AMITIAE - Monday 24 February 2014
Cassandra: Monday Review - Hiccups on eXtensions; Apple Updates, Sales and Progress; Samsung, Good and not so Good
By Graham K. Rogers
On Saturday evening, after downloading and watching a movie on AppleTV, I had a quick check of email, but saw the links to the accounts on my eXtensions site were down. That does sometimes happen. Usually if a couple of retries do not work, a restart of Mail will; but not this time. Looking further, I tried the website using a different link on my iPhone. Everything was dead, including the site stats and FTP. Even if I had written something, I could not upload it.
I sent email to the host service, but saw that even their local pages were inaccessible (the international page was). I tried the phone numbers: no reply. I sent email late in the evening outlining the problem, although it looked as if there were causes. Other sites were either slow or inaccessible.
It was the same in the morning and trying to use Lookup or Traceroute in Apple's Network Utility showed that the site could not be identified. I had thought this was a problem with the TH domain, but it could also have been the DNS servers.
Mercifully the site came back just after 0900 on Sunday, but as the only email had been sent at 0929 (and that was spam) it suggested that no email had been received by the site overnight, indicating a major link problem. If anyone wrote to me, Saturday evening, try again.
According to the host service, their logs showed nothing wrong. I asked them to look again. Of course, even though I did restart the router, it may have been True pretending they were an internet provider again. Actually, have you ever seen the internet map? There is one version on the NECTEC site which I link to here:
While I was writing this on Sunday evening, the site went offline again and investigations both here and from the UK indicate that DNS is the problem. Of course, trying to get anything done over the weekend was hopeless.
I was right. A message from the host told me that their DNS server had been restarted and we were back in the land of the living. It will be monitored, I was told, but when I woke Monday morning, it was down again. An update just after lunch told me that the older server that the site is hosted on had been subject to a number of DOS (Denial of Service) attacks in the last couple of days. The engineers are working on a fix, but this may mean moving everything to a new server. I may have to upload all the data from here. At least I have several backup copies.
A report by Cody Lee on iDownload has some useful information regarding the code that was found to allow a man in the middle attack through the SSL vulnerability (secure Socket Layer). The code was examined and the problem (as outlined in the article) is that a line of code has goto fail twice in one line. It is also noted in the article that OS X is affected and we may expect an update or Security Release in a day or so. In another article Cody Lee also reports that a similar update was released for users of iOS 6 (6.1.6); and I also found an update for my Apple TV.
Also carrying information on the bug was Nick Arnott on iMore and the article carries an interesting display of the code. By running your eyes down a few lines, the double goto fail can be seen. It is not actually in the same physical line - although this is the same line of code - so it may be easy to imagine how someone inserted this accidentally and (of course) it never gets seen again if all is OK.
According to a report from Jeremy Grossman that was carried by John Gruber on Daring Fireball, the problem arrived in iOS as long ago as version 6.0 and there is some speculation that this could be linked to the NSA. However, it is not known at this stage if the insertion in the code was deliberate or accidental. It is not even clear if this is the vulnerability that the NSA implies gives them a backdoor into an iPhone and the article has several possibilities.
Regarding the probable insecurity in OS X, an article on OS X Daily had some suggestions as to how users might protect themselves until such time as Apple does release the update. The second one is rather interesting and showed me that my computing could be at risk at the moment if I were to use an untrusted network:
My link for this was MacDaily News.
Hardly unexpected, those who are silent about Microsoft's insecurities (100,000+ viruses?) and the weaknesses in Android or Flash (see above) are quick to condemn. Examples include David Morgenstern of ZDNet who are often slow to praise, yet quick to rail about Apple, who is more concerned with a racy headline than balance. And to suggest that Apple is cavalier with security is crass. At least Apple found the iOS insecurity before Morgenstern and others.
Apple on the other hand seems to want to protect its users. I cast my mind back to when there was a problem with magazine and newspaper subscriptions for the iPad and, once again, customer data was one of the sticking points: Apple would not let the publishers have this; and the newspapers wanted to use this information. With the amount of spam and other unsolicited contacts we already have, I am happy for Apple to draw this line in the sand.
With Apple, True has probably contracted to take a certain number of these over the year and if they are not selling, they have to go into the bargain basement. If I read the Thai right the offer runs until 31 March and the cost is 12,900 for the 16GB, 15,900 for the 32GB version with a 20 month 0% pay plan. The number 599 is in there too, so maybe this is tied in to a carrier plan.
This may be the first move in the new masterplan of Satya Nadella, CEO of Microsoft, with Bill Gates at his shoulder. As part of the introduction to the world, he was interviewed by Adam Bryant who provides a condensed version on the NYTimes. It looks to me like business as usual up at Redmond, although there were some interesting points about conducting interviews when recruiting.
This small analysis by Reitzes contains everything that is wrong with Wall Street with its obsessions on growth, market share and innovation. And if it is not going to happen next week, well obviously Apple is dead in the water. Even thinking that Apple could be compared to Microsoft shows what a dumb analysis this was.
Actually, a quick search on Google shows that Barclays is not as smart (or as trustworthy) as all that, with security problems, ATMs failing, oh and a little difficulty with something known as libor, when Barclays tried to manipulate international bank lending rates and the bank was fined a record amount, leading to the resignation of Chief Executive Bob Diamond and COO Jerry del Missier, among others (BBC Business). And this is the type of bank that people take financial advice from? The theories of Reitzes were fairly debunked by Mark Rogowsky on Forbes.
There could also be a new MacBook Air later in the year as those in the know have examined the Intel roadmap and there should be a chip that will fit the slim device round about September. An article on AppleBitch also suggests that the MacBook Pro with Retina display could be updated (hardly a surprise), but there is no mention at all of the Mac mini. Does this plod on in its current form or will Apple spring a quiet surprise here?
With all that spare cash that the analysts (and Carl Icahn) think should be spent on them (think about it), Apple has been buying some smaller companies from time to time, as well as financing others (sapphire glass), but last week several sources, including Sarah Perez on TechCrunch, reported that Burstly, the owner of TestFlight, had been bought by Apple. TestFlight is a mobile app testing platform and the company also has SkyRocket: an in-app ad management platform.
OK, Samsung are still bad boys as there was another film, this time about Samsung, called Another Promise and Samsung pressured a newspaper in Korea to kill coverage of the movie, but (like with the Japanese texts on iPhone experiences a few months back) got found out, Casey Newton reports on The Verge. There is a categorical denial added to the bottom of the article.
Contrast this with Apple, who are being given poor coverage in the media, unlike Samsung because, Daniel Eran Dilger on AppleInsider argues, Cupertino does not pay for coverage. An example is the iOS update this week which some report as a disaster for Apple.
No more so than some of the other major software around, and we might include Flash that also had a "critical" update this weekend. I did not see much reporting on that, nor (as Dilger tells us) on Android flaws this week. This is a long article, as is Dilger's style, but it contains a lot of examples to make the case. I think it odd - from the perspective of an outsider - that the US press (and their sycophants round the world) prefer to report favourably on a shabby outfit like Samsung with its known cheating, and hit Apple when they can.
Just to rub it in, Samsung, which has been found in several courts to have copied patents, most notably those belonging to Apple, is to sue a patent holder (Dyson) for "intolerable" litigation that has "seriously hurt its corporate image", Philip Elmer-DeWitt reports, noting also that when Dyson sued Samsung in a UK court, it won $850,000 for Samsung's patent abuse.
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.
For further information, e-mail to