Alex headshot

AlBlue’s Blog

Macs, Modularity and More

Is Apple the new Microsoft?

2008, crap, iphone, mac, rant
Mobile Mess

Recently, Apple has made a few uncharacteristic booboos in its image. First was the disastrous launch of the iPhone 3G, not to mention the subsequent hairline cracks that have been appearing. But partially a victim of its own success, the simultaneous launch in so many countries was to blame both for the shortage of units and also for the load on the servers (including O2's spectacular own-goal in that activation only worked on Internet Explorer). Could this have been averted? Absolutely. Not simultaneous launching and actually have people test the process ahead of time would have caught most of the problems. Instead of a news bonanza, they ended up with a news banana.

There's one more thing. Mobile Me(ss), the newly-launched synchronisation service, has fallen flat on its face. There's even a public fuckup page where you can learn where you can't go today (and a recent history of where you've not been able to go). Why launch a service which is clearly not ready is a typical Microsoft trick; ship 'em a buggy 1.0, and then we can charge them again once we've got it working. Or, in this case, just bill them anyway. Worse, this solution is supposed to provide an over-the-internet view of your mail; but you now have to have the latest and greatest web browser in order to be able to use it (and even then, it's cack). OK, so it's a rich application — but what if you're logging in from an internet cafe which doesn't have such browsers installed? Or you're checking it out from a Wii or PlayStation (or other hardware set top box) browser? Or you're in a hotel in the middle of another country? It seems that the only place you can in fact check your mail is from home; in which case, you might as well use an application like anyway.

GMail is a much, much better solution. Yes, it's a rich application; but there's a drop-through if you don't have JavaScript, or if the connection is slow and just want to render the basic view. You can view this on anything, regardless of device. Heck, you can even use Google Calendar with CalDAV, which is the same protocol used by iCal to talk to a calendar server (for 10.5; previously, it just used WebDAV). Neither of these solutions require a yearly payment; and They Just Work, which is more than can be said of Mobile Me(ss). You also get a less narcissistic mail address, and can even substitute your own domain if you so choose.

Lastly, Apple is badly failing on security. No, not just the hacked in two minutes stories that you read, but general failing to keep up with patches. The recent DNS Poisoning attack which has been known about since last year has been updated by almost every software stack and large company (including BIND, the nameserver used in Apple Mac OS X), has now seen exploits go wild and being used to poison domain names. Yet despite the underlying code being already patched and available Apple has yet to issue a fix. I have an internal Mac OS X 10.4 server, and the local BIND server (based on BIND 9.3) was trivial to download and update manually ahead of Apple actually fixing it; but there's a complete veil of secrecy about when (or if) Apple will be fixing this. Now that there are exploitable code available from metasploit and others, it's a no-brainer to get on and fix this. Perhaps Apple is too busy focussing on the disaster that is Mobile Me(ss) to be worried about security. Even the above hack-in-two-minutes was fixed on the desktop but still exists in the iPhone 1.1.4 software (which iPod Touch users may still be running owing to getting stiffed with a craptacular 'upgrade fee'). Even the original hack on the iPhone was an image handling flaw which was used as an exploit to gain root access (and then subsequently unlocking it). Security is just way down the list in Apple's priorities, and in this day and age, that's a dangerous position to be in. Even Microsoft have regular patch cycles and react quickly to zero-day exploits; Apple still refuses to believe that it's not invincible.

This really highlights the fact that the Mac OS X server is not up to the job. You're much better off with a properly supported, secure system like Debian or OpenSolaris than you are with a Mac server; even if you use Mac hardware, the security and support is just not part of the Mac OS X package.

This all sounds familiar. Software vendor not being transparent with critical bugs, leaving open systems without patching, pushing unready code onto an unsuspecting public (and then blaming them for the problems) — doesn't that all just remind you of someone?