Just a Theory

By David E. Wheeler

Posts about Apple

Apple Challenges FBI Decryption Demand

Incredible post from Apple, signed by Tim Cook:

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

I only wish there was a place to co-sign. Companies must do all they can to safeguard the privacy of their users, preferably such only users can unlock and access their personal information. It’s in the interest of the government to ensure that private data remain private. Forcing Apple to crack its own encryption sets a dangerous precedent likely to be exploited by cybercriminals for decades to come. Shame on the FBI.

The Watch is You

“iPhone and Apple Watch“

Multiple factors. Photo: Apple.

Back when Apple introduced Touch ID, I had an idea for a blog post, never written, entitled “Touch ID is Step Zero in Apple’s Authentication Plan.” As an ardent user of online services (over 500 passwords in 1Password!), the challenge of passwords frequently frustrates me. Passwords stink. People don’t like them, don’t like the crazy and often pointless complexities piled on them by naïve developers. Worse, many sites employ useless techniques, such as secret images and challenge questions, utterly failing to understand the distinctions between the various factors of authentication.

Touch ID, I thought, was a solid step toward solving these problems. Initially, it would simplify the act of identifying yourself to your iPhone. Long-term, I hoped, it would extend to other applications and online accounts. As late as last last month, I Tweeted my desire to have Touch ID on the MacBook line so I could finally stop mis-typing my password to access my desktop.

Turns out I wasn’t thinking big enough. The next step in Apple’s identity plan wasn’t online logins (though some apps take advantage of it).

It was Apple Pay.

An under-appreciated benefit of Apple Pay is its implementation of multi-factor authentication. The first factor is your PIN — something you know — which you must put into your iPhone when you turn it on. Then, at purchase, you use Touch ID, authenticating with a second factor — something you are. This greatly reduces the chances of identity theft: someone would have to steal your iPhone and both circumvent the PIN and somehow fake your fingerprint in order to use it. Both exploits are notoriously difficult to pull off. An Apple Pay transaction almost certainly cannot be hacked or spoofed.

Crucially, the Apple Watch also offers Apple Pay and requires two factors of authentication. The first is the iPhone with which the Watch is paired — something you have. The second is a passcode input when you put the Watch on — something you know — and you’ll stay “logged in” as long as the Watch remains on your wrist. This is not quite as invulnerable as Touch ID on presentation, but still a powerful indicator of the identity of the customer.

Which brings us back to the issue of authentication. Well, not authentication so much as identity. If the Watch is an effectively low risk means of identifying a credit card owner, why not use it for identification in general? Consider these recent developments:

Let’s take these developments to their logical conclusions. Before long, you’ll be able to use the Watch to:

  • Open your hotel room or rental car without even checking in
  • Control lights when you walk into a room
  • Adjust the car seat and mirrors to your preferred positions
  • Identify yourself when picking up packages at the post office
  • Access and use public transportation
  • And yes, unlock your computer or phone (thanks Glenn)

In the end, the Watch isn’t a gadget. It isn’t (just) jewelry. It’s more than a password or wallet replacement, more than a controller for the devices around you. The Watch is your identification, an ever-present token that represents your presence in the universe.

Effectively, the Watch is you.

This post originally appeared on Medium.

Thank You Steve

Steve Jobs

A sad day. You will be missed. I feel like a part of the whole world offering my heartfelt condolences to his family, his friends, and his coworkers.

Looking for the comments? Try the old layout.

More about…

Cloudy Ideas

I had an interesting Twitter Discussion last week with cloud guru Simon Wardley and “cloud entrepreneur” Kate Craig-Wood about Apple, iCloud, and Android. It started in response to this tweet from Kate:

My blog post earlier this week, on why Apple should make iCloud open (http://v.gd/icloud) now looks rather prescient (see last paragraph).On August 25, 2011 via TweetDeck

The post, which was published about a week before Steve Jobs’s resignation as CEO of Apple, is worth a read. A number of points came up in the Twitter discussion, but 140 characters prevented me, at least, from being as thoughtful as I’d like. So I’m trying again here.

Enterprise Business

Take this sentence from the first paragraph of Kate’s post:

The recent launch of Apple’s iCloud service has done much to bring mainstream attention and acceptance to the concept of cloud storage and syncing. But unless [Apple] adapt an open cloud standard they are facing an uphill struggle to attract business users. Here’s why.

That’s the setup, but reflects a complete misunderstanding of Apple’s business model. The truth is that Apple does not care about the enterprise. Apple is in the consumer electronics business. Not the enterprise computing business. Certainly not the cloud computing business. Apple is in the business of creating hardware products to sell to consumers. Everything else is secondary to that.

In fairness, Kate does write, toward the end of the piece:

Essentially Apple sees iCloud as a consumer rather than a business service – and Apple have never really been interested in enterprises or business, despite the work they done to support policies and enterprise standards like Microsoft Exchange ActiveSync on the iPhone.

Of course, if Apple is not interested in selling to enterprises or businesses, it stands to reason that they won’t have an uphill struggle attracting those users.

The Android Hurdle

I think the real point of the piece is this:

However most businesses are unlikely to use iCloud until Apple adopt an open cloud standard. The fact that iCloud won’t deliver on other platforms like Android smartphones and tablets are going to be a major hurdle for Apple to overcome.

Again, Apple is not really entering the cloud business. Rather, they’re creating a cloud service to bolster their existing business. Another way to say it is that Apple is not selling cloud services. Apple sells devices that use cloud services. And as a consequence of that, they don’t care about other devices. The point is not the cloud, it’s the devices.

In that vein, via Twitter Simon said:

@theory : Modern devices are a combo of activities, some innovative, most commodity. Android & its ecosystem is commoditising the space.

Yes, that’s just it. Google thinks that they can commoditize the smartphone business, and that the truly valuable business is their cloud services. Apple, on the other hand, believes that cloud services will be the commodities, and that the truly valuable business is selling handheld computers.

Time will tell who’s right. As “cloud entrepreneurs,” Simon and Kate well understand the Google model. Google wants as many devices as possible to be able to access the cloud services they provide. Apple is not interested in that, because they’re not in the cloud business. (I know this is getting redundant; sorry about that).

And, frankly, Google’s not in the cloud business, either. They’re in the advertising business. And how do you show as many ads to as many people as possible? Well, you provide an easy-to-use utility service like search or email and sell ads to appear on those services.

In short, Google is in the business of selling eyeballs to advertisers. Apple is in the business of selling devices to consumers. Both are valid business models, but given existing revenues, I think it’s difficult to argue which seems to be the more successful model.

Kate added:

@swardley but my point stands; in consumer space too they are losing ground, fast. Shiny toys are easy to duplicate – Nokia’s doom.

I don’t follow this reasoning at all, frankly. There were lots of mobile phone manufacturers that were trying to duplicate Nokia’s devices. They failed. Apple succeeded not through duplication, but by creating a completely new device that simply made all preceding devices instantly archaic. And now, yes, Android devices are attempting to duplicate the iPhone, but their sales seem to be mainly at the expense of feature phones. Note that Android’s share of the mobile browser market is about 16%, wheres iOS accounts for 53%, according to an August 2011 MarketShare report. Yes, there are a lot of Android phones, especially in the US, where only one carrier sold iPhones until earlier this year. But it sure seems like most folks use them more like feature phones than handheld computers. In other words, all those users are not being converted into consumers of cloud services.

And other than on phones, Android’s market penetration is effectively zero. iOS completely dominates the tablet (no, iPad) and music player markets. Android tablets currently pose no hurdle for iOS at all, and there is no sign that they will for some time to come. The only other tablet computer likely to succeed is the Kindle. And guess what? It will mainly use Amazon’s walled garden of cloud-based products and services.

Cloud Commoditization

Which then leads to the issue of cloud commoditization. From [Kate’s post]The post:

From a standing start 5 years ago Amazon Web Services has grown to an eye-watering $1.4bn in revenue. Rackspace, their leading competitor in the cloud space, is thought to have about one tenth that figure in revenue from cloud. So, Rackspace and the other out-paced cloud providers have clubbed together to create an open, interoperable cloud system.

I think this is absolutely right. And OpenStack just might, in fact, commoditize the the cloud provider market. If it’s successful, each of the cloud utility companies that emerge will end up competing for that $1.4b in revenue (or, since it’s a growth space, let’s call it $5b in revenue in two years, just for the hell of it). With cloud computing standardized, this will trigger a race to the bottom, and may the cheapest cloud provider win. Already Kate says that her new company’s offering will be “the cheapest on the market.”

This has nothing to do with Apple, however. Apple has zero interest in being in a commodity market. Why? Because long-term there’s no money in it. This is why HP is leaving the PC business. There used to be money in it, but for the last ten years, there is little innovation, just a race to the bottom, just razor thin margins and cost-cutting measures. In the PC business, only one company continues to make large profits from its devices: Apple.

Yes, Apple has a cloud offering, but as with iTunes and the App store, it exists to enhance the experience of using Apple’s devices. The devices don’t exist to bring customers to iCloud; iCloud exists to bring customers to iOS. And note that in the second quarter of this year, iOS devices accounted for 75% of Apple’s profits. That’s $7.34b in profits, not revenue. For a single quarter ending last May. That’s a far larger, more lucrative business to be in than Amazon’s $1.4b in revenue over, what? A year? I think Apple will be happy to leave that substantially smaller business to others.

In fact, given the revelation last week that Apple’s using Azure and AWS as the foundation for iCloud, the commoditization of cloud services will only help Apple’s bottom line: they can always switch to less-expensive providers (assuming everything else is equal, of course). So yeah, cloud commiditization just might happen. And Apple, not being in the cloud business, won’t care, except to the extent that it might reduce its expenses and thus contribute to its bottom line.

Innovation

Following up on his tweet about commoditization, Simon wrote:

Combine this with ability of ecosystems to innovate, then Android is likely to be fairly lethal over time.

As to the second point, I don’t know how lethal Android will be if it a) doesn’t make much money for anyone; b) isn’t used as a handheld computer often enough; and c) cannot compete in the iPad market. But the first point I have a hard time following. How does an “ecosystem” innovate? It needs agents to do that, no?

Fortunately, a couple days ago Simon published a piece entitled “The abuse of innovation.” His overall argument there is that the term “innovation” has been overused to mean all kinds of things. No question in my mind. But to which part of his taxonomy might he be referring in his tweet? I suspect it’s this one:

5. Enablement and acceleration of the innovation of higher order systems through commoditisation of lower order subsystems (i.e. creative destruction and componentisation)

So perhaps for the example of cloud computing, “ecosystem innovation” is the creation of applications that run on the cloud? That is, a cloud app is a “higher order system” running on the cloud, and the cloud is the commoditized “lower order subsystem.” I think that makes a lot of sense. I expect people will do all kinds of things building on clouds, and the commoditiazation means they can run such systems on any standardized, inexpensive cloud utility. Cool.

But what has this to do with Apple? Well, they’re one of those innovators building services on cloud infrastructures. Furthermore, Apple has created its own ecosystem, and there is a ton of innovation going on there. (And, yeah, a lot of duplication: but that’s a sign of the huge success of the ecosystem.) iOS provides a commoditized platform for the development of innovative applications. The fact that iOS 5 is adding a cloud API is just another piece of that ecosystem. It’s one detail among many, and possibly key to the ongoing success of the platform. But the cloud is not the foundation of the ecosystem.

Landgrab

And that last paragraph of Kate’s post? Let’s take it a apart:

I firmly believe that adoption of open cloud standards is one of the keys to unlock the full and global potential of cloud computing and to breaking down the duopoly of Amazon’s IaaS and Google’s consumer SaaS.

I think that may well be right, but there’s unlikely to be much long-term profit in it. Unless you do something like sell ads to display on the apps running on your cloud utility service. If so, Apple won’t be a customer, ever.

Jobs & co may be making astonishing profits, and will likely continue to do so for some time, but unless they either out-landgrab Android in the smartphone and tablet market or open their doors to cross-platform services their success may be short-lived.

This assumes that Apple wants success in the cloud business. It doesn’t. It wants success in the sale of devices. Sure, if Apple stopped innovating it might eventually lose sales and have to start depending more on its cloud services like iTunes and the App Store for profits. But if Apple has shown anything in the last 14 years, it’s that it doesn’t stand still. Building a business to try to cash in on one or two products for as long a possible is not in its DNA. Apple thinks far further ahead than that. While Android focuses on commoditizing the handheld computer market to the benefit of Google’s existing services over the next year, rest assured that Apple is already focused on the next great product that five years from now will change the way we look at things. Again.

But maybe that is not a concern. Maybe, with Jobs’ rumoured ill health, he has decided that there are few more golden apples to lay and that he should cash in while the going is good.

Mixed metaphors aside, it should be noted Steve Jobs has never been interested in profit. In 1987 he told Playboy:

You know, my main reaction to this money thing is that it’s humorous, all the attention to it, because it’s hardly the most insightful or valuable thing that’s happened to me in the past ten years.

Apple has been modeled on this point of view. It is a product-driven company far more interested in the next great thing than in cashing in.

Upshot

Apple is not in the cloud business. It’s not in the enterprise computing business. It’s not interested providing utility services. And it’s unlikely ever to be. Apple’s actual business is far more successful, interesting, and profitable to them. So the question of whether or not iCloud should be “open” is unlikely to even be on Apple’s radar. What’s on their radar is not “being open,” but selling great products.

Looking for the comments? Try the old layout.

More about…

Byline: A Case Study Apple and Google Philosophical Differences

My favorite iPhone feed reading app is Byline by Phantom Fish. It syncs really well with Google Reader, so that things stay more-or-less in sync with NetNewsWire on my Mac. Unlike NetNewsWire, which added Google Reader syncing in 2009, Byline was built with Google Reader syncing from the beginning. Version 3.0 is especially good; I love the ability to swipe between posts. And the killer feature is the archiving of all content after a sync, so that everything loads fast — or on cross-country flights. News junkie that I am, Byline is one of my most-used apps.

Byline Edit Mode

Another great feature is Byline’s edit mode. When looking at a long list of new posts in a particular feed (for me it most often happens with the CPAN Uploads feed — CPAN gets a lot of uploads every day!), most of which I don’t care to read, I tap the “Edit” button to enter edit mode and then start tapping the blue dots to mark a whole bunch of items as unread. But not all of them; I leave the ones I’d like to read. But there’s a problem. At the top of the screen, directly above the top read/unread toggle button, is a button labeled “Mark All as Read.” As soon as you tap this button, Byline exits edit mode and shifts back to the main screen.

It’s a handy shortcut if you actually want to mark all as read. But what if you accidentally hit it, as I’ve done, oh, 20 or 30 times? Well, easy, right? Just go back into that feed, enter edit mode again, and then go over the list again and mark those you still want to read as unread, right? Yes, except for one thing: if Byline syncs before you’ve had a chance to read those posts you’ve just marked as unread, they automatically get marked as unread again. If you’ve elected to include unread items in Byline (it’s a setting), you can’t tell which ones were magically marked as unread by the sync. And if you don’t have unread items included in Byline, those items are just gone.

This has annoyed me many times.

In fairness, it’s not entirely Byline’s fault. One of its design philosophies is to use the Google API eagerly. So as soon as you’re done reading something, it’s marked as read, whether or not the app is actively syncing to Google Reader. This is handy because it means as soon as I’ve read something, if I sync NetNewsWire on my desktop, it’s marked as read there, too. It minimizes the appearance of duplication.

@phfish: “@theory I think they do it for performance reasons. It is a bit of an irritation, though.”

One of the APIs it calls ASAP is Google Reader’s “Mark All as Read API call”, and as Phantom Fish has said, Google provides no way to un-do that call. The result, for me at least, and certainly other users, is the loss of unread items.

I’ve had an interesting Twitter conversation with Phantom Fish about this issue this morning, trying to brainstorm ways to work around it. For me, I’d like to see either a confirmation button when I hit “Mark All as Read,” or have it not immediately leave edit mode but turn the “Mark All as Read” button into an “Undo” button, so that I have a chance to undo the marking all as read while still in edit mode, before the API call gets sent to Google. Phantom Fish is understandably reluctant to make a change such as this, however, because so many people like and have requested the single-tap to mark all as read. There are users who want both things. And Phantom Fish is reluctant to add a setting for such a feature, and indeed, I also tend to favor convention over configuration.

It’s a bit of a thorny issue, but one that I think nicely highlights the philosophical difference between Apple and Google. On iOS, I’m used to nothing I do while in an edit mode being committed until I hit the “Done” button. Byline’s “Mark All as Read” button short-circuits this behavior by ending the editing without me hitting “Done,” and instantly calls the Reader API. This is very convenient for power users (who never hit the “Mark All as Read” button accidentally, I guess), and strongly reminds me of how Geek-oriented Google applications like Reader are. I’m guessing such power users are Google Reader users. I’m not, I just use it for syncing.

The emphasis of “Mark all as Read” and its underlying API is ro “get things done in as few steps as possible.” This contrasts with the Apple philosophy exhibited in iOS, where things should of course be done as efficiently as possible, but where, I think, the principle of least surprise is emphasized. It’s handy to mark all as read with one tap, unless you didn’t want to, in which case it’s surprising that you can’t get the unread items back—specially since you never told the app you were done editing. Google Reader power-user types want the convenience of one tap. Folks like me, used to the relatively low levels of the unexpected on iOS, want things to change only when we say we’re ready for the change.

Anyway, I expect that Phantom Fish will work out some way to deal with this issue. (Frankly, I’d welcome the ability to exclude certain feeds from Byine, as NetNewsWire for iOS does, so that I don’t have to bother with some feeds on my iPhone, but that’s a different feature request.) But I thought it was interesting, in discussing the issue, how UI philosophical interests can conflict. Frankly, I think that iOS apps should be more iOSy in this respect (in all other ways Byline is very iOSy), but others disagree, and it makes for an interesting conversation.

Looking for the comments? Try the old layout.

Behind the Stevenote

Joy of Tech gives you: What’s really behind a Steve Jobs keynote.

I think they nailed it.

Looking for the comments? Try the old layout.

Gartner: iPod is a Security Threat

20 GB iPod

Well, this is entertaining. It seems that the Gartner Group has decided that iPods are a significant security threat. I think it’s great that a company like that makes its money by telling people that, yes, you can copy files between your PC and your iPod, and that poses a serious security threat. Please.

The problem, of course, is not the iPod. Or digital cameras. Or floppies. Or CD burners. No, the problem is people. I prefer to build a company that trusts its employees. Novel concept, I know. So here’s the mantra: iPods aren’t security threats; employees are security threats.

Now, I had to think carefully about posting this, because it reminded me, suddenly, of the old gun nut statement that guns don’t kill people, people kill people. The reason why I’m willing to use it for the iPod and not guns, however, has to do with design. Guns are designed to kill. It kind of makes the statement moot. I mean, what would you expect people to do with them? iPods, however, are not designed to breach security. They’re designed to listen to music, to store files, to copy your calendar, etc. Now, whether an individual person decides to use the iPod in breach of a company’s security protocols is a matter independent of the iPod’s design and intended use.

So the mantra holds: iPods aren’t security threats; employees are security threats. But guns, yeah, they’re pretty much designed for killing.

Looking for the comments? Try the old layout.