Month: March 2006

Dave Winer just put of a post about how he’s going to stop blogging.

His reasons: Blogging doesn’t need him any more?

I’ve never agreed 100% with Dave on things, which is okay because, well, he doesn’t know me and he’s a famous internet software developer. He said some things back in the FaceSpan days that I simply could not agree with and yeah, he can be petulant and sometimes awkward and sometimes I’m just demotivated to reading his blog…but I do come back. He’s a smart guy and maybe he’s right in that blogging doesn’t need him – maybe it never needed him – but I don’t think that’s a good reason not to blog. Blogging is cathartic in some ways and helps shape the blogosphere. Without his blogging we’d not have the full story on how Apple misrepresented RSS in iPhoto or how his new best friends at Microsoft are now not his best friends anymore. And it’s not the knowing that which is important, it’s the knowing why.

Anyway…that’s just my opinion.

I just saw a cool video. And no, I can’t post it publicly yet. It’s not pretty enough.

The synchronisation works, outputs to a web view and it all happens with some button clickage.

As the product moves ever out of the area of “vapourware” and into a definite product, things will undoubtedly change. The Widget controller has been (at least for now) been changed to a Cocoa-based app.

But what does it do?

It allows you to share calendars. A bit like .Mac really, but with effectively unlimited client machines and a lot more control over the calendars in terms of permissions and visibility. In real terms, you’ll be able to share a calendar and allow others to edit it, something that you can’t really do with the current iCal offering. And yeah, this will use iCal to do the editing. And support for Vista Calendar, 30boxes, Sunbird and other clients will follow (either from us or from interested third parties).

I’m blown away by this simple demo and the reactions from our testing team were very positive as well.

More info later….

Stray Toaster announces a CampFire meeting for the Northern Ireland Blogerati.

CampFire I find interesting as it’s some of those smart 37signals people who’ve wrapped IRC in a web GUI and put a big “Chat for Business” label on it. Other than that – why bother? It’s enchanted some people (you know, the kind who use IRC already) and I suppose it’s for the best. IRC is a nasty place filled with bots and software with awful interfaces.

Who are these Northern Ireland Blogerati?

Having a look at the CampFire it seems to be the local LUG with a few extra names I don’t recognise. How’s that for self-promotion?

The concept of Northern Ireland Blogerati I find to be one of those facinating oxymorons.

A local encyclopaedia defines:

Northern Ireland – A technological and cultural desert. See also “Lurgan”

Blogerati – The BlogoSphere Intelligentsia.

See what I mean?

We’ve just spent 2 days on the phone arguing with Airtricity and Northern Ireland Electricity.

We signed up with Airtricity in November. Cool, now getting electricity from renewable resources. Then BOINK – we get a bill from NIE. Turns out Airtricity haven’t done the due diligence.

And of course, Airtricity have not only been reading the wrong sodding meter. They’ve also been billing us from November.

They suck. And it’s about time they got their finger out.

ZDNet published a very misleading article today announcing that Mac OS X had been hacked in under 30 minutes in response to a “Hack My Mac”-type challenge. It differs to previous “Hack My Mac” challenges however in that the “hackers” were given local access. In other words, they already had SSH access to the machine. This makes a huge difference, and no, I’m not splitting hairs. To my mind, that’s like daring anyone to rob my house but leaving the windows open. Sure, it’ll deter some people who can’t fit through but it’s still a gross security hole. ZDNet presented the information as if it was as bad as some of the Windows XP remote exploits, where you can take charge of the computer without having your own account on it.

Dave Schroeder, a generally nice guy from the University of Wisconsin, has set up a comparable machine – a G4-based Mac mini running Mac OS X 10.4.5 with Security Update 2006-001. It has two local accounts, neither of which will be left wide open to attackers, and has ssh and http open – a lot more than most Mac OS X machines will ever have open. He invites some enterprising hackers as an education issue.

Is this a big deal? I don’t think so, but it is worthwhile to reiterate some security truths that we may have forgotten.

1. Don’t give local access accounts (even non-admin) to people you don’t trust.
2. Never give out your password to anyone. Not even me.
3. Don’t use a crappy USB ADSL modem. Use a NAT router with a Firewall.
4. Keep patched and up to date with Software Update
5. If you experience any odd behaviour (like files deleted mysteriously), do something about it

I’d add that Apple needs to get moving on some of these exploits (though whether they are in the open source underpinnings or in Apple code remains to be seen) and get them patched. We STILL have a long way to go before we’re at the level of Windows. The media, desiring us to remain in a state of Fear, Uncertainty and Doubt, will continue to obfuscate facts, in computers as well as in the recent wars, in order to sell newspapers, drive website hits and make names for journalists.

Two recent developments in the Mac world indicate Apple is addressing new markets.

First – the Mac mini. The latest release of the mini shows that Apple is serious about this form factor. They’ve added gigabit ethernet, it has wireless out the wazoo, it’s available with a dual-core processor and they’ve addressed the biggest problem with the old mini by having two memory slots rather than just one. That increases the maximum supported RAM to 2 GB. Much more suitable. It’s certainly addressed all of the bugbears that I had with the previous mini. And integrated graphics? Not worried. They’re better than the Radeon 9200 that was in there.

Second – Tesco. Tesco is the biggest supermarket chain in Northern Ireland (and maybe the UK, I don’t know). They’ve been selling Apple kit in the Tesco in Milton Keynes since the beginning of the year. As the result has been positive, they’re extending the trial to 6 stores with an aim to extend it to 300 stores.

This all makes me question why anyone would want to open a Mac shop. Why compete against Apple and Tesco for low margin items.

George Ou takes Paul Murphy to task for denying George’s allegation that Mac OS X is less secure than Windows because Mac OS X has had 238 reported vulnerabilities in the last year as opposed to 95 for Windows XP. Sounds bad huh?

Why on Earth would we prefer to be on Mac OS X then?

Well, there’s a slight amount of disingenuousness (is that a word?) there?

In one Mac OS X security update, there are 40 vulnerabilities fixed. Sounds mad eh? But when you look at the detail – some of them are vulnerabilities in htdigest, Apache2, CUPS, MySQL, OpenSSL. I’m not denying that these are issues and I’m also not denying that the problems in AppKit, Safari or Corefoundation are indeed problems but a vulnerability in OpenSSL is not the same thing at all. Apple didn’t write this code. It’s written and maintained by the open source community. If you’re using OpenSSL on Mac OS X you don’t have to wait for Apple to patch it. you can go get the patches from OpenSSL directly and build it yourself. Waiting for Apple to patch it is different. It’s a choice. And people using OpenSSL will be more savvy users anyway. It’s unlikely that your maiden aunt with enable MySQL or OpenSSL on their iMac.

Compare that to a single vulnerability in Windows. Microsoft wrote the code. And they’re the only people who can patch it. You can’t pop along to a different supplier and grab the patch files. Or you can consider this one for Internet Explorer which is considered “extremely critical”. And it’s unpatched. And the only place you can get the patch is Microsoft.

Y’see, it’s not the number of vulnerabilities. It’s whether or not you’re actually vulnerable. While I may have openssl installed, it’s not enabled. I don’t have MySQL installed (it ships on Server). I don’t have apache2 either.

But doesn’t everyone on the planet have Internet Explorer?

The Nitro project has created a core team of developers, and I’ve been nominated as one of them. That project is really starting to go places now: there’s a lot of vitality in the code base, and a lot drive to clean things up and get documentation rolling to the world at large.

I still haven’t received any additional requests for more tutorials, so I haven’t bothered extending the one I did for Og (Nitro’s ORM layer) a while back. I’ll ping the mailing list to see if anyone is interested in more stuff.

A while back, I said to Aidan that we’d spill some beans on 1st March. For the last few months we’ve been operating in “stealth mode”. This is where you don’t talk much about your product. Rick Segal (that Microsoft millionaire guy) says Stealth mode must be valley speak for I’m trying to be cool, grant you passage into my secret world of code if only to show you that I alone control your destiny. but sometimes “stealth mode” is necessary. It keeps powerful, aggressive competitors from eating your lunch and covers for your weaknesses as a microbusiness. It makes you wait until you have something to show. It allows you to measure interest by the reaction from the people who you do reveal it to.

So, is it time for us to disengage Stealth Mode? When you read that, do you think of Airwolf or Blue Thunder? Are you too young to even remember? Hmmm.

Anyway.

In no particular order, 5 details about this thing we’re building.

• It’s going to make calendaring on Mac OS X a lot more usable.
• It uses HTTP(S) for communications.
• It allows you to share calendars in a meaningful way.
• It uses Tiger’s SyncServices to work it’s magic.
• It uses a Dashboard widget for configuration.

Soon we’ll release the name and you’ll see why this article made me laugh…and then think and then laugh some more.