Apple Mail malaise (update)

There’s no program on my Mac that’s annoyed me more over the last year than Mail. Which is funny, because for years I held up that program as an example of Apple working to fix customers’ problems while Microsoft let Outlook Express decay.

Apple Mail about boxBut sometime during the development of OS X Mavericks, Mail went off the rails. It shipped with a bug that made syncing with a Gmail account awkward to implausible. Apple fixed that within weeks, but other problems lingered through many or all of its updates to Mavericks:

  • Searching for old messages was intolerably slow, to the point where it would be faster to grab my iPad, log into the relevant account and start the search… after first running up and down the stairs to find that tablet.
  • Switching back to Mail from other apps would leave the insertion point randomly shifted to a point months or years in the past–which, to be fair, is great for cheap nostalgia.
  • Some mailboxes would be shown sorted by subject instead of date, never mind that sorting by subject is a total waste of time unless a mail client can’t handle search (ahem).
  • More recently, Mail began forgetting the custom app passwords Google generates for mail clients and other apps that can’t process its two-step verification codes.

Apple’s updates fixed some of these issues before OS X Yosemite. I don’t think I’ve seen a mailbox randomly sorted by subject in months, and I haven’t had to open Keychain Access to copy a saved Google app password back into Mail since last month.

Yosemite, to judge from its performance on my MacBook Air, has also returned search in Mail to a state of good repair. I can only hope Apple keeps working on these other issues. Because between Web-mail’s issues with offline access and working with other apps and the lack of a compelling alternative client (understandable, given how many people rely on Web-mail or don’t spend as much time in a mail client as me), firing this app just doesn’t seem too practical.

And at least the prominent mentions of Mail in Apple’s product page for Yosemite suggests the company realizes it can’t leave this app in maintenance mode. If only I could say the same for iPhoto…

Your con-call invitation isn’t as enticing as you think

I enjoy talking shop, but not so much when I first need to call a toll-free number, punch in a four-to-six-digit code, press the pound key, speak my name after the beep and be dumped into a cybernetic void in which I must wait to hear the sound of another human voice.

Con-call invite from OutlookNo, I’m not a fan of conference calls. Part of that is a common rationale–they allow a PR minder to be on the line and make sure nobody says anything too compromising–but, really, most of it is the exasperating user experience.

That starts with the con-call invitation, which inexorably arrives on my Mac as a blank e-mail consisting only of a “Mail Attachment.ics” file. OS X’s Quick Look won’t reveal its contents, so I must open it in Calendar to see that it contains the number, con-call code and time that should have been in the e-mail itself.

Make me open another program to see what you’re talking about in your e-mail? No.

To judge from the headers of these messages, this is a Microsoft Outlook-transmitted social disease–sending a calendar invitation from inside that sprawling program must not offer the sender any hint of how it will be displayed to a recipient. In my case, it’s badly: Not only does Mail for OS X throw up its hands, the Gmail app for Android doesn’t even show this file.

(And yet Mail for iOS displays a nifty calendar widget for those invitation messages. Apple’s inability to keep its desktop mail client at feature parity with its mobile mail client is a subject for a future rant.)

After the aforementioned routine of punching in numbers and waiting for a response, I often face an extra challenge in con-calls with more than one executive, or in which the publicist and the executive are of the same gender: figuring out which of two or three white guys is speaking at any one time.

And have I mentioned that this is the tech business? There are good, Web-based conference systems that let you connect by clicking a link and then make it easy to tell who’s there and who’s talking. I’ve used UberConference and it was terrific; I hear great things about Speek but haven’t used it yet (note that a friend works at that D.C.-based startup); video chat through apps like Skype, Google+ Hangouts, Vidyo or Rabbit works too, as long as I tidy up the parts of my home office within camera view.

And yet when a company wants to talk up its technological prowess, we must jack into the AOL chat room of group voice communication. PR friends, if your client insists on that routine, can you at least do me a favor and dial my phone directly before patching me into the call?

About these ads

Heartbleed and bleeding-heart open-source advocacy

For at least the last decade, I’ve been telling readers that open-source development matters and helps make better software. If everybody can read the code of an application or an operating system, there can’t be any hidden backdoors; if anybody can rewrite that code to fix vulnerabilities and add features, the software’s progress can’t be thwarted by any one company’s distraction, fraud or bankruptcy.

OpenSSL pitchMy glowing endorsement of Mozilla Firefox 1.0 in November 2004 set the tone:

…the beauty of an open-source product like this is that you can participate in its evolution. Firefox’s code is open for anybody to inspect and improve...

Since then, I’ve recommended open-source operating systems, office suites, anti-virus utilitiessecure-deletion tools, file-encryption software, two-factor authentication apps, PDF exporters, DVD rippers and video-playback toolkits. And I’ve had one phrase in mind each time: Given enough eyeballs, all bugs are shallow.

My experience using open-source software tells me this is true–even if that doesn’t guarantee a constant rate of improvement or an elegant interface.

And if any genre of software should benefit from this method of development, it ought to be code that Web sites use to secure their interactions with users from eavesdropping: Everybody sending or storing private information needs this feature, billions of dollars of transactions are at stake, and you don’t even have to worry about wrapping a home-user-friendly UI around it.

True, right? Except Heartbleed happened. Two years ago, an update to the widely-used OpenSSL encryption library added a “heartbeat” function that made it easier for sites to keep an encrypted session going. But it also harbored an disastrous vulnerability to buffer-overflow attacks that would cause a site to return 64 kilobytes of whatever happened to be adjacent in the server’s memory to an attacker: usernames, passwords, e-mail content, financial transactions, even the private key the site uses to encrypt the session. And the attacked site can’t check afterwards to see if it got hit. I defy the NSA to script a better hack.

And despite buffer overflows being a well-known risk with documented defenses, nobody caught this for two years. Two years! It took a Google researcher and engineers at the Finnish security firm Codenomicon to find the bug separately and report it to the OpenSSL team.

How bad is this? Ask security researcher Bruce Schneier:

“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.

It seems that everything that could go right in open source development went wrong in this case. As an excellent story from Craig Timberg in the Post outlines, the free nature of OpenSSL made it an obvious choice for hundreds of thousands of sites and something of a natural monopoly, that same enormous deployment of OpenSSL encouraged people to assume that they themselves didn’t need to inspect the code that carefully, and OpenSSL developers got so little financial support from the corporations relying on their work that they couldn’t even subject their code to a proper security audit.

The stupid thing is, we knew this could happen. See John Viega’s 2000 essay, “The myth of open source security,” in which he outlines how thousands of users failed to catch “a handful of glaring security problems” in code he’d contributed to the Mailman mailing-list manager:

Everyone using Mailman, apparently, assumed that someone else had done the proper security auditing, when, in fact, no one had.

That doesn’t mean that closed-source development suddenly looks better. (When all this is done, Microsoft’s proprietary and hideous Internet Explorer 6 may still have greased the skids for more successful attacks than OpenSSL.) But it does mean that selfishness/laziness/distraction and open source can become a toxic mix, one we should have seen coming.

Updated, 10:25 a.m., to add a link to Viega’s prescient article.

Reader suggestions for fixing an iMessage mess

Sunday’s USA Today Q&A about getting one’s mobile number untangled from Apple’s iMessage service looks to be one of the most-read columns I’ve done there. It’s also drawn more than the usual amount of reader feedback–including two reports of remedies that I had not discovered during the week or so I spent digging into this issue.

iPhone Messages settingsOne came from an AT&T subscriber in Minnesota:

A few days before the article I had the same problem and called AT&T.  They had me text the word ‘stop’ to 48369, to which I got the response: “FREE MSG: Apple iCloud ID Verification: You have been unsubscribed and will no longer receive messages. 1-800-275-2273″

I’ve since found one confirmation of that fix in a Reddit comment and a posting on Apple’s tech-support forum. There’s also an Apple tech support notice… which only describes this procedure as a way to stop Apple from sending AppleCare identity-verification messages to a wrong number.

A reader in Washington who said he works “at a major phone retailer” sent in a different suggestion that he said “always” works: Reset your Apple ID password.

Go to https://iforgot.apple.com/password/verify/appleid Enter your Apple ID in the space and just reset your Apple ID password. Even if you don’t have access to that email or security questions, it will remove all Apple registered devices from iMessage instantly.

In case you were wondering: Neither suggestion came up in the background conversations I had with Apple PR, even though one is allegedly endorsed by Apple support.
But that’s not nearly as important as whether either cure can earn an endorsement from you. If you’ve found either one successfully exfiltrated a number from iMessage–or if you have a different fix to share–please leave a comment with the details.

When do you decide it’s time to fire an app?

I guess I don’t have to drag the icon for Apple’s Mail program out of the Dock after all.

Mail iconAn update shipped Thursday fixed the ugly Gmail-synchronization bug that I had been displeased to confirm in OS X Mavericks. Until then, I was about 90 percent sure that I’d have to dump the e-mail app that had been my daily driver since abandoning Eudora on the Mac at least a decade ago.

The likeliest replacement was Airmail, except its lack of support for the nifty data-detectors feature that lets me create calendar events from mentions of dates or times in messages had held me back.

Also, I’m really slow to move from one app to another, to the point that seemingly minor feature requirements like that become an enormous obstacle.

I still have Safari as my default browser in OS X, even though Chrome does a lot of things better–aside from automatically filling in contact information from my Contacts entry. And I continue to use iPhoto for my pictures, despite its glitches and Apple’s apathy about fixing them (although with 55 GB of photos, moving to a new photo-management app would be a non-trivial endeavor).

About the only major app that has exited my workflow in recent years is Microsoft Word. But since I’d have to pay for a no-longer-so-current version of that–while either Google Docs or TextEdit augmented by WordService provide all the tools I need for my formatting-free writing, leaving Apple’s Pages sufficient for the occasional venture into graphic design–that was a much easier call to make.

What was the last program you fired for cause? Tell me about it in the comments.

Why Web-mail alone doesn’t work for me

I installed OS X Mavericks on my MacBook Air Wednesday, and now I can no longer use my Google-hosted work e-mail account in my laptop’s copy of Apple’s Mail–an undocumented change in how that client treats Google IMAP accounts has made them borderline unusable, at least if you want to move a message out of your inbox.

Gmail Offline app(Thanks, Apple! Really, you shouldn’t have.)

My complaint about this issue yielded the responses I should have expected: Why not just use only Web-mail? That’s a fair question. Here are a few reasons why I’d rather not:

Offline access. Google does provide a capable offline app for Gmail, and I use it all the time–but its Chrome-only Gmail Offline can only download the last month’s worth of mail. To find anything older, I need to get back online. It’s also easier to take my e-mail to another host if all my old messages are already synced to my hard drive.

A separate tool for a separate task. Because a mail client has its own interactive Dock or taskbar button, it can show in real time how many messages have arrived–and can’t get overlooked among 20 other open browser tabs. And without ads or a browser toolbar that doesn’t help with mail management, I can see more of my mail.

Message management. It takes fewer clicks to select a batch of messages and move them to another folder–especially if they’re not contiguous–in a local mail client than in Gmail’s standard interface, much less the simpler Gmail Offline.

Quick Look. If somebody sends me a Word, PDF or some kind of complex document, I can get an instant preview of it by selecting the document and hitting the space bar, courtesy of OS X’s Quick Look feature. In Gmail, I have to wait for the file to download and preview in a separate window.

Better calendar integration. Both Gmail and Mail can create a new calendar event if they see a date or time in a message, but Gmail insists on adding that to your default Google calendar. Mail allows you to add it to the calendar of your choice.

Individually, these are little differences, but they add up. And while a better Web-mail system could address them all someday, I can have these things on my checklist today with a functioning client running on my Mac. It’s too bad Apple chose to break its own.

So do I now switch to something like Postbox or Airmail–or do I get around Google’s wonky implementation of IMAP entirely by switching to, say, Microsoft’s newly IMAP-comaptible Outlook.com? That’s a topic for another post. But I welcome your input in the comments.

Overlooked E-Book Chapter: DRM Makes Monopolies (2012 CEA repost)

(Since a site redesign at the Consumer Electronics Association resulted in the posts I wrote for CEA’s Digital Dialogue blog vanishing, along with everything there older than last November, I’m reposting a few that I think still hold up. This one ran on April 17, 2012; since then, sci-fi publisher Tor Books–a subsidiary of the Macmillan publishing conglomerate–has gone DRM-free, but most of the industry has yet to take that step.)

Even if you’ve been following the e-books story for the past five years, it can be hard to define the heroes and villains of that plot.

First Amazon was the innovator, liberating us from paper with its Kindle. Then Apple was going to upend things with the iPad’s iBooks app and store. Now the Department of Justice says that the real problem is an unholy union of the publishers and Apple.

E-book reader appsIn an antitrust lawsuit announced last Wednesday, the DoJ charged Hachette Book Group, HarperCollins Publishers, Simon & Schuster, Macmillan, Penguin Group and Apple with conspiring to fix prices, to the disadvantage of consumers and Amazon.

The first three publishers have already agreed to a settlement that will block “most-favored nation” clauses that prevent e-book stores from discounting titles while allowing them to place other limits on the sale of their work. Meanwhile, Macmillan, Penguin and Apple continue to fight the suit.

It’s an immensely complicated issue, colored to a large degree by who you think is more evil. Is the problem the big publishers targeted by the DoJ’s suit, who allegedly colluded over dinners in expensive Manhattan restaurants? Or is it the gigantic Seattle retailer, which both controls a huge share of e-book sales and has been getting into the publishing business itself?

(A CEA press release posits a third foe, quoting association president Gary Shapiro calling the lawsuit “another sad milestone in our government’s war on American companies.”)

But the basic issue at stake here is not complex: ensuring vigorous competition in e-books that eliminates the need for court battles and consent decrees. And in that context, you can’t ignore how publishers have not just given Amazon a tool to build a monopoly but required its use.

This is the “digital rights management” restrictions required by publishers on e-book titles sold through all of the major online outlets–not just Amazon’s Kindle Store but also Barnes & Noble’s Nook store and Apple’s iBookstore.

DRM is supposed to stop unauthorized copying and sharing by making a copyrighted work playable, readable or visible only on authorized products. It’s not always a huge annoyance: DVDs and Blu-ray discs employ standardized–if easily circumvented–DRM that doesn’t limit you to player hardware or software specifically approved by a movie studio.

But in the world of digital downloads, DRM usually locks the “buyer” of a DRMed item into using only one vendor’s hardware or software.

(The scare quotes are necessary because the license agreements for many DRMed items stipulate that you don’t actually own those downloads.)

If you want to keep your future hardware and software options open, this favors doing business with the e-book store that offers the most DRM-compliant reading options.

That store, by a hardcover-thick margin, is Amazon. Beyond its growing family of Kindle reader devices, including last year’s Kindle Fire tablet, it also ships reader apps for Windows, Mac OS X, Linux (via a “Cloud Reader” Web app) iOS, Android, Windows Phone 7, BlackBerry and even HP’s now-abandoned webOS.

Barnes & Noble, by contrast, only provides Nook reader apps for iOS, Android, Windows and OS X. And Apple limits iBooks to its iOS devices.

Considering that evidence, where do you think somebody ought to shop?

So long as DRM stays part of the plot, every Kindle reader sold, every Kindle app installed and every Kindle title purchased will strengthen Amazon’s hand.

DRM can’t solve this problem, any more than any form of DRM tolerable to home users can abolish copyright infringement. But ditching it would erase the equation. If you could buy an e-book in a standard format that, like an MP3 music file, would be playable on current and imaginable future hardware, it wouldn’t matter which store sold it. There would be no lock-in; each sale would would not weigh so heavily on the next.

(As I wrote last spring, not having to worry about DRM-induced obsolescence would also vastly increase the odds of me buying e-books at all.)

The music industry figured this out years ago. Giving up on the DRM dream enabled a thriving competition between Apple, Amazon and other vendors of digital downloads, with no lock-in beyond the relative difficulty of syncing music from iTunes to a non-Apple device.

Other observers of the e-book business have been making the same call on personal blogs and on tech-news sites. One publisher, Hachette, may even be paying attention, as PaidContent reporter Laura Hazard Owen wrote last month.

But in much traditional-media coverage of digital content, DRM remains the lock that dare not speak its name. You can read a thousand-word piece about the slow market for movie downloads that notes a “lack of interoperability” without ever explaining why–or even using that three-letter abbreviation. Many of last week’s stories about Amazon, Apple and book publishers miss this point just as badly. And if we can’t properly identify this issue, we certainly can’t fix it.