Apple is historically months behind in patching publicly disclosed vulnerabilities in core libraries they share with other Unix-like systems (Samba and Java are two key examples).
This is interesting because as of Lion, Apple isn't maintaining a JVM. Samba isn't even running by default. That doesn't mean it isn't an issue, but it also doesn't mean OS X is particularly vulnerable as a desktop as a result. The small number of exposed services makes many of those potential vulnerabilities fairly moot. Add onto that the default sandboxing for some services and the increased use in the next version, probably has a lot more real world impact than rate up updating libraries that are not exposed on the majority of users' systems. For example, the zeroconf daemon exploits a few years ago were problematic on numerous OS's but were completely ineffective against OS X because of the MAC sanboxing.
Overall code robustness is abysmal in any Apple product I've assessed--they fall over with trivial fuzzing or a few hours of analysis.
It seems like some Apple products are really hit and miss in this regard. Some of the developers are very security conscious and some seem to give little or no thought to security at all.
They're an absolute pain in the ass to deal with when trying to resolve a responsibly reported vulnerability: they often don't seem to have qualified people triaging inbound reports, and when they do finally acknowledge the correct severity of a reported issue it can take years before they finally push out a fix.
That has not been my experience. My former company submitted a small number of vulnerabilities to Apple through the public facing bug report system, and they were reasonably responsive, replying within a week or two and doing a good job of crediting us with the fix in the next security patch.
And to top it all off, their core security counter-measures (e.g. ASLR and NX) are useless as anything more than marketing fluff because they're not implemented consistently.
Their NX is well implemented from my understanding. Did you have a specific complaint about it? ASLR is only applied to libraries, but is applied widely in Lion. The sandboxing is well implemented but not ubiquitous and is more widely applied to userspace apps in Lion (we'll see how far). The malware detection is half assed and I've heard nothing about improvements in Lion. But it sounds like most of your complaints in this regard are already on the table in Lion.
The only reason every Mac isn't infested with malware is that they're not a big enough chunk of the market for it to be worth the effort.
You are way, way, way oversimplifying. Their market share is plenty to be attractive. Not having to fight other bot operators over the Mac market share would be very profitable. There are worms now with dozens of different Windows attacks fighting over the small share of vulnerable Windows systems, adding macs to that would be a considerable increase. Also, if you work in network security you are no doubt aware of the trend towards malware that mines data such as account info and credit card and bank account info. Macs would be a goldmine in that regard. Rather, I think OS X's lack of exploitation has to do with good choices for default services, some sandboxing, lack of malware author familiarity with non-windows development, and failure to properly create multi-vector worms that contain OS X attacks in conjunction with Windows attacks. Market share alone does not explain what we see in the wild.
If they ever cross the magic 15% threshold they're in for a very rude awakening.
People said the same thing with 5% and 10%. Part of the joy of arbitrary goalposts in internet forums is the lack of accountability. They're so easy to shift over time... unless, of course, you have specific reasons and data to suggest why 15% would be the specific number we need to consider.
It is disappointing to see the comments thus far have not bothered to mention what potential security improvements are likely to be in the final version of Lion and how effective they might be. So far the ones I've heard mentioned include:
ASLR applied to more than just the libraries.
More ubiquitous use of the sandboxing framework, enough so that there are now bugs around applications being unable to save files if the file name changes in the Finder, while open in the app.
Dropping the custom java runtime, and making a deal with Oracle to maintain it alongside the Windows JVM.
A new full disk encryption system built in (branded the same as the old Filevault) with a rapid system wipe.
Webkit2 with a sandboxed thread model.
I'm sure in more security oriented forums there will be some good analysis of these new features, how well implemented they are, and how effective they are likely to be. The Mac App Store offers some potential security improvements by standardizing application updates and pushing them out more quickly and widely and hopefully encouraging developers to make more use of security frameworks already present. Personally, I think the sandboxing combined with the Mac App Store could be a huge boon to security if Apple can get enough developers on board, but I'm not sure if Apple will go that route. Hopefully feedback from experts will help push them in that direction.
One also needs to inquire whether HP or Dell or Sony are such great companies from an ethical standpoint (certainly Sony is every bit as perverse and unsavoury as Apple). Basically, when you factor in environmental and labour practices alongside IP, the entire industry is pretty sleazy.
I wish people wouldn't be so lazy when it comes to these evaluations. You don't know how companies compare on these practices and don't really care or you would bother to find out. Companies know you don't really care, so they don't do anything to make things better. From what I've seen, there are abuses at suppliers for every manufacturers. Apple conducts regular audits, openly publishes a yearly report of findings, requires companies to change their practices and compensate workers abused, and ceases doing business with companies that don't fix the problems (they dropped one for repeated use of child labor just recently). As far as I have been able to find, no other major computer maker is publishing audits of third party suppliers. If they do publish them, they do a good job of hiding them from the public sine Google can't find them.
It is too easy to assume all companies are the same instead of finding out.
I'm sure the Chinese workers in Apple sweatshops appreciate the benefits of working for a company whose business model is so awesome.
Compared to every other computer manufacturer... probably so. You can complain about exploitation of the third world by manufacturing if you'd like, but Apple is pretty much at the head of the class for making sure their suppliers are observing a reasonable level of human rights. You hear about abuses by Apple because unlike everyone else, Apple audits their suppliers and openly publishes the results. They just published their most recent report where they detail the problems they found and which companies they stopped doing business with and what they required other suppliers to do in order to avoid the same.
It's great to be concerned about problems with third world, but it is pretty counter productive if you don't educate yourself enough to know you're attacking Apple on the one criteria where they are clearly ahead of the rest of the industry and providing them with incentive to do worse. By all means if Apple were to stop publishing audits in order to slip below the radar like the other computer companies, you'd hear less and clearly be happier with them. It is people like you, with your superficial understanding and poor research who are pushing companies to less transparency and putting less pressure on third world manufacturing to improve working conditions. If you really want to help you should buy a Mac and write to all the other major computer companies and tell them you did so because they are not conducting and openly publishing regular audits of their suppliers with details of abuses and what was required to remediate those abuses and not openly publishing a list of the suppliers they dropped because of human rights abuses. But instead you'll do business with companies that do no such thing and whose abuses you don't hear about. Out of sight out of mind. A golf clap to you, jackass!
Because I can't mod you "learn to use Google". I mean I referenced Consumer Reports by name. You are so incompetent you can't find their laptop reliability studies?
I'd really have to see the data with my own eyes, as in my experience (and more than a few studies back me up on this) Thinkpads are far and away the most reliable laptops in the market, MBPs included.
What studies back you up on this? Consumer Reports puts Lenovo at 63/100 last year and Apple at 86/100 for reliability. The latest Recuecom study gave Apple 394 compared to Lenovo's 314, The Squaretrade study shows Apple beating Lenovo only by a few percentage points, PC Mag gives Apple laptops 9.2 versus Lenovo's 7.9, LaptopMag conducted a study and gave Apple 80 versus Lenovo's 75. I usually pay the most attention to Consumer Reports simply because they have better methodologies and are much more trustworthy in that they refuse free samples and don't have advertisers so their studies have no incentive towards bias. They are well worth a subscription.
So my question to you is, where are you getting these studies upon which you are objectively forming your opinion about the reliability of products? Google certainly seems to turn up lots of evidence against your hypothesis but I saw no one claiming Lenovo or Thinkpads winning on that front.
It might have been a bit unfair that MS had a stranglehold on the browser market for those PCs that had Windows pre-installed.
Except that IE's market share was slipping long before the EU felt the need to pointlessly start throwing their weight around.
Yeah, you can tell the market is working well when the absolutely worst browser on the market, with huge security problems, huge performance problems, and utter failure to implement modern standards and popular new features ONLY has 50% of the market and is slowly losing share after no significant updates for a decade.
Your argument is less than compelling.
2. Have no idea what a "browser" is, and just want to check their email. They click a button randomly, or maybe based on which icon is the prettiest. Ballot still serves no purpose for the user -- all it manages to do is artificially spread around market share to no-name browsers.
What you fail to understand is that option 2 is immensely better for a free market, competition, and driving innovation than the situation we had. If a user chooses randomly instead of having a choice made for them by one entrant into the market, then it opens up the possibility that cool new features can make them learn to prefer an option. That gives browser makers including MS incentive to make better products. Moreover, because MS's numbers aren't being artificially propped up by those users, MS has specific incentive to work to make things better for users in order to capture more market share. This is how capitalism works.
$2000 is very, very expensive for a laptop. Period. You can get a high-quality, durable PC laptop like a ThinkPad T510 for around $900.
Amusingly, I worked at a company where those were the laptop options, Thinkpad or MacBook. The IT department kept statistics on failure rates (among other things) and their numbers lined up right about with Consumer Reports. Those high-quality, durable ThinkPads fail a whole lot more often than Macbooks. That's not to say Macbooks are a better deal for all use cases, if you keep a few extras laying around and have good backups/restore and a good repair program, but let me tell you, it doesn't take too many hours of lost work from a $100K+/year engineer to make the return on more expensive but more reliable laptops a bargain.
Trade secrets, as opposed to NDAs. You and many others don't seem to understand the difference.
Trade secrets are only trade secrets when they are under control of the owner and passed to employees, contractors, etc. This is accomplished through (and only through) NDAs.
Take a look at both the UTSA and California's Civil Code sections 3426.1-3426.11. If you knowingly receive trade secrets from a trusted party and use them to profit, even if you've never signed an NDA in your life, you are still guilty of a crime. So I'll say it to you as well, please stop misinforming people and do your research before handing out amateur legal advice.
the question i would ask, what consitutes a trade secret in a commercial electronic device using mathematic algorithms to protect content?
Any secret information that lends a company a competitive advantage seems to be covered. So if it is the same style of algorithm as everyone else is using, it is not covered. I was mostly just commenting to correct the misinformation about trade secrets in general, not this specific case.
is it patented?
Patents are public documentation of a process and would preclude a trade secret.
The thing with trade secrets is that you're only bound by the NDA if you actually signed it.
You are misinforming people. Please stop. NDAs are simple contracts covered by contract law. Trade secrets, on the other hand, apply to everyone because places like California have passed laws making it illegal to knowingly disclose trade secrets. It has NOTHING to do with having signed a contract and applies to everyone in the jurisdiction, not employees of the company in question.
Once Open HTML5 video hits and Google and Mozilla start implementing it then Apple and Microsoft will come along.
Umm, Apple is driving the adoption of HTML5 video. It's already there. I can watch HTML5 video in Safari just fine now using any codec I've installed including Ogg, and HTML5 is really the only way to easily watch video on iPhones. It is an open standard implemented by multiple parties and has been for quite a while. Now whether or not specific companies preinstall specific codecs, is something else.
If I wanted to use just the keyboard to rename files, I'd use Emacs.
Umm, Emacs? Why not the bash shell? Why do you need a text editor when the CLI supports regexps? As for using the GUI, spotlight supports regexp and for renaming Automator does as well, so you don't need the CLI, you can use the included GUI tools easily.
Yes, that's it the parent posters point. Launching the application using the keyboard is a pain unless you basically use the GUI as if it were a CLI.
How is using arrow keys, then cmd-o more akin to a CLI than using enter? It's just a different choice. Also, why is bringing the power of the CLI to a GUI a bad thing? Spotlight is similar to tab completion, but using a nice GUI so users don't have to launch a CLI or worry about paths. I guess we have very different interpretations of what a "pain" is.
They are about security, but security going forward that is good enough most users don't have to worry about it. It's like the old Volkswagon motto of making cars so users don't have to worry about the car.
Isn't that the same Apple that released iOS4 with such a massive security hole that the phone could be jail-broken by going to a website?
Yup. Security isn't just about finding every possible exploit. It's also about fixing them and making sure you can fix them. Apple fixed that particular exploit in 9 days. That's nine days from the exploit being made public to Apple having fixes pushed out to users. Now imagine if that was a Flash exploit. Suddenly Apple has a hard choice, revoke the Flash keys so Flash breaks on all phones (after users have come to rely upon it) or wait for Adobe to get around to fixing the exploit (and we all know how rapid they are about such things).
Lack of Flash on the iPhone prevents developers from using it exclusively and keeps Apple out of the position of having to make that really crappy choice. It puts security back into Apple's hands so when there is a problem, they can fix it.
And when they fixed that the hackers found a new way to unlock that is based on a low-level firmware vulnerability that Apple can't fix even with an OS upgrade?
This isn't really a security concern for users though. Apple doesn't really care about jailbreakers, just about the underlying security problems that allow jailbreaking and the potential concern for normal users. That's where they could lose money.
No, Apple is about control, not security.
Apple is about control. They don't want to be dependent upon Adobe or anyone else for solving problems with battery life, security, or developer access to new features on the iPhone. But Apple is about control for security reasons among others.
Fit's law is a joke. In a best case scenario, the amount of time it would save is small enough to be statistical noise.
Assuming you mean Fitt's law, [citation fucking needed]. Every couple of years another usability grad student revisits Fitt's law in some testing to see if it really holds up in the real world. It is so well supported by now you might as well be arguing against evolution. If you had ever in your life picked up an HCI journal, or even taken a few serious university courses I can't imagine you making this assertion.
I don't know what you are talking about Linux requiring the movement of the mouse in specific patterns.
Use it on a daily basis for a while and it becomes obvious. I'm not going into a lengthy explanation here though.
Clearly, there was at least an attempt to have icons that had some kind of association with what would happen.
Yup, they made an effort. Then you sit a user down, show them the icon and ask them what it means in context. Rearrange them and ask again. Most users will tell you the meaning is completely different, because they just know you click the middle one to do that and the symbols have no meaning to them.
A green plus assigned to a window is very clearly marked. It is just that the button doesn't do what it is marked to do.
It does what it is marked to do well enough. I've actually seen a study on this very topic. The problem with this user interface element is that it doesn't do what Windows does, no more no less. As a power user, I appreciate the functionality. As a usability engineer, I bemoan the wretched choice of the designers in giving power users more functionality, dependent upon the app designer, or being less confusing to "switchers".
...just as we can learn that hamburgers are not made with ham. It doesn't make it correct.
That's a bit of a non sequitur. By the same argument, we could say Seattle is incorrectly named because people there do stand up and are not always seated. Good thing we've learned or something... what was your point again?
The problem isn't that it doesn't maximize, the lack of which I do find to be a glaring omission as well. The problem is that it DOES NOT set the screen to 'optimum' size.
The difference in functionality with that button and the Windows equivalent is that the Windows button either maximizes or reduces the window to whatever size it was before it was maximized or to some arbitrary default. The consistency of the button makes it more learnable, but for more advanced users, well kind of sucks. Advanced users rarely want to fill their screen with empty space to the sides of the content being displayed. It is useless to a huge number of applications.
The OS X version does the same thing except instead of always maximizing a window, the application developer decides if the specific application is one that benefits from filling the screen (like video players) or one that is more useful increasing in size until it is big enough to display all the content in the current window. This makes it a more flexible tool and brings the brain of the developer to bear on the issue, but harder for novices to learn and more importantly is not identical to Windows and thus confuses the masses of people who are trained by that system.
Objectively, as a usability expert, I think Apple's system is more flexible and offers better usability to power users, but they may have needed to do more testing with Windows users since "switchers" are such a large part of their user base. Ignoring the conditioning of Windows users may be strategic, however, as the sooner the UI breaks with Windows the less pain it will be for users overall.
It's only my anecdotal observation, but whenever I compare the Windows to Mac users I know, I always get the impression that the Mac users are very keyboard-shy compared to the Windows ones, and less efficient. Maybe I just have a poor selection of non-proficient Mac users to observe? But they seem to be the 'power user' type to me.
That is an odd observation. Novice users on any system will be slow and avoid advanced UI features, but I certainly know plenty of expert Mac users that make heavy use of the keyboard. I find the keyboard use on the Mac to be significantly better than Windows when using a variety of software. First, every function is keyboard accessible, not just a subset as with most windows software. Second, the CLI interaction with GUI programs allows a lot of regexp heavy lifting and piping. It may be that I haven't spent enough time with powershell, but partly I blame MS for reinventing the wheel instead of implementing a compatible CLI that leverages the millions of man hours of existing user experience.
But all that is just MY personal observation. I work with a lot of very expert Mac users, some of whom you see quoted in security themed articles here on a regular basis. Who would have thought in the old days that Macs would take over as the most popular workstation for security pros eh? It boggles the mind.
In addition to my informal observation, I've run a number of formal usability testing sessions for different software, including many sorts of users on different OS's, all filmed and categorized and broken down by every failed interface action. The amount of fail for all users on the Windows OS is staggeringly bad. I've been in roundtable discussions with dozens of usability experts and the consensus I've seen is that MS probably does formal usability testing, but that the problems they find are often ignored and random changes are introduced either by engineering or sales, late in the game, with no regard for usability.
No, it isn't. Google isn't giving you the CPU time to run your word processor remotely and just view it on your local screen. They're just serving up a load of web pages which simulate a word processing application for lots of people at once.
Your distinctions, as always, are irrelevant. They don't really exist. The processes are running and HTML is part of the display format. I can run a word processing program locally and use PDF as the display format (OS X native display) and guess what, multiple users can log in simultaneously and use it. Heck, I even have a word processor that supports multiple simultaneous users on my system right now.
You can buy a box to run it on your own machine? Que? While you're discussing a completely different thing, it'd help if it made sense:-).
I don't know about you, but when I buy a new box from a vendor, it becomes my own machine.
This is all pointless. For every "distinction" you bring up I can bring up a hundred exceptions and cases where your distinction makes no sense and no one reading your distinction can tell if is a given program or service is an "application" as you define it. Just fucking give it up already. Web apps are applications and you don't like them. is that really so hard?
It will be interesting to see how these systems (OnePass and Apple's App Store) compare. Does anyone know if Google is hosting the content free of charge on the Google App store, or is this payment system independent of hosting? It seems like the latter from the two articles I read, but they were both vague. In the end I suppose most publishers will use both to target the most eyeballs, but with both mobile powerhouses stepping in, Amazon and B&N and Sony are going to have to step up their game.
I personally am enraged every time I hit enter on an application and it sets me up for renaming the icon. I mean, really? That's what I am going to do so frequently that it deserves one of the biggest buttons on my keyboard? That's what passes for intuitive?
It is actually funny you mention that because that exact feature is why a colleague of mine (technical writer) switched to OS X from Windows. It was painful to rename large lists of files using just the keyboard on Windows. She actually had someone teach her to use the DOS shell just for that capability. When she saw me perform the operation on a few files on one of the office Macs she decided that one feature was so important she was willing to switch OS's to get it.
I suppose one could just as easily ask, who launches icons from the windowing GUI using the keyboard, but not using Spotlight? Who does it so often that a key combination rather than a keypress slows them down?
Don't kid yourself about OSX. You may like it, but it has it's own share of UI disasters.
Absolutely it does, but the toolkit for apps has more built in reasonably usable defaults than, well any other I've used. Thus applications tend to inherit good usability and users to expect it.
Some like having the Trash and Eject be the same UI target were a dumb idea from day one.
That one fails in the learnability, usability category. It's fine once you know it, but having to grab a volume to eject before it appears is problematic.
Some, like having all of the menus at the top of the screen made sense when we were on low resolution single screen systems, but are detriments in multi-monitor high resolutions systems...
Actually, this one is more of a benefit on high resolution screens where Fitt's law has greater return, especially combined with logarithmic acceleration of cursors. As for multiple monitors, the Apple compromise on that one works fine with no real detriment; certainly better than any other OS I've used. Windows ends up restricting your windows inside another window and you lose a lot of the benefit of multiple monitors if you're using just one app in the foreground. Linux ends up making you move your cursor in specific patterns just to get to the menus if you happen to be working with a window on the wrong screen. Linux does well for multiple apps at once (not switching, simultaneous use like reading one and writing in another) but falls down for the single app and app switching cases.
...and some of them are brand new bonehead decisions like choose to use a green plus for a button that will shrink the screen.
Meh. None of the windowing systems have easily interpretable symbols for window controls. I'd fault Apple more for not having the symbols visible until you mouse over them (for color blind people).
But it does nothing at all without Skype run servers to connect to. If there is not a service running on the internet or if that service is unreachable, even if you can get to other parts of the internet, you can do nothing with the client software. Another good example would be an AIM application.
You're not thinking hard enough. The purpose of the Skype client is to act as a client to the Skype system, not to act as the whole Skype system. It fulfils that role using only the workstation in front of you. Thus it is self-contained in the sense described.
It is self contained in a useless sense completely invisible to users. Skype advertises their service as being able to "call other people around the world for free", not "connect to Skype".
That's just an application having its UI displayed somewhere distant. There's no inherent reason it cannot be run locally.
That doesn't answer the question.
Well, it makes for a slow, bloated choice, but there's nothing about choosing it which makes it not an application. It stops becoming an application when it is no longer self-contained, i.e. you lose the ability to execute the software's functionality.
So you think a Skype client doesn't lose it's functionality when it can't connect to the Skype network, but GoogleDocs loses it's functionality, when you can't connect to Google? Either way the end user can do jack and shit.
Since you are having difficulty understanding, how about the following question for classification: ask, "What am I running?" In the case of Skype, you are running the Skype client. In the case of Office over Citrix, you are running Office on a remote machine. In the case of Google "Apps"... you are running nothing.
In the case of Google Apps I'm running an app on Google's servers and connecting to the interface via my browser. It's the same as running Word on a remote server and connecting to it vie Citrix, except for the specific software. Heck I can even buy a box from Google (if I have the money) to run Google docs locally on my own machine and connect to localhost via a browser.
You're just trying to make an arbitrary distinction because you don't like the limitations of some Web apps and don't care about those same limitations you are used to with certain traditional apps. So you try to make up a definition that lawyers the former out and the latter in. That's weak.
Slashdot Mirror
Apple is historically months behind in patching publicly disclosed vulnerabilities in core libraries they share with other Unix-like systems (Samba and Java are two key examples).
This is interesting because as of Lion, Apple isn't maintaining a JVM. Samba isn't even running by default. That doesn't mean it isn't an issue, but it also doesn't mean OS X is particularly vulnerable as a desktop as a result. The small number of exposed services makes many of those potential vulnerabilities fairly moot. Add onto that the default sandboxing for some services and the increased use in the next version, probably has a lot more real world impact than rate up updating libraries that are not exposed on the majority of users' systems. For example, the zeroconf daemon exploits a few years ago were problematic on numerous OS's but were completely ineffective against OS X because of the MAC sanboxing.
Overall code robustness is abysmal in any Apple product I've assessed--they fall over with trivial fuzzing or a few hours of analysis.
It seems like some Apple products are really hit and miss in this regard. Some of the developers are very security conscious and some seem to give little or no thought to security at all.
They're an absolute pain in the ass to deal with when trying to resolve a responsibly reported vulnerability: they often don't seem to have qualified people triaging inbound reports, and when they do finally acknowledge the correct severity of a reported issue it can take years before they finally push out a fix.
That has not been my experience. My former company submitted a small number of vulnerabilities to Apple through the public facing bug report system, and they were reasonably responsive, replying within a week or two and doing a good job of crediting us with the fix in the next security patch.
And to top it all off, their core security counter-measures (e.g. ASLR and NX) are useless as anything more than marketing fluff because they're not implemented consistently.
Their NX is well implemented from my understanding. Did you have a specific complaint about it? ASLR is only applied to libraries, but is applied widely in Lion. The sandboxing is well implemented but not ubiquitous and is more widely applied to userspace apps in Lion (we'll see how far). The malware detection is half assed and I've heard nothing about improvements in Lion. But it sounds like most of your complaints in this regard are already on the table in Lion.
The only reason every Mac isn't infested with malware is that they're not a big enough chunk of the market for it to be worth the effort.
You are way, way, way oversimplifying. Their market share is plenty to be attractive. Not having to fight other bot operators over the Mac market share would be very profitable. There are worms now with dozens of different Windows attacks fighting over the small share of vulnerable Windows systems, adding macs to that would be a considerable increase. Also, if you work in network security you are no doubt aware of the trend towards malware that mines data such as account info and credit card and bank account info. Macs would be a goldmine in that regard. Rather, I think OS X's lack of exploitation has to do with good choices for default services, some sandboxing, lack of malware author familiarity with non-windows development, and failure to properly create multi-vector worms that contain OS X attacks in conjunction with Windows attacks. Market share alone does not explain what we see in the wild.
If they ever cross the magic 15% threshold they're in for a very rude awakening.
People said the same thing with 5% and 10%. Part of the joy of arbitrary goalposts in internet forums is the lack of accountability. They're so easy to shift over time... unless, of course, you have specific reasons and data to suggest why 15% would be the specific number we need to consider.
There are very few true viruses in the wild at all these days. The great majority are actually trojans or worms.
You do know that, "worm" is a subset of, "virus" right?
It is disappointing to see the comments thus far have not bothered to mention what potential security improvements are likely to be in the final version of Lion and how effective they might be. So far the ones I've heard mentioned include:
I'm sure in more security oriented forums there will be some good analysis of these new features, how well implemented they are, and how effective they are likely to be. The Mac App Store offers some potential security improvements by standardizing application updates and pushing them out more quickly and widely and hopefully encouraging developers to make more use of security frameworks already present. Personally, I think the sandboxing combined with the Mac App Store could be a huge boon to security if Apple can get enough developers on board, but I'm not sure if Apple will go that route. Hopefully feedback from experts will help push them in that direction.
One also needs to inquire whether HP or Dell or Sony are such great companies from an ethical standpoint (certainly Sony is every bit as perverse and unsavoury as Apple). Basically, when you factor in environmental and labour practices alongside IP, the entire industry is pretty sleazy.
I wish people wouldn't be so lazy when it comes to these evaluations. You don't know how companies compare on these practices and don't really care or you would bother to find out. Companies know you don't really care, so they don't do anything to make things better. From what I've seen, there are abuses at suppliers for every manufacturers. Apple conducts regular audits, openly publishes a yearly report of findings, requires companies to change their practices and compensate workers abused, and ceases doing business with companies that don't fix the problems (they dropped one for repeated use of child labor just recently). As far as I have been able to find, no other major computer maker is publishing audits of third party suppliers. If they do publish them, they do a good job of hiding them from the public sine Google can't find them.
It is too easy to assume all companies are the same instead of finding out.
I'm sure the Chinese workers in Apple sweatshops appreciate the benefits of working for a company whose business model is so awesome.
Compared to every other computer manufacturer... probably so. You can complain about exploitation of the third world by manufacturing if you'd like, but Apple is pretty much at the head of the class for making sure their suppliers are observing a reasonable level of human rights. You hear about abuses by Apple because unlike everyone else, Apple audits their suppliers and openly publishes the results. They just published their most recent report where they detail the problems they found and which companies they stopped doing business with and what they required other suppliers to do in order to avoid the same.
It's great to be concerned about problems with third world, but it is pretty counter productive if you don't educate yourself enough to know you're attacking Apple on the one criteria where they are clearly ahead of the rest of the industry and providing them with incentive to do worse. By all means if Apple were to stop publishing audits in order to slip below the radar like the other computer companies, you'd hear less and clearly be happier with them. It is people like you, with your superficial understanding and poor research who are pushing companies to less transparency and putting less pressure on third world manufacturing to improve working conditions. If you really want to help you should buy a Mac and write to all the other major computer companies and tell them you did so because they are not conducting and openly publishing regular audits of their suppliers with details of abuses and what was required to remediate those abuses and not openly publishing a list of the suppliers they dropped because of human rights abuses. But instead you'll do business with companies that do no such thing and whose abuses you don't hear about. Out of sight out of mind. A golf clap to you, jackass!
Why can't I mod the parent, [citation needed]?
Because I can't mod you "learn to use Google". I mean I referenced Consumer Reports by name. You are so incompetent you can't find their laptop reliability studies?
I'd really have to see the data with my own eyes, as in my experience (and more than a few studies back me up on this) Thinkpads are far and away the most reliable laptops in the market, MBPs included.
What studies back you up on this? Consumer Reports puts Lenovo at 63/100 last year and Apple at 86/100 for reliability. The latest Recuecom study gave Apple 394 compared to Lenovo's 314, The Squaretrade study shows Apple beating Lenovo only by a few percentage points, PC Mag gives Apple laptops 9.2 versus Lenovo's 7.9, LaptopMag conducted a study and gave Apple 80 versus Lenovo's 75. I usually pay the most attention to Consumer Reports simply because they have better methodologies and are much more trustworthy in that they refuse free samples and don't have advertisers so their studies have no incentive towards bias. They are well worth a subscription.
So my question to you is, where are you getting these studies upon which you are objectively forming your opinion about the reliability of products? Google certainly seems to turn up lots of evidence against your hypothesis but I saw no one claiming Lenovo or Thinkpads winning on that front.
It might have been a bit unfair that MS had a stranglehold on the browser market for those PCs that had Windows pre-installed.
Except that IE's market share was slipping long before the EU felt the need to pointlessly start throwing their weight around.
Yeah, you can tell the market is working well when the absolutely worst browser on the market, with huge security problems, huge performance problems, and utter failure to implement modern standards and popular new features ONLY has 50% of the market and is slowly losing share after no significant updates for a decade.
Your argument is less than compelling.
2. Have no idea what a "browser" is, and just want to check their email. They click a button randomly, or maybe based on which icon is the prettiest. Ballot still serves no purpose for the user -- all it manages to do is artificially spread around market share to no-name browsers.
What you fail to understand is that option 2 is immensely better for a free market, competition, and driving innovation than the situation we had. If a user chooses randomly instead of having a choice made for them by one entrant into the market, then it opens up the possibility that cool new features can make them learn to prefer an option. That gives browser makers including MS incentive to make better products. Moreover, because MS's numbers aren't being artificially propped up by those users, MS has specific incentive to work to make things better for users in order to capture more market share. This is how capitalism works.
$2000 is very, very expensive for a laptop. Period. You can get a high-quality, durable PC laptop like a ThinkPad T510 for around $900.
Amusingly, I worked at a company where those were the laptop options, Thinkpad or MacBook. The IT department kept statistics on failure rates (among other things) and their numbers lined up right about with Consumer Reports. Those high-quality, durable ThinkPads fail a whole lot more often than Macbooks. That's not to say Macbooks are a better deal for all use cases, if you keep a few extras laying around and have good backups/restore and a good repair program, but let me tell you, it doesn't take too many hours of lost work from a $100K+/year engineer to make the return on more expensive but more reliable laptops a bargain.
WTF are you talking about?
Trade secrets, as opposed to NDAs. You and many others don't seem to understand the difference.
Trade secrets are only trade secrets when they are under control of the owner and passed to employees, contractors, etc. This is accomplished through (and only through) NDAs.
Take a look at both the UTSA and California's Civil Code sections 3426.1-3426.11. If you knowingly receive trade secrets from a trusted party and use them to profit, even if you've never signed an NDA in your life, you are still guilty of a crime. So I'll say it to you as well, please stop misinforming people and do your research before handing out amateur legal advice.
the question i would ask, what consitutes a trade secret in a commercial electronic device using mathematic algorithms to protect content?
Any secret information that lends a company a competitive advantage seems to be covered. So if it is the same style of algorithm as everyone else is using, it is not covered. I was mostly just commenting to correct the misinformation about trade secrets in general, not this specific case.
is it patented?
Patents are public documentation of a process and would preclude a trade secret.
Funny, when last I checked, if you reverse engineer Coca Cola and discover their secret formula, you are allowed to disseminate that information.
Not in California or other states that have passed trade secret laws.
The thing with trade secrets is that you're only bound by the NDA if you actually signed it.
You are misinforming people. Please stop. NDAs are simple contracts covered by contract law. Trade secrets, on the other hand, apply to everyone because places like California have passed laws making it illegal to knowingly disclose trade secrets. It has NOTHING to do with having signed a contract and applies to everyone in the jurisdiction, not employees of the company in question.
Once Open HTML5 video hits and Google and Mozilla start implementing it then Apple and Microsoft will come along.
Umm, Apple is driving the adoption of HTML5 video. It's already there. I can watch HTML5 video in Safari just fine now using any codec I've installed including Ogg, and HTML5 is really the only way to easily watch video on iPhones. It is an open standard implemented by multiple parties and has been for quite a while. Now whether or not specific companies preinstall specific codecs, is something else.
If I wanted to use just the keyboard to rename files, I'd use Emacs.
Umm, Emacs? Why not the bash shell? Why do you need a text editor when the CLI supports regexps? As for using the GUI, spotlight supports regexp and for renaming Automator does as well, so you don't need the CLI, you can use the included GUI tools easily.
Yes, that's it the parent posters point. Launching the application using the keyboard is a pain unless you basically use the GUI as if it were a CLI.
How is using arrow keys, then cmd-o more akin to a CLI than using enter? It's just a different choice. Also, why is bringing the power of the CLI to a GUI a bad thing? Spotlight is similar to tab completion, but using a nice GUI so users don't have to launch a CLI or worry about paths. I guess we have very different interpretations of what a "pain" is.
Apple is about security?
They are about security, but security going forward that is good enough most users don't have to worry about it. It's like the old Volkswagon motto of making cars so users don't have to worry about the car.
Isn't that the same Apple that released iOS4 with such a massive security hole that the phone could be jail-broken by going to a website?
Yup. Security isn't just about finding every possible exploit. It's also about fixing them and making sure you can fix them. Apple fixed that particular exploit in 9 days. That's nine days from the exploit being made public to Apple having fixes pushed out to users. Now imagine if that was a Flash exploit. Suddenly Apple has a hard choice, revoke the Flash keys so Flash breaks on all phones (after users have come to rely upon it) or wait for Adobe to get around to fixing the exploit (and we all know how rapid they are about such things).
Lack of Flash on the iPhone prevents developers from using it exclusively and keeps Apple out of the position of having to make that really crappy choice. It puts security back into Apple's hands so when there is a problem, they can fix it.
And when they fixed that the hackers found a new way to unlock that is based on a low-level firmware vulnerability that Apple can't fix even with an OS upgrade?
This isn't really a security concern for users though. Apple doesn't really care about jailbreakers, just about the underlying security problems that allow jailbreaking and the potential concern for normal users. That's where they could lose money.
No, Apple is about control, not security.
Apple is about control. They don't want to be dependent upon Adobe or anyone else for solving problems with battery life, security, or developer access to new features on the iPhone. But Apple is about control for security reasons among others.
Fit's law is a joke. In a best case scenario, the amount of time it would save is small enough to be statistical noise.
Assuming you mean Fitt's law, [citation fucking needed]. Every couple of years another usability grad student revisits Fitt's law in some testing to see if it really holds up in the real world. It is so well supported by now you might as well be arguing against evolution. If you had ever in your life picked up an HCI journal, or even taken a few serious university courses I can't imagine you making this assertion.
I don't know what you are talking about Linux requiring the movement of the mouse in specific patterns.
Use it on a daily basis for a while and it becomes obvious. I'm not going into a lengthy explanation here though.
Clearly, there was at least an attempt to have icons that had some kind of association with what would happen.
Yup, they made an effort. Then you sit a user down, show them the icon and ask them what it means in context. Rearrange them and ask again. Most users will tell you the meaning is completely different, because they just know you click the middle one to do that and the symbols have no meaning to them.
A green plus assigned to a window is very clearly marked. It is just that the button doesn't do what it is marked to do.
It does what it is marked to do well enough. I've actually seen a study on this very topic. The problem with this user interface element is that it doesn't do what Windows does, no more no less. As a power user, I appreciate the functionality. As a usability engineer, I bemoan the wretched choice of the designers in giving power users more functionality, dependent upon the app designer, or being less confusing to "switchers".
...just as we can learn that hamburgers are not made with ham. It doesn't make it correct.
That's a bit of a non sequitur. By the same argument, we could say Seattle is incorrectly named because people there do stand up and are not always seated. Good thing we've learned or something... what was your point again?
The problem isn't that it doesn't maximize, the lack of which I do find to be a glaring omission as well. The problem is that it DOES NOT set the screen to 'optimum' size.
The difference in functionality with that button and the Windows equivalent is that the Windows button either maximizes or reduces the window to whatever size it was before it was maximized or to some arbitrary default. The consistency of the button makes it more learnable, but for more advanced users, well kind of sucks. Advanced users rarely want to fill their screen with empty space to the sides of the content being displayed. It is useless to a huge number of applications.
The OS X version does the same thing except instead of always maximizing a window, the application developer decides if the specific application is one that benefits from filling the screen (like video players) or one that is more useful increasing in size until it is big enough to display all the content in the current window. This makes it a more flexible tool and brings the brain of the developer to bear on the issue, but harder for novices to learn and more importantly is not identical to Windows and thus confuses the masses of people who are trained by that system.
Objectively, as a usability expert, I think Apple's system is more flexible and offers better usability to power users, but they may have needed to do more testing with Windows users since "switchers" are such a large part of their user base. Ignoring the conditioning of Windows users may be strategic, however, as the sooner the UI breaks with Windows the less pain it will be for users overall.
It's only my anecdotal observation, but whenever I compare the Windows to Mac users I know, I always get the impression that the Mac users are very keyboard-shy compared to the Windows ones, and less efficient. Maybe I just have a poor selection of non-proficient Mac users to observe? But they seem to be the 'power user' type to me.
That is an odd observation. Novice users on any system will be slow and avoid advanced UI features, but I certainly know plenty of expert Mac users that make heavy use of the keyboard. I find the keyboard use on the Mac to be significantly better than Windows when using a variety of software. First, every function is keyboard accessible, not just a subset as with most windows software. Second, the CLI interaction with GUI programs allows a lot of regexp heavy lifting and piping. It may be that I haven't spent enough time with powershell, but partly I blame MS for reinventing the wheel instead of implementing a compatible CLI that leverages the millions of man hours of existing user experience.
But all that is just MY personal observation. I work with a lot of very expert Mac users, some of whom you see quoted in security themed articles here on a regular basis. Who would have thought in the old days that Macs would take over as the most popular workstation for security pros eh? It boggles the mind.
In addition to my informal observation, I've run a number of formal usability testing sessions for different software, including many sorts of users on different OS's, all filmed and categorized and broken down by every failed interface action. The amount of fail for all users on the Windows OS is staggeringly bad. I've been in roundtable discussions with dozens of usability experts and the consensus I've seen is that MS probably does formal usability testing, but that the problems they find are often ignored and random changes are introduced either by engineering or sales, late in the game, with no regard for usability.
No, it isn't. Google isn't giving you the CPU time to run your word processor remotely and just view it on your local screen. They're just serving up a load of web pages which simulate a word processing application for lots of people at once.
Your distinctions, as always, are irrelevant. They don't really exist. The processes are running and HTML is part of the display format. I can run a word processing program locally and use PDF as the display format (OS X native display) and guess what, multiple users can log in simultaneously and use it. Heck, I even have a word processor that supports multiple simultaneous users on my system right now.
You can buy a box to run it on your own machine? Que? While you're discussing a completely different thing, it'd help if it made sense :-).
I don't know about you, but when I buy a new box from a vendor, it becomes my own machine.
This is all pointless. For every "distinction" you bring up I can bring up a hundred exceptions and cases where your distinction makes no sense and no one reading your distinction can tell if is a given program or service is an "application" as you define it. Just fucking give it up already. Web apps are applications and you don't like them. is that really so hard?
It will be interesting to see how these systems (OnePass and Apple's App Store) compare. Does anyone know if Google is hosting the content free of charge on the Google App store, or is this payment system independent of hosting? It seems like the latter from the two articles I read, but they were both vague. In the end I suppose most publishers will use both to target the most eyeballs, but with both mobile powerhouses stepping in, Amazon and B&N and Sony are going to have to step up their game.
I personally am enraged every time I hit enter on an application and it sets me up for renaming the icon. I mean, really? That's what I am going to do so frequently that it deserves one of the biggest buttons on my keyboard? That's what passes for intuitive?
It is actually funny you mention that because that exact feature is why a colleague of mine (technical writer) switched to OS X from Windows. It was painful to rename large lists of files using just the keyboard on Windows. She actually had someone teach her to use the DOS shell just for that capability. When she saw me perform the operation on a few files on one of the office Macs she decided that one feature was so important she was willing to switch OS's to get it.
I suppose one could just as easily ask, who launches icons from the windowing GUI using the keyboard, but not using Spotlight? Who does it so often that a key combination rather than a keypress slows them down?
Don't kid yourself about OSX. You may like it, but it has it's own share of UI disasters.
Absolutely it does, but the toolkit for apps has more built in reasonably usable defaults than, well any other I've used. Thus applications tend to inherit good usability and users to expect it.
Some like having the Trash and Eject be the same UI target were a dumb idea from day one.
That one fails in the learnability, usability category. It's fine once you know it, but having to grab a volume to eject before it appears is problematic.
Some, like having all of the menus at the top of the screen made sense when we were on low resolution single screen systems, but are detriments in multi-monitor high resolutions systems...
Actually, this one is more of a benefit on high resolution screens where Fitt's law has greater return, especially combined with logarithmic acceleration of cursors. As for multiple monitors, the Apple compromise on that one works fine with no real detriment; certainly better than any other OS I've used. Windows ends up restricting your windows inside another window and you lose a lot of the benefit of multiple monitors if you're using just one app in the foreground. Linux ends up making you move your cursor in specific patterns just to get to the menus if you happen to be working with a window on the wrong screen. Linux does well for multiple apps at once (not switching, simultaneous use like reading one and writing in another) but falls down for the single app and app switching cases.
...and some of them are brand new bonehead decisions like choose to use a green plus for a button that will shrink the screen.
Meh. None of the windowing systems have easily interpretable symbols for window controls. I'd fault Apple more for not having the symbols visible until you mouse over them (for color blind people).
But it does nothing at all without Skype run servers to connect to. If there is not a service running on the internet or if that service is unreachable, even if you can get to other parts of the internet, you can do nothing with the client software. Another good example would be an AIM application.
You're not thinking hard enough. The purpose of the Skype client is to act as a client to the Skype system, not to act as the whole Skype system. It fulfils that role using only the workstation in front of you. Thus it is self-contained in the sense described.
It is self contained in a useless sense completely invisible to users. Skype advertises their service as being able to "call other people around the world for free", not "connect to Skype".
That's just an application having its UI displayed somewhere distant. There's no inherent reason it cannot be run locally.
That doesn't answer the question.
Well, it makes for a slow, bloated choice, but there's nothing about choosing it which makes it not an application. It stops becoming an application when it is no longer self-contained, i.e. you lose the ability to execute the software's functionality.
So you think a Skype client doesn't lose it's functionality when it can't connect to the Skype network, but GoogleDocs loses it's functionality, when you can't connect to Google? Either way the end user can do jack and shit.
Since you are having difficulty understanding, how about the following question for classification: ask, "What am I running?" In the case of Skype, you are running the Skype client. In the case of Office over Citrix, you are running Office on a remote machine. In the case of Google "Apps"... you are running nothing.
In the case of Google Apps I'm running an app on Google's servers and connecting to the interface via my browser. It's the same as running Word on a remote server and connecting to it vie Citrix, except for the specific software. Heck I can even buy a box from Google (if I have the money) to run Google docs locally on my own machine and connect to localhost via a browser.
You're just trying to make an arbitrary distinction because you don't like the limitations of some Web apps and don't care about those same limitations you are used to with certain traditional apps. So you try to make up a definition that lawyers the former out and the latter in. That's weak.