Balance (Security vs. Usability)

I suppose this should be filed under “Get More Pageviews”, but nonetheless, I took the click-bait to Sophos’ calling Apple out on making the iPhone 4S safer to use while driving easy to access by bypassing your passcode. My main issue is that they take what is a legitimate concern regarding the tradeoffs between security and ease of use (and even safety of use while driving) and instead paint it as a deliberately cavalier attitude towards data security.

What’s disappointing to me though is that Apple had a clear choice here.
They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system.

You see what he did there?

Ever notice how an expert in a certain field will only ever see choices from the perspective of that field? Interesting how there is the assumption that the only options were secure and insecure. It’s like he just assumes that nobody will ever try to use a phone while driving, something that seems like it would gain a huge safety improvement by reducing phone interaction.

On my lowly iPhone 4, if I want to call my wife while I’m on the freeway to see if I need to stop at the store, I’d have to:

  • Pick up the phone
  • Press the home button or the power button
  • Swipe across the bottom of the screen
  • Tap in my passcode, or, as suggested in the Sophos article, my complex alphanumeric-with-symbols password
  • Tap the Phone icon
  • Tap the Favorites button if it’s not already on the Favorites page
  • Tap my wife’s entry

With an iPhone 4S and Siri, I’d presumably need only to:

  • Pick up the phone
  • Tap the button that activates Siri
  • Speak: “Siri, call my wife.”
  • Acknowledge Siri’s confirmation of my request by saying, “Yes.”

I wouldn’t ever have to look at the phone. The only touch target I’d need is a physical button on the phone, which is easy to locate without looking. It’s only marginally more complicated than asking a real person sitting in the car with you to dial the phone for you, because you have to push a button two times. I’m reasonably certain it’s this use case which Apple designers and engineers had in mind when setting the default options on the iPhone 4S, with the assumption that the security-conscious people could find and disable the “enable Siri while iPhone is locked” option themselves.

After all, while the iPhone is a popular device for businesses, it’s not the only market Apple sells to. Apple is going to make the choice, every time, to make it’s products easy and delightful to use for its primary customer base.

You know, ordinary people.

Advertisements
Balance (Security vs. Usability)

I really need to meet this Systems Boy…

… Or at least add him to my daily reading.

My last source of confusion (on this matter, at least) is that people are going after Apple on this at all. Until the iPhone there was never an expectation that phones should either run Flash or be open. A phone is not a personal computer. It’s a phone. All smartphones are just phones. They play by a whole different set of rules. And that set of rules is much longer and stricter than that of a personal computer. No one ever complained that Nokia’s phones weren’t open. Or Motorola’s. Or Samsung’s. Why now is it completely offensive that Apple’s phones should be? Moreover, there are no phones in existence today that can display Flash content because of all the reasons cited by Jobs in his letter. Google’s phones don’t. Neither do Palm’s. So why is everyone going after Apple? It’s just crazy.

Quick update: About the only thing that has changed since he posted this, I think, is that Google has announced with Adobe that they’re going to get Flash on the Android platform. We’ll have to see how that turns out, but I honestly don’t have high hopes, primarily because touch is not the same as keyboard, monitor and mouse, and I’m not sure Flash content designed for web-on-PC will translate well.

I really need to meet this Systems Boy…

Dear Adobe Reader Safari Plugin: Die.

If you’re anything like me, you have a strong dislike for all the stupidity that surrounds the Adobe Reader (formerly known as Acrobat Reader.)

I won’t go into the details here (though this guy can explain it in great detail), but because I very occasionally need features of Adobe Reader, I still keep it installed on my Mac, while I use Preview for all my other PDF needs. I’ve gone so far as to install the Firefox PDF Plugin for Mac for when I use Firefox, just to avoid Adobe Reader. And, really, there’s no point in Adobe Reader for most cases where you just want to be able to view or print PDF files. Doubly so, since Mac OS X lets you print any document to a PDF file as a default feature of the OS.

There are, though, edge cases where having Adobe Reader installed and available are useful. So I have it installed, but I refuse to use their web plugin. Adobe doesn’t care, though, and will periodically, sometimes randomly, and sometimes even without my consent, re-install the plugin. Even though I’ve told it not to. Adobe Updater, I’m looking at you, here.

Sadly, my solution is heavy-handed. I created a launchd task that will forcibly remove the Adobe Reader plugin from /Library/Internet Plugins whenever it’s created. It’s fast, efficient, and works.

And, as soon as I can figure out the new wordpress theme, I’ll post it here in a legible form

UPDATE: Thanks to Lynne and Chad on Twitter for suggesting the Preserve Code Formatting plugin!

And now, the Launchd config. Save this as:
"/Library/LaunchDaemons/org.unnerving.RemoveAdobeReaderPlugin.plist"


Label
org.unnering.RemoveAdobeReaderPlugin
ProgramArguments

rm
-rf
/Library/Internet Plug-Ins/AdobePDFViewer.plugin

QueueDirectories

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

WatchPaths

Dear Adobe Reader Safari Plugin: Die.