While I appreciate Ira's frustration with Apple from a security POV, his call for the FTC to investigate Apple's marketing claims as a way to somehow force Apple to do what he wants with regard to speed of patching the OS strikes me as odd, in a "I'm going to burn down the barn to make you fix the house" kind of way. (It's a weak analogy, but so is Ira's point.)
First, let's be clear on one thing: When it comes to Apple's refusal to clearly and openly communicate about things like security holes with its customers, I share Ira's frustrations. It is astoundingly annoying, as someone who is responsible for a Mac-based network, or really, any network with Macs on it, to deal with Apple about such things. Whether it's Apple's abysmal speed in patching the DNS hole behind last year's security brou-ha-ha, or the current Java hole, Apple is one of, if not the worst OS vendor when it comes to patching vulnerabilities in a timely manner. Ira's frustration here is fully justified, and shared by many, many sysadmins. Furthermore, Apple still, even after the DNS debacle of 2008, insists on treating things like security fixes as though they were the next iPhone. Apple will not, even for customers with thousands of Macs, give out information that everyone else already knows about!
To paraphrase an argument I used long ago with another vendor, Dantz, about their overweening need for secrecy about everything: Apple, we know you're going to patch Java. We know the patch you're going to use. If we want, we can even get the patch ourselves. There is no secret here. None. You are protecting nothing with this refusal to communicate with your customers and you are hurting yourself in the way you handle stuff like this. This is fact, by the way. I know quite a few Mac sysadmins who removed Mac OS X from any machine that faced the public internet in 2008, because they were tired of living in uncertainty until Apple could be bothered to apply the patch that everyone else already had, and couldn't bother to even give them a rough idea of when the patch would be released. That's future hardware and OS licenses that Apple has essentially lost forever, solely because they refused to take the minimal step of communicating about a widely known, non-secret issue with their customers.
Again, Ira's frustration and anger with Apple's refusal to communicate with its customers about their delays in security updates is legitimate, understandable, and shared.
The idea that somehow, getting the FTC to investigate claims made in advertising will "force Apple to patch faster" is ludicrous if not laughable. For one, all the FTC could do, at most, is maybe make Apple write a check, and change the advertising. Re-read that last part: change the advertising. That's it. The FTC cannot force Apple to patch faster. They can fine Apple, sure. But Apple has what, $30 billion US in the bank? The FTC couldn't begin to legitimately fine Apple a large enough amount to make it really hurt, Apple could get that kind of fine overturned in a second. Secondly, all Apple would have to do is stop "overstating the security of the OS".
Of course, the FTC would first have to prove Apple is doing this, and this is another shoal that Ira's ship of good intentions runs aground on. The fact is, Apple can, with trivial ease show, that in spite of their delays, Mac users are in fact, less at risk from actual malware attacks than Windows users. Relative platform security has nothing to do with this, it's all about frequency of attack. Right now, to be honest, Windows Vista/Windows Server 2008 have, in many ways, a better security posture than Mac OS X. Microsoft is, without doubt, faster to patch, far nicer to work with on security issues, and so much better than Apple about communication that adjectives fail me.
But it's like living in a more secure bunker that's under constant 24x7 attack vs. a less-secure bunker that maybe takes a shot a couple times a year, and you can see it coming for the most part. As others have said, there is security and there is safety, and they are not in fact the same. Is Mac OS X more secure than Windows? If you restrict the argument to Vista/Server 2008, probably not. If you throw in what the vast majority of Windows customers are using, namely XP and Server 2000/2003, then that answer isn't as clear. Is Mac OS X safer than Windows? Based on real-world results, the answer is clearly yes. You are going to be attacked less on a Mac. Period. That may change one day, but for now, the weaker walls of Mac OS X don't matter, because no one is lobbing shells at it.
Should Apple patch faster, and communicate better? Without doubt or hesitation, yes. Is the FTC the way to force Apple to do so, and is it even capable of doing so? Without doubt or hesitation, no to both. Sorry Ira, but you need to rethink that argument.| Comments ()
May 29, 2009
Would it KILL Apple to include a way to print to a PDF or even a POSTSCRIPT file in the OS from the command line?
Because I think it would.| Comments ()
May 28, 2009
It isn't always Adobe
Just to show that there's plenty of stupid to go around...
Setting up Outlook 2007 today, doing some email tests. Decide to test our Exchange-like setup on Kerio. "Okay, I think, I'll create an Exchange account, as I'm already in Outlook on XP in a VM."
You cannot create an Exchange account for Outlook from within Outlook or while Outlook is running. You have to quit Outlook, and use the Mail control panel, which gives you the same fucking UI as Outlook would.
Wow. Fucking impressive. What's next, you need a mail viewer control panel to read email? I can maybe understand, (okay, not really) having the option of the mail control panel, but requiring it? Really?
Ride Monkeyboy Ride, your mojo is hot shit, like a fire.| Comments ()
May 24, 2009
Feed URL change
In the interest of better analytics, changing the feed URL for the site. The new one is: http://feeds2.feedburner.com/bynkii, and will be going life right after this post goes up. There will be no other warnings.| Comments ()
May 21, 2009
ATSServer ATSOpenFork and ATSGetCatalogInfo timeout errors
So because neither ATSOpenFork or ATSGetCatalogInfo appear to exist in Google at all, and I just was handed a solution for a problem I was having, (Apple SE's for the win!), I'm entering it into the Great Google Tech Support Database:
If you have a user who:
- Is on Network Homes
- Is on 10.5.6 or possibly earlier
- Has slowwwww logins with gobs of ATSServer errors about ATSOpenFork and ATSGetCatalogInfo timeing out
- Kernel Panics on Shutdown/Restart/possibly login
What you want to try is putting them on Portable Homes/Mobile Homes. It seems that with Network Homes, ATSServer is a serious problem child.
10.5.7 may remedy this too, but I haven't tested that.| Comments ()
May 20, 2009
A UI that tries too hard
I have, since I really started using Twitter, used Twitteriffic. It was the first twitter "client" I used, and has a UI I like: damned near invisible.
However, since I now have to deal with multiple accounts...I had a conundrum: Make multiple copies of Twitteriffic, one per account, or try another client. So I figured I'd try another client. The decision was made easier by the instant disqualification of all AIR products. Their installer and installer policy is just WAY to fucking stupid and annoying for me to use anything based on that framework. Call me when I don't need a special license to mass-distribute AIR on my own network. Lame.
So with the AIR tripe out of the way, I figured I'd try Tweetie, since some folks whose opinions I respect like it a lot. I want to like Tweetie, but...well, a few years back I said this about what I saw as the underlying UI philosophies behind Vista and Mac OS X:
“Operational Philosophy” isn’t something that’s written anywhere on a whiteboard, or on an inspirational poster. Instead, it’s more of a “What does this remind me of” kind of thing. In other words, when I’m using an OS, and I want to describe how I interact with it, what’s the anthropomorphic description that best suits it?
For Mac OS X, it’s the classic English butler. The OS is designed to make the times you have to interact with it as a thing as quick and efficient as possible. It is expected that things will work correctly, and therefore sees no reason to bother you with correct operation confirmations. If you plug in a mouse, there’s not going to be any messages to tell you “That mouse you plugged in is now working”. It’s assumed you’ll see that because you’ll be able to instantly use the mouse. Plug in a USB or FireWire hard drive, and the disk showing up on your desktop is all the information you need to see that the drive has correctly mounted. It is only when things are not working right that you normally see messages from Mac OS X.
Windows is…well, Windows is very eager to tell you what’s going on. Constantly. Plug something in, and you get a message. Unplug something and you get a message. If you’re on a network that’s having problems staying up, you’ll get tons of messages telling you this. It’s rather like dealing with an overexcited Boy Scout…who has a lifetime supply of chocolate-covered espresso beans.
This applies to Twitteriffic and Tweetie on the Mac. (Note: Not talking about iPhone/iPod Touch versions at all.) Twitteriffic lacks a lot of Tweeties features, such as multiple account support, grouping by @-replies, etc. But, it has an unobtrusive UI. It lets me access features in a consistent fashion that doesn't jerk me around, it doesn't take up space, and it doesn't try to make me notice its UI.
Tweetie...sigh...Tweetie tries so hard to get you to notice it. For example, sending messages. Twitteriffic, it's pretty simple. You click in the "What are you doing?" field and type. When you're done, hit enter, and assuming Twitter is not down, bang, sent. With Tweetie, you hit cmd-N, and a window zooms out for you to type in. Depending on the size of your monitor, it can be a rather significant distance from your main timeline window. So now, to send a message, Tweetie takes up more space, hits you with a zoom effect, and you have to hit a button, or cmd-enter to send. Same thing Twitteriffic does with a single click in the same window, and the standard enter key.
(For UI fiends defending cmd-N in this case: Tweetie is not creating a new document, nor is it creating a new persistent application window. I don't know if Twitteriffic wins, but its UI model is more consistent with other chat-like apps, such as iChat. Tweetie is just taking up space with no real additional functionality.)
If I click on someone's picture in Twitteriffic, I get...well, I select their tweet if it wasn't already. If I double-click their picture, I go to their Twitter page. In Tweetie? Click on the picture and you get all their tweets. That's handy, but it means that you have to think more about where you click. Extra effort to avoid doing the wrong thing.
If I click on the @-reply grouping, the only way to get back to the main timeline is to click on the speech bubble. My natural inclination was to click on the icon for that account, but that only works when switching accounts. Why not have it be the "root" view too? True, Twitteriffic can't do either multiple accounts or grouping, but at least it's harder to get lost in the UI.
As well, it's just simpler to do some things in Twitteriffic. If I've clicked on a given tweet, I can get to their web site, (if it's listed in Twitter in one click, or their Twitter page, web site, or really, any other function for that person in 1.5 to 2 clicks. In Tweetie, to get to someone's Twitter Page, I have to click on their picture, click on the gear dropdown, then pick the "Open in Browser" option. So 2.5 to 3 clicks for the same functionality, and it's badly labeled.
Seriously. Here's a test. You want to open someone's Twitter page. Which is easier...click on a dropdown and pick "Open User's Twitter Page" or click on a dropdown and pick "Open in Browser"?
What am I opening in the browser? That person's twitter page? Their Web page? The selected tweet? Scat porn? We don't know until we pick it, but based on feedback, the first three options are all equally probable. As it turns out, "Open in Browser" only applies to their Twitter page. To open their web site, (if listed in their Twitter profile), you have to click on their picture, click on the "i" icon, then click on the web URL. so that's 3 clicks to do what I can do with 1.5 to 2 clicks in Twitteriffic.
Also, Tweetie doesn't always display all my replies, (based on the reply changes Twitter made, then made again, etc.), but Twitteriffic does. I can't say which behavior is more correct, but I can definitely say which one shows me what I need to see in one window, without having to click back and forth. The way Tweetie does it is just damned annoying.
There's a few more things, but really, it all means that I'll just run multiple instances of Twitteriffic. It's got functionality right there, and it's not trying to impress me with how clever its UI is.| Comments ()
May 18, 2009
Stupid Wi-Fi-only iPhone trick
So one of the problems with using an iPhone with WiFi service on planes is that according to many people, you can't just have WiFi running on an iPhone without activating the cell service too.
That's not completely correct, at least not with the current (v. 2.X) iPhone OS.
Step 1) Turn on Airplane mode. Boo. All wireless access is turned off. Fear not...
Step 2) In the Wi-Fi settings, turn Wi-Fi back on. Don't touch the Airplane Mode button.
From what I can see, this ONLY turns on Wi-Fi. I know that I can't make a call from my iPhone when I do this, and if I call my cell, it doesn't even ring, but goes straight to Voicemail. So while I haven't checked for actual cell signal, from what I can tell, there's no cell service on my iPhone when I do this.
(i'm probably not the first person to dope this out, but I figured, what the heck, more info for the great Google Tech Support Database)| Comments ()
What the fuck?
Okay, so a web site that had been around since 1996 got fucked over by some fucking douchebag hacker collective. As it turned out, they had a suboptimal backup strategy, namely overly relying on having a backup server.
No external backups.
I feel really bad for them, because what a fucking way to learn the backup lesson. I feel even worse because it shows that as an industry, the computer business has not really done fuck all to make shit that should be simple, like running a happy little fan site easy. No, having lots of ways to back up is not the same as making setting up a backup easier. Security is still far too hard for non-experts to implement well, and it's not that fucking easy if you are in IT.
In other words, this shit is still pretty goddamned fragile when it comes to "just working" and I include Apple in that too.
The (rapidly) spreading line of thought that because they didn't have a more sophisticated backup system, they deserved to get attacked? That it's their fault for not having better insurance?
No fucking way.
That's a bunch of justification bullshit and a completely separate issue. Just like insurance doesn't keep your home from burning down in a wildfire, backups are not the end-all proof against attack. If the attack was an "inside" job, then backups are absolutely no proof against that.
However, it doesn't matter. Regardless of the technical wisdom of letting a backup server be their backup, the people who had years of work and a labor of love destroyed are not at fault here. They have the right, the *right* to put a fucking site on the fucking internet and not have some fucking DOUCHEBAG(S) take it down. Period. You have the right to not get attacked or raped, even if you're walking butt-naked with a c-note taped to your pooper.
This is fucking insanity. They didn't do anything to "deserve" this. Should they/could they have had better backups? Sure. Did they make the common mistake of confusing redundancy/reliability with backups? Yep, no doubt. But holy fuck people they still didn't deserve to be attacked, and if we are now at the point where not taking every possible measure to protect yourself from getting attacked means you're asking for it, then the entire Internet needs to be fucking burned to the goddamned ground, because it has lost any justification for its existence.
"They deserved it"
Fuck You.| Comments ()
Cacti Spine and Mac OS X 10.5.7 warning
FYI, if you're running Cacti on Mac OS X, and you move that box to 10.5.7, Spine will probably start complaining about the new SNMP library version:
05/18/2009 10:12:46 AM - SPINE: Poller ERROR: SNMP Library Version Mismatch (5.4.1 vs 188.8.131.52) (Spine parent)
Rebuilding Spine didn't fix this, luckily, I can run with cmd.php instead. However, those of you who have large Cacti installations should proceed with caution here.| Comments ()
May 12, 2009
OH MY GOD
"Of course," you think, "they'll release these patches in the most easily installed manner possible, in such a way that they are easily pushed out to existing machines as fast as possible.'
Of fucking COURSE the Acrobat team won't do that you fucking loser Mac user! Stop smoking crack and acting like you fucking count!
You'll get a patch that has to be manually run, (on 9.1 only for 9.X. Older version? FUCK YOU, DO MORE WORK YOU STUPID MAC FUCK!), and in the case of Reader, just in case you aren't using that aborted slop of a single-browser plugin, you have to ONCE AGAIN TELL IT TO LEAVE SAFARI THE FUCK ALONE. Same thing for Acrobat Pro. MANUAL FUCKING UPDATE TIME!
Can someone at that company...don't talk to the Acrobat team, it's obvious that they don't fucking give a shit, just walk over there and grab whomever the fucking IDIOTS were who released the patch in this form, and KICK THEM IN THE FUCKING HEAD, OVER AND OVER WHILE THEY MANUALLY PATCH EVERY FUCKING MAC IN ADOBE INC.!
Then send them to me, so I can get really mean. They'll suck Cheney's wrinkled cock with a fucking SMILE when I'm done abusing them.
What a fucking douchebag collective.
There, I finally created an Adobe category, because this is the last straw. Fucking hell, goddamned CS Installer team is great to work with, trying to do the right thing, and fucking Acrobat sticks their ass over the castle wall and shits all over it.
Jerks.| Comments ()
May 9, 2009
Some people shouldn't see movies that aren't documentaries
Now people are bitching about the size and kind of CANYON that a young Jim Kirk drives a late-60s Corvette off of.
Stop watching Science Fiction.
Not only is it just a little too hard for you, but you completely overlook the real crime of the scene:
THE LITTLE BASTARD LIVED AFTER TRASHING A GORGEOUS CAR LIKE THAT.
Shit..."where to you find canyons like that in Iowa". Fuck, what's next "You can't go faster than the speed of light, and transporters are bullshit". Thats just trying to find shit to not like about a movie. I bet most of these fuckers are "Lost" fans too. Note: "Lost" fans cannot, under any circumstances complain about continuity, reality, or logic errors. They have no moral highground whatsoever.
Spare us all. Just stop seeing anything that isn't "The Bridges of Madison County" or gay cowboys eating pudding.| Comments ()