The problem with setting quotas for bloggers.

Exhibit A.

Maybe there’s another explanation for it.


Dope-fueled paranoia?

The Macalope’s just thinking out loud.

Stunning analysis. But not in a good way.

Fortune’s Deirdre Terry asks some questions about Jobs’ DRM statement that no one’s thought of:

So yes, it would be more convenient for everyone if all digital files could be played by any player or any other digital device. But where’s the customer clamor?

Could Jobs’ eloquent plea on behalf of consumers all be a gambit to force Apple’s content suppliers to renegotiate their deals and make it possible to download music and video directly onto the iPhone?

Unfortunately for Terry, the reason no one’s thought of them is probably because they’re so blindingly ignorant.

While customers aren’t exactly in revolt over FairPlay (Doctorow’s not a customer anymore), there is ample outcry for DRM-free music and plenty of evidence that DRM is what’s holding back the online music business.

But it’s her main point that’s so eye-poppingly bizarre. There’s absolutely nothing the Macalope knows of from a licensing perspective that would stop Apple from allowing someone to directly buy and download FairPlay-protected music from iTunes on an iPhone. He certainly wouldn’t want to try it using Cingular’s crappy EDGE data transfer speeds and wouldn’t want to try syncing on a regular basis on anything short of 802.11n [Edited for clarity as the Macalope was thinking "syncing" by not typing it. Damn these hooves!]. That’s probably why the iPhone — right now — seems to require USB docking to iTunes to transfer music.

It’s a rather baffling why Terry seems to think that Apple’s deal with the recording companies prevents FairPlay-protected songs from being transmitted over 802.11. That’s obviously not true as you can share your library over a network and stream it to an Airport base station.

Does Fortune pay for analysis like this? And how much?

Then why not do it?

Cory Doctorow says, OK, you want to offer DRM-free music? Do it. There are numerous artists that would love to sell their music DRM-free on iTunes.

But Apple has been saying for years that DRM on iTunes is all or nothing (see the third comment, and a tip o’ the old antlers to Hack the Planet).

That’s clearly a business decision — there’s no technical reason Apple couldn’t offer both DRM-ed and DRM-free songs. But it could easily be contractual. Apple’s agreement with the big four may say they can’t offer DRM-free music as the recording industry executives might fear that the great communist scourge of uncontrolled music files would eat their lunch and make love to their women better than they can.

Jobs has many reasons for challenging the labels — mostly due to Apple’s legal issues in Europe — but that doesn’t make his statement any less significant and Doctorow’s persnickety response doesn’t give it enough credit.

Right now it really does seem that DRM-free music is coming to a Mac (and a PC) near your some time in the not too distant future. Customers want it, analysts want it, and now technology companies want it.

Real Steve: "Imagine."

Steve Jobs provides his Thoughts on Music (tip o’ the antlers to BoingBoing) and specifically DRM.

Here are some key sections:

Apple was able to negotiate landmark usage rights at the time, which include allowing users to play their DRM protected music on up to 5 computers and on an unlimited number of iPods.

However, a key provision of our agreements with the music companies is that if our DRM system is compromised and their music becomes playable on unauthorized devices, we have only a small number of weeks to fix the problem or they can withdraw their entire music catalog from our iTunes store.

So far we have met our commitments to the music companies to protect their music, and we have given users the most liberal usage rights available in the industry for legally downloaded music.

Apple has concluded that if it licenses FairPlay to others, it can no longer guarantee to protect the music it licenses from the big four music companies.

Imagine a world where every online store sells DRM-free music encoded in open licensable formats. In such a world, any player can play music purchased from any store, and any store can sell music which is playable on all players. This is clearly the best alternative for consumers, and Apple would embrace it in a heartbeat.

Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven’t worked, and may never work, to halt music piracy.

Much of the concern over DRM systems has arisen in European countries. Perhaps those unhappy with the current situation should redirect their energies towards persuading the music companies to sell their music DRM-free.

It’s an interesting read. Jobs also says that as only 3% of music on an iPod is FairPlay-protected, Apple doesn’t see it as a scheme to lock users in.

The part of Steve Jobs will be played by Charlton Heston. The part of Mitch Bainwol will be played by Yul Brynner (antler tip to Your Daily Dosage for the correction).

Apple does not read this blog

Looks like there’s a new “Get a Mac” ad.

Entitled “Security”. And the fact that it was posted today (or so the Macalope surmises) is most likely a return salvo after Gates’ comments to Newsweek.


OK, it’s really funny but it’s kinda not what the Macalope had in mind when he asked Apple to demonstrate that it takes security seriously.


More security professionalism, please.

David Maynor has come out in defense of Bill Gates’ recent comments that OS X is security swiss cheese and he churlishly derides the Mac community’s response.

In the post, Maynor reminisces that Apple’s “Get a Mac” ads were what got him into Apple security research last year. Is it just the Macalope or is that a little odd? As a child did he also run after Mean Joe Green with a Coke bottle, begging him to throw a jersey at him?

The thing that really upsets me about the Mac community going off on Bill Gates is that Apple does the same exact thing. Their “we don’t have security problems” commericals [sic] are the same thing as what Bill Gates said. If you want to be mad at Bill then hold Steve accountable for the same actions as well. The arrogant commericals [sic] Apple runs has done nothing but win them alot of researchers who are breaking their systems that would not have otherwise given them a second look.

The Macalope thought there was something strange about Maynor’s assertions here so he went back and watched all of the “Get a Mac” ads. Do you know how many of them discussed security?


So, it’s not “commercials”. It’s “commercial”.

Why did David Maynor get so bent out of shape over one commercial? Seems a little absurd.

It’s also a little absurd that Maynor is trying to conflate Apple’s silly, funny ad with statements made by the founder and chief technologist of Microsoft to a Newsweek reporter.

Those things are not comparable.

But for grins, let’s pretend that they are and take a look at the relative truth behind each. Here’s the salient part of the “Get a Mac” ad entitled “Viruses.”

PC: Last year there were 114,000 known viruses for PCs.

Mac: PCs. But not Macs.

Is this true?

The year in question is 2005 and the data comes from a report from Sophos that says:

By December 2005, Sophos Anti-Virus was identifying and protecting against over 114,000 different viruses, worms, Trojan horses and other malware.

So, we can quibble over the use of the word “virus” to describe a host of malware, but it’s not really important to the argument. Sophos does, however, make a Macintosh version of its program, so maybe some of those are Mac viruses.

OK. Just how many Mac viruses are there?

According to, 111. [CORRECTION: As noted in comments, this is the number of vulnerabilities, not viruses. The number of viruses is actually probably significantly lower which maybe helps proves the point about the Mac's lower market share being its saving grace.]

Now you can look at the ad’s assertion yourself and decide if it’s “arrogant”, but the Macalope will note that Apple’s at least 99.9% correct here ((114,001 – 111) / 114,001). And it’s 100% correct if you just take it at face value – there are not 114,000 viruses for the Mac.

Maybe it’s the text Apple shows after you run the “Viruses” ad on the web that caused Maynor so much chafing. Let’s look at that.

114,000 Viruses? Not on a Mac.

Kinda covered that.

Mac OS X was designed with security in mind.

Well, that’s a piece of rather obvious fluff. Of course it was.

Windows just wasn’t built to bear the onslaught of attacks it suffers every day.

This is true simply be definition. Most viruses are written for Windows. An OS can’t “bear the onslaught” of a virus written to take advantage of one of its flaws. OS X was not “built to bear the onslaught” of the 111 viruses written for it.

A Mac offers a built-in firewall, doesn’t advertise its existence on the Net, and isn’t compromised within an hour of being turned on.

All undeniable fact.

Aaand that’s it.


Maybe it’s just the Mac guy Maynor doesn’t like. Some people don’t like him.

OK, let’s look at the primary security-related statement against the Mac in Gates’ interview.

Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally.

No. They do not. They didn’t even come out with one every day in the month of January. If Gates had said something more generic like “They keep coming out…” one might be inclined to cut him some slack, but he didn’t. He said “Every single day…” and that is false.

Gates does have something more of a point about upgradability and one can argue about who copied whose interface all day long.

But that’s not what Maynor’s talking about. He’s talking about security and it’s really not a contest. Apple’s ad is true and Gates’ comments are not.

Yet Maynor feels justified in giving props to Bill Gates for stickin’ it to the man.

He also expects howls of uproar over his assertion that Vista is more secure than OS X. Truth be told, Maynor’s far more qualified to make a judgement about that than the Macalope, but the horny one would point out that just because Vista’s more secure on paper, doesn’t mean that it will provide a more secure user experience. Windows is still and will continue to be the bigger target.

The biggest threat OS X has seen recently is from the supposedly responsible members of the security world who seem to be trying to provide Microsoft cover and bring trouble to Mac users by publishing (and executing) OS X exploits.

All because they didn’t like an ad and got pissed off by some comments on Slashdot.

If you read Maynor’s post, you’ll notice that it would be very easy to pump up the volume of the snark in response. Maynor is not a very good communicator. He may be a very good security researcher, but he’s not a terribly good writer (yet, anyway) and history has proven that he’s not terribly adept at PR.

So the Macalope could just haul off on Maynor and we could all have a good time, laugh ourselves silly and go back to watching That Phone Guy. But keep reading. Let’s hear Maynor out.

Microsoft only changed when users demanded better security, and it’s only when the Mac community calls for similar protections that Apple will include them in products.

Here, dear readers, comes the glorious moment. That most special of after-school special moments.

Because you know what? Here, he’s right.

He’s absolutely, 100% right. No matter what crazy-assed things he’s said up until now, his final point is spot-on.

We, as Mac users, have been skating. We’ve been skating on the fact that no one writes exploits for the Mac. And as Apple becomes more and more of a household name, that will not stand.

This is not to say that Apple isn’t already working on security enhancements for OS X or that it will ever have as much malware as Windows. But while Apple has been attempting to leverage its historically good reputation, Microsoft has been trying to reverse its historically bad reputation by aggressively implementing new technologies that will make it harder to write exploits for Windows.

The Macalope wants OS X to be the most secure operating system there is, practically as well as theoretically, and there is certainly some evidence that Apple does not take security seriously enough. Maynor did not even mention the company’s flippant handling of the incident where it shipped iPods infected with a Windows virus.

That incident, by the way, was marked by a universal condemnation of Apple’s comment from Apple bloggers (including the Macalope) and suggestions that the company needs to take security more seriously, an inconvenient truth for Maynor who loves to rail against Mac zealots.

To be fair, some guy on Slashdot probably thought Apple’s comment was teh awesome so…

In general, the Macalope says the hell with David Maynor. Anyone who gets such a gigantic bee up his butt over a 30-second ad shouldn’t be taken seriously.

But at the same time the Macalope would really like to see Apple demonstrate that it does take security more seriously than as a marketing tool.

UPDATE: Maynor provides some clarification in a post that the Macalope agrees with in its entirety. He’s also taken exception to this post in comments.

UPDATE THE SECOND, ELECTRIC BOOGALOO: The blogstorm continues as Maynor responds to John Gruber’s brief post.

You are not mad that Microsoft’s latest Operating Systems out classes OSX hands down in the areas of security and anti-exploitation technology but instead one comment Bill Gates made to a reporter? Tell you what, when Microsoft starts running commercials that feature the Month of Apple Bugs then you have every right to complain.

This is really interesting. Maynor, who complains at great length in a previous post about how Apple’s Lynn Fox screwed him by issuing false statements to reporters, does not find Gates’ false statement to a reporter to be noteworthy. It is noteworthy. It’s noteworthy in the kind of way that you write a response to it on your blog. Not in the kind of way that you decide “Oh, yeah? Well, I’m gonna crack Windows!” and then you come up with an exploit but you screw up the delivery and devote months of your life to defending yourself and quit your job because you think your employer screwed you and finally decide to write a book about the whole affair.

In general, the Macalope expects more truth from a Newsweek interview than a commercial where actors are pretending to be computers, but maybe he’s just one of those craaaazy Mac zealots.

As for the first part, the Macalope’s not sure why this isn’t obvious to Maynor but it’s hard to get worked up over security and anti-explotation technology when there are so few exploits for the Mac. Your average Mac user has never, ever been a victim of malware. Ever. Once.

Is this thing on? Hello? Hello?

Of course, an ounce of prevention being worth a pound of cure, the Macalope would really like to see Apple implement some of the technologies Maynor is talking about and sooner rather than later. So he’s doing what Maynor suggests.

So there.

Those iPhones. They'll kill ya.

Rob Enderle has some horrible things to say (tip o’ the antlers to Piotrowski via email) about using the iPhone in a corporate environment.

Hard to believe, isn’t it? The Macalope is just as shocked as you are.

But, apparently the iPhone can cause your entire company to come crumbling to the ground almost instantaneously. And give all your employees syphilis. Or something.

“The device isn’t secure enough, nor is it designed to run with corporate systems,” he said.

Enderle has been running around his usual circuit of lazy journalists spreading the idea that the iPhone isn’t secure since the day it came out.

The only real basis for this argument seems to be the fact that because it will run QuickTime, show a variety of image types and do other multimedia tasks, those files can be used to compromise the iPhone the same way they can be used to compromise a PC or a Mac.

Sooo, it’s no more or less secure than a PC or a Mac. OK. [The Macalope is working on a piece on security which he hopes to post over the weekend.]

What about it “not being designed to run with corporate systems”? There’s some truth here. iTunes is not an enterprise-level application, many web-based business applications use Java which the iPhone doesn’t support and many businesses eschew 802.11 because it’s not as secure as good o’ Ethernet cable.

But Enderle’s foil in this article — Forrester’s Charles Golvin — doesn’t seem to know what the hell Enderle’s talking about. He thinks some Office functionality will quickly make its way to the Mac (hey, even TextEdit can read Word files) and notes that Exchange does IMAP and so does the iPhone, unlike RIM devices. So the iPhone could be a good corporate player.

To really try to scare corporate IT executives, Enderle decides to play a little buzzword bingo.

If executives insist on connecting iPhones, then the IT department has a duty to report the violation since it could mean that Sarbanes-Oxley or other compliance rules have been broken, Enderle said.

Ooh! Mention Sarbanes-Oxley! That’ll get ‘em!

OK, now, the Macalope has not read Sarbanes-Oxley in its entirety, but he does know a bit about it and the whole point of it is putting in place proper controls that are properly documented. It obviously does not dictate which hardware or software you can use. If your business decided that what it needed to do to be successful is have every executive walk around with a live grenade in their hand, that would be fine under Sarbanes-Oxley as long as you had the proper controls in place (i.e. their hands would be duct taped closed, they’d be followed around by an admin assistant whose job it was to hold their hand closed, etc.).

Enderle is simply trying to use the issues of corporate security and policy as a club to try to bash the iPhone and get his name in another useless he said/she said article. Anyone who manages IT policy knows that the iPhone could just as easily be part of a policy as almost any other device. Enderle is simply assuming that business won’t make an Apple product part of their policy and that the only way it could conceivably get into an enterprise is from some rogue and rather stylish executives who might also be metrosexuals.

The point should be that no device that’s not an approved corporate standard (not just ones made by Apple) should be used for company business in an enterprise environment. The Macalope didn’t make this rule up and he has a lot to say about how enterprises tend to pick the least common denominator (Windows) as their corporate standard, but that’s the way this works, like it or not.

You could just as easily pick OS X and the iPhone as you could Windows and the Blackberry (or all four!) provided your policies and procedures covered those technologies.

Enderle’s one-trick pony really needs to be put down.

Liar, liar, ill-fitting pants on fire.

Poor Bill Gates (antler tip to several readers for the link).

The Vista rollout is simply not what he’s used to.

This is probably why Gates gets awfully snippy when asked about the “Get a Mac” ads. The Macalope’s velvety flanks heaved with laughter when he saw that Newsweek decided to actually put the “Get a Mac” ad in question on every single page of the interview in case readers hadn’t seen it. Just another in a long string of Vista rollout pieces that have turned into free Mac ads.

So forgive Gates for being reduced to his inner 14-year-old.

Does honesty matter in these things, or if you’re really cool, that means you get to be a lying person whenever you feel like it? There’s not even the slightest shred of truth to it.

This response, really, is pathetic. The way to deflect these ads is not to get your panties in a bunch and whine that they’re just big fat stupid liars and shut up, shut up, SHUT UP!

You laugh them off and move on to the next question.

And did Gates just say Apple was cool and Microsoft was not?

It must be hard for all those painful junior high memories to come flooding back.

Gates engages in some “historical revisionism”, particularly with regards to security.

Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally.

Well, that’s just a load of crap. No, they do not come out with one every single day (cough). And even if they were, who’s exploiting these bugs? No one. Well, no one other than the MOAB folks themselves, that is.

The Macalope found it really interesting that Gates chose to mention the MOAB (as if it were still going — a perpetuity of Apple bugs rather than just a month). Let’s consider again the timing of the MOAB — timed for Macworld or timed for the Vista release? Or both?

Well, the Macalope’s probably being paranoid. It’s not like Microsoft has ever paid anyone to conduct dubiously ethical guerrilla marketing.


The Macalope himself is getting a little tired of the Windows/Mac OS “who copied who” argument. It was more interesting during the naescent development of the desktop operating system market (indeed, Mr. Gruber’s detailed analysis is a walk down memory lane), but now that both platforms are mature, it would simply be irresponsible if they didn’t copy ideas from one another. But, as Gruber notes, Microsoft’s habit of saying Apple’s shipping product stole ideas from Microsoft’s vaporware (yes, Vista’s shipping now, but they’ve been doing this for over a year) is a sad piece of dissembling.

The one feature Gates mentions for the next version of Windows (coming in 2010! Or maybe 2011! Or…) is one that’s been rumored to be included in Leopard. So he’ll be able to claim Microsoft invented it first four years from now when it finally ships in Windows because he mentioned it once in an interview.

The house that Gates built sits on top of a crumbling hill. As Merlin Mann noted on the most recent edition of MacBreak Weekly, the company’s money-makers are, as they have always been, Windows and Office. Everything else — the Zune, the Xbox — is losing it money.

So when a big product rollout of one of its two money-makers fails to excite the user base and turns into an ad for the competition, it challenges Microsoft’s ability to manage its revenue stream like a subscription service.

And pisses off it’s founder and chief technologist.

However, one might have hoped for a better response than “I know you are, but what am I?”

UPDATE: Peter of the Norse in comments points out something the Macalope noticed but forgot to comment on. Many of Gates’ comments were heavily edited, prompting Peter to quip:

There are so many square brackets, I thought it was obj-C.

That's odd…

ZDNet’s Alan Graham has what will probably be labeled “Exhibit A” if Apple does have to go to court with Linksys.

Aaaaaand now.

Remember the Macalope had asked you to hold all your snide remarks about the lameness of the Month of Apple Bugs until, you know, the end of the month?

Well, you may fire when ready.

Or, you can just read TJ’s excellent wrap-up here.

Indeed, it does seem the Macalope may have given the MOAB folks too much credit as TJ subtly alludes. Not that it was a complete failure — some of the bugs could have been serious, if you didn’t know enough to take routine precautions. Still, Apple and the third-party vendors have patched many of the bugs — particularly the most serious one — and let’s not forget Landon Fuller’s work in providing real-time solutions to each of them. That boy deserves a hearty round of applause.

What the Macalope finds most interesting is the MOAB’s apparent belief that all the mundane tasks such as updating, giving credit and providing accurate information are for the little people, not the big swinging dicks of hacking. Weeks later, they still haven’t updated their web site to reflect patches.

Being a hacker is never having to say you’re sorry.

Clearly their intent in picking January was to try to steal some thunder from Macworld. Boy, that sure worked well, didn’t it? Remember how all those reports of bugs in, uh, VLC and, uh, FTP software the Macalope’s never heard of overshadowed the iPhone announcement? The Macalope remembers being on the showroom floor and how everyone was crowding around George Ou, who was behind glass and guarded by a security detail, just to catch a glimpse of him.

Oh, wait, that was the iPhone.

Well, the hacker crusade against Apple (or is it its customers? The Macalope’s a little unclear on that) isn’t over. Next up is the iPhone which, although no one has even held one yet and the final specs aren’t even settled, is apparently some kind of security nightmare. The Macalope supposes this is because it’s based on OS X and there was a whole month dedicated to security holes in that piece of crap.


UPDATE: Ah. So, it’s a crusade against Apple customers (tip o’ the antlers to Rahrens in comments).

OK. Good to know! Thanks, guys!