Macworld Keynote 2009

It’s not going to be a Stevenote (and on that note, best wishes to Steve as he gets his hormones back in balance and gets some protein in his system). But I’ll be watching all the more closely, to see how Phil Schiller takes on the challenge of igniting excitement in the Mac faithful. Like many product managers, I have picked up a few tips about presenting product over the years from Steve, and Phil will have his own style and his own techniques which I can hopefully also snarf.

Product predictions? I like John Gruber’s, and can lend credence to the iLife prediction because I finally got the most recent version as a Christmas present. Pretty sure there won’t be any new iPhone products announced today though (outside of the iPhone version of Delicious Library).

I’m pretty sure that Apple won’t be announcing the Mac Wheel today, though (hat tip to Chris Eng for the pointer):

Apple Introduces Revolutionary New Laptop With No Keyboard

Stupid breakage of the day: Ubiquity and MobileMe

This morning I tried to log into MobileMe, which has mostly been working well recently, and got an unsupported browser screen telling me I needed to be running Firefox 2 or later, or Safari. Only problem was I was running Firefox 3.0.5.

I figured it was a bug in MobileMe’s browser check logic, so I used some JavaScript to check what my browser was reporting as its user agent:

javascript:document.writeln(navigator.userAgent)

It told me I was running

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Ubiquity 0.1.4

Looking at the user string, I wondered if all the addons at the end, in particular the Ubiquity one, were breaking the browser check. So I disabled Ubiquity and restarted the browser. But the user agent string still showed Ubiquity.

I had just updated to the newest Ubiquity release this morning and was starting to think that something in the add-in was causing the problem. So I uninstalled it … and the user agent string was still the same.

Now I was curious. Did it leave a setting behind that the uninstall didn’t clean up? I looked under the hood in the browser preferences at about:config and searched for Ubiquity, where I found a very interesting preference under general.useragent.extra.ubiquity. There didn’t seem to be an option to delete the key, so I simply set its value to an empty string.

Doing the browser check now reported

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

And I could log into MobileMe again.

Lessons:

  1. Uninstalling an add-in doesn’t always totally uninstall it.
  2. You might be better off without Ubiquity.
  3. Apple needs to fix the MobileMe browser check (aka Trampoline).

Failed iPhone restart? Restart it again

My iPhone hung this morning while I was trying to delete a message in my Gmail account. I sighed and did a restart (hold the top sleep switch and the home button down at the same time). And it came up… with a screen that told me (in graphics) to plug the iPhone into iTunes.

I was concerned I had bricked the phone, but it seemed to still be functioning: I could make emergency calls, and I even got a notice that I had received a text message.

I normally sync the iPhone at home, so I figured I’d be without it all day long. Then I checked my Twitter replies, and my old friend Andrew Bartelt suggested that I simply try rebooting/resetting the phone again. Forehead now sore from whacking myself upside the head, I now again have a working iPhone.

Notebook lust: the new MacBooks

My first generation MacBook Pro, purchased back in 2006, is starting to look a little long in the teeth. The basic machine has been just fine, but I knew when I bought it that 80 GB wouldn’t be enough disk space, and the battery is coming perilously close to the end of its lifecycle; I now get maybe 30 minutes on a full battery.

More damningly, there’s a power cord issue (and if you’ve followed my Mac experience through three Apple laptops over the past eight years, this shouldn’t be a surprise). MagSafe eliminated the problem I had on old machines, where the cable would break or fray. Unfortunately, I found a whole new problem with the design: small beings can knock the laptop off the table or chair where it’s sitting, and if it falls on the side with the MagSafe connector, the case dents around the power cable and makes it much harder for the power connection to complete successfully.

All of which means that the new MacBook Pro looks pretty good right now. Killer graphics, more capacity, AND a case carved of solid aluminum that I would bet is much more dent resistant.

But you know? The new MacBooks are also solid aluminum cases, have more capacity than what I have today, and are about $700 cheaper than the MacBook Pro. And increasingly what I’m thinking is a lower end laptop and a dedicated home media computer (or appliance) is the way to go rather than trying to drive everything off one machine. Unfortunately, this is the wrong part of the stock market cycle to make that happen, but it’s a dream I can have.

Genius take II: indeed.

After last night’s disaster, I decided to give iTunes 8 another try. This time I made sure my library settings were correct in advance, and let it collect and submit the information while I ate dinner. No spinning beachball, no issues, this time around. 

So, Genius. I’m not evaluating the sidebar right now (though I will note that the message that appears when Genius can’t find any recommendations in the store is a pretty good predictor of whether the Genius playlist feature will work. And you know what? It does work, quite well.

The feature in a nutshell is a little like an old bar game: pick a song, then identify a bunch of other songs that go with it. All the songs are pulled from your library and you can vary the length of the playlist, and save it into your library if you choose. Pretty simple. So I decided to throw it some curves. First, “Nuki Suki” by Little Richard. It took this slightly profane funk gem from the master and mixed it with “Sexy MF,” “There Was a Time,” “Baby I Love You,” “The Hook and Sling” by Eddie Bo, “Up for the Down Stroke,” and Marvin Gaye’s “You Sure Love to Ball.” There were a few clinkers as well, like Ready for the World’s “Oh Sheila,” but at least everything was in the ballpark. 

So I tried something a little different: a movement from “Jesus’ Blood Never Failed Me Yet” by Gavin Bryars, from the recording with Tom Waits on vocals. What came back seemed to be mostly related to Tom Waits rather than Gavin Bryars: tracks from Waits, Smog, the Black Keys, the Cocteau Twins, Cat Power, and so on. So I tried another Bryars track but Genius couldn’t find matches. Also matchless: tracks from the Virginia Glee Club and the Virginia Gentlemen, probably because they aren’t available in the iTunes Store. But mixes around Hilliard Ensemble, Pink Floyd, Jane Siberry, Steinski, Jeff Buckley, and Neko Case were all pretty solid.

So I think those of us that like genre-busting mixes and unusual juxtapositions are probably safe: Genius doesn’t automate what we do just yet. But for a good 25 song groove it’s not bad, and for most people it will handily replace Shuffle as a way to plumb the depths of their library.

iTunes 8: first impressions

I installed iTunes 8 last night on my home machine, a MacBook Pro with 2 GB of RAM. The update wasn’t in Software Update, so I pulled it off Apple’s website. Then I had to update to get the latest QuickTime, begging the question of why they aren’t packaged together. But that was straightforward enough. Then I rebooted and fired up iTunes.

First it wanted to update all my album art–I suppose to build new thumbnails for the new grid view. When it finished looking at my 26,000 song library in five minutes I was suspicious. Sure enough: it had forgotten that my music lived on a network drive and silently reset the location to my laptop hard drive, causing all the songs in the library to be unplayable. Fortunately I’ve been through this before: Preferences, Advanced, and set the correct location for the folder, then wait fifteen minutes while all the song paths are reset. But man: I was really hoping Apple had fixed this one. I don’t restart iTunes often, but when I do I have to go through this dance more than half the time.

But OK: so far no worse than the old version.

The new grid view seemed nice enough, until I clicked something. Then it locked up tighter than a drum with a spinning beachball. About five minutes later the beachball cleared and I was able to play some music. I found of interesting that the grid view was only present some of the time. If I clicked through on the Jazz genre, it brought up the classic view of tracks next to album art. Maybe this was because of the number of albums (330) in the genre, but I found it a little disorienting.

Then: Genius. I don’t know if I would have called the feature that, since it has to upload the entire library to the cloud before it can work. I let it run for awhile but it wasn’t long before the spinning beach ball returned. I finally killed iTunes but it managed to keep any other application, including QuickTime, from playing any sound until I rebooted.

And when I rebooted, iTunes forgot where the music library was again.

I think Genius has promise–it came up with some interesting recommendations on my work computer. But that only has thirty songs on it. I have a suspicion that it doesn’t scale. At all.

New iPods, new iTunes. It must be September

Apple’s really changed as a company; I remember when September was Back to School month and you’d find out about new iMacs, a new version of iLife, whatever. Now it’s all iTunes and iPod.

I like the look of the new iPod nano, and the price point ($150 for 8 GB) and form factor are sweet. But I’m particularly impressed with the software and the use of an accelerometer in what is basically a low end device. CoverFlow is a killer interface, especially in a small device, and seeing it on the nano is pretty sweet.

I’m keen to see whether the new “genius” features in iTunes scale up to my 26,000 song music collection. Hopefully by the time I’m home tonight, iTunes 8 will be downloadable (it’s still 7.7 from where I sit right now).

But I think my favorite visual from today’s event was this one:

Apple: MobileMe isn’t really using “push” with your PC

MobileMe (aka former .Mac) subscribers received an overdue email from the MobileMe team today, apologizing for the rocky roll-out of the new service and extending a free month of service to all subscribers.

The email contained the following interesting paragraph:

Another snag we have run into is our use of the word “push” in describing everything under the MobileMe umbrella. While all email, contact or calendar changes on the iPhone and the web apps are immediately synced to and from the MobileMe “cloud,” changes made on a PC or Mac take up to 15 minutes to sync with the cloud and your other devices. So even though things are indeed instantly pushed to and from your iPhone and the web apps today, we are going to stop using the word “push” until it is near-instant on PCs and Macs, too.

What a welcome breath of fresh air: unambiguous retraction of unjustified marketing hype!

As a product manager, it strikes me that the team managing the rollout did an excellent job of damage control: fix the operational problems, apologize to the customers, change the marketing message where it’s out of line with the new reality, extend credit and move on. And they’ve done a good job. I even have to retract my characterization of MobileMe as the Lindsey Lohan of webmail services (last paragraph).

iPhone SalesForce app: free, but access = $

A quickie I left out of my original iPhone app roundup: I wasn’t able to get the mobile SalesForce client working. The reason is, in retrospect, unsurprising: our company doesn’t have an “unlimited” SalesForce license, and customers on cheaper plans will be nickeled and dimed to use the app.

It’s good to see that some nasty business models are going to survive on the iPhone platform. So is my response: the SalesForce app is deleted.

iPhone App Store, Day 1


After I played around a bit with the new firmware, I got on the App Store and started downloading. I got my hands on Exposure, MLB.com At Bat, Band, the Google app, Bloomberg, the BofA app, CheckPlease, Evernote, Facebook, AIM, Jott, midomi, the AP’s Mobile News, NetNewsWire, Remote, Salesforce, iPint, and PhoneSaber. I won’t be able to review each of them, but a few quick thoughts on the ones I’ve tried:

  • iPint: deleted. Not enough fun to make up for the big Carling logo that comes up on the beer pint at the end.
  • MLB.com At Bat: A much nicer way than the Red Sox web site to find out if Storrow Drive will be jammed up because of a home game at Fenway.
  • Exposure: I agree with The Unofficial Apple Weblog: Photos Near Me is creepy but kind of a cool way to explore the area around you. It was with Exposure that I first saw the request to use my location, and I was relieved to see it again this morning. Apparently authorizing the release of your location data is not just a one time thing. The app is a little slow over Edge, though.
  • BofA: doesn’t seem that much improved over their mobile web experience. A few of the graphics appear to be included in the app, but most of the rest is just like the website. Of course, the automatic location based ATM finder is good, but is that enough of a reason to install an app, even if it is free?
  • PhoneSaber: a giggle and a fun demo of the phone’s capabilities. What would be really cool is if you had two iPhones running PhoneSaber, and you could tell that they were near each other, that you could do a real duel.
  • Band: Bought it for the keyboard. Love it for the 12 bar blues mode.
  • Bloomberg: is slow over Edge, but not as slow as I would have guessed. Missing: a way to share stories from Bloomberg News.
  • Jared: Oh, Jared. So glad to see my old friend here. The voice of the Butcher of Song has not improved with age, and that’s how we like it. (Incidentally, does Jared win the award for the app ported to the most Apple programming environments? Classic, Newton (!), Mac OS X app, Mac OS X Dashboard widget, iPhone…)

Regarding the economics and revenue model from the App Store: First, I have to give kudos to the folks at MacRumors and TechCrunch for their ingenuity. Alas, it looks like they spilled the beans too soon, as all download counts have been re-zeroed out. But the preliminary indications ($55K in revenue from the US store before it even opens) should hopefully prove the viability of the revenue model.

And I definitely echo Daring Fireball’s point about the store’s reliability, a point thrown into even sharper relief by the fact that MobileMe is, as I speak, continuing to stagger about like a starlet in rehab: very pretty, a promising future, and completely incapable of standing upright for more than a few minutes at a time.

iPhone Firmware 2.0, Day 1

When I got home last night, I tried Software Update and found iTunes 7.7, but it didn’t find the new iPhone firmware. So I tried the path laid out in the TechCrunch post of direct downloading the firmware package. Tip: use Firefox. Safari automatically expands the package, and while there’s probably a way to re-zip it so that iTunes will recognize it, it’s easier to download it with a browser that doesn’t automatically unzip.

I plugged my phone in and started the firmware upgrade process. Then I went off to do something time consuming (the upgrade using this method performs a full backup, wipe, and restore, and full restore takes a while if some of your content, in my case music, is coming from a network attached disk). So after spending time on our basement project (and getting hands liberally covered with microscopic dots of primer), I finally got on my iPhone to start checking out some of the new features.

First: there’s gotta be a better way to manage application icons than just spreading them over three or four screens as they get installed. Yes, obviously I can manually spread them out over screens, but I found myself yearning for … folders. Or something. I think some of the jailbreaker guys may have come up with some concepts that would be worth copying buying here.

Second: man, it’s great, but also weird, to have mail coming in in the background without my manually fetching it. And it’s great, and not weird at all, to be able to delete multiple mail messages at once. That’s the killer feature for me right there. No more slide–click Delete–slide–click Delete–repeated ad infinitum.

I’m really, really glad that Apple made the Contacts feature an application instead of burying it in the phone menu. That was one thing that always made me wonder: why did the designers think that the only time I would need access to my contacts was when I was making a phone call?

I was hoping to give the VPN and Exchange integration features a crack, but I need to get some settings from our IT guy and he’s not in; that will have to be a later post.

The on-phone App Store is very nice. I frankly found browsing the store through iTunes to be something of a pain, and the experience on the phone is much nicer. I don’t know why–perhaps it’s the fact that the browse views in the store don’t show the app icons?

The scientific calculator is a nice blast from the past. One minor quibble–I hadn’t realized until playing with it that the calculator uses a font with proportional width numbers. It’s not noticeable unless you’re rapidly changing the numbers in the display–say, by repeatedly hitting the Rand or sin buttons–but seeing the leading zero jiggling around in response to the keypresses is a little disconcerting.

Mobile Safari hasn’t crashed on me yet. It used to reliably crash on loading certain long or complex pages. So that’s something.

Oh, and those nice screenshots? Built in feature. Hold the main button and tap the power button, and a screenshot is saved to your Pictures, where you can email it or upload it (if MobileMe is working).

So that’s the base OS: nice, and featureful. But of course the excitement of the new firmware is the App Store, so we’ll talk about that next.

The iPhone App Store is live

TechCrunch reports, and I can confirm, that the App Store is live. It’s not linked from the store navigation, but if you install iTunes 7.7, you can click through to the list of iPhone apps. The categories are pretty unsurprising: Business, Education, Entertainment, Finance, Games, Healthcare & Fitness, Lifestyle, Music, Navigation, News, Photography, Productivity, Reference, Social Networking, Sports, Travel, Utilities, Weather. And a few interesting finds, including a Bloomberg app, a location-aware Bank of America app, OmniFocus, SalesForce Mobile, Oracle Business Indicators, the AP’s news app (with no mention of being able to send photos back to the AP; whassup?), NetNewsWire, MooCow’s Band, and about 175 games.

Including Jared. (Happy dance.)

Update: According to TechCrunch and CNET, you can download the firmware now, though it’s a direct download rather than through Software Update. Alas, my iPhone is synced through my Mac, which is at home, so I’ll have to wait before I can try it out.

Day of updates: iPhone App Store, maybe MobileMe

Various sources report that the iPhone App Store will launch today. It’s clear that iTunes 7.7 is out, featuring the ability to control iTunes from a new free iPhone/iPod Touch app, and the New York Times says that Apple will be launching the app store.

What I haven’t seen reported anywhere is anything about a MobileMe launch today. But signs are good; right now I’m getting a maintenance screen on .Mac:

Fortunately, I’m still getting mail on my iPhone. But maybe this means a MobileMe launch is imminent too.

Update: Okay, I missed the .Mac status report on Apple support that indicated that MobileMe was actually supposed to launch last night; the maintenance window was from 8 pm to 2 am Pacific time. Right now the status isn’t pretty:

Update 2: As of noon-ish on the east coast, the update now says that all services are back online except for webmail and web pages: “With the exception of the new web apps, all of the following services are available: Mail, iChat, iDisk, Sync, Back to My Mac, and all published pages, including Galleries and iWeb sites.” Smart money has it that there’s a contingency plan being executed while they figure out why the new MobileMe apps aren’t RTWing successfully.

Followup: Mac OS X ARDAgent vulnerability advice

Various parties in the Mac community have weighed in and suggested the best way to address the issue highlighted in last week’s advisory regarding an escalation of privilege vulnerability in ARDAgent. While some have suggested that enabling the remote access service may actually correct the privilege escalation, there’s been enough evidence that it doesn’t really work. And a suggestion to clear the setuid bit that allows ARDAgent to act as root appears to kill it, for at least some commentators. That leaves only leave two options:

  1. If you don’t need to have anyone remotely manage your application, just delete or archive ARDAgent.app.
  2. Restrict ARDAgent from being able to perform do shell script (as described in Martin Kou’s blog)

It would be nice if Apple just closed the hole, wouldn’t it?

While you’re at it, don’t forget to update Ruby (it’s part of the default Mac OS X installation), if you’re using it, to close a whole bunch of holes–from numeric errors to buffer overflows–in the core Ruby runtime.

And can we stop pretending that the Mac OS X platform is magically secure?

Serious new Mac OS X escalation of privilege vulnerability

Slashdot is reporting a new escalation of privilege vulnerability in Mac OS X 10.4 and 10.5. The details are a little sparse, but it appears that calling the Apple Remote Desktop Agent (ARDAgent) from AppleScript allows execution of arbitrary code with root privilege. Bad, for sure.

The mitigation is that it requires execution as the currently logged in user from the UI session, and apparently can’t be initiated over an SSH or other remote connection unless the attacker can log in as an account that is currently physically logged in on the machine. However, at a minimum it allows brute-forcing root access on any kiosk or other restricted machine that can be physically accessed. And one intelligent poster points out that all it takes is a phishing exploit that gets the user to execute the code on their own machine to open things wide up for a remote assailant–or a buffer overflow in (Safari, QuickTime, Flash, Firefox) that allows starting a shell.

Incidentally, simply disabling remote access is insufficient to prevent the attack. The ARDAgent.app must physically be removed from the machine. (For those interested, it’s usually found in /System/Library/CoreServices/RemoteManagement/.)

Apple needs to close this pronto.