Mar 13

The Stigma of Mac Shaming

I recall hearing a story of a co-worker at Microsoft, who was a technical assistant to an executive, who had a Mac. It wouldn’t normally be a big deal, except he worked directly for an executive. As a result, this Mac was seen in many meetings across campus – it’s distinct aluminum body and fruity ghost shining through the lid a constant reminder that this was one less PC sold (even if it ran Windows through Boot Camp or virtualization software. Throughout most of Microsoft, there was a strange culture of “eww, a Mac”. Bring a Mac or an iPod to work, feel like an outcast. This was my first exposure to Mac Shaming.

I left Microsoft in 2004, to work at Winternals in Austin (where I had the last PC I ever really loved – a Toshiba Tecra A6). In 2006, on the day Apple announced Boot Camp, I placed an order for a white Intel iMac. This was just over three months before Winternals was acquired by Microsoft (but SHH… I wasn’t supposed to know that yet). This was my first Mac. Ever.

Even though I had worked at Microsoft for over 7 years, and was still writing for Microsoft’s TechNet Magazine as a monthly Contributing Editor, I was frustrated. My main Windows PC at home was an HP Windows XP Media Center PC. Words cannot express my frustration at this PC. It “worked” as I originally received it – but almost every time it was updated, something broke. All I wanted was a computer that worked like an appliance. I was tired of pulling and pushing software and hardware to try and get it to work reliably. I saw Windows Vista on the horizon and… I saw little hope for me coming to terms with using Windows much at home. It was a perfect storm – me being extreme underwhelmed with Windows Vista, and the Mac supporting Windows so I could dual-boot Windows as I needed to in order to write. And so it began.

Writing on the Mac was fine – I used Word, and it worked well enough. Running Windows was fine (I always used VMware Fusion), and eventually I came to terms with most of the quirks of the Mac. I still try to cut and paste with the Ctrl key sometimes, but I’m getting better.

I year later, I flipped from a horrible Windows CE “smartish” phone from HTC on the day that Apple dropped the price of the original iPhone to $399. Through two startups – one a Windows security startup, the other a Web startup, I used two 15″ MacBook Pros as my primary work computer – first the old stamped MBP, then the early unibody.

For the last two years, I’ve brought an iPad with me to most of the conferences I’ve gone to – even Build 2011, Build 2012, and the SharePoint Conference in 2012. There’s a reason for that. Most PCs can’t get you on a wireless network and keep you connected all day, writing, without needing to plug in (time to plug in, or plugs to use, being a rarity at conferences). Every time I whipped out my iPad and it’s keyboard stand with the Apple Bluetooth keyboard, people would look at me curiously. But quite often, as I’d look around, I’d see many journalists or analysts in the crowd also using Macs or iPads. The truth is, tons of journalists use Macs. Tons of analysts and journalists that cover Microsoft even use Macs – many as their primary device. But there still seems to be this weird ethos that you should use Windows as your primary device if you’re going to talk about Windows. If you are a journalist and you come to a Microsoft meeting or conference with a Mac, there’s all but guaranteed to be a bit of an awkward conversation if you bring it out.

I’m intimately familiar with Windows. I know it quite well. Perhaps a little too well. Windows 8 and I? We’re kind of going in different directions right now. I’m not a big fan of touch. I’m a big fan of a kick-ass desktop experience that works with me.

Last week, my ThinkPad died. This was a week after my iMac had suffered the same fate, and I had recovered it through Time Machine. Both died of a dead Seagate HDD. I believe that there is something deeper going on with the ThinkPad, as it was crashing regularly. While it was running Windows 8, I believe it was the hardware failing, not the operating system, that led to this pain. In general, I had come to terms with Windows 8. Because my ThinkPad was touch, it didn’t work great for me, but worked alright – though I really wasn’t using the “WinRT side” of Windows 8 at all, I had every app I used daily pinned to the Taskbar instead. Even with the Logitech t650, I struggled with the WinRT side of Windows 8.

So here, let me break this awkward silence. I bought another Mac, to use as my primary writing machine. A 13″ Retina MacBook Pro. Shun me. Look down upon me. Shake your head in disbelief. Welcome to Mac shaming. The machine is beautiful, and has a build quality that is really unmatched by any other OEM. A colleague has a new Lenovo Yoga, and I have to admit, it is a very interesting machine – likely one of the few that’s out there that I’d really consider – but it’s just not for me. I also need a great keyboard. The selection of Windows 8 slates with compromised keyboards in order to be tablets is long. I had contemplated getting a Mac for myself for some time. I still have a Windows 8 slate (the Samsung), and will likely end up virtualizing workloads I really need in order to evaluate things.

My first impression is that, as an iPad power user (I use iOS gestures a lot) it’s frighteningly eerie how powerful that makes one on a MBP with Mountain Lion and fullscreen apps. But I’ll talk about that later.

I went through a bit of a dilemma about whether to even post this or not, due to the backlash I expect. Post your thoughts below All I request? I invoke Wheaton’s Law at this point.

Mar 13

What’s your definition of Minimum Viable Product?

At lunch the other day, a friend and I were discussing the buzzword bingo of “development methodologies” (everybody’s got one).

In particular, we honed in on Minimum Viable Product (MVP) as being an all-but-gibberish term, because it means something different to everyone.

How can you possibly define what is an MVP, when each one of us approaches MVP with predisposed biases of what is viable or not? One man’s MVP is another’s nightmare. Let me explain.

For Amazon, the original Kindle, with it’s flickering page turn, was an MVP. Amazon, famous for shipping… “cost-centric” products and services was traditionally willing to leave some sharp edges in the product. For the Kindle, this meant flickering page turns were okay. It meant that Amazon Web Services (AWS) didn’t need a great portal, or useful management tools. Until their hand was forced on all three by competitors. Amazon’s MVP includes all the features they believe it needs, whether they’re fully baked or usable, or whether the product still has metaphoric splinters coming off from where the saw blade of feature decisions cut it. This often works because Amazon’s core customer segment, like Walmart’s, tends to be value-driven, rather than user-experience driven.

For Google, MVP means shipping minimal products that they either call “Beta”, or that behave like a beta, tuning them, and re-releasing them . In many ways, this model works, as long as customers are realistic about what features they actually use. For Google Apps, this means applications that behave largely like Microsoft Office, but include only a fraction of the functionality (enough to meet the needs of a broad category of users). However Google traditionally pushed these products out early in order to attempt to evolve them over time. I believe that if any company of the three I mention here actually implement MVP as I believe it to be commonly understood, it is Google. Release, innovate, repeat. Google will sometimes put out products just to try them, and cull them later if the direction was wrong. If you’re careful about how often you do this, that’s fine. If you’re constantly tuning by turning off services that some segment of your customers depend on, it can cost you serious customer goodwill, as we recently saw with Google Reader (though I doubt in the long run that event will really harm Google). It has been interesting for me to watch Google build their own Nexus phones, where MVP obviously can’t work the same. You can innovate hardware Release over Release (RoR), but you can’t ever improve a bad hardware compromise after the fact – just retouch the software inside. Google has learned this. I think Amazon learned it after the original Kindle, but even the Fire HD was marred a bit by hardware design choices like a power button that was too easy to turn off while reading. But Amazon is learning.

For Apple, I believe MVP means shipping products that make conscious choices about what features are even there. With the original iPhone, Apple was given grief because it wasn’t 3G (only years later to be berated because the 3GS, 4, and 4S continued to just be 3G). Apple doesn’t include NFC. They don’t have hardware or software to let you “bump” phones. They only recently added any sort of “wallet” functionality… The list goes on and on. Armchair pundits berate Apple because they are “late” (in the pundit’s eyes) with technology that others like Samsung have been trying to mainstream for 1-3 hardware/software cycles. Sometimes they are late. But sometimes they’re “on-time”. When you look at something like 3G or 4G, it is critical that you get it working with all of the carriers you want to support it, and all of their networks. If you don’t, users get ticked because the device doesn’t “just work”. During Windows XP, that was a core mantra of Jim Allchin’s – “It just works”. I have to believe that internally, Apple often follows this same mantra. So things like NFC or QR codes (now seemingly dying) – which as much as they are fun nerd porn, aren’t consumer usable or viable everywhere yet – aren’t in Apple’s hardware. To Apple, part of the M in MVP seems to be the hardware itself – only include the hardware that is absolutely necessary – nothing more – and unless the scenario can work ubiquitously, it gets shelved for a future derivation of the device. The software works similarly, where Apple has been curtailing some software (Messages, for example) for legacy OS X versions, only enabling it on the new version. Including new hardware and software only as the scenarios are perfect, and only in new devices or software, rather than throwing it in early and improving on it later, can in many ways be seen as a forcing function to encourage movement to a new device (as Siri was with the 4S).

I’ve seen lots of geeks complain that Apple is stalling out. They look at Apple TV where Apple doesn’t have voice, doesn’t have an app ecosystem, doesn’t have this or that… Many people complaining that they’re too slow. I believe quite the opposite, that Apple, rather than falling for the “spaghetti on the wall” feature matrix we’ve seen Samsung fall for (just look at the Galaxy S4 and the features it touts), takes time – perhaps too much time, according to some people – to assess the direction of the market. Apple knows the whole board they are playing, where competitors don’t. To paraphrase Wayne Gretzky, they “skate to where the puck is going to be, not where it has been.” Most competitors seem more than happy to try and “out-feature” Apple with new devices, even when those features aren’t very usable or very functional in the real world. I think they’re losing touch of what their goal should be, which is building great experiences for their users, and instead believing their brass ring is “more features than Apple”. This results in a nerd porn arms race, adding features that aren’t ready for prime time, or aren’t usable by all but a small percentage of users.

Looking back at the Amazon example I gave early on, I want you to think about something. That flicker on page turn… Would Apple have ever shipped that? Would Google? Would you?

I think that developing an MVP of hardware or software (or generally both, today) is quite complex, and requires the team making the decision to have a holistic view about what is most important to the entire team, to the customer, and to the long-term success of your product line and your company – features, quality, or date. What is viable to you? What’s the bare minimum? What would you rather leave on the cutting room floor? Finesse, finish, or features?

Given the choice would you rather have a device with some rough edges but lots of value (it’s “cheap”, in many senses of the word)? A device that leads the market technically, but may not be completely finished either? A device that feels “old” to technophiles, but is usable by technophobes?

What does MVP mean to you?

Mar 13

Windows desktop apps through an iPad? You fell victim to one of the classic blunders!

I ran across a piece yesterday discussing one hospital’s lack of success with iPads and BYOD. My curiosity piqued, I examined the piece looking for where the project failed. Interestingly, but not surprisingly, it seemed that it fell apart not on the iPad, and not with their legacy application, but in the symphony (or more realistically the cacaphony) of the two together. I can’t be certain that the hospital’s solution is using Virtual Desktop Infrastructure (VDI) or Remote Desktop (RD, formerly Terminal Services) to run a legacy Windows “desktop” application remotely, but it sure sounds like it.

I’ve mentioned before how I believe that trying to bring your legacy applications – applications designed for large displays, a keyboard, and a mouse, running on Windows 7/Windows Server 2008 R2 and earlier – are doomed to fail in the touch-centric world of Windows 8 and Windows RT. iPads are no better. In fact, they’re worse. You have no option for a mouse on an iPad, and no vendor-provided keyboard solution (versus the Surface’s two keyboard options which are, take them or leave them, keyboards – complete with trackpads). Add in the licensing and technical complexity of using VDI, and you have a recipe for disappointment.

If you don’t have the time or the funds to redesign your Windows application, but VDI or RD make sense for you, use Windows clients, Surfaces, dumb terminals with keyboards or mice – even Chromebooks were suggested by a follower on Twitter. All possibly valid options. But don’t use an iPad. Putting an iPad (or a keyboardless Surface or other Windows or Android tablet) in between your users and a legacy Windows desktop application is a sure-fire recipe for user frustration and disappointment. Either build secure, small-screen, touch-savvy native or Web applications designed for the tasks your users need to complete, ready to run on tablets and smartphone, or stick with legacy Windows applications – don’t try to duct tape the two worlds together for the primary application environment you provide to your users, if all they have are touch tablets.

Feb 13

Task-Oriented Computing

Over the past six years, as the iPhone, then iPad, and similar devices have caused a ripple within the technology sector, the industry and pundits have struggled to define what these devices are.

From the beginning, they were always classified as “content consumption devices”. But this was a misnomer then, and it’s definitely wrong today. Whether we’re talking about Apple’s devices, Android phones or tablets, Blackberry’s new phones, or devices running Windows 8/RT and Windows Phone, calling them content consumption devices is just plain wrong.

A while ago, I wrote about hero apps and promiscuous apps. I didn’t say it then, but I’ll clarify it now. Promiscuous apps hit first not because they are standout applications for a device to run, but rather because they’re easy!

Friends who know me well know that I’m often comparing the auto industry of the early 1900’s with today’s computing/technology fields. When you consider Henry Ford at the sunrise of the auto industry, the Quadricycle was his first attempt to build a car. This wasn’t the car he made his name with. But it’s the car that got him started. This car featured no safety equipment, no windscreen – it didn’t even have a steering wheel, instead opting for the still common (at the time) tiller to control the vehicle.

Promiscuous applications show up on new platforms for the same reason that Henry’s Quadricycle didn’t feature rollover protection and side-impact beams. It’s easy to design the basics. It’s hard to a) think beyond what you’ve seen and b) build something complex without understanding the risks/benefits necessary to build it to begin with.

As a result, we see these content portals like Netflix, Skype, Dropbox, and Amazon Kindle Reader show up first because they have a clear and well understood workflow that honestly isn’t that hard to bring to new platforms so long as the platforms deliver certain fundamentals. Also, most mobile platforms are “close enough” that with a little work, these promiscuous apps can get their quickly.

But when we look out farther in the future – in fact, when we look at Windows RT and criticize it for a lack of best-of-breed apps that exploit the platform less than 4 months after the platform first released, it’s also easy to see why those apps aren’t on Windows RT or in the Windows Store (yet), and why they take a while to arrive on any new platform to begin with.

Developing great new apps on any platform is a combination of having the skills to exploit the platform while also intimately understanding the workflow of your potential end-users. Each of these takes time, together they can be a very complicated undertaking. As we look at apps like Tweetie (Twitter for iPhone now) and Sparrow (acquired by Google), the unique ways that they stepped back and examined the workflow requirements of their users, and built clean, constrained feature sets to meet those requirements – and often innovative interface approaches to deliver them – are key things that made them successful.

The iPad being (wrongfully, I believe) categorized as a content consumption device has everything to do with those applications that first arrived on the device (the easy ones). It took time to build applications that were both exploitative of the platform and met the requirements of their users in a way that would drive both the application adoption and platform adoption. People looked at the iPad as a consumption device from the beginning because it is easy to do so. “Look, it’s a giant screen. All it’s good for is reading books and watching cat videos.” Horsefeathers. The iPad, like Windows RT, is a “clean slate”. Given built-in WiFi and optional 3G+ connectivity, tablets become a means to perform workflow tasks in ways we’d never consider with a computer before. From Point of Service tasks to business workflow, anytime a human needs to be fed information and asked to provide a decision or input to a workflow, a tablet or a phone can make a suitable vehicle for performing that task. Rather than the monolithic Line of Business (LOB) apps we’ve become used to over the first 20 years of Windows’ life, instead we’re approaching a school where – although they take time to design and implement correctly – more finite task oriented applications are coming into vogue. Using what I refer to as “task-oriented computing”, where we focus less on the business requirements of the system, and more on what users need to get done during their workday, this new class of applications can be readily integrated into existing back-office systems, but offer a much easier and more constrained user workflow, faster iteration, and easier deployment when improving it versus classic “fat client” LOB apps of yore.

The key in task-oriented computing, of course, is understanding the workflow of your users (or your potential users, if this is a new application – whether inside or outside of a business), and distilling that workflow into the correct discrete steps necessary to result in an app that flows efficiently for the end users, and runs on the devices they need it to. A key tenet here is of course, “less is more” and when given the choice of throwing in a complex or cumbersome feature or workflow – jettisoning the feature until time and understanding enable it to be executed correctly. When we look at the world of ubiquitous computing before us, the role that task-oriented computing plays is quite clear. Rather than making users take hammers to drive in screws, smaller, task-oriented applications can enable them to process workflow that may have been cumbersome before and enable workers to perform other more critical tasks instead.

When talking about computing today in relation to the auto industry, I often bring up the electric starter. After the death of a friend in 1910 due a crank starter kicking back and injuring him, Henry Leland pushed to get electric starters in place on his vehicles, and opened up motoring to a populace that may have shunned motorcars before then, do to the physical strength necessary to start them, and potential for danger if something went wrong with the crank.

When we stand back and approach computing from the perspective of “what does the software need to do in order to accommodate the user” instead of “what does the user need to do in order to accommodate the software” as we have for the last 20 years, we can begin to remove much of the complexity that computing, still in its infancy, has shoved into the face of users.

Oct 12

iOS is showing its age

My iPhone and my iPad are almost always running the latest version of iOS. When the App Store icon lights up with app updates, I click it like a Pavlovian parlor trick. Sometimes to regret, but not always…

My wife on the other hand? Her iPhone is running iOS 5 – she’s terrified of the new maps app. Her App Store icon read “48” last night when I went in to try and unwind the me.com/Mac.com/iCloud.com bedlam she has accidentally created for herself. 48. 48 app updates. My OCD makes my neck itch just thinking about that. Not to even think about the chaos of the accounts that cannot be merged that I still have to try and repair.

The original vision of iOS was that of a thin client. Fat OS, but with Web-based apps that could have been patched relatively easily, when treated as a service. But when the App Store arrived, it broke all that. From that point on, every user became their own admin. As a result, iOS devices became the new Windows. Patched only by force, or when the IT-savvy relative freaks out about how out of date the OS or apps are. Conversely, because core apps like Maps are updated with the OS (or removed, as in the case of the YouTube app), some users – even technical ones – will elect to play this update through, and not update. While innumerable people have updated to iOS 6, lots haven’t.

People don’t like to get their tires rotated. They don’t like to get their oil changed, or teeth cleaned. Call it laziness… Call it a desire for ruthless efficiency… People rarely perform proactive maintenance. iOS should have an option, on by default to update in the background. More importantly, in an ecosystem where too many app authors do the bare minimum in terms of security, apps should have that same option.

The original iPhone succeeded not because of apps. No, it succeeded because it was a better, more usable phone than almost anything else on the market. It just worked. It had voicemails we could see before listening, contacts we could easily edit on the phone, and a Web browser that was better than any mobile browser we’d ever seen before.

But the OS is showing its age. Little nuances like the somewhat functional search screen, Favorites in Contacts, and VIPs in Mail show that iOS is under structural pressure to deal with the volume of data it tries to display in a viable way. Notifications and the Settings app seem fragmented and are starting to become as disorganized as the Windows Control Panel (that’s bad!). Photo Stream sharing is a joke. It’s unusable. The edges are showing.

Of all the things I could wish for in the next version of iOS – if there was one guiding mantra I could tell Tim Cook I want in the next iOS… I would say, “Please give me less of more, and more of less.” The OS may need to be expanded where the OS can do more with the modern hardware of the phone after the iPhone 5 and the 5th generation iPad, but in so many more ways, it needs to be cautiously, carefully reorganized – cleaned up, with the spirit that the original iPhone and iPhone OS used to establish their role – that of simplicity, a mantra of “It just works”. OS and application updates that self-apply for all consumers except those who opt out of it…

I’ve been a fan of the iPhone from the beginning. But I really think the platform is showing its age, and isn’t nearly as usable as it once was. All too often lately, I look at something in the OS and have to shake my head that it works that way. It’s time to clean up the house.

Feb 11

Hey kids, let’s go to Dubuque!

When you travel somewhere, especially somewhere new, somewhere eclectic – do you ever buy your airline ticket, hop on the plane, and eagerly look forward to planning your activities once you arrive?

No. No, you don’t. You plan a trip, buy tickets, get everything lined up long before you go. It’s been my contention for some time that buying a new computing device – smartphone, tablet/slate or other, is just like taking a trip. Also, unlike years ago where when we bought a computer, it was guaranteed to come with Windows and run all the old apps that for some reason we hang on to like hoarders on a TV show, today’s new devices come with a Baskin-Robbins assortment of operating systems – none of which will run Windows applications as-is (and that’s fine, as long as enough other apps are actually available for the device being considered).

With all due respect to the people of Dubuque, I call the act of buying a device without regard to how you’ll actually use it, “taking a trip to Dubuque“. I have been to Dubuque once, briefly while moving cross-country, but I can’t speak with authority as to the activities that avail themselves there (I’m sure there are some fun and interesting things to do). But having come from a similarly small town in Montana with a less catchy name, Dubuque works better as a destination that you’re going to want to plan for before you arrive, or you might be a little bored.

I was a fan of Microsoft’s Tablet PC platform when it first came on the scene – in fact my main computer at Microsoft for almost two years was a Motion Computing “slate” device (not a convertible, though I did order a Motion USB keyboard too). Unfortunately, my experience was that handwriting recognition, though handy, wasn’t perfect – and with my horrible handwriting, resulted in an archived database of my handwriting, not anything searchable or digitally usable. In essence, OneNote and a few drawing applications ( I didn’t have Photoshop, but surely it would be useful as well) were the only real applications that took advantage of the Tablet PC platform. That hasn’t changed much. Today the main reason why you’d buy a Tablet PC running Windows 7 is for pen input, not broad consumer scenarios (Motion Computing, which still makes great hardware has become soley focused on medical and services for exactly this reason). Though Windows 7 actually does have full multi-touch gesture support, most people don’t even know this, as witnessed during a recent webinar we had at work where people asked when Microsoft would introduce a version of Windows with touch support (they already do!) – and few applications make the most of it. I haven’t tried using Microsoft Office 2010 with a touch-focused PC, but I can’t imagine it being a great fit. Office, to date, is written to be driven via  a mouse (or a stylus, acting as a proxy-driven mouse). Touch requires a very different user interface design.

The iPad was successful from day 1 because it took advantage of the entire stable of iPhone applications, and simply doubled their resolution (to varying success), and used that to cantilever into motivating developers to build iPad optimized applications. No Android slate has established anywhere near the same market, most likely because of this aspect – when you get the device, what do you do with it? Sure. You’ll browse the web and check email. What else? How many consumers really want to pay $800+, plus data plans for a device that can just check email and browse the web? That’s not very viable. Today, HP announced new, pretty good looking all-in-one TouchSmart devices. Though one section of that article mentions them being consumer focused, the article ends with a fizzle, stating the systems are “designed with the ‘hospitality, retail, and health care’ industries in mind”. Yes, that’s right. Without a stable of consumer-focused multi-touch applications, devices like this, as great as they may sound at first glance, become just simple all-in-one PC’s for most, and touch-based only when damned into a career within a vertical industry with one or more in-house applications written just for touch, that they’ll run day in and day out until the device is retired.

It’s quite unfortunate how touch hasn’t taken off in Windows. ISVs don’t write apps because there aren’t enough touch-based Windows computers and no way to monetize to the ease and degree the Apple App Store has enabled, and yet people don’t buy touch-based Windows PCs for the same reason they don’t buy 3D TV’s – it’s a trip to Dubuque. Like most consumers, I’m not going to buy a ticket there until we’ve got some clear plans of what we’re going to do on the trip.

Feb 11

Unlimited – for a limited time only

Know what a loss leader is? It’s something you give a way at or below cost in order to get feet in the door of your store or to get people clicking through to your website.

Enter the word, “unlimited”. Really now. Not many things are actually unlimited. Stars and planets exist for a long time, but unlimited? No. The universe goes on for quite a long distance – as a species, we’ll likely never know the answer to the question of, “is the universe finite or infinite” – so even our universe may not be “unlimited”.

I’ve been known to say, “if something advertises itself as being ‘green’, it probably isn’t”. Not always true, but a good rule of thumb to ensure you always question, “is it really?”

In the past two years, we’ve seen AT&T  move from selling tens of millions of iPhones with unlimited data to a new model with a capped 2GB a month, plus overages. You can’t even get unlimited unless you’re grandfathered in under an old unlimited plan. Bear in mind, 2GB is a LOT of data for most consumers to burn through in 30 days on a phone (even a really smart one), and I have to work really hard to try and bust through the 2GB cap in order to self-validate having the retained unlimited plan.

Verizon? Yeah – they have unlimited for the new iPhone – but that is just to lure people like me away, and will end in time.

I noticed Mozy, the popular online backup utility, ended their unlimited backup plan.

I’ve noticed a growing trend of seeing “unlimited” as a loss leader to get people hooked into a subscription product, only to see the model change at a later date. I’m not necessarily calling this a bait-and-switch, since many companies handle the transition well, grandfathering in the early subscribers who usually led to the services economics no longer making sense, as their demand on the service exceeded the supply that was within plan. But it is troubling to see so many companies throwing out the word “unlimited” as marketing bait only to lure you back in to a constrained model at a later date.

The reality is, unlimited isn’t unlimited – almost every service or product I can think of grows to the point where unlimited is actually available for a limited time only.

Dec 10

App Ideas – Parking finder

Name: Parking finder

Product: Mobile maps (iPhone, Android, Windows Phone 7, any other mobile device)
Problem: When looking up directions to a destination – why not provide parking resources too?
Proposed solution: You’re looking up directions to a theatre, pub, or some other venue that you want to go to – and almost any mapping software can get you there. But if you’re traveling to any densely populated area, such as downtown in a major city, a theme park, or other major destination – getting you there is only half of the battle. Where do you park?

  1. When looking up directions you should be able to specify include parking as an option, or set it as the default for your mapping product.
  2. Type in the destination.
  3. Click Route
  4. The directions include steps to get you to the destination by offering you nearby parking, which you can select and then be offered walking/bus/transit directions to get to your destination.
  5. Bonus points:
    1. Easy: Include options to categorize available parking by type:
      1. Street|Lot|Garage
      2. Free|Pay
      3. Cash|Credit
    2. Harder: Include pricing information
    3. Hardest: Include availability, and even offer the option to reserve a space using a credit card/Paypal.

Next time you go to a restaurant or concert, and you find parking a challenge, listen to the feedback around you – you’re not alone. I’ve noticed it’s a common thread that people have difficulty finding parking near their destination.

Dec 10

App Ideas – Route builder

This is the first post in a series I plan, outlining ideas either for modifications to existing products, or a desire for an entirely new product. As a product manager or program manager for almost 10 years, random ideas strike me at a moments notice, but I can’t productize everything I dream up. If I post an idea here, it is public domain.

Name: Route builder
Product: Mobile maps (iPhone, Android, Windows Phone 7, any other mobile device)
Problem: When you need to run three errands, why can you only put in one destination?
Proposed solution: Say you need to go to Target, your Chase bank branch, and a Hallmark store. Sure, if you’re in your home town, or going to stores you always use, it would be limited in use. But when going to stores, parks, or other destinations you dont normally visit or when travelling to other cities, it would be useful.

  1. Click Build Route
  2. Type in each of the destinations. I envision a spot for a single destination, with a + to append additional destinations.
  3. Click Route
  4. Route builder finds the most efficient route to visit all three of those destinations.
  5. Bonus points:
    1. I should be able to tell my mapping app my home address, work address, and add addresses of family members by way of the address book, allowing me to use them as a destination (or if I’m at one of them, the source).
    2. With any route, the user should be able to specify that they want to complete a round trip to their current location. In doing so, the route could be optimized either by the order I need or want to visit them, or by the most efficient route.
    3. I should be able to save a route for access later if I want to.
    4. This could easily be modified to append additional destinations after you’re on your way to destination 1.

As an iPhone owner, I’ve often wished for this functionality in the iPhone’s built in Maps application – and I doubt I’m alone.

Nov 09

iPhone Security

I like opening with that subject – because it’s two words that Apple seems to never want to see next to each other.

On Slashdot today, an article covered my friends from F-Secure discussing the barriers that are precluding the antivirus industry from making inroads in protecting iPhones from malware.

Indeed, they are correct, you cannot build A/V into the iPhone platform – the API is explicitly designed to forbid that. However, I have to counterpoint. I mentioned in a tweet several days ago:

The constraints keeping security s/w from diving deeper into the iPhone platform are the same ones precluding any need for them.

Yes, you read that right. I’m saying that the iPhone doesn’t need antivirus. Instead, Apple’s bigger problem is the lack of a mature platform management solution for the iPhone. Let me show you why.

When I went to Winternals, we rapidly discovered a giant chasm in security as Mark and I discussed how UAC (LUA at the time) would fall far short of creating a security boundary for Windows Vista (and continues to do so for Windows 7). The chasm is the latency between these steps:

  1. Exploit is identified
  2. Malware is authored and released
  3. Malware spreads
  4. Malware is identified
  5. Malware can be contained

You see, the flaw is that step 4 has to exist at all.

The fundamental flaw is blacklisting. Instead of fighting the good (but intractable) fight trying to identify all of the bad code, whitelisting relies on the premise that only known good, known trusted, code can start at all.

At Winternals, we created Protection Manager to respond to this hole in the security market. The key goals of the product were to only let known trusted code run, and to optionally run it with least privilege. In 2006, Microsoft acquired Winternals and, regrettably, discontinued the Protection Manager product. While Windows 7 features AppLocker, which theoretically applies whitelisting to Software Restriction Policies, I believe AppLocker has some fundamental shortcomings that I’ll discuss in a future post. Some aspects of Protection Manager, most notably the premise that a Digital Signature (code signing) is the best way of authenticating that code is:

  1. From a trusted source and
  2. Not been tampered with since publication

After Winternals, I worked on whitelisting again at CoreTrace, where the Bouncer product evolved to also recognize the importance of Digital Signatures, as one of the sources of Trusted Change. Only known trusted code is allowed to execute first off, and only code with specific properties is allowed to enable new code to be added to the whitelist.

Today, you hear mention all over the Internet of the rickrolling iPhone worm. Many have mimicked the code created on a whim by Ashley Towns, the worm’s creator. But the fundamental issue here isn’t the iPhone’s susceptibility to malware. Nope. Not at all.

You see, all existing worms that have compromised the iPhone rely on the fact that the iPhone must be both jailbroken and it must then have SSH installed, with an unmodified root password. Both qualify as best of breed “worst practices” from a security perspective.

In fact, those of us who haven’t jailbroken our iPhones (not arguing the ethics of that – that’s a separate conversation for another time) were not, and are not, susceptible at all. Why? Because the iPhone infrastructure as defined by Apple utilizes whitelisting. Only applications signed by software vendors that Apple has authorized (and that have signed the code) are ever countersigned by Apple and pushed through the App Store to be downloaded for purchase. Similar, but not as restrictive, constraints exist for Apple’s Enterprise program for application publishing.

To date, I have not seen any published malware that runs on an iPhone that has not been jailbroken or otherwise forced to run unsigned code (see Law #1 in the 10 Immutable Laws of Security. Any hack that does ever do so will rely on somehow compromising the signature infrastructure used for application publishing on the iPhone by Apple.

You may recall my original point – that the problem was the lack of enterprise management software of the iPhone itself. At CoreTrace, we were approached by an organization we were already working with that was realizing the growing number of Macs – and of even more concerning, the number of “rogue” iPhones (phones brought in by employees, and connected to the local wireless network and/or Exchange Server without IT ownership at any level).

The more we dug into it and researched, including the limited analysis necessary of the iPhone API and two fun, but largely circular conversations with Apple in Cupertino, the more we realized that they weren’t asking for, nor could we deliver (at least on non-jailbroken hardware) any form of “Bouncer for iPhone”.

Instead of security, the problem posed to an enterprise admin by the iPhone is that as an organization, you don’t need to control what is running on your iPhones from a “bad code” perspective, rather that the iPhone needs hardcore, Apple provided (and secured) management in order to control how “renegade” the devices themselves are. That means the ability to:

  1. Prevent connectivity of jailbroken hardware to an organization (Exchange, wireless, Bluetooth, or other)
  2. Prevent jailbreaking of connected hardware (or sever connectivity at a hardware level when it occurs)
  3. Explicitly control which Apple or Enterprise published applications can be downloaded or run on connected iPhones (don’t allow games, allow only these 10 applications, etc)
  4. Explicitly control the iPhone’s software image, configuration, and settings (much as Group Policy can do with Microsoft Windows systems) – NOT trying to reverse engineer how images get pushed out in a decentralized way via iTunes itself
  5. Explicitly control how applications can access any PII on the device or in documents (GPS location, email addresses, address book or call history info, etc)
  6. Explicitly control document DRM on the platform as IRM/RMS can do for Microsoft Office and Windows

Today (even following those conversations with Apple), KACE is the only vendor I’m aware of that performs any aspect of this kind of work, besides Apple’s weak Configuration Utility. KACE’s is very comprehensive – but both approaches suffer from the fact that they are after the fact management solutions, not built into the hardware and software of the iPhone itself.

From the time that I was at Microsoft, I kept hearing more and more “security experts” talk about how the impending doomsday was coming for handhelds. It still hasn’t really come. I believe that through their native use of whitelisting, Apple has fended this threat off for the foreseeable future for the iPhone platform. Instead, I believe that the biggest problem facing the iPhone isn’t “potential attackers” – there will be plenty of those – but their chance of success is very low.

Instead, it is the iPhone’s impending success eating into the enterprise market from the bottom up that is the problem. The lack of an enterprise management solution that is built into the deepest aspects of the system will not preclude the iPhone’s success at building up a rogue enterprise following. But it will both leave a bad taste in the mouth of the IT admins fighting the good fight to try and keep their organizations secure, and potentially introduce some bad compliance-related headaches in organizations already struggling to keep/retain compliance, due to the lack of DRM and platform control over the device itself and any information on it.

Apple itself needs to come to terms that the iPhone (and the Mac platform itself, frankly) need proper security and policy management at the lowest levels, or de-emphasize their viability as an enterprise platform on both counts.

Sorry for the length of this post – but this topic has been burning in me for a bit – I needed to get it all down for the record.