The Ninjawords slice-and-dice

Yet another nice little gaffe on the part of Apple.

John Gruber (daringfireball.net) reports on the recent flap regarding an iPhone app called Ninjawords (note: Gruber’s blog entry does contain profanity). Part of this is a case of unfortunate timing on the part of Matchstick (makers of Ninjawords), who wanted to release an app prior to Apple’s rollout of age ratings.

The other part is where Apple drops the ball. Other apps contain the not-so-nice language reviewers objected to in Ninjawords, yet do not have a 17+ rating. In general, I find it silly to rate an entire dictionary “adults only” for its inclusion of profanities. And apparently Phil Crosby of Matchstick agrees. Quoting from Gruber’s article:

Regarding this discrepancy between the ratings for dictionaries, Crosby said to me, “Apple may slap a 17+ rating on our app and wash their hands, saying ‘you’re not required to censor your app’, but at the same time, they’re putting a great deal of pressure on us to do so. Who wants to be the only illicit dictionary on the App Store? That may work for Urban Dictionary, but not us. I think that applying parental ratings inconsistently is tightly related to censorship in our case, and will be true for other apps as well.”

A certain parallel can be drawn here between the MPAA’s NC-17 rating and Apple’s 17+ rating. The MPAA claims their ratings board does not actually censor. While the letter of this is true, the spirit of an NC-17 is that distribution becomes much narrower and most theatres will not show an NC-17 film at all. So it is de facto censorship in that most producers who actually want to turn a profit wind up cutting or editing movies to get an R rating.

I’m not quite as well versed in the iPhone App Store, but from a cursory browse it appears that the 17+ rating definitely changes the way people look at a given app, and it’s entirely possible company-owned iPhone users may be restricted by company policy from using a 17+ rated app. In the past Apple has treated 17+ apps differently (not allowing promo codes for 17+ apps for a short while) and may yet decide to do so again.

I do find it distasteful that Apple may, on one hand, say “you’re not required to censor your app” but engage in de facto censorship of that app after it’s on sale.

Rootkits in a keyboard? Really?

A recent ZDNet blog entry mentions probably the most bizarre type of exploit I have ever run across in about a quarter-century of computer use. Apparently, a firmware update for an Apple keyboard can be infected with such things as keystroke loggers and nearly undetectable rootkits.

From the post:

Chen, from the Georgia Institute of Technology, said malicious code embedded into the firmware would be immune to the typical rootkit detection methods which examine the integrity of the filesystem, check for hooks or direct kernel object manipulation, or detect hardware and/or timing discrepancies due to virtualization in the case of a virtual-machine based rootkit.

Now, this may sound pretty damned scary to those of you who usually glaze over the technology-related articles I write and happened to land on this, and yes, it’s pretty scary stuff. What I really find scary about this whole thing, is the question that goes completely unanswered in this article and the other articles I have read about this.

That question is: Why the hell does a keyboard need to have a software-updatable firmware capability to begin with?

The function of a keyboard is so simple that it barely needs to have a microcontroller. There has traditionally been no way for PC keyboards with PS/2 connectors to have their firmware updated. I don’t get why Apple would open up their customers to such a gaping security hole, either knowingly or recklessly.

This security exploit highlights the very real risk of having updatable firmware where it is not needed. If Apple’s engineers get firmware programming wrong to the point where keyboards have to be software updatable, I think a manager at Apple needs to start firing engineers and replacing them with people more capable of doing their jobs in a competent fashion. Unfortunately, I don’t see any revolving door installations happening in Cupertino any time soon, as badly as they may be needed.

FCC takes aim at Apple and AT&T re: Google Voice app rejection

Fred von Lohmann, writing for the EFF Deeplinks blog, reports on the FCC’s investigation regarding the highly dubious and potentially anti-competitive rejection of a Google Voice app for the iPhone.

And my not-so-humble opinion, of course, can be summed up thusly: About damn time. Hopefully, a decision on this will be at least useful as some kind of precedent so that Apple’s out-of-control rejections of iPhone apps are at least reined in a bit.

One of the more interesting quotes from the blog entry:

When a dominant hardware platform vendor teams up with a dominant network services provider, and then selectively blocks or hobbles software applications on the platform, consumers should smell an anticompetitive rat. After all, if Microsoft had a veto right over every app that ran under Windows, and used that power to selectively ban competitors who “duplicate” functionality offered by Microsoft’s own apps, we’d expect competition regulators to be up in arms.

Indeed, even Microsoft knows they would never be able to get away with locking down Windows to the extent Apple has locked down the iPhone platform. Of course, it’s much easier and nowhere near as risky (legally and otherwise) to install an alternative operating system on a PC compared to jailbreaking an iPhone.

Hopefully, the FCC will see Apple’s shenanigans for what they are: anticompetitive, unfair, and unacceptable.

The creepiest phone company

Recently, I read a Computer World blog entry on Google Voice, which is Google’s entry into the VoIP telephone service arena.

At the surface, it looks pretty innocuous: a free phone number complete with voicemail and free domestic long-distance dialing. Dig a little deeper, and the disturbing part sinks in. Quoting the article:

Google already has a profile about your interests and surfing habits. If you use Gmail, it examines the content of your mail as a way to target ads. With Google Voice, it will know who you’re talking to, and when you’re talking to them — and will have records of your voice mail, and possibly recordings of your actual calls themselves.

The traffic analysis (call records, i.e., who is calling whom, when, and for how long) is scary enough by itself. The “free” transcription of voicemails, offered by a company called Google, is probably the creepiest thing I have come across in my entire time in cyberspace. Quite possibly it exists to serve Google’s self-interest as much as that of Google Voice users.

An anonymous commenter opines:

Am I worried? No. Why? Because we have laws in place to protect us against the misuse of that information. Frankly, I’d much rather have Google know more about my habits. That way when someone does steal my identity and try to use it maliciously (something that is much more likely to happen then a company using my information maliciously) it’ll be a piece of cake to prove that they are not me.

My response to this is simple. We cannot rely entirely on the law to protect us against misuse of information. A company whose entire reason for existence revolves around indexing data and making it available is not a company I will easily trust with my telephone calling habits. It’s scary enough that Google has developed a mobile phone OS and has used the words “open source” enough in the description of that OS while still failing the criteria for free software as it relates to the SDK (software development kit).

There is a huge difference, now more than ever, with free as in freedom, and
free meaning zero monetary cost.

The part I find scariest is that there is no way to tell a Google Voice number apart from a number whose usage is NOGDB (None Of Google’s Damn Business). At least the people that run, say, AT&T know how to maintain the privacy of a telephone network. I feel somewhat comfortable trusting AT&T with my telephone traffic. I don’t think I’ll ever be that comfortable placing that level of trust in Google. Here’s hoping the FCC, DOC, and equivalent agencies worldwide keep a close eye on them.

Apple demands silence from exploding iPod victims

Yet another censorship-related story: The London Times reported on the case of a father and daughter seeking a refund from Apple for an iPod which literally exploded after the father accidentally dropped it. The drop apparently set off an electrical and/or chemical reaction which caused the device to explode going several feet into the air.

After contacting both Apple and the UK electronics store Argos, Ken Stanborough finally got through to an executive from Apple. The company then sent a letter to the Stanboroughs, which offered a refund but did not accept liability. The disturbing part, however, are the strings attached to the refund. From the article:

The letter also stated that, in accepting the money, Mr Stanborough was to “agree that you will keep the terms and existence of this settlement agreement completely confidential”, and that any breach of confidentiality “may result in Apple seeking injunctive relief, damages and legal costs against the defaulting persons or parties”.

“I thought it was a very disturbing letter,” said Mr Stanborough, who is self-employed and works in electronic security. He refused to sign it.

This is purely shameful conduct on the part of Apple. It is one thing to not own up to a defective and dangerous product; it is another entirely to attempt to silence those who easily could have been injured or possibly even killed by the defect.

Mr. Stanborough did the honorable thing here, refusing the money and telling the story to the public, and he should be commended for that. However, he should not have to choose.

The intentional censorship of stories about a dangerous product is unfair, evil, and unacceptable in decent society.