Marco.org

An incredible work of modern performance art.

Somebody please build a time machine so we can travel back a decade and tell 2004 John Gruber that 2014 John Gruber would star in a promotional video for Microsoft.

Ten days ago, Brendan Eich was appointed Mozilla CEO. But Eich previously funded anti-gay bigotry, which caused a huge public uproar. Three members even quit Mozilla’s board.

Today, he’s out.

We’re making progress as a society. Sometimes too slowly, but we’re making progress.

This week: Amazon Fire TV and the rest of the puck landscape, tech giants’ anti-poaching agreements, and WWDC ticketing (sort of).

Sponsored by Warby Parker, Pixelmator, and 2Checkout.

Great article by Florian Mueller about the challenges Apple faces in its “thermonuclear war” of patent lawsuits against Android OEMs, particularly Samsung.

I have had discussions on Twitter and email with Apple fans who find it hard to believe that Apple, after revolutionizing the market, can’t prevent companies like Google and Samsung from providing some of the same functionality. But Apple, like everyone else in this field of incremental innovations, is standing on the shoulders of giants. A smartphone or tablet is a mobile computer, but Apple does not own all computing technology. Apple achieved key breakthroughs for those product categories. … But Apple didn’t create all of this singlehandedly on a green field.

People often ask me, accusingly, why I criticize the patent system yet support Apple enforcing their patents offensively. The short answer is that I don’t. As you can see from these trials, the patent system really isn’t serving its purpose even for huge companies, let alone small businesses and individuals who can’t afford $40,000 to get a patent and millions more to enforce it.

The idea of the patent system is sold to gullible people as a necessary protector of small inventors — which is a nice fairy tale, and nothing more — and it reinforces the destructive but all-too-common fallacy that great ideas are rare, novel, unique, and immediately so valuable that simply having a great idea will suddenly cause somebody, somewhere, somehow to make you rich and you’ll never have any problems again.

We therefore value ideas above their execution, and that’s exactly how the patent system is designed, despite history showing that good execution is far more important and provides far more value to society in almost every instance regardless of who filed the first patent on the underlying idea. (Not to mention the value to society of a vibrant market of diverse, competing alternatives.)

Like most laws and policies that chiefly benefit lawyers and big business, our voters, lobbyists, and politicians will keep supporting the patent fairy tale indefinitely as the rest of us get taxed, shaken down, or bankrupted by its reality.

None of them are ever going to agree, within any of our lifetimes, that the dysfunction in the patent system is inherent to the entire concept of patents. Trolls, NPEs, and East Texas aren’t the problem — they’re just distractions. No “reform” will ever really fix patents because it’s just not possible to.

As for Apple and Samsung, while it probably isn’t legally possible to protect innovative UI — and that’s a net win for society — the best we can do is hold ourselves to high ethical standards. Samsung is institutionally and permanently tasteless, shameless, and crass to its core. They are, and always have been, professional rip-offs. If you want to support them, that’s on you.

Personally, while I don’t believe patents should legally protect this sort of thing (or anything), I value originality enough to vote with my publicly stated opinions and buying choices.

Scotty Loveless:

This article is a product of my years of research and anecdotal evidence I gathered in the hundreds of Genius Bar appointments I took during my time as a Genius and iOS technician, as well as testing on my personal devices and the devices of my friends. …

This is not one of those “Turn off every useful feature of iOS” posts that grinds my gears. My goal is to deliver practical steps to truly solve your iOS battery woes.

Great tips. The low-reception-areas tip is especially good — I learned that many years ago when we’d travel to very rural places in upstate New York.

Last time I flew cross-country, the two passengers next to me both left their iPhones in fully-on normal mode. I put mine in airplane mode.¹ All three of us used our phones periodically during the flight. When we landed, their batteries were both nearly dead (which they loudly complained about for 20 minutes) and mine was still over 70% charged.

While Tonx gets Blue Bottle’s sourcing and roasting, and the ability to do more online and in store, it’s surrendering control to do that. “We are going to work with them to make sure they maintain the profile of coffee we’ve worked on,” said Konecny, “but it will be a Blue Bottle sourced and roasted product.”

Presumably, there will now be a 25-minute line between you and each box of Tonx beans that arrives in your mailbox.

And from Tonx’s announcement:

Further down the road we will sunset the Tonx brand and unveil a new and even richer experience closer to our original ambitious vision under the Blue Bottle banner.

I like these guys and their coffee. I wish them the best. But this reads like a routine Silicon Valley acqui-hire, and it’s hard to anticipate anything but the usual results. Prove me wrong, Tonx.

Microsoft officially ended Windows XP support today, including security updates.

Despite advanced notice of the decision, the 13-year-old XP is still used on almost a third of all personal computers worldwide.

What could possibly go wrong?

Rosemayre Barry of London-based business, The Pet Chip Company, is one manager who is puzzled and more than a little annoyed that she has been faced with the XP dilemma.

“XP has been excellent,” she says. “I’m very put out. When you purchase a product you don’t expect it to be discontinued, especially when it’s one of [Microsoft’s] most used products.”

Microsoft has the best customers.

When Windows XP was released in 2001, I was 19 years old. I had just started my second year of college and was learning C, carrying a Palm Vx, and playing Max Payne on my brand new, self-built Windows PC with a 1.33 GHz Athlon, GeForce 3, and two of IBM’s notorious Deathstar drives in RAID-0 (which turned out as you’d expect). I was even still fruitlessly using Rogaine rather than accepting my hair’s fate (it was pretty bad even at 19), which was almost as stupid as having two Deathstars in RAID-0 with minimal backups. Weezer had only released one terrible album so far, while American Hi-Fi and Jimmy Eat World were brand new.

That was a long time ago. We’ve all moved on. Microsoft should be allowed to move on, too.

I don’t know how they can, though. I still see the even older Windows 2000 in widespread use, usually in government and big, boring businesses like banks and hospitals. (Windows 2000 was fantastic at the time, but to give you an idea of what that time was, the first computer I ran it on had approximately the same CPU power, and exactly the same amount of RAM, as the first iPhone.)

People just don’t care to upgrade. Windows XP still “works” for them, and the upgrades are different, which is bad. Can Microsoft really stop issuing security patches? I guess they have to at some point, but this is how botnets start.

I’ve been assuming that everyone heard about this yesterday, but it’s still news to many, so it’s good to yell about it. If you’re responsible for any servers or VPSes at all, and they run any of the affected versions of OpenSSL, you need to patch them ASAP. Many Linux distributions, including the very conservative Red Hat Enterprise Linux and CentOS 6.5, are affected.

This bug is particularly severe: it allows anyone to get your private SSL key and certificate by simply making malformed TLS requests. Effectively, this completely defeats the benefits of SSL.

Test your vulnerability with Heartbleeder. It’s pretty shocking how many services, including many hosted by cloud providers that manage this for them, are still vulnerable a day after most Linux distributions had patches available — part of the problem is that this will also affect any load-balancer or other hardware that decrypts SSL for you before proxying unencrypted traffic to your webservers.

After you’ve patched, since your private key may have been compromised, you should regenerate your SSL certificate from scratch. (Don’t just use the same key and CSR.) Most SSL issuers will allow you to reissue or re-key certificates for free.

When you’re done, while you’re in your app’s SSL guts, it’s a good idea to test your configuration for best practices. (The best I’ve gotten without losing IE support is an “A-” grade.)

A good one this week: WWDC tickets, Heartbleed, Dropbox Carousel, and a spirited after-show about the causes of app crashes and Casey’s phonographic tea ceremony.

Sponsored by Backblaze, New Relic, and Transporter.

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

Of course they did. Assholes.

I’m with Joel Housman on this one. Obama’s campaign was so unbelievably full of shit that I regret ever having supported it. I thought I was voting against Bush-era principles, but I was foolish to believe that I was being presented with any real choice.

It’s a shame that the American people are so easily distracted by media fads and planted political non-stories to understand the real ways that our actual rights, our actual freedom, and our actual national security are being destroyed by our own government while the idiots are all kept busy arguing about which minorities they want to persecute next.

If an organized hacker ring sabotaged security standards and major tech infrastructure for years, compromising the security of hundreds of millions of people and many governments including our own (and potentially causing billions of dollars in damages when these exploits were found by others), and exploited any flaws they found or created to spy on millions of people in the world including our own citizens, what should they be charged with?

Mass criminal sabotage, cybercrime, cyberwarfare, and computer fraud? Obviously.

Terrorism? Maybe, but not quite.

At what point do the NSA’s actions qualify as treason?

I’d say they’re well past that point.

Josh Constine reports:

For Google to win, it needs to attract the best designers to its team and get beautiful third-party apps built for its platforms. Yet right now it’s Google’s rival Apple and the iOS ecosystem that are known for their style. So this year, Google’s Jon Wiley tells me it’s “doing a really big push around design” at its 2014 I/O developer conference by adding sessions on Android UX, wearable app design, speech interfaces, and more.

This is a nice idea and it’ll make for a few nice headlines, but it’s not really going to accomplish much.

First, the idea that Google needs to attract designers to “win” against iOS is misguided at best. But that’s a discussion for another day.

A software platform’s UI and design ethos can’t be changed on a whim by conference sessions and a marketing push. It’s deeply ingrained, built over the platform’s entire lifespan, and very slow to change. Android’s best apps usually aren’t as good as iOS’ best apps because people who value and demand the best apps — both customers and developers — overwhelmingly choose iOS.

The platform sets the standard for the apps. Developers and designers take cues from the platform, striving to fit in even when pushing the limits. iOS’ design is clear, high-quality, strongly opinionated, and consistent. It inherently expects quality. There are tons of shitty apps, too, but developers who care about good design are given a strong foundation to build upon and strong environmental norms for inspiration.

Android’s design is always “getting better”, but never great. It’s less opinionated, less consistent, and less clear. There are still a lot of rough edges and tiny annoyances that add up. The culture capable of shipping that is always going to be a culture in which design is a checkbox that can be added later, not a core principle considered with every decision at every level.

By boosting the design side of I/O’s program, Wiley hopes Google can inspire more developers to treat their users as humans, rather than just growth metrics.

Android developers will follow Google’s lead on that.

A lot of customers have been choosing DigitalOcean because they were all-SSD and had cheaper RAM until now. Linode’s response is strong: I suspect this will win a lot of people over.

In case anyone’s interested, I ran Geekbench on my Linode on the previous (now-awkwardly named “next-gen”) infrastructure, then upgraded it to the new one (a delightfully easy process — click a link in the dashboard, wait in a queue for a little while, endure about an hour of downtime while it’s migrated, and then it’s done) and re-ran the benchmark.

Here’s how their CPU performance compares: new on left, former “next-gen” on right. The new setup is substantially faster, at about 73% faster at single-threaded tasks and 114% faster at multicore usage, despite a reduction from 8 virtual cores to 6 — clearly, despite the core count, we’re being permitted to use more of the CPU power than before, coming respectably close to this CPU’s bare-metal performance when normalized for core count. Hacker News commenters have even made themselves useful for once and have benchmarked the I/O performance. Subjectively, I’ve found the new hardware to be much faster for my apps.

Competition is great.

(If you’re interested, I have a referral link.)

This week, we talked about computers. We also found time to talk about vinyl sound, Apple/Samsung trial documents, Greg Christie’s departure, pCell, performance vs. scaling, and why I never use JOINs.

Sponsored by PDFpen for iPad, Igloo, and New Relic.

Regarding our scalability-vs.-performance podcast discussion, Brent outlines Vesper’s scaling plan:

I don’t think I’ll ever have to do any of this — but I can, if I need to, with only small code changes.

That, right there, is the definition of scalability.

You can delay scaling by buying faster hardware… until you can’t. Then what?

Scalability means having a plan for “Then what?” that doesn’t involve massive changes to your codebase.

I still can’t believe that this is real.

But increasingly a victim of its own image and hidebound ways, golf has lost five million players in the last decade, according to the National Golf Foundation, with 20 percent of the existing 25 million golfers apt to quit in the next few years.

People under 35 have especially spurned the game, saying it takes too long to play, is too difficult to learn and has too many tiresome rules.

Many of golf’s leaders are so convinced the sport is in danger of following the baby boomer generation into the grave that an internal rebellion has led to alternative forms of golf with new equipment, new rules and radical changes to courses. The goal is to alter the game’s reputation in order to recruit lapsed golfers and a younger demographic.

Keep reading. I’m serious. It gets worse.

If the golf industry is really serious about attracting new players, I have a hard time believing that the real issue is the difficulty of the game. That sounds like an unproven “millennial”-patronizing theory by grumpy old white men. (Surprise.)

If I had to guess, golf’s biggest problems are both from its tight relationship with country clubs and other expensive private courses:

1. Fewer people are able to afford country-club membership. Sorry, rich old white people: you, your corporations, and your politicians mostly did this to yourselves by your policies and practices over the last few decades.
2. The few younger people who might be able to afford to play golf and/or join country clubs are choosing not to, probably because of the culture of racism, sexism, artificial elitism, exclusion, and pretension that have dominated the golf world for decades. That entire world is out of style, and good riddance to it.¹ I can’t think of a worse way to spend money than a country-club membership that might, someday, grant me the “privilege” of playing golf on their course. Oh, and you better be wearing a suit jacket in the clubhouse so you look proper for the guy at the next table who’s talking about how Obama is taking all of his money and giving it to lazy poor people. Sounds like a great place to spend all of my time and money!

Huge holes and free mulligans won’t fix either.

By Don Melton, the former Safari Guy:

I was certainly not some kind of confidant. In fact, he probably always thought of me as the “Safari Guy.” Which is fine by me since there were worse ways for Steve Jobs to think of you.

Of course, Steve could recall my real name, too. Anyone at Apple or Pixar — both large organizations — will tell you that Steve knowing your name was an honor. But also occasionally a terrifying responsibility. That was the bargain.

I’ve read a lot of people’s Steve Jobs stories, and many just aren’t worth the time. Don’s definitely is.

The best part:

The two financial “inventions” tossed out on Wednesday didn’t originate in IV’s labs, nor with programmers or any bank—they both came from the homes of patent lawyers.

People with vested interests in the patent system keep championing the ideal of the “individual inventor”, but it’s mostly a myth. Patents benefit only patent lawyers and the richest corporations able to afford them.

Two good ideas from the Elevation Dock people. But knowing their luck, Apple will ship new Retina Thunderbolt Displays and iMacs in three months with an all-new stand design and a “space gray” finish that matches the new Mac Pro.

I propose a significant change to the “Elevation Anchor” headphone hooks, though. For a couple of years, I’ve been hanging my headphones on a beautiful pair of Tinkering Monkey headphone hooks (which I think are discontinued). They use adhesive and an optional screw, but the screw should not be optional: using only the adhesive, they fell off the bottom of my desk numerous times. A few of those drops killed my 380 Pros. (Even the screw isn’t great — its outer radius is held in only by a very thin piece of wood. I lost one Hook to that little piece cracking.)

If the Elevation Anchor had a strong screw hole (or, better yet, two — one on each side of the bracket), I’d buy two in a second.

Underscore David Smith did a great miniseries in his great podcast on practical, plausible ideas for improving the App Store, then wrote up his ideas here.

I agree with almost everything. I don’t have high hopes for any of these changes, though.

Apple has shown, by consistent inaction over the last six years, that they simply aren’t interested in putting substantial effort into improving the App Store. It’s just not a priority. They’ll do the bare minimum to keep it working, and not much more.

And I think they’re committing a massive long-term strategic error.

This is certainly a substantial win, but it’s less groundbreaking when you read that it’s only for HBO’s old shows like The Wire and The Sopranos:

The deal also includes “early” seasons of Boardwalk Empire and True Blood. Newer shows like Girls, The Newsroom, and Veep will eventually be made available to Prime subscribers, but not until three years after they’ve first aired on HBO. And other hits like Game of Thrones aren’t even mentioned as part of the deal…

It’s better than nothing, but it probably won’t change much for HBO, Amazon, or the primary “losers” in this deal: Netflix and (indirectly) Apple.

Worth it for the photo alone.

I don’t know what’s more impressive: that everything worked, or that Macworld was able to find 22 different Thunderbolt peripherals.

Kristin Paget, former Apple security employee, on Apple not issuing simultaneous iOS and OS X patches for shared security vulnerabilities:

Is this how you do business? Drop a patch for one product that quite literally lists out, in order, the security vulnerabilities in your platform, and then fail to patch those weaknesses on your other range of products for weeks afterwards? You really don’t see anything wrong with this?

I’m still quite offended that the “goto fail” vulnerability was left in 10.9 for days after it was emergency-patched in iOS because, apparently, Apple felt that Mac security was unimportant enough that they could just roll it into the 10.9.2 update rather than bearing the work and costs of a separate fix released simultaneously with iOS’.

Apple’s security practices are so advanced in many areas, yet so neglectful in basics like this. Worst of all, they don’t seem to think there’s anything wrong with this.

Surely, avoiding the reputation damage they’d incur if one of these gaps was widely exploited is worth the cost of simultaneous patches.

This week’s a good one: Developers learning new things, using OS X betas, Thunderbolt 3, what’s holding the iPad back, whether tablets will be marginalized by bigger phones and smaller laptops, and the Sega CD.

Sponsored by New Relic, lynda.com, and HelpSpot.

Alexia Tsotsis and Matthew Panzarino:

According to two sources, Google has apparently been reshuffling the teams that used to form the core of Google+, a group numbering between 1,000 and 1,200 employees. … Basically, talent will be shifting away from the Google+ kingdom and towards Android as a platform, we’re hearing.

I suspect we’ll look back on Google+ as one of the worst strategic moves Google ever made. It has cost them dearly in talent, morale, and the quality of their other products.

By drastically changing strategies, which appears to be what they’re doing, they can probably recover in a few years. Probably.

Jason Snell:

What was intended to be a special collection of apps has, instead, become a second-class collection. That’s why it would be better for everyone concerned—Apple, users, app developers, and publishers (including Macworld)—if Newsstand just vanished.

Agreed. As a developer, Newsstand was limiting. As an iOS user, Newsstand is infuriating: it’s either an empty folder you don’t want, or a needless barrier to accessing your publication apps.

I’d say Snell’s wish for auto-updating “issue” icons for media apps outside of Newsstand isn’t even necessary. When a new issue comes in, just use the same mechanism we’ve had for years: an unread-count icon badge. (Or join this century and dispense with “issues” altogether.)

Great article by Gerry Conway on Amazon’s removal of in-app purchase from ComiXology and the likely ramifications. I’d like to push back on two points, though:

So why did Comixology do this? Why did they take a successful platform with a proven track record for introducing new casual readers to comics, and turn it upside down?

The answer, of course, is simple. Comixology didn’t do it, because Comixology as a company no longer exists. It’s a software product and a website; it isn’t an independent entity anymore.

It’s Amazon.

Sure, this was Amazon’s cheap, self-serving move to capture more profit for themselves even if it makes the product worse. But that’s what Amazon does. Amazon has never shown any respect for product quality or user experience, and they sure as hell don’t care if a change that benefits them also negatively affects small publishers.

The blame for this lies solely with ComiXology for selling to Amazon. Nobody familiar with Amazon’s treatment of authors and publishers would responsibly hand them complete control of a major distribution system if they cared about the ramifications to the publishers and independent authors.

Either ComiXology was so naive and negligent that they didn’t think Amazon would do what it always does, or they cared more about the money than the future of their industry (and their customers) and simply sold out.

Amazon did this. It did it for one reason, and one reason only: to advance their proprietary hardware platform, the Kindle, at the expense of Apple’s platform, the iPad and iPhone.

That’s not it. Amazon’s motivation is to lock up and control as much distribution as possible. The Kindle devices and platform are simply a means to that end. That’s why the hardware is sold with razor-thin (or no) profits: their sole purpose is to get you buying content from Amazon.

Removing the in-app purchase is simply Amazon taking that 30% for themselves. (It’s not like there’s any chance it’s going to the publishers.)

Large front image • Large back image • Source code

Available only for the next 12 days, it’s probably the first open-source tech-podcast shirt, and one of the first T-shirts designed in Xcode.