• All the iOS devices — iPhone, iPod touch and iPad, are built around Cocoa Touch.
• Snow Leopard brought 64-bit support to the Mac mainstream for Cocoa applications. Carbon applications are clearly on the way out and have been since the release of Leopard in 2007.
• The third major release of iTunes since Leopard came out is still Carbon and still only 32-bit. (Perhaps an even greater irony is that there is a 64-bit Windows version of iTunes.)

Is this a bit of a nitpick? Probably. Does it really matter what the framework underneath iTunes is if it is being improved? Possibly not. Is iTunes a huge, vital part of Apple’s iPod/iPhone/iTunes Store infrastructure that they are naturally unwilling to make huge changes to? Absolutely.

But I really, really wanted iTunes 10 to be ‘iTunes X’ — not just another major release with some new features, but a drastic rewrite of the application (for the Mac anyway) in Cocoa. The app’s performance has been improved with recent versions, but iTunes is still the one application that ships with Macs that feels out of place — the interface is jarring and not fluid, the app frequently hangs for several seconds for no reason and there is ancient UI debris hanging around. (Those first two might be better with this release, I don’t know, but the Mac OS 9-style context menu cursor lives on.)

Ah well, maybe iTunes 11?

Further to my post explaining why I don’t like centralised comments systems such as Disqus, this blog post by Jacob Barkdull echoes some of my opinions on the service — both from a technical point of view and from the ideological standpoint that for something as critical as comments, if it’s on your website, it should be under your control.

Disqus is one central controlling entity, if Disqus decides to do “maintenance” or they begin to have server problems, everyone using Disqus comments now has not only no way visitors may leave comments, but also no way to display previously posted comments. And if worst comes to worst and Disqus disappears (as is possible with companies) everyone is left without comments, unlike if the comments are controlled by each “webmaster”.

…

I find issue with the added near 4 second pause on every page just to display Disqus comments, Disqus handles this well, but not well enough in my opinion. Because when pages load with Disqus comments there appears a little “Loading…” message, that eventually gets replaced by the comments and the form to post comments, the problem with the way they do this is when you refresh the page it jolts, kicking the scroll down the length of the comments until Disqus has loaded where it then kicks the scroll back up the length of the comments.

I don᾿t like centralised commenting systems like Disqus and IntenseDebate. I am disappointed whenever I see a site using them; I want to use this post to explain why.

The Attraction to Centralised Commenting

Services like Disqus and IntenseDebate are marketed as being ‘better’ platforms for enabling commenting on blogs and articles. You essentially outsource the comments on your blog or website and have them handled by the service.

It is an attractive idea because you can outsource the more difficult things like handling spam comments and so on, and because it allows users to have a single identity with the commenting service and then use that single identity on many sites.

Making Commenting on the Web Proprietary

The primary reason that I do not like such services is because they seek to make commenting on the web proprietary. The web should be open. The web is open, for the most part, and I think it should remain that way.

Centralising commenting on your site is taking the control over the discussion over your content and handing that control to a third-party.

I think comments on blogs and so on should be as open and as simple as possible — enter a name and email address and just write a comment. Yes, that way of doing things is more open to absue such as the misuse of identity and spam and it doesn’t have the advantages of being able to connect comments from a single person together.

» Read the rest of this post…

Facebook is one of the most important social platforms on the internet today. I joined it probably several years ago now, not long after Facebook Applications were introduced.

Those of you that follow me on my personal Twitter account, @strategyoracle will probably know that I keep that account protected — i.e. only those that request to follow me and I allow can read my tweets. I do that because that is the way that I feel most comfortable using the service and it is how Twitter is most useful to me. I have tried using that account both publicly and privately, and ultimately it was more useful and more comfortable to keep it protected.

On Facebook, I have also used the privacy options to make Facebook a tool that is useful to me and that I feel comfortable with. I was able to keep most of my information inside a small group of trusted friends and in doing so, I felt comfortable using it and sharing with it.

In recent years, though, the degree of control that Facebook gives you has eroded. This EFF post demonstrates how the service and its privacy policy has changed in this respect since 2005. I have found it more and more difficult to feel comfortable using Facebook in the context of these changes.

The final straw came today.

Now, it seems that any ‘connection’ that you make — whether it be with a friend, or a page that you ‘like’, has to be public.

Facebook came up with a screen asking me to make many ‘page’ connections public, based on my interests and activities that I had previously entered. Even leaving aside the fact that it showed me interests I had previously deleted from my profile, I was horrified to learn that unchecking all of the boxes to share the information actually removed all that information from my profile! There is now apparently no way to restrict information such as my activities and interests and only show that to trusted people. It’s share all, or have nothing, when it comes to this information.

It is quite clear to me that this is now the choice:

You either use Facebook as publicly as they want you to (even as that changes in the future), or you don’t use it at all.

I choose the latter. Assuming I don’t get convinced otherwise in the next few hours, I consider it pretty likely that I will delete my Facebook account. After all, I can always create one again later.

I am hugely disappointed that it seems Facebook doesn᾿t seem to respect people who are more private by nature. I am sorry to all those who may prefer Facebook as a medium for communication and will not be able to contact me there.

UPDATE: I went ahead with the delete. I can always create an account again later and remember you can always send me an email or request to follow me on Twitter (or follow my public Twitter account too).

April Fools’ Day can be a lot of fun. There are certainly some cool technology hoaxes that have happened on this day — even Gmail (which obviously wasn’t just a hoax) shares its birthday with the celebration. It’s often fun as well to see what respected news organisations like the BBC have to show on this day.

But do you know what? It’s OK not to like April Fools’ Day.

Often expressing the opinion that you don’t really like hoaxes or practical jokes is met with responses such as “spoilsport” or “lighten up”. They are responses that hook into our susceptibility to peer pressure.

So if, today, you don’t really want to play the April Fool game, don’t feel you have to. Don’t listen to those who may push you into liking it.

It is perfectly OK to be ‘boring’. Rumour has it that I excel at just that.

This month marks three years since I purchased my white MacBook, my first Mac computer. Other than the AppleCare coverage stopping (good job they just replaced my battery, yay!), this represents quite a milestone in my technological life.

So I ask myself — objectively, why has the Mac become my primary desktop platform?

• Mac OS X is a Unix operating system. This has a number of advantages, but it mainly means rock-solid reliability (in theory at least) and a decent way to interact with the machine via the command line.
• It is elegant and put together with passion and care. Some bits of software, especially third-party driver and hardware support software for other platforms, aren’t. They are hacked together at the last minute and at low budget, just to work. Almost everything that ships with the Mac and a lot of third-party stuff for it is just done in this fundamentally different way of building stuff you would be proud to show off.
• It ‘just works’. Often dismissed as hyperbole, this marketing phrase more often than not is true on the Mac. There are notable exceptions and a few annoying things that you don’t get with generic PC hardware as well, but most of the time, you plug something in, or switch something on for the first time and it just does what it is supposed to.
• Generally speaking, you get what you pay for. Apple don’t make cheap computers. But neither do I think they make overpriced ones. You pay a premium price for an Apple computer, but you get a fair return for that price in terms of the quality of the product. Again, it comes back to the point about passion — Apple will not ship something that they are not entirely happy with, so what you get is something that meets their high standards.

Having said all that, I am still very interested in using everything and anything. While the Mac may be where my primary focus is on the desktop for now and the forseeable future, I am still very much interested in what is going on in the Linux desktop and Windows worlds and you can be sure I’ll continue playing with all sorts of technology in the future.

Here’s to the next three years of Mac — and perhaps beyond!

I’m not a fan of the new ‘Ribbon’ interface that debuted in Office 2007. I have been playing around with the new beta of Office 2010, where the Ribbon is now the standard user interface across the suite.

In this short screencast rant, I explain why I just don’t like this new user interface and how I don’t think it actually solves the issue it was designed to solve.

Apologies for the poor resolution and audio quality of this screencast; in future screencasts done using this method I’ll be sure to optimise things better.

Comments here or over on YouTube are welcome. I realise many people are happy with, or even passionate about the new Ribbon for good reasons too. I just can’t see how it does any good, yet requires extensive retraining of users!

The first worm to infect the Apple iPhone has been discovered spreading ‘in the wild’ in Australia.
The self-propagating program changes the phone’s wallpaper to a picture of 80s singer Rick Astley with the message ‘ikee is never going to give you up’.
The worm, known as ikee, only affects ‘jail-broken’ phones, where a user has removed Apple’s protection mechanisms to allow the phone to run any software.

The news of this worm is likely to attract the attention of some anti-Apple and anti-iPhone crowds and used as an argument as to why the iPhone isn’t secure, and Apple people should no longer feel safe and so on and so on.

To those who would seek to lose a sense of perspective on this story:

This worm works only on jailbroken iPhones (an unsupported procedure), where the user did not change the default root password and left the remote login SSH service running.

This attack says nothing about the security of the iPhone software — it exploits little more than very poor configuration on the user’s part. If you choose to jailbreak your device, you have a responsibility to understand the implications that has. Which means, change the damn root password to something other than ‘alpine’. While you’re at it, also change the password for the user mobile too.

Despite having defended the iPhone thus far, I’m not in the business of assuming Apple get every aspect of security right all the time and I’m not in the business of declaring the Mac or the iPhone to be ιsecure’, or more secure than anything else. As hope I made clear in my previous post, a simplistic black-and-white approach to looking at computer security doesn’t make any sense or do anyone any favours.

I’m not complacent about security because I use a Mac*. I am confident because I feel I have grasped a good understanding of the risks and of trust.

* or Linux, or anything that I perceive as being more secure.

Secure. by Wysz on Flickr

I can’t stand the attitude of “there’s nothing important on my computer, so I don’t care about whether it is secure or not”. The simple fact of the matter is that any infected computer connected to the internet is probably at the mercy of a malicious third party. Even if you don’t care about the impact of your computer being infected, your lazy attitude is affecting innocent other people’s computers, potentially in the form of sending mass spam and attacking unwitting websites.

Computer security is hard and very complex.

How we explain computer security and insecurity to average computer users, non-geeks if you will, is really important. And I really think that we are taking the wrong approach at the moment.

We teach computer users that in order to keep their computer secure and clean, they must have:

• An anti-virus program
• A firewall
• Up-to-date software
• … and other practical, simple steps

While these are all very important steps to encourage (especially keeping software up-to-date, in my mind), I think that we are making this advice a bit too practical. We’re ignoring complexity and only ever offering the most basic practical steps.

In my mind, a lot of computer security comes down to a model of trust. For example, I feel confident that a conversation with my internet bank is secure because:

• I trust the integrity of the SSL connection for the purposes of keeping my information private and untampered with as it goes across the internet

• I trust my local machine to be ‘clean’
• I trust the remote machine at the bank is genuine and set up properly

All three of those things must be in place for me to have that ‘safe’ feeling. A safe SSL connection to your bank is meaningless if there’s nasty software on your local machine sending your keystrokes to a third party.

I’d like to see this model of trust be encouraged amongst all computer users. It maybe does take a little bit more time and effort to understand the basic principles of what is going on, but looking at security this way round, rather than from an entirely practical viewpoint, allows people to make informed security decisions, rather than blindly trusting some ‘security’ software to do everything.

Social engineering is a very easy way to get some nasty inside someone’s computer. It’s disappointing, but oftentimes you can trick the human into deliberately giving permission to something more easily than you can find a hole in software to do the same thing. Instead of relying on ‘last resort’ antivirus programs to catch known malicious programs running at the last minute, we should encourage people to ask questions:

• Why am I being asked to run this software?
• Where did it come from? Do I trust the group of people that wrote this program?
• Is there anything suspicious or unusual about this? Is it really coming from who it says it is?

Obviously, you need to combine this with practical advice and some knowledge to enable people to spot things that are ‘out of place’. But I think if we did, people would be in a much better position to make sensible informed decisions and to understand better what is actually going on.

This rant only really covers one aspect of computer security. As I said at the start, computer security is really complex and really hard to get right. So this approach isn’t necessarily the answer and it isn’t going to be applicable everywhere. There are going to be groups of people for whom this will be too complex, and groups of people that ‘won’t care’. But I’d like to see it done more often.

Photo is Secure. by Wysz from Flickr. Licensed under Creative Commons BY-NC.

Its status as a relatively novel communication medium means that Twitter doesn’t necessarily have a clearly defined set of social expectations attached to it just yet. I think even now, post mainstream popularity, it is very much a service that you can use in the way that works best for you. Everyone doesn’t have to participate in exactly the same way.

Twitter is a useful tool for businesses to promote their products and actually connect with their customers. I think it’s great when a brand steps into this space and really ‘gets’ the nature of the service. It can make a brand feel a lot more human, enhance how you feel towards it; it serves as a great advertisement.

There are some practices on Twitter that I really can’t stand, however.

Now, as I said, one of the great things about the service is that there aren’t necessarily set rules which everyone follows in the same way. I don’t intend this post to be telling people what they should and shouldn’t do with the service, but I do want to point some things that really bug me. In short, this is somewhat of a rant.

Competitions Done Wrong: Hashtag Abuse

Twitter competitions are a marketing device that is becoming increasingly common. You convince people to follow your business’ profile, or tweet about the business or product, in exchange for a chance to win said product. Simple enough concept.

Some competitions in recent weeks have encouraged Twitter users to tweet anything they would normally tweet, but add a hashtag to that tweet relating to the product or promotion. I disagree quite strongly with this.

A hashtag is a short word or phrase starting with the # character.* You can add a hashtag anywhere in your tweet if you want to associate that tweet with that particular topic. It makes searching for tweets on a particular topic or event easier; it’s a great tool for hearing a collective voice on something.

Hashtags work because tweets that are related to the tag are the only tweets tagged with it. Encouraging users to randomly tag unrelated tweets breaks this model. And you’re ‘selling out’ your thoughts!

Twitter competitions can be done right, and I actually don’t mind seeing people tweeting something that promotes a business or product. But I’d like it if those tweets are clearly separate from other stuff and that you actually do care about the product as well and don’t just want free stuff.

Automated and Excessive Re-Tweeting

If you have something cool you have to share, whether you made it or just stumbled across it, I’d love to hear about it via Twitter. But once or twice a day for each cool thing is enough.

If people consistently tweet exactly the same tweet, or constantly re-promote something in case others have missed the last tweet, I get pretty frustrated, pretty quickly.

People will miss tweets. That’s the nature of the service — it’s dip in and dip out. If they do, tough. It’s not fair to keep constantly banging on about something to the people that heard you the first time and the second time and the third time!

“Please, Sir, Retweet!”

This is somewhat less of an emotive issue than the other two, but I think it’s still worth me saying.

If you put “please retweet” in your tweet, I won’t. With maybe a couple of exceptions.

If I’m going to retweet something (which is pretty rare) it will be on its own merit. I might help promote something a friend has done, but that will be because I believe in it, not because I’m told to.

Wrapping Up

These issues have been on my mind for a while. Twitter is constantly evolving and I personally think there really are roads that we shouldn’t go down and principles that we should uphold.

Integrity, honesty and loyalty are very important to me. If I stop ranting for a moment about specific issues, what I really want is that principles like these be respected, upheld and defended in the online world, as they are offline.

* Which is most definitely pronounced ‘hash’, not ‘pound’. This is pronounced ‘pound’ — £.