This interesting article from Elinor Mills about PC and Mac security contains a wealth of interesting commentary (read: flame/fanboy fodder) from a variety of expert sources.

Worth reading the whole thing but some points from the article:

• There are a number of points about social engineering attacks being prevalent and these are platform agnostic. There’s a dichotomy between the perception that Macs are safer, and the reality of attacks and frequency across users of either platform.
• PCs are attacked more frequently so Macs may be safer because there are less of them. There are a couple of things in that. Firstly, that’s really another way of saying ‘security by obscurity’ which – as at least one of the commentators points out – is not really any security at all. There will come a point where Macs will become more interesting to malware creators and then things “will quickly turn bad for Mac users”.

This quote (which I hope is balanced enough to be representative of the article) sort of sums it up:

Technologically speaking, PCs are a little more secure than Macs. Macs have a larger attack surface out of the box (Flash, Java, support for a million file formats, etc.) and lack some anti-exploitation technologies found in PCs like full ASLR [Address Space Layout Randomization]. This means Macs have more vulnerabilities and it's easier to turn a vulnerability into an exploit on the platform. Despite the fact it is less secure, paradoxically, Macs are actually safer to use for most people. This is because there simply isn't much risk of being exploited or installing malware.

The comment on Flash is interesting in view of Adobe’s comments on such matters.

So where am I going with this? There are two things to think about:

1. Engineering Practices

Who do you trust to handle a zero-day vulnerability in terms of the engineering practices to deliver patches? You could huff and puff and say “Huh! Not Microsoft” but actually I don’t see any criticism of Microsoft’s efforts from the commentators. In fact they’re making contextual recommendations about safety (Mac because there’s less of them) because it seems that the reality is that none are ever truly safe. (Some of the commenter’s called BS on this suggesting malware share should equal market share but of course that’s denying the economics at play here: why target 5% when you can target 95% means that view will be skewed?).

Moreover, I was amused that when asked for commentary, from Microsoft the author got the “director of Windows client and enterprise security”. From Apple she got told to go and look at a flashy ad that said “Mac OS X doesn’t get PC viruses”.

2. “Social Engineering”: unified attacks that are platform agnostic

So then, in thinking about attitudes towards handling security problems I was astonished by this article in which the Googlies say (of the forthcoming Chrome OS):

I guess the thing that I've learned from traditional OSes is, if you look at how that goes wrong, is that users tend to have a very hard time managing it.

We have over 200 Googlers using this every week, and we tend to just inflict a new build on them and see if they use things more or less, and we just iterate from there.

If you contrast that with the Web model, the Web mostly takes the view of "you shouldn't be able to do anything bad from a Web application." Which mostly serves the Web really, really well. You cruise the Web without worrying too much about badness lurking out there. It's not 100 percent true, because of malware and browser exploits and stuff like that, but for the most part you just cruise the Web and don't sweat it too much.

Um, I don’t remember having malware, viruses and so on until I plugged my CAT5 cable in and joined the internet (I often heard of viruses on floppy disks but never actually got one). But I guess the test group of 200 Googlies are highly representative of the mass-market. With this level of naivety what would happen if there was a vulnerability? Perhaps there’ll be a community forum with a 48-Hr wait for an official response.

Regardless of whether the argument is about security or risk, I think that the point is that any vendor needs to work to educate the end user of both of those arguments. What I think we’re actually seeing in the case of Apple is risk used as a selling point, and in the case of Google, a zealous over-confidence in stuff they just don’t know or care about.

I saw a tweet last week which said “Sometimes I wonder if Google’s ‘don’t be evil’ is missing ‘because we’re watching you’”. Funny (actually, no, it’s terrifying when you think hard about it). Maybe someone should ask Eric?

Another friend of mine asked whether you could really trust an organisation that had to remind itself not to be evil…

Anyway, His Jobsness is having none of it, calling out the ‘Don’t be evil’ mantra as ‘bullshit’. (There are – at this time – a couple of disputed quotes. He may have said ‘load of crap’).

He sticks a skewer in Adobe too. Lazy? Well, given their dominance over the past decade, maybe they’ve been sluggish to capitalise on that and do now face a number of threats: Silverlight, closed systems like iP* (my new mnemonic for iPhone/iPod/iPad), and maybe HTML5 (but we’ll see how that turns out).

Compare that with the rapid cadence of Silverlight.

As an aside, looks like Google circumvented the AppStore stuff with Google Voice by using HTML5 in the browser. Tsk. They also added Voice to their own Chrome browser, but there’s not much opportunity to use it in other browsers as there’s no API. That’s not very ‘open’ is it? But then, as we know, Open has some interesting definitions from Google.

Seems to me that a lot of folk made a lot of money in the last decade doing their own thing. But now they’re all trying to do the “other folks’ things” and so the drums are beating to quarters once again. A fun time to be in technology – but then when isn’t - and an interesting ride for a few years.

You’ve seen the device, you’ve heard the jokes. Fickle followers of fashion have spoken.

I spent at least a little bit of time chortling over the reaction to the iPad. Much of it was fair to middling, but the interesting stuff was commentators desperately trying to rationalise the fair to middling reaction from the masses and their own previous hyperbole.

Anyway, I can’t be bothered adding to that suffice to say that really it just proves that innovation and disruption is actually pretty hard to do.

On the other hand – Viral is doing a great job summing up things in a little more detail.

Remember some time back when Ray Ozzie got up and talked about the “Software + Services” vision (or in this case – wrote about it). Do ya?

So what did you think at the time? Maybe you thought:

• w00t! That’s the way it should be…
• I don’t get it
• Bah, the future is the web. Microsoft would say that…
• Clumsy name…

Philosophically, I figured it was probably right. “Everything returns to centre”, and so much of the client vs. cloud debate is polarised. I don’t believe we have a solely desktop based future any more than I believe there’s a solely web based future. (I use future loosely as a lot of stuff happens really rapidly these days!)

(Another stolen line from my PHB: The paperless office is as likely as the paperless toilet.)

I get annoyed when mutual exclusion is used in this debate. Sure, the “web” is the future in terms of the opportunity it affords – information, connection and so on. But how you interact with the web is not a given. A couple of years ago we were seeing the need for smart management (super-bookmarks) of the vast plethora of web services of one kind or another, but now that stuff sort of comes to you via one of the web platforms: Facebook, Twitter or whatever. (How many websites do you use on a daily basis? I have a handful of destinations, but these are hubs for a massive number of individual services and information sources. And I search of course.)

It was all about the browser. Perceived as the window to quick, efficient, application development with maximum reach it enabled things we couldn’t have imagined. But now where are we seeing growth? “Apps” is the word du jour (been around forever but is seeing a trendy renaissance in the popular press).

I guess the difference here is that we tend to mean clients for existing web service. Or – as a redux – we mean Twitter clients ;) We also tend to mean “delivered by independent developers” – which isn’t really true, but it feels like a cool thing to say with a smattering of ‘new economy goldrush’ about it.

“App” development is also driven by new capabilities in Natural User Interface technology (for instance). Devices are more capable, users have greater expectations and the standard web technologies aren’t quite up to it. Client software in the form of platform-specific code, or Silverlight/Flash cross-platform runtimes is in the ascendency.

Examples like XBox Live, and Apple’s iTunes were useful beacons to the S+S ideas. There’s quite a few folk referencing the principle of Software + Services since then though:

• “We are taking a balanced approach, and are building a hosted infrastructure. It’s not just about the cloud, but also about the desktop. There are some who are all about the cloud while others think about the desktop first. We have a hybrid approach, and we are doing that with our products like AIR.” - Kevin Lynch, CTO, Adobe (August 2008), http://gigaom.com/2008/08/04/the-gigaom-interview-kevin-lynch-cto-adobe-systems
• “The real opportunity that the cloud offers large companies today is as a supplement or complement to their in-house operations rather than as a complete replacement” - Nick Carr “Rough Type” blog (April 2009), http://www.roughtype.com/archives/2009/04/the_big_company.php
• “Microsoft's Software + Service strategy has rapidly matured and is native to Exchange 2010. This architecture of a single environment that spans on-premise and cloud-based gives large firms an opportunity to leave some mailboxes on-premise and host others in the cloud to save money without incurring admin hassles.” - Ted Shadler, The Forrester Blog for Information & Knowledge Management Professionals (April 2009), http://blogs.forrester.com/information_management/2009/04/exchange-2010-tier-your-workforce-split-your-domain-save-money.html
• “Economics of IT are changing, and many companies are looking at combinations of on-premise software and software as a service.” - Rishi Chandra, Product Manager for Google Enterprise (June 2008), http://www.intelligententerprise.com/blog/archives/2008/06/google_sees_clo.html
• “There are things you can do in desktop apps that you can't do in Web apps” - Linus Upson, Google Engineering Director, http://news.cnet.com/8301-17939_109-10227150-2.html
• “IBM believes this view neglects to consider that large enterprises are not going to outsource their entire data center operations to a public cloud like Amazon’s. Different workloads demand different support, and as such, there are certain applications that shouldn’t be moved to a cloud model.” – IBM (April 2009), http://blogs.zdnet.com/BTL/?p=16384
• “Salesforce CEO Mark Benioff … to announce a partnership to sell customers on the hybrid cloud idea – an initiative called ‘The Best of Both Worlds.’  For Benioff, who until now has marketed Salesforce with a ‘Software is Dead’ slogan, that’s quite a shift…” - Fortune on the shift to cloud computing (October 2009), http://brainstormtech.blogs.fortune.cnn.com/2009/10/22/a-kinder-gentler-cloud/

So Software + Services? Yes indeed.

Besides, 100,000 apps (or whatever today’s Really Big Number is) in the AppStore can’t be wrong. (OK, not all of them are connected apps – there’s a bunch of games and fart simulators).

From a Microsoft POV, the key thing is delivering on the Services part of “Software + Services” and we’re seeing that now with the Azure platform, Bing, our Online Services and so on. To an individual developer, it means tools and technologies that enable you to work easily across the scope of Software + Services environment: so everything from WPF and Silverlight through to ASP.NET and the stacks that go with those.

From your POV it probably means different things – maybe you’re not covering the whole of S+S in what you do – you’re maybe just working across component parts of it:

• Are you a developer or architect? What are you developing these days? Software? Services? You’re probably thinking about RIAs and cloud-based aspects of the services as your next gen architecture… (Show me a business plan that doesn’t have cloud and API in it these days and I’ll show you someone getting frogmarched out of a posh VC luncheon…)
• Are you in IT? You’re probably thinking about the implications of issues such as compliance, security, governance, management.
• Are you in business? You’re probably thinking about whether/how to leverage the cloud? What’s the ROI? What does is it mean for your business model? Who do you integrate with? What horses do you back?

Some of these questions are being answered. Some remain outstanding, or require pathfinding. But one thing seems certain: we’re living in a world of Software + Services. You can call it what you want. Turns out Ray was right. Crafty.

I liked this essay on Social News: Trading Accuracy for Immediacy. The phrase “Never Wrong For Long” has been used for quite some time in 24hr Newsroom circles – usually as criticisms of “the other guy” – and means the same thing.

An excerpt:

Now that every person and company can virtually not only make it in the news, but make the news itself, we're bound for a bumpy ride on accuracy. There are two challenges in this scenario: 1) is that of standing out in the sheer tide of bits being shared as news in real time, 2) you may not be able to stop or correct inaccurate information once it starts spreading.

Reminds me of Brewer’s Conjecture: When designing distributed web services, there are three properties that are commonly desired: consistency, availability, and partition tolerance. It is impossible to achieve all three.

I’m fairly convinced that one of the kids will be the first person on Mars. (The other one can then kick back with the Absinthe and become a poet. My money at this point is that Evan will do the space thing but I’m probably being slightly unfair to Orson as he’s only a month old…)

10 years ago, it was hard to visualise the web as it is now. It all seems obvious of course but that’s just an example of availability bias I guess. (I mean, I developed a web site that relied on JavaScript, XML and asynchronous web calls quite some time before someone invented the wider notion AJAX – as I’m sure plenty of others did -  but I didn’t have the foresight to think about that – at the time it felt like (and probably was) a kludge.)

I also didn’t think I’d be playing GTA on my telephone. At the time I was quite resistant to Snakes II which I felt was an unnecessary development from the very fine Snakes. Talking of games, I highly recommend Borderlands. I read some mixed reviews but a friend told me it was great. And it is.

Anyway, I was heartened by the prospects of one of them becoming a space pilot, or a ‘vertical farmer’ from this report on the BBC. Though some cynic or other tells me that we’ll send old folk to Mars rather than youngsters so they don’t have to deal with the debilitating effects of radiation exposure. (How’s that for grounding you dreams?). Vertical farming – which is the growing of food in multi-storey buildings – sounds scarily industrial – like something out of Oryx & Crake – and I’m worried about the impact that might have at my local “freid chicken” place (sadly, they’ve spelled ‘fried’ wrong for the last few leaflet drops). Still delicious though I hope.

Things are just moving so fast. Do the lessons of the past matter anymore? If you’re looking at the past you’re missing out on the now so you can’t see the future? Maybe we need a gear shift in our cognitive abilities to learn more quickly about stuff we’re doing right now. Or maybe we need to slow down, and think a little bit harder.

A few sources (this one from the BBC) reporting that there are some teething troubles with the ordering for Nexus One.

Surprising, because my understanding was that the landmark news from the other day was that Google is a Consumer Electronics Retailer. Hmm…

I have absolute faith in their ability to launch and support an OS though. Really I do. I’m sure it won’t end up anything like this.

OK – petty argument here. But actually the larger point is this is why I moan about hyperbole when it comes to some announcements. Gearing up to do something really big takes a bit of time. Or it takes a lot of good will. Or you can take it step by step. Probably what you can’t do is make an announcement and then own the market by the end of the afternoon.

I’ve always wondered what the default setting on a phaser is if it isn’t stun which seemed to be the most used, and probably most sensible setting to avoid unnecessary deaths (or embarrassment if the default is ‘off’).

Anyway, as any MMORPG fan knows, in a couple of weeks “Star Trek Online” will be released to the masses so it’ll be time to put down the level 80 Night Elf Druid and take a trip to the stars – the key question for any would-be market leader in this space is of course “but for how long?” as Warcraft has a tendency to very very sticky.

I liked this piece of news from C&VG showing how the various retailers are differentiating themselves as purchasing points for the game (as in the client software) by offering different virtual in-game goods as incentives. For instance: you get a Borg Bridge Office from Amazon, or a Tribble from HMV. An interesting crossover that’s obvious in this space but I wonder where it could lend itself to for traditional retail customers. (Wouldn’t it be cool to have a virtual wardrobe on Facebook that populated itself with virtual versions of the clothes you bought?)

Talking of Star Trek, I loved the plotline generator in the back of the last issue of PC Gamer. No link unfortunately as it appears to be print only, but I found this slightly older version online. An excerpt from the end:

And the…

• … amazing piece of technology that would solve most future problems …
• … life-changing transformation of a key crew member …
• … pointless death of a brave young ensign …
• … massive violation of the Prime Directive …
• … irreparable damage to the timeline…

… is never mentioned again. Cue titles.

Lastly, I loved these Star Trek wetsuits as seen in Wired.

In a flurry of hype that’s been building for a few weeks Google finally got round to telling us that the phone we all knew was being launched would be launched. Meh.

Most intriguing was the press event itself. Thanks to the @scobelizer who streamed the whole thing via UStream. UStream did very well to cope with the 15k or so viewers.

Gosh it was boring and so incredibly me too (at best). It’s got a processor (wow!), it’s got a touch screen and flashing lights (amazing!) and it has apps like Facebook integration (that’s new!). Um… it’s got a 5MP camera too. And some special ways of organising photos. Oh, and 5 (yup, count ‘em) personalised screens. And wallpaper that’s animated (actually that reminded me of Vista). Erm…

Oh yes – you can buy it “with contract” or “without contract”. What do you mean that’s been done already?

So what gives?

I love this piece by the BBC’s Maggie Shiels which encapsulates some of the strange thoughts the media have when it comes to the GOOG.

“The landmark news is that Google is now a Consumer Electronics Retailer” (so speaks the analyst Gartenberg). Sort of. I mean, you can buy the phones on its site. Is that a landmark? It’s probably also a “Fashion Retailer” as I imagine you can buy the T-Shirt somewhere. I’d have thought the landmark news was that Google is a software company (which most of the press seemed to say).

Then there’s a couple of quotes about the mobile computing paradigm. Fair enough, but Google didn’t invent it and nor does the release of this device somehow further validate an already valid model.

Scoble and Arrington add a bit too much hyperbole with references to the Nexus suggesting it’s something Apple will have to chase and that no other phone can touch it. I doubt the Apple PR team took a phone call (or at least one they cared about).

Ultimately it’s a bit disappointing for the fans and for those who think that Google somehow cares about advancing technology for users or is even a software company.

This is about control. Google simply seeks to have access to or own as much information as it can so that it can exploit that information. Software (and things like it’s support of “Open”) are just levers to pull to gain that control. Two technology areas that threaten its current level of control are mobile and real-time. So it needs to disrupt in those spaces lest it turn out that it can’t control them as it doesn’t have the business diversity to do much else.

The amateur futurologist (and I lay no claim to being any good at futurology: I didn’t think SMS would catch on…) can use Google’s moves to think about “the next big thing”. Everyone should have realised Twitter was going to be massive the day that Google acquired Jaiku (which didn’t work out) or more recently “Wave” (remember that?). Same with mobile when Android turned up. Google’s ability to spot this stuff, and its ambition to grab all of this stuff somewhat outstrips its capability though.

If I was Google, I’d be scared of the success of Apple and the continuing success of Microsoft, and worried about its failure to really change user behaviours. It might be running out of time and trust too if there are more comments like Eric Schmidt’s recent stuff on privacy: “If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place”.

So what might erode the Google machine:

• Our growing reliance on real-time information (Twitter et al.) rather than long tail search.
• Our growing reliance on F and FOAF recommendations for information (Facebook et al.) rather than long tail search.
• Our growing reliance on mobile devices as a primary route to the web rather than the sticky Google home page.
• Emergence of hyper-local/vicinity driven information rather than long tail search.
• Emergence of specialised information – such as AR or RFID and device to object awareness – negating the need for search.

So what does it do? Pay for access to info from Twitter (that’ll work for a while), push out some Linux-based software surrounded by the Google brand halo.

Times are a-changing. Is Google playing catch-up? Is it able to play catch-up?