10 Immutable Laws of Security (Microsoft)

An excellent Coding Horror post, about which I'll comment later, pointed to a handy (Microsoft?!) set of security principles. I omitted the stupidly obvious ones that were added so they'd have a list of 10 (Microsoft!):

Microsoft TechNet: 10 Immutable Laws of Security

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore Law
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web

There's nothing here that should be novel to any geek, but it's a nice set to be able to reference. Law #3 is the one most people forget. Even Macintouch fell into the trap of thinking a hack that allows admin access to any OS X machine was a major security breach. That hack requires physical access, so the admin workaround is a trivial security breach. (OS X user account encryption will provide decent security, provided you don't put the password in your keychain!)

Also, Law #8 is a bit dated. Most geeks are giving up on virus scanners for XP/Vista, and OS X doesn't need one (yet).

What is the FullCircle folder doing in my OS X Application Support Folder?

In the process of debugging some very, very annoying Firefox 2.0/Adobe behaviors, and purging my MacBook of anything to do with Adobe (more on that later) I came across a folder called "FullCircle" within my "Application Support" folder. It had MozillaCamino strings in it. What the heck is that, I wondered ...

It's part of the Mozilla feedback/crash reporting system, and it's used by both Camino and Firefox (and probably Mozilla/Netscape too). For example:

Mac OS X 10.4.2: Questions And Answers:

To troubleshoot, I would delete the Firefox and FullCircle folders from / Users / [user] / Library / Application Support, and search for a Mozilla folder or files (on the entire boot drive) and delete them, too. Repair Permissions again, reboot, and then the same problem.

This was surprisingly hard to uncover!

A blog dedicated entirely to calendar interoperability

This guy's been beating the drum for calendar interoperability in a dedicated blog since June 2005!

Calendar Swamp: Calendar swamp is born

When you're up to your necks in appointment alligators, it's hard to remember the original job was to drain the calendar swamp.

Wow, this guy is persistent! I truly sympathize, though I don't have his endurance. I'll definitely add him to my bloglist.

Why the iPhone doesn't do tasks: a theory

Why doesn't the iPhone have the capabilities built into the @1990 PalmPilot? Why can't it do tasks or notes properly? These core functions are the among the demands I list on my non-tech blog:

Gordon's Notes: iPhone: my demands:

... Tasks at least comparable to the 1994 PalmPilot tasks.

Synchronization with Outlook at least comparable to the modern Palm OS (in other words, flawed, but useable). A 256 character limit on contact comments is not acceptable...

My working hypothesis has been that Apple hates me, but maybe I'm taking this a bit personally. Another theory is that the Apple has decided this stuff all has to migrate to the net and they've decided to speed up the process by eliminating all alternatives.

A third explanation occurred to me, and a bit of research supports it. Scott Mace, who has an appropriately despairing blog about calendar sharing and synchronization, mentions that the iPhone's calendar synchronization with Outlook is very weak. That's a clue.

Outlook is a the 8,000 pound Mastodon in the world of calendars, tasks, and contacts. It's the immovable object, and it's not simple to synchronize with. Outlook has a very complex and kludgy way of implementing these core concepts, and Microsoft leveraged that complexity to destroy Palm. Apple may have a few Palm veterans in Cupertino, people who are warning them about what it means to try to manage tasks, appointments, and contacts on Microsoft's turf.

Most iPhones will sync with XP and Vista machines, and eventually with Outlook 2007. If Apple wants this to work half-decently (meaning better than Palm), then the iPhone has to approach contacts, tasks, and appointments in a way that's a reasonable match to a subset of Outlook functionality (the most used fields, for example). If the iPhone does this, then OS X must to.

Problem is, Apple has iCal and the (very peculiar) Address Book on OS X, and they're nothing like Outlook. So Apple needs new versions of iCal and the Address book, but that's not going to happen on 10.4. That kind of change can only come with 10.5, perhaps with a new approach to synchronization.

So my latest tortured theory predicts that Apple won't add new PDA/PIM functionality to the iPhone before OS X 10.5 ships (supposedly in October, though I doubt it will be stable before April). If I'm write we'll see something @ Jan 2008.

New iPod video out has DRM protection built in

Apple tightens the DRM screws ...

Apple locks TV Out in new iPods, breaks video add-ons

... Without disclosing the change to customers, Apple has locked the TV Out feature of the iPod classic and video-capable iPod nano, preventing users from outputting iPod content to their TV sets [jf: except via Apple authenticated devices] as has been done in years past. Going to the Videos > Settings menu brings up a TV Out option that is now unresponsive when clicked, showing only the word “off.” When locked, video content will display on the iPod’s screen, but not on your TV or portable display accessory.

Presently, the only apparent way to turn this feature on is if you connect your iPod to a device with an Apple authentication chip built in. Authentication chips are only available in Apple products, and in a handful of products made by Apple-licensed third-party developers

This is a DRM move, I suspect it's related to Apple's desire to deploy HD video to iPods. This is good, it will teach people some valuable lessons about DRM ...

SMARTReporter: a free drive monitoring application for OS X

I'm going to try this one. From macintouch:

SMARTReporter 2.3 attempts to warn of impending hard drive failure by polling the SMART (Self-Monitoring Analysis and Reporting Technology) status technology built in to most modern hard drives. This release now prints more information about the checked disk to the logfile, improves handling of hot-plugged disks (eSATA), fixes some crashers, and makes other changes.

PictureSync: photo service IDs and metadata mapping

There are five people in the universe who'd find this discussion noteworthy: PictureSync » metadata.

I'm one of 'em. Synchronization is harder than most people imagine.