Everything about icloud - from the terrible design to the clunky interface - is as Steve Jobs liked to say, "shit". I have icloud and I'm not even sure what it's for; is it a backup service, an e-mail provider, or a way to find my phone? None of these have much in common, so the fact that they're all bundled together really confuses me. And its name is a bit of a misnomer, you can't even do standard cloud stuff like share photos (like you could with mobileme).
I don't mean to stray off-topic, but this article just confirms my intuition to avoid anything with icloud in the name.
iCloud is first and foremost just a bit of service glue to make the native email/calendar/etc apps 'work' without sending people to Google or assuming they have a work Exchange account. In that capacity, it's as good as it needs to be. [1]
Similarly the file sharing is just to set a third-party baseline so that file/save sync'ing between Apps on the mobile devices 'works' without sending people off to Dropbox. And in that capacity it also works just fine.
Sure, it resists power-user use. But that's just because, in true Apple fashion, it's not built for it and doesn't care too much about it. But that only makes it 'shit' inasmuch as about 90% of Apple's services are 'shit' and places it distinctly outside the way Jobs defined 'shit'.
[1] Though filtering this crude is cause to reassess that.
"True Apple fashion" has only recently been about resisting power users. Before about five years ago, they were all about enabling power users while still being friendly to regular people. This was much more compelling than their current direction. Remember, this is the company that built their OS on top of UNIX and shipped a terminal app with it standard. It all changed around when the iPhone came out, though.
OS X is going down the same path as iOS, too: Mountain Lion scolds users for downloading apps without going through the App Store; this can be disabled by digging around in the system settings, but I can envision a day where you'll need to open a terminal to set a system property from the command line, and then a day when they simply disable unsigned binaries from running altogether.
What is Apple going to use for their own work? Their developers and designers are power users.
It's certainly possible that the Macbook Air would switch to ARM in the next few years, but until you can write software for an iPad on an iPad, there's no getting away from OS X and serious processors.
I don't see how power users have been left out. If you mean they try to keep you out of the OS itself I wouldn't consider that being unfriendly to power users. That's just how they've always been. If you mean the whole dumbing down of the UI, I'd say that's pretty irrelevant. As a power user there's no reason why you couldn't just turn certain stuff back on. Plus it's still the same BSD underneath and they still give you the terminal. I keep hearing that they're being unfriendly to power users but power user's are the ones who don't really need friends. I've been using Macs since 10.4 and since that time each time the OS is upgraded it's maybe a little annoying for an hour but then I remember I'm a power user and I know how to open a terminal window and do whatever the hell it is I want to do.
My iPad disallows me to do tethering, functionality that's available on the iPad but that can be enabled/disabled by the career. My Android phone, from the same career, allows me to do pretty much whatever I want.
iOS doesn't have a terminal. And considering the recent moves with the Mac app store, how long before terminals will stop shipping with OS X?
> iOS doesn't have a terminal. And considering the recent moves with the Mac app store, how long before terminals will stop shipping with OS X?
Why not take this illogical train of thought even further? iOS tries to hide the filesystem from the user, so how long will it be before OSX does the same? iOS doesn't allow generic USB devices like 3G modems, so when can we expect that support to be removed from OSX?
I purchased an iMac for my mother two years ago, and she never could quite get the hang of it. The iPad that replaced it last Christmas has been working out much better. The same qualities that make iOS shitty for power users make it simpler and easier to use for the average populace.
OS X already hides the ~/Library folder, it's not far-fetched to think they might hide everything but the Photos, Documents, etc. folders.
I wouldn't say iOS is a terrible product, just that it's terrible for someone that knows how to use a computer. Apple is trying to get users that don't know what they are doing at the expense of the experience for users that do. I know I shall never buy another Apple computer if the trend continues.
You'd have a better argument if they got rid of the Library folder completely. Just because it's not a single click away anymore doesn't justify the slippery slope argument. OS X is not Linux. It's targeted to the general computer using populace and happens to be quite popular and useful for a very small minority of people like us. They still allow us to do everything we used to, it's just that they've hidden a few things that confused the normals out there. Big whoop.
Hold down Alt while clicking the Go menu to see your Library folder.
Your assertion that it isn't a slippery slope is subjective, as is my assertion that it is. Both viewpoints are valid.
However, I reject your solution. It's my machine, I want it to be a pleasant experience to develop on, I don't want to memorize a workarounds for a bunch of trivial problems that I have to apply to every machine I use.
I'm taking the defensive position of not investing too much of my time in their products because I think they will remove access to those folders, or lock down on application installs, or otherwise make the experience wretched for me sometime in the future.
The problem with this line of thought is that you're talking about the older generation (our mothers and grandmothers).
Teenagers today are power users, except for those who have much bigger problems than poor technical skills (like being freaking illiterate).
So shouldn't we optimize for our children instead? Isn't it plain stupid that we spend so much worrying about our mothers and grandmas?
The side effect is that we, as a society, are making efforts in keeping people dumb. Reading, as a skill, is hard to learn and it was considered optional and for power users even in the 17th century. Even today, I find it so stupid that movies are dubbed around the world, as if people can't be bothered to read freaking subtitles. That's how I learned English btw, something which would have never happened if I lived in Spain or Italy.
Do you really think teens today are power users? Every generation since I was a kid thought their kids were tech geniuses; having interacted with them, I know it wasn't true. So kids today use Facebook and Instagram and Snapchat. And Tumblr. I haven't seen any kind of trend for teens using Terminal or rolling their own. They appear to be proficient because the tools for normal people have gotten so much better.
Yes, I really think teens today are power users. I also interact with plenty of teens and also my wife works at a kindergarten - she has 4-year olds that know their way around a PC, enough to open their game or a browser.
Being a power user doesn't necessarily mean usage of a terminal, especially since most teens today use Windows on their PC, which has the shittiest terminal experience of them all. Heck, when I was a Windows user I wasn't using the terminal either, even though I was doing programming. Even if you are using the terminal in Windows, you don't really have much need for it since the whole freaking OS is anti-terminal and you can't do much with it. It's easy to forget this if you're a Mac or a Linux user.
This is not about teens being smarter btw. Older people simply don't have the patience to learn anymore, unless they see the real value in doing it. My folks also have a huge language barrier - they never learned English, as they were taught Russian and French in school and they forgot everything due to a lack of practice. For my mother, it doesn't matter how easy to use the device is, if it isn't localized.
Our tools definitely got better, but the only truly meaningful thing that changed since the late 90 is the availability of the Internet. When I was in high-school, in year 2000, we had no Facebook or Twitter, but I still had classmates that were communicating a lot over IRC and email. But they were doing so from school, because home Internet connections were expensive and shitty.
Seriously? iOS doesn't have a terminal? What are you going to do with a terminal on an iPad? Run operations on the non-existent file system? The iPad is not meant for computing. It's an entertainment device. That statement is almost like saying "TV manufacturers are forgetting about the power users! My new Sony flatscreen doesn't even come with a terminal so I could... uhh... adjust the picture, color, brightness, etc. from the command line instead of just using the real simple buttons on the side".
The Mac App Store doesn't really have any relationship with the terminal. There's no reason to believe that its in Apple's interest in any way to take away the terminal. It's still Unix underneath, they still provide developer tools, and they still need developers to write applications for them. In addtion Macs are still huge in the design/developer community because they're well suited to graphic design work with their appearance, focus on large screens and high resolutions, and performance. They're pretty big in the developer community too as you get a great "point and click" kind of OS with full and easy access to the terminal and most of the goodies you get with a full-fledged Linux machine.
Finally, your argument is that Apple is ignoring power users but you use an example where it's actually your carrier that's stopping you, not Apple. You said it yourself, the iPad does support tethering but your carrier is the one who enables/disables it. Seems more like your carrier is against power users, not Apple.
In the end, just because Apple makes the OS more "point and click" friendly and comes with a pretty opinionated set of defaults for non-power users doesn't mean they're trying to keep power users out. By definition, if you're a power user, these things they're doing should be a minor annoyance when you get a new Mac and after a couple of hours you should have your machine how you like it because... drumroll please... you're a power user and know how to do that stuff! I personally don't see much difference between OS X and some of the more "user-friendly" Linux distros. They've both got the same underlying tools and are working hard to make it so your grandma can pick it up and get emails of her grandchildren within an hour. What I think the real problem people have, which maybe they just don't see, is that they just don't like change in general. New versions of OS X come out and they hid an option somewhere and everyone goes nuts and says "Who moved my cheese! This is the worst computer ever!"
Actually the iPad does have a file system. You just don't have access to it.
> That statement is almost like saying "TV manufacturers are forgetting about the power users! My new Sony flatscreen doesn't even come with a terminal so I could... uhh...
Consequently, one of the reasons TV is dying is because it's just a dumb consumption device. I use my laptop, my Android and my iPad for 10 to 12 hours per day. I use my enormous flat-screen that's sitting in my room only for streaming movies from my laptop and yes, while connected to it sometimes I open the terminal.
> it's actually your carrier that's stopping you, not Apple
BULLSHIT. This is a device-level configuration setting that the career can remotely send to you. The device wasn't even bought from that career. It wasn't on a contract or anything like that.
It's my device and I find it unacceptable that the career can tell it what it can and cannot do. It's Apple's fault for giving them the option.
> By definition, if you're a power user, these things they're doing should be a minor annoyance
Actually it's a big annoyance because I'm the customer that pays money and why in the world would I pay for devices that are defective by design when I could be supporting companies that respect me and my needs? My current retina-enabled and shiny iPad is the last Apple product I'll ever buy.
While we're keeping history in context, let's also not forget this is also the company that was borderline irrelevant prior to their current direction.
I got a 17" Macbook Pro in 2009 (when they were still riding the wave of the iPhone) because it was a solid piece of hardware and gave me a sweet spot of down-the-road-choice (I exchanged the cd bay with another hdd, added Ram, installed Linux). I was looking forward to buying further Macbooks in the future.
All that was shattered with their new Macbook lineup (which are pretty much just beefier MB Airs). They flat out killed the 17" (which I still consider the perfect on-the-go workstation).
I considered Apple very relevant around the iPhone release. The current direction is not the iPhone direction. It is the iPad direction. That's when they started to go somewhat batshit on driving away professional users. They could have maintained both camps pretty handily in my opinion. Both camps were quite happy and got along great. Why they decided to kill off one is beyond me. Sure, there is more money in everyday clients, but I doubt they were actually hurting their business with power users.
Consider this: When I - a staunch defender of FOSS, user of Kubuntu, Free Software programmer, ardent antagonist of everything Microsoft - got my Macbook, I actually started recommending Macs as a choice to others. It actually did seem to me a better choice than going with Microsoft Windows. These days, I recommend Windows 7.
My boss and I both had Early 2008 MBP 15". He spilled a large cup of coffee into the keyboard. He turned the machine upside down and it was pouring out.
I sprung into action and opened that machine up and started dousing all of the parts with distilled water then drying them. I didn't need any special tools or even a service manual.
That generation MBP had the most beautiful design inside and out that I have ever seen. It was the pinnacle of geekdom beauty and it only lasted a year or two.
As somebody that owns (and has upgraded) a 2011 Unibody MBP and has recently upgraded a friends 2006 MBP I have to disagree and say that the unibody design is vastly better.
I also got a 17" MacBook Pro around the time you did. I really wish I hadn't though, it's way too heavy to really be useful for anything but using around my apartment. I've tried to travel with it a few times and really regretted it.
While I don't relish the idea of a non-upgradable system, I do appreciate Apple trying to shave off every last possible gram from their laptops. My next laptop will probably be a 13" Air for that reason.
Wow, I'm in almost exactly the same boat. I'm on my third and apparently final 17" MBP. I have started resigning myself to switching back to Ubuntu but I'm not enjoying being forced off a beautiful platform after having made friends and family switch. I had been an ardent Linux user for a long time before I went Mac and it looks like I'll be returning sometime in the next few years.
You can still get 13" and 15" "traditional" (non Retina display) machines which are part of the "new" lineup. My early 2011 15" with matte display, SSD, and 16GB RAM seems to be a good compromise of still being under my control, yet gaining most of the performance benefits of the 15" rMBP.
>While we're keeping history in context, let's also not forget this is also the company that was borderline irrelevant prior to their current direction.
You're retconning. Apple hasn't been 'borderline irrelevant' since before they launched the iPod in 2001. There's a six year gap there in between the iPod and the iPhone, and imho they didn't really change their direction until 2010 or 2011, with the release of OSX Lion, neglect of the Mac Pro, and the killing off of the 17" MBP.
I partially agree with you, but I'd like to point out that, from some points of view, launching the iPod was Apple's first step in their current direction.
I would venture to say that launching the iMac was turning point A, the iPod was turning point B, and the iPhone was turning point C.
The TiBook was also quite nice, though I wouldn't call it as significant as the iMac in pushing Apple toward stylish and well designed consumer devices.
I won't dispute that they're far more relevant today, but I disagree that they were borderline irrelevant circa 2005. They were quite successful selling Macs and had a credible alternative to the Windows monopoly.
The iOS stuff certainly moved them to a whole new plane of success, but I don't have to like it.
As a power user I don't 'like' it either. But I don't 'hate' it. I just use third party services when Apple's offerings don't fit.
The only bit I took issue with, is holding up Apple as having 'failed' simply because their focus is on other types of users. Particularly when they're serving those users at least as well as any alternative. And when those users are far, far more numerous than users like myself and their needs far, far easier to meet in an engineering and support sense.
Counter narrative: nothing has changed. Apple has just expanded their business. If Apple made toasters, whether they were locked down or not wouldn't affect my opinion of what was likely to happen to my Mac. iPhones are toasters, not computers.
I can buy the idea that iOS being locked down doesn't tell you what's likely to happen to your Mac. But once Apple started bringing iOS-like features across, then it becomes pretty reasonable to compare the two to guess at what they might do next.
OS X and iOS share a lot of the same core code base, so of course there is going to be cross-pollination features-wise. Why should the migration of features to solve problems common to both platforms indicate you should start worrying about Apple locking down the Mac?
Guess what: when Macs get touch screens, more Launchpad is going to make more sense, and full screen is going to be even better. That doesn't mean that Apple is going to start locking down the Mac. Indeed, as time goes on and their less technical users migrate to iOS instead, they have even less incentive to further lock down the Mac.
When one of the features they migrate makes it so that the default state of a Mac is to obstruct running any software not approved by Apple, it starts to make sense to think in this direction. Full screen/launchpad are irrelevant.
You know that Windows and (some) Linux desktop environments also have that feature, right? It's not "obstruct running any software not approved by Apple," it's "obstruct running any software marked with the 'downloaded from the Internet' taint flag, unless signed with a certificate in the OS's keychain."
It's a very sensible default for people who can't be trusted to not click on banners telling them to download a "FREE CAT SCREENSAVER", thus the universal adoption. And it doesn't hinder anything like software development at all, since programs you compile yourself aren't marked as tainted. (And you can just pop open a Terminal and drop the taint xattr from any file.)
Nevertheless, in all cases, in all these OSes, the Gatekeeper/Smartscreen-like system can be turned off, and always will be able to be. Otherwise, how would programs get deploy-tested? [You can't require signing with individual device deploy keys like for iOS deploy testing, because IBM-compatible PCs have structural identity--there's nothing equivalent to the UDID to tell them apart by. You could try using a fingerprint with the CPU model, MAC address, etc--but all those can be faked. Unless we get something like a TPM-based PC UDID, trying to do device keying on PCs is moot, and no OS vendor will bother.]
---
Actually, come to think of it, Linux also has this at an even more fundamental level: you can't install a DEB/RPM from the Internet as an automatic dependency unless its signing key is in your keychain, fullstop. There are actual programs I've installed (for example, ESL's distribution of Erlang) which require the user to "curl http://example.com/key.asc | sudo apt-key add -". Ubuntu's PPA system (using apt-add-repository et al) doesn't get around this, it just automates it with a prompt for whether you trust the key.
You are talking about something different than what most people are worried about. Sure, locking down what can run at the behest of the administrator is a feature.
What people are talking about is locking down what can run at the behest of the vendor. Like how iOS is. Like how Mac OS X would be, if you couldn't disable Gatekeeper.
You think users "always will be" able to disable Gatekeeper, but I don't think there is any evidence to support that. It's entirely up to Apple, and if they want to implement a TPM-based (or other) Mac UDID and lock Macs down to Apple-approved software, they will go right ahead and do whatever the fuck they want to do.
> What people are talking about is locking down what can run at the behest of the vendor. Like how iOS is. Like how Mac OS X would be, if you couldn't disable Gatekeeper.
Apple doesn't control what is signed by devs, though they do control handing out certs to devs. If Gatekeeper were permanently on, it wouldn't mean you could only use Apple-approved apps (ie, the app store), it just means you can only used signed apps (ie, random stuff you download from the internet).
But that's the thing. OSX, Linux, Windows--they're PC operating systems, and they run on PCs. Any PC. Which also includes virtual machine environments that emulate PCs. Apple could lock Mac hardware down, yes, but they can't stop a Hackintosh from running whatever it likes--because you wouldn't build a TPM chip into your Hackintosh.
Now, if your argument is that Apple is going to take OSX and make it into something that doesn't run on generic PCs, but rather a specific, closed environment that loosely resembles PCs [thus killing all ability to do Hackintosh builds, run OSX in a VM, etc.], I agree that there's a very slight possibility of that.
But Apple has a heavy incentive to keep OSX running on generic PCs. For one thing, it's required to maintain backward compatibility with all the current hardware that are just generic PCs. For another, it gives them the ability to test their software using generic VM products, rather than a specialized "simulator." For a third, it allows them to just construct a new prototype Mac in the lab out of the newest off-the-shelf components (picture an empty Mac Pro case with random hardware inside), and then use it to write and test drivers for those components, instead of waiting for a specialized mobo to be produced for them that supports all those technologies and carries their special, needed OSX TPM chip.
Sure, Apple could push the industry to standardize a UDID-carrying TPM chip for all devices (this is basically the dystopia everyone was scared would happen with Palladium), so that Apple could use off-the-shelf hardware and still do device-key deploys to it.
And sure, Apple could write their own machine simulator.
And sure, Apple could just make the device-deploy-keys feature optional until an OSX release where all the old hardware is no longer supported.
But why? What advantage does this give them? It sounds like a lot of hassle to create a world where it's harder for everyone--including Apple's own in-house developers--to develop, test, and distribute Mac software. A world where fewer developers want to develop for OSX. A world where it's impossible for enterprises (yes, Apple has enterprise customers) to deploy their own internal software over their networks.
Now, look out below, for :itisacaranalogy: --
If you're a car company who makes sedans [iOS devices] for "consumer driving", and trucks [Macs] for "utility driving", what purpose would it serve to turn all your products into cars? Especially if your own employees require a truck, as part of their job, to haul loads around the workplace?
As far as I can see, Macs are going to diverge from iOS, not converge. The more consumers who buy sedans [instead of buying a truck they don't need and then complaining when it doesn't have heated seats], the more "trucky" the trucks can become without impacting sales. Macbook Pros and Mac Minis--both "trucks"--are here to stay.
On the other hand, iMacs and Macbook Airs--both "sedans"--might just get locked down, run iOS, and probably have touchscreens one day. But that's just fine, isn't it?
The MBP looks like it's going to keep getting lighter until there's no need for a separate "Air" category any more; if they keep the brand after that, it'll be for an iOS device with a keyboard attached.
And the iMac is already a redundant competitor to (Mac Mini + Cinema Display); so it will probably make more sense as a big iOS touchscreen "kiosk." Instead of having a Mac built in, it'll have an Apple TV built in. (I imagine the Cinema Display would also get touchscreen capabilities, and then you'd get the same experience as an iMac by hooking an external Apple TV up to it instead of a Mac Mini.)
---
...and note that everything I just said could apply equally well to Microsoft. They have all the same choices available to them, and there's already the same "nervousness" surrounding the Surface RT. It's just simpler to do the analysis with Apple, since their long-term hardware strategy is more obvious.
In short: I hope you are right, because since 2006, Macs have been far and away the best general-purpose PCs ('trucks' in your parlance) on the market, and migrating off of the Mac and/or jailbreaking and bootlegging the OS and then running it on my own unsupported hardware, will be a major pain in the ass. Either options sucks.
But yep, Apple could do every single thing you say. Without breaking a sweat.
As for why? I think Apple would prefer that OS X not run on commodity PCs. They already take halfassed measures to control running OS X in a VM, and to prevent booting OS X on non-Apple hardware. If they could do that more reliably, they woudln't care about their slightly higher internal costs, and they definitely don't care about making life miserable for their developers (as I've witnessed being one for the past 12 years). But it's just a hard problem for them and a hard sell to existing users used to PCs being wide-open. But with every single iOS user they add, that sell gets one user easier.
I'd bet that within five years, the percentage of users running unapproved software [EDIT: somehow deleted 2nd half of this sentence:] on new Mac hardware will be about the same as it is on iOS today. It won't probably be impossible, just hard enough to not be feasible for most normal/busy people.
OK, that wasn't short, but in summary: The fact that Mac OS X has been the best power user OS for the last several years wasn't by design, it was just an accident of history and where they got their OS from. Apple doesn't give a fuck about power users, and Apple doesn't give a fuck about trucks. That market is just way too small for Apple to care about -- which is sad for those of us currently in that market.
Because if/when Apple finally abandons Intel and power users (timing that makes sense to me) it will be years before Ubuttnu or any other plausible player is anywere near as good as Mac OS X 10.7. 10.8 still has too many bugs and stability issues, but it will get there. Probably 10.9, too. But after that? I don't think anybody knows, but I am very skeptical.
(I think Microsoft will move in this direction, too, so those Surface RT users are probably right to worry.)
To be fair, in Windows it's called IESC and it is a joy to have when your an administrator. Like gatekeeper it's simple to deactivate if you know what you are doing.
Ubuntu is going all touchy, Windows 8 (although confused) is touch-enabled, the new ChromeBook Pixel looks very touch-centric; It seems that Apple are really falling behind the eight-ball on something they purportedly pioneered.
I can only assume they'll release their new OS (OSXI, OSX.I, X.I.OS, etc.) fairly soon as OSX in it's current form is about as touch friendly as Windows 7 or KDE.
Typing whole day while looking into a figerprint-stained screen is no fun. And no touchscreen can replace a keyboard in foreseeable future. Those who don't write much are happy with iPads.
That was when Mac users used to mock Windows for being a GUI perched on top of a character-based operating system.
They generally dropped that line when Mac OS X became a GUI perched on top of a character-based operating system.
Oddly, Mac users have also stopped mocking Windows users for having Intel processors, for not using SCSI and whatever else made Macs special before they turned into a variant of Windows PCs.... ;-)
I don't think so. I just believe, from long observation, that this line of thinking goes nowhere, but generates a lot of words on the way. (e.g., look around this thread ;-)
I've heard tales of woe from old geezers of having to toggle their pdp8 bootloader in with panel-switches, in the snow, uphill, both ways. In a related matter, I have it on good authority that this very website runs on a computer only slightly more modern than the pdp8. http://news.ycombinator.com/item?id=5229488
My girlfriend's iPhone has been complaining about iCloud storage being full with some cryptic lockscreen message and she has no idea what it's complaining about or how to fix it. The "just works" narrative is a lie.
If it's anything like my friend, it's because their phone has every single photo they've ever taken, it's set to do an iCloud backup, and it's over 5 GB. Very easy to do.
Or it is possible if someone gets a new phone and doesn't restore off the current backup in iCloud it will make a separate one which will go over 5gig.
To be fair most services have to force you to do something one you have ran through your free space.
If the default behavior is to keep uploading photos until shit hits the fan, then it doesn't "just work" does it? You need to be told when to start cleaning up photos from your iCloud and how to do that properly (eg without deleting photos from your phone, so you can still show them to your friends).
And my microwave door handle fell off the other day. That doesn't mean GE needs to include a disclaimer for that edge case in every 30 second advertisement, nor that they're liars because they fail to do so.
Tell her to turn off the total phone backup and do it to a laptop. Settings>iCloud>Storage&Backup>iCloud Backup set it to off. She will still have her photo stream if she leaves that on.
iCloud is also way to communicate bits of data between apps running on different devices for same user. Which works well as available/reliable key-value store without rolling your own.
Read book on iPad at page 20. Open book on macbook or iPhone and book left open at page 5 when last exit turns to 20.
Cloud is a hip word. Amazon's got a cloud. Google's got a cloud. Apple couldn't be left with just an iTools/.Mac/MobileMe now could they?
I think Apple's inability to run web services is going to really come to pass in the near future. Everything is moving towards that way and Apple is still left in the "just sync with iTunes" world.
That's not quite true, Apple offloads some of its static assets to Amazon, MS's (Azure-based) & Akamai CDNs. There's as yet no evidence that Apple's cloud-based software (like iCloud) runs off anything but their own datacentres.
They run the world's largest media store and one of the world's busiest online stores in addition to iCloud. Just because MobileMe was a piece of junk doesn't mean they are completely clueless.
Their media stores take hours, sometimes a day, to propagate metadata changes. Any time an App Store app gets released or updated, there's a fun game where you watch it slowly propagate to visibility among your friends and acquaintances.
Their store for physical goods goes down every time they make a significant change to the product offerings.
Both are highly successful, but all this tells us is that a web service doesn't have to be particularly well run in order to be successful.
"Any time an App Store app gets released or updated, there's a fun game where you watch it slowly propagate to visibility among your friends and acquaintances"
Are you sure that is for technical reasons? I don't see a big advantage of pushing such updates to all customers in one go, and I can see an advantage of staggering updates (say 1% every hour over a couple of days): if your update breaks something, it gives you a fighting chance to at least adjust your web site before all your customers send you mail at the same time.
I'd say that's far outweighed by users complaining that they get odd errors when they try to install the app when it's in a half-propagated state. Heck there was a 5-page macrumors thread of people keeping each other updated on what fun error the Mac App Store was telling them for each country when Mountain Lion was being released. Took a day for it to propagate.
If Amazon CloudFront worked that poorly at replication, everyone would rightly tear them a new one.
>Their store for physical goods goes down every time they make a significant change to the product offerings.
Many years ago it used to go down for technical reasons.
Now it is purely PR/Marketing. They get massive traffic spikes whenever it goes up and it instantly results in thousands of web pages going up with free PR. Why would you give that up ?
How does he know? He's not a WebObjects programmer and the tweet is quite vague ("certain types of changes") which implies he's not privy to any real information.
Obviously I can't be 100% sure of the validity, but I am inclined to believe it for a multitude of reasons:
-Outside of Apple employees, you would be hard pressed to find a person with better inside information on Apple than John Gruber
-Additionally, in the tweet, he is corroborating another Apple journalist's similar claim
-Saying it is a technical flaw reflects somewhat poorly on Apple, and Gruber isn't exactly one to go out of the way to claim Apple is doing something poorly without a real reason to say so
-"It is for the PR!" always struck me as pretty weak post hoc reasoning. Sure, it drums up some interest in the tech blogs, but it also means the store just does not work for a period of time for everyone. Including people who don't care and just want to hand Apple money. I presume Apple wouldn't go out of their way to frustrate customers and possibly lose money.
If John Gruber makes an objective claim like, you can bet he has some real information. He may be an Apple shill, but he is a very well informed shill who values his reputation for providing accurate inside information. He isn't a WebObjects programmer, but dollars to doughnuts that info comes from someone who is.
For most of its existence it was the only store compatible with the far and away market leader for audio players. The store did not win because of its technical chops. To boot their media store is still almost completely cut off from the web (they did try and juice some SEO and have landing pages, but iTunes likes to pop up most of the time). They sure love relying on iTunes...
iTools/.Mac/MobileMe and iCloud were all pieces of junk. As was Ping. As is GameCenter. And iMessage.
iTunes Music Store is a web service. Whether it delivers HTML or XML to a thick client is irrelevant. It still needs to deliver a tremendous volume of them in addition to managing the downloads. And by and large it has worked tremendously well.
iTools/.Mac etc are all the same thing just rebranding. Ping was a product failure not a technological one. And GameCenter/iMessage use iCloud so not sure why you listed them.
I'm sorry, but successfully running a digital download store in a desktop app does not impress me. Apple's innovations with the store were not technical but contractual (originally getting record labels to agree to flat per song pricing).
iTools/.Mac/MobileMe/iCloud are all the same thing, but signify the number of reboots they have had over the years. Each time they say "it's fixed!" and then yea, it's not.
Be my guest if you want to believe Apple is great at the web. Meanwhile Google will be feasting.
They have had lots of security problems, but yes it is successful. It's also slow and outdated. I have not built anything that size, but I'm also not the second most valuable company on Earth. My point was simply that other companies are better at the web than Apple is and that shouldn't be the case considering their resources and the importance.
LOL at taligent. Did you experience that particular Apple disaster? I think that also went in for a certain amount of pleading along the lines of "crap isn't really crap, you just aren't smart enough to understand how superior we are".
They know how to run them in that they have web services running, but I'd contend that they're not run very well. They are consistently slow, slow, slow, not to mention buggy.
I just opened the Mac app store application, clicked the "updates" tab/button, and waited 15 seconds to be told that there are no updates available.
When I install app updates on my iPhone (5, running iOS 6), the badge icon does not go away until I re-open the app store app, on a consistent basis (greater than 50% of the time). When the badge icon does show updates, tapping the updates tab produces a wait similar in magnitude to the Mac app store example above, even though the app already knows there are updates available, since it showed me via the badge icon!
Apple's web services, in my experience, are comparatively slow when viewed alongside other major providers of web services.
On the "slow, slow, slow" point, I didn't realize how slow iTunes was until just now.
I recently got a couple of HD movies for my Nexus 7 from Google. I didn't really think that much about downloading them, just stuck the pin and they were downloaded reasonably quickly and painlessly in the background.
But now that I think about it, the contrast with my wife's experience downloading HD TV shows and movies from iTunes could not be more stark. The downloads take hours. She'll often check and be frustrated about how little had downloaded. She'd sometimes end up reshuffling her downloads. Until our recent wireless upgrade, she'd worry about where to place her laptop, sometimes resorting to a network cable. And probably more frustrations I'm forgetting.
To top it off, this is in a country Apple officially supports and Google doesn't. From my (admittedly limited, external perspective) I'd say Apple still has a long way to go with web services, including iTunes.
It's a category of web service. Other examples are services which take huge numbers of photos from lots of different users and process them, or files from millions of devices for backup. These Apple cannot do well.
As far as I can tell, you pay $99 or whatever, and it periodically sends a text to your iPhone telling you it hasn't actually backed up anything in XX weeks.
Kind of a weird business model but then they didn't ask me.
iCloud's free* now, actually. It became a free service when they transitioned away from the MobileMe branding.
* You need a Mac or iOS device to join, though. And you can pay for additional storage if you want ($20, $40, or $100 per year), but that's not necessary.
Well. What do you know? Maybe they've actually, for once in their lives, created a product not exclusively designed to suck money out of your wallet. (1)
iCloud is a collection of services which includes all of things you mentioned. The web interface is horrible but it works pretty well for me syncing between the desktop and mobile apps.
>> "you can't even do standard cloud stuff like share photos"
You can, shared photo streams which came with iOS 6 I think. You can also create shared photo journals in iPhoto (on iOS) which I presume work through iCloud.
>You can, shared photo streams which came with iOS 6 I think. You can also create shared photo journals in iPhoto (on iOS) which I presume work through iCloud.
Thanks for letting me know. I tried to do a mobileme style photo album about six months ago and was amazed that they had removed such a useful feature. Glad to hear it's back, even if it's in a slightly different form.
I'm with you. I have a total love-hate relationship with it. I love how it keeps me in sync across all my iStuff (4 total) but when something goes wrong, even as a developer, I have no clue what it's trying to tell me. And when it comes to email I've really seen absolutely no use for it beyond keeping my Google, Exchange, and other calendars/email accounts in sync. And no, I don't want to save anything to iCloud, I'd prefer it on my hard drive until iCloud gives me the same level of convenience in managing my files as Dropbox thank you very much.
> I have icloud and I'm not even sure what it's for
It's a syncing service first (and you can optionally opt in to get an email-id). The website provides you webapps for your synced iCloud contacts, calendars, notes, reminders and iWork documents and for "Find your iDevice". For other applications it serves as cloud "storage" but there's no web interface for those.
The app icons are equivalent to iOS app grid and the little cloud button serves as the home button for the "Apps"
Its hard to know what to be more amazed about: the fact that with one boneheaded filter Apple now seems creepier than Google in terms of respecting your privacy (one of the few things they could boast about), or the fact that it still seems to be amateur hour over at iCloud. Think about it for a second: they are literally pushing code into production that amounts to if (contents.indexOf(bad_phrase) != -1) delete_email();. How is the takeaway not anything other than "Of course Siri and Maps are a disaster, they can't even filter email in a more complex fashion than 1993."
I agree that it's boneheaded, but I'm not convinced this is a privacy issue, assuming the email only gets dropped. Shouldn't something need to reach the eyes of a human in order to be a privacy issue?
If the email is deleted, that's an extension of the original issue where your email is scanned in the first place, whether by machine or human.
Then comes deletion, making the issue worse than before. Call it privacy, personal data control issue, doesn't matter.
Apple will likely correct this anyway. Two academics could be chatting over email about the potential social harm of "barely legal teens" categories in mainstream porn. They argue the slogan as a provocative, predatory gesture towards all young women. Often the category strives towards "as young looking as possible while legal" which is poor taste and creepy, yet sits alongside "brunette". They might be emailing about that, in which case Apple is wrong to delete the email.
A heuristic is a bit more complex than an indexOf. I just tried it myself: An email just containing the phrase "barely legal teens" is attributed by Apples iCloud IMAP servers in the header a "spamscore" of 3 and is delivered, but marked as likely spam:
I would argue that this kind of filtering is fine. Maybe it was a glitch in the server, maybe other metrics of the mail pushed the spamscore up. If iClouds Mail servers should silently decline mails for delivery is a whole different argument.
I tested this on my @me.com account, and it's exactly how it works. Email containing the words "barely legal teens" is simply dropped.
I find it obscene to an Orwellian extent that Apple actually seems to think that no valid email would ever contain the words "barely legal teens". I wonder what other things Apple thinks are not worth talking about?
I have no trust in Apple's email services any more.
Microsoft has been doing this for decades. Ever try to collaborate on a web project using MSN Messenger? Every message you sent that contained 'index.php' was mysteriously dropped. It IS Orwellian, but you should not be surprised. The big communication services all seem to have their own little moral or technical hacks they use to keep your discussion limited and away from certain topics / words.
Proprietary IM networks are just that. Email is based on standards, with RFC's defining behavior. Moreover, proprietary IM is based on a some level of membership in that network. Email is open and often involves individuals outside of Apple's iCloud network, users who haven't agreed with Apple to any terms of service or the like.
That's so surprising I tried to find evidence of it online, but I couldn't. Partly because "index.php" is such a common thing that Google won't use it for a search term, which is ironic. Can you point to anything corroborating that?
There are a whole bunch of banned words. There used to be a whole slew of sites that indexed all of the things Microsoft wouldn't let you talk about. Here's an article about it in the Inquirer: http://www.theinquirer.net/inquirer/news/1041509/microsofts-...
It is even worse than that -- it also seems to automatically insert graphical smilies whenever it sees what it thinks is a text smiley. Makes it very hard to cut-n-paste a code fragment. Of course you can turn this off, but only on the receiving side -- if you are sending someone a command or piece of code (that contains parentheses and colons), you have know idea if their end will convert to the graphic smilies, and you end up sounding strange to them.
That is not "even worse", that is relatively insignificant. An IM client converting text to smilies by default is standard and easily disabled, or avoided by a different using client.
On the other hand, the issue above represents a horrible failing on the part of MSN as a network/protocol. Silently dropping messages without giving error to either party is insanely stupid behaviour, and MSN's done it frequently for as long as I can remember.
Actually, any mangling of the text is bad. It is bad to drop text, and it is bad to change a line of code to have cartoon graphic images randomly scattered (which you, the sender, don't see but only the receiver does), which makes you look stupid in the eyes of the person receiving it. At least dropping a message makes it look like a network error, the other can make the message sender look like an ignorant fool. (I'm very sensitive to having what I write get changed by something, which is why I absolutely hate auto-correct in a word processor). Both cases have the effect that our corporate-mandated IM client is utterly useless for IT work where you have to send commands or code snippets to others on the team.
No, MSN Messenger did change it for the sender, too. The receiver of a message's settings determined whether they saw the image. You could turn it off in the Text Formatting options, just a simple checkbox.
So I'd disagree with the 'utterly useless' aspect.
That's exactly what I said, if you, the sender, have smilies turned off, you will see the normal code (...:) for example. But if receiver (the person you are sending the message to) doesn't know to turn smilies off, they will receive a graphical picture where the ":)" is in your message, even if it is part of a code block. And there are so many smilies that I don't recognize (not just the ":)" ones), that I never know what the receiver is going to see. Hence, it is useless for sending code fragments (or anything else other than conversational text), since you never know if what is on your screen matches what the receiver will see.
Nobody seems to say it: There were phishing/malware scams that propagated by sending links to all your friends, and banning common page names was Microsoft's way of combatting that.
GMail silently drops any emails containing zipped .exe files that I send to my boss. That's despite me being one of his most common correspondents, part of the same GApps domain and whatnot. The problem is the same: spam filtering gone wrong.
wait, you're sending from a google apps domain? From the web interface? It always just refused to send if I've tried to do that in the past, with a message explaining why. If you're sending from a different provider, gmail help claims it will bounce it back, not drop it silently, though I've never actually tried that.
In any case, not allowing specific file types as an attachment feels pretty different here, at the very least because the list of filetypes not allowed are enumerated[1], the refusal is explicit, and it's not due to the subject of the exe you're trying to send.
I'm sending via a non-Google SMTP server, and there's no bounce message or anything - it's just dropped. I'd argue that silently dropping any message from a known source, regardless of the contents, is wrong. I'd be ok with the -attachment- being removed if a scan shows it's a virus/trojan, but then there should be a notice to both sender and recipient.
Agreed, this is incredibly annoying, achieves little or nothing in the way of improved security, and makes GMail a lot less useful than it could be. They've done it for years.
Nothing silent about it, in my experience, at least. I was trying to send a self-extracting encrypted archive (full of documents) to my tax guy. Google wouldn't accept the .exe attachment until I added .remove to the end of the name.
The intent is to require the receiver to take some affirmative action (e.g. deleting the .remove) before blindly running the attachment and getting pwned. Seems perfectly reasonable.
Unlike what Apple just got caught doing. I'm ripe for a new phone. I don't think it's going to be an iPhone ...
I just tested it on my @me.com account. Used the web interface to send an email to my Yahoo account and the email wasn't dropped. Did Apple fix this or is the problem somewhere else?
When you let someone else handle your email, they own your email. There is no postal secrecy law, no rule against reading. They can touch, modify or delete according to their whims. It's their email now.
So I am not that very surprised to hear a news article like this. It makes perfectly sense with the current mentality. It also adds another nail in the coffin about idea that "only a machine is reading my emails. Why should I care about that?".
Hopefully this will encourage some people enough to run their own mail servers. It's far less problematic than most people think it is. Maybe it was hard to install and configure this in 1990s, but this is 2013. You buy a domain name, install a Debian machine, and do:
Afterward one follows any one of the many simple guides to install either a webmail (roundcube most commonly), or go to (http://www.postfix.org/docs.html). If a spam gets through, install blacklisting or spamassassin. Easy 3 step guides exist for both.
It always surprises me that people can use a software library with complicated, half insane API's, but can't follow a single page of simple single steps installation. It's not hard and you get the bonus of actually owning your own emails again. If you are a company, this should not even be a question. If the options are to give away all your emails and customers emails to a third-party and thus lose all ownership to them, or asking a sysadmin/programmer to spend 5-10-30m tops to do an email installation, the answer should be obvious.
In my experience, it is not so much the installation itself, but the regular maintenance and the many subtle errors that can occur, which make running your own email server NOT as trivial as you make it sound :).
As for a few examples:
1. Mailservers around the world have different degrees of strictness in what they accept. Some require the sender’s mailserver to have a valid and matching PTR and A/AAAA (!) DNS records. Others don’t care. Some check black lists, some don’t. Some even resolve the MX record of your sender domain, connect to it and try to start delivery of an email to ensure your address is valid.
2. By default, postfix doesn’t warn you about undeliverable messages for quite some time (a week is the default, I think). So if there is any error in your config (e.g. I changed my DNS resolver config, then didn’t restart postfix), your mails will be stuck without any notice, for a number of days.
3. If there are SSL certificates invoked, they should be valid. Some mail servers will not use TLS at all, some will fall back to plain text, others will cancel delivery if your certificate is invalid.
These are just a few examples I have encountered recently, but every time they happen I am incredibly frustrated that emails either did not reach me (usually I detect that quickly) or are not delivered (detected only after a few days).
Search is IMO the hard part. I know you can do Lucerne, but getting that working well with email is hard. Until recently Outlook's search was crap compared to gmail. too, and mutt is still essentially "headers only".
Still, shouldn't be that hard to do as long as it is your own server and you trust it; I imagine a lot of the difficulty of gmail is scaling, and even a single user with 20-50GB of mail isn't in the same league.
If you were to outsource it to a service provider:
I'd love a way to do privacy-protecting search on my mailbox, either by building/maintaining a local index, or even more amazingly, some kind of cryptographic/data structure magic: do processing once either pre-encryption or on the local device, then add it to an index, with a configurable slider for data leakage vs. search quality. Search could execute locally and remotely.
(This is to allow you to use webmail with no local persistent storage, or a new phone, to search your email on a server, without trusting the server).
Agreed. I've handled over 100,000 messages with it with no problem, and I know people that have handled well over that. Instant full-text search, no matter how much mail you throw at it.
How about a good old desktop mail client? I don't really understand why so many people insist on only using webmail and then complain about the lack of certain features and/or GMail lock-in.
Mutt is more like "everything I can come up with from the command line." Sure, I won't make my grandma use it, but I've never needed any searching capability beyond grep and co.
Not necessarily. Try to do something like write up your email in Markdown, and create a script to automatically convert it to multipart/alternative with text and html versions. So far as I can tell the only 'real' way is to insert the script between mutt and the sendmail command, but that's less than optimal.
I download my email to the Mac mail app. That has let me find some emails that were unfindable on the web interface (even when I searched by sender email!)
I've actually wondered this myself. Why isn't there a good preconfigured drop in solution for this? It would be especially nice if it had a good web front-end that you could log into remotely. How hard would it be to develop something like this? I assume it would be a matter of forking an existing project and adding some custom configs. The hard part would be the web component.
Freedom box has talked and hopefully worked on doing this, but Im not sure if they have gotten as far as improving the interface of a webmail yet.
Still, I do think there exist some very talented grafic designers out there that would enjoy playing around with a webmail interface. Hopefully, articles like this will increase the demand and interest in run-it-your-self webmail packages, so one would do that and not spend all focus on building more CMSes.
IIRC, most webmail packages now (SquirrelMail, RoundCube) are just web front-ends to IMAP. It stands to reason that something more integrated, is probably more difficult.
There already are several solutions like this that have been around for years. Check out Zimbra. But still a pain to maintain and moving over to Google Apps several years ago, I never looked back.
Have to agree with this. I ran my own mail server for a few years and even though set up was easy, deliverability was a PITA (I was never able to successfully deliver to hotmail addresses even after doing everything possible on my end).
Then there's spam.. what a headache. Suddenly one day I realised that I have better things to do with my time and now everything goes through google servers.
Did you install greylisting and blacklisting? It really do reduce spam to ~0, and is a one time 5-20m configuration.
As for hotmail, I strongly remember doing a telnet to hotmail servers and succeeded in sending emails while writing commands by hand on my private computer. Thus without any special headers or other magic, I could send email without any issues. It would had been interesting to hear details on why hotmail rejected your emails. Default postfix installation?
There have been a couple of "setting up a mail server" howtos come through here. I recall one that was huge in the depth that it went into (the depth also made sure that I never got around to reading it).
Subtle errors are a problem, as anyone who is a programmer or sysadmin will tell. It's a constant issue when programming in C or Javascript, and it's almost a job description for a sysadmin. Mail installations could clearly be improved here with testsuites that test the installation and not just the mail server code.
But to address some of those concerns.
While errors in the config can cause big problems, it's not very common for people to change it once it's installed. It's like doing changes to the kernel, Apache, or Xorg settings. Sure, things can easily be broken there but for the common case, the defaults are good once one has passed the installation wizard/guide.
In case of SSL issues between mail servers, I am rather sure that postfix only does a best-effort. Thus if your certification expires, they will fall back to plain text. However most CA's will warn you several times once it gets close to the one year mark, so it's not a very big workload to handle. If you know of an email server that will cancel delivery, please let me know as I would be very interested to hear it.
PTR is a real issue, but if you have static IP, PTR records should be rather easy to get. It is also a one time cost for the domain name. For a company network, a static IP and support is commonly included in the price. You email/call them, and they add a PTR. For private users, a VPN solution might be needed in some cases, but I'm unsure if it's that much of an requirement. Gmail seems fine in sending emails to locations without PTR, or receiving emails from servers without one. However I have not tested this fully or with other services like to Apple or Microsoft.
I only have a few small-ish mail servers under my care, and I couldn't agree more.
Reviewing the history of the mailop list [1] shows how frustrating it can be when a behemoth (AOL, MS, etc.) stops accepting your mail. It's bad enough when you're a sizeable mail operation; as a tiny standalone mailserver, you are not at all a priority, and it's possible you'll lose the ability to communicate with a significant fraction of the Internet's email users (regardless of how complete/correct your configuration) and with little recourse.
I haven't messed with the defaults on undeliverable messages, but my recollection is that Postfix sends you a "hey, it didn't go through, but I'm going to keep trying" email at 4 hours, and you get the final "I gave up" email about a week later.
Don't forget maintenance of the hardware itself, backups, and everything else that comes with running a server (assuming you didn't buy one in the cloud).
Buying a mail server in the cloud is the most practical option. I doubt EC2 would peek inside your VM to censor mail as Apple is doing here.
Running a mail server at home can get complicated. Other than having to manage the hardware yourself, there are limitations on residential internet connections. Not only do residential ISP often provide dynamic IP addresses, they tend to block port 25 (at least outgoing) so as to counter spambots. Some spam filter may also treat mail delivered from your home server more harshly.
Though, if you really can't trust anyone (cloud providers, SMTP relays, or the network in general) you're be better of using PGP.
You are absolutely right about owning your own email, but it is also worth pointing out that no email provider in their right mind would irrevocably, silently delete emails based upon this insane criterion (where a movie script attachment contained a scene where a character views an ad for legal porn).
But Apple isn't in their right mind. They have never understood the cloud, they still don't, and every single Internet service Apple has ever produced, from eWorld to .Mac to Mobile Me to iCloud has utterly sucked gigantic balls.
Which makes relying on Apple to handle your email a lot crazier than relying on say, Google, Yahoo, Rackspace Mail, Tuffmail, etc.
If you have enough experience or make enough simplifying assumptions, anything is trivially easy. But it doesn't take much imagination or experience to see that bootstrapping your own email isn't trivial. For instance, I defy you to buy a domain name and a hosted debian machine without maintaining an existing email account.
As a developer / sysadmin who used to host his own mail and uses complicated half insane APIs every day, I know that even things that are reliable and easy to set up (such as debian servers) require maintenance and all the work and planning that goes into making something secure, reliable, and performant.
I don't see how anyone with experience could contend with a straight face that running a network service like email is a set-and-forget proposition. I remember having to brush up on my mail stack every time I needed to troubleshoot a problem, and over time it became clear that I had over-prioritized hosting my own email.
Edit: It's a fine hobby project though, as long as you're honest with yourself about what you're undertaking.
But I'll bite, if your mail server goes down - and it will - you now have no email. You can't email your hosting support. You try to log in to your host control panel to do a reboot or raise a ticket but forgot your password. You can't get the reset email. Somehow you manage to login and raise a ticket but won't get any email notifications when the technician responds asking for your server id number...
Hopefully this will encourage some people enough to run their own mail servers. It's far less problematic than most people think it is. Maybe it was hard to install and configure this in 1990s, but this is 2013. You buy a domain name, install a Debian machine, and do:
Thanks, but no thanks. I just went in the opposite direction a couple of months ago, switching to a paid Google Apps account so they can handle email for us. I couldn't be happier. Our Postfix / Cyrus / Squirrelmail setup worked fine, but then the server got compromised and taken over by spammers, out IP got blacklisted by most everybody, and right in the middle of trying to fix all that, I got sick and wound up in the hospital.
When I got home, I sat down to start trying to fix this mess and had an epiphany "WTF am I doing this? Hosting email servers is not a core competency for us, there is no competitive advantage to be gained here, and Google Apps is fairly cheap."
I switched over the same night and haven't looked back. After fighting with Postfix and Friends on and off multiple times over the past decade, I'm out. I want no part of hosting email, now, or probably ever again. I have much, much, much better uses for my time than fixing broken email servers.
It always surprises me that people can use a software library with complicated, half insane API's, but can't follow a single page of simple single steps installation.
I have yet to find an email setup that can be described as "following a single page of simple single steps installation". And even if I could, I still don't want to, because there just isn't any real point to it. Email delivery is a commodity, not a core competence. Outsource the hell out of that shit, IMO.
1) in some industries (like in finance) the regulatory requirements make it near impossible to use external email services. For example, there needs to be a record of every email sent out of accounts in the company that needs to be presented to regulators when they demand it.
2) People within the same company may slip up and send emails to coworkers that shouldn't be read outside the company. When you run the email servers, no other party reads them. It stays in the family, so to speak. When you use google or whatever service, they get a peek at the emails.
3) AFAICT Gmail is not HIPAA compliant, making it inappropriate for health care businesses.
Absolutely true, and I wouldn't argue against hosting your own email is there are such very specific constraints on your organization. We don't have any of that, and hosting our own email makes zero sense for us.
Or to put it another way... we're a 2 person, self-funded, bootstrapped startup. Our most precious resource right now is the time of myself and my cofounder. Every minute we spend tweaking and tuning an email server, is a minute we're not talking to customers, doing market research, working on our product, developing strategy, doing competitive intelligence research, etc. For us, that's not a tradeoff that makes sense.
Heh, maybe, in a sense. But realistically, I can't "work" 24x7, and taking a break to check/post HN is part of how I stay sane.
That and then there are periods throughout my day (especially at the $DAYJOB, like right now) when there isn't anything productive I can really do on the startup, and there aren't any pressing assignments, so reading HN is about as productive as anything else. :-)
It's very very problematic. With all the spam, your mail server is not going to be trusted by any major providers. Their weak heuristics have no problem banning your 1 user mailserver, but they have gmail whitelisted to not ever ban them.
Agreed, this is the biggest barrier to running your own mailserver.
Even if you think deliverability is good for 95% of mail servers there's always some ISP that won't cater for you. So you're constantly having to be monitoring the logs to ensure your emails are being delivered.
Working professionally for a small company, which provide emails service for customers domains, i can say that this has never happen for us. not a single time.
Sometimes people get hacked, either because they pick a abc123 password (nowdays blocked by policy), or because a customer webserver CMS theme has not been updated in the last 2 years. When that happen, a few mail servers (mostly yahoo) has temp banned mails for a few hours. Mails still got delivered however.
So lesson to learn there is to not use passwords like abc123, and to actually update that 2 year old CMS theme. Or you don't combine webserver with webmail.
I agree with you. Most professional email services have much less aggressive blacklisting than single-user email services run by their single user.
In many years of running my own server, this was never a problem. I checked blacklists on a somewhat regular basis but was never in them. And people I sent mail to usually replied, which means they are either psychic or my mail got delivered. (The problem comes when you start sending spam, of course, which is what many people do get blacklisted for.)
The problems with running your own email server are spam and the time it takes to keep things running. All the other issues are trivially solved.
yes yes yes!
I 100% agree.
It would be interesting to hear from someone with some legal knowledge. I suspect in many countries it's the case that if you host your email with a third pary (iCloud, gmail, FB, etc) you give up some rights to privacy ... whereas if you host your email on your own server that you physically control, for example in your personal home, your rights to privacy are greater.
Even on Ubuntu Server it's very very easy to setup a mail server. Linode has guides, and there are others on the interwebs as well.
Just make sure to implement a regular backup regime.
In my experience IMAP to my own mail server is WAY faster than dealing with Gmail (even web interface).
Note that if you host on a shared machine or a VM, then law enforcement is still likely to see it as your host's box with your data on it, rather than your box with your data on it.
The most conservative approach would be a co-located machine that you own (i.e. your physical property, so they probably need a warrant) or on a machine in your home.
I actually tried many times to setup a mail server on my debian machine but never could find a good tutorial. I gave up because I lack the time.
edit: I just tried again, for more than a couple of hours. First I had to guess that I had to install MDB2_Driver_mysql. Set up a DNS to match my /var/lib/roundcube and now I'm struggling to understand how I could sign-in since he didn't create any user for me.
Regarding MDB2_Driver_mysql, I point towards (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544694). If you want to use mysql and not default sqlite, use debian package roundcube-mysql and it will install the dependencies for you.
As for users, roundcube uses imap and thus do not create new users.
Anyway, GL, and if you want to have some fun, try out PostgreSQL.
//" install a Debian machine, and do:
aptitude install postfix
aptitude install postgrey
install either a webmail (roundcube most commonly), or go to (http://www.postfix.org/docs.html). If a spam gets through, install blacklisting or spamassassin.//
You seriously think this is simple for non IT people?
No, I don't think this is simple for non IT people. Same goes for my web site code, or my python projects, or my shell scripts. If I gave either of those to an non IT person, they would have no clue what is going on.
This is as expected, as most people require some expertise to do technical work. I would have no idea how to fix the electrical system in a car, but I do expect that the mechanic knows how to figure it out if it one broke. Same, I expect a sysadmin or a programmer has the expertise to follow single steps installation guides.
>When you let someone else handle your email, they own your email. There is no postal secrecy law, no rule against reading. They can touch, modify or delete according to their whims. It's their email now.
In Germany, email is actually protected by the Fernmeldegeheimnis [1], even while the email is saved on the provider's server. The reasoning behind that [2] seems to be that the mail server's storage is part of the communication process, no matter how long the data sits there.
I've written about this before, but I used to run my own mail server and it's no cake walk.
I used to do greylisting with spamd and ended up silently losing quite a lot of email. (Many mail hosts do not re-send from the same IP, meaning messages essentially get stuck forever.) Doing spam checks at DATA time and rejecting obviously bad emails outright seemed much more effective and less dangerous. I never managed to get Spamassassin to do this, but auto-rejecting languages you don't read also cuts down on spam a lot.
(I missed out on a consulting opportunity because the client's host of choice seemed to be a known spammer and my mail server's filtering was too aggressive about trusting blacklists. I chose to silently-reject those types of messages, so nobody got a bounce. Fortunately, someone was nice enough to ask me about it out-of-band so at least I was able to turn off greylisting and blacklisting before losing much more mail.)
I never found an imapd that scaled to having a lot of messages in a folder, so I ran a cron-job to move mail offline after 2 weeks (for mailing lists) and 1 year (for INBOX). Similarly, I never found a good client to use; Gnus had a very cryptic configuration that I could never believe worked, and mutt was not Emacs-y enough. Reading my email mostly consisted of waiting for Gnus and deleting spam. (I never figured out a good way to get Gnus to move messages marked as spam somewhere so that I could run a cron job to automatically train Spamassassin on the known-bad emails.
You set it up to run the ingestion program as a cron job every 10 minutes, and then you get a CGI that will show you matching emails for your query. Of course, you can't actually click the links and go anywhere unless you set up some sort of web-based email viewer. I never found anything I liked so I lived without webmail. (There are lots of options. All difficult to configure and probably riddled with security holes.)
Once your server is up and running, you need a secondary MX and a backup plan for your email. (I used Dyn.com's secondary MX hosting service. A lot of spam comes in through the secondary MX, so you can't just implicitly trust it. This involves more configuration.)
Finally, spam filtering uses a lot of CPU and RAM, so you have to pay for a rather expensive virtual machine. Linode's $40/month plan seemed mostly adequate.
I don't really like composing email in the web browser, but I've gotten used to it and $5/month for Gmail and $0/month of my time screwing around with spam filters seemed like a good tradeoff.
I use postfix without greylisting, instead I drop the message if it is going to a non-existent user (drops about 99% of all mail), then drop it if it comes from an invalid domain (there goes another 0.5%) and then a block list (cbl.abuseat.org). The rest is valid email, which gets spam/virus scanned and delivered to my mailbox. Not very CPU intensive at all...
Then it goes through amavisd that does the spamassasin checks, as well as verify DKIM and the like, and then it gets delivered to dovecot.
Now, Dovecot as an IMAP server is fantastic. Along with dovecot-pigeonhole I can sort messages into different folders server side.
Dovecot currently handles one mailbox for me that I archive a mailing list into ... 150k messages and counting, and no issues. Uses Maildir on the backend. Although, I do think at those sizes it comes down to good file system caches, and a good file system that doesn't have a problem caching the entire directory.
It works well for me, so well in fact that I am moving all my stuff from Google Apps for Domains back to in-house. For two reasons, 1. more control, and 2. I have had issues with Google Apps in the past, and even with a paid account the support has been lackluster. I'd like to know more about my email, be able to check logs if need be to see what is going on.
I used to have same reaction regarding greylisting, but changed my mind around 5 years ago. Have yet to see any issue with it, and I assume this is because homebrew email servers are no longer common or even uncommonly in use. I guess it could happen, but I have yet to find this at work for those I host email for, and same goes for all my private emails. It can be that because many commercial email providers uses greylisting, users of homebrew mail servers has either fixed it or gone over to postfix/exim/sendmail by now.
The biggest issue is your domain getting blacklisted for whatever reason. It may look like the name of another spammer's domain name. The server you rent may be colocated on a rack with a spammer's box (or a box owned by spammers) and have weird reverse IP SNAFUs. Your very server may not have the latest 0-day patch and bet 0wned by script kiddies and, bam, again... Blacklisted.
Note that I do NOT know much about email servers and that is precisely the point. I eat iptables rules for breakfast, I can set up a Debian server from scratch and I can certainly configure a mail server. But there's more to it than meets the eye. Been there, done that. And we got burn.
I don't know "why", but all I know is that we had problems!
tl;dr: 30 team person startup and we tried to use our own mail server. Too many problems. We moved to Google Apps for domain and all our problems were fixed...
At conferences, especially security conferences, I tend to ask if anyone ever heard of a Debian base installation being hacked if it has auto-updates or is manually updated once a week. So far, my count is 0 and when asking self-proclaimed hackers, they also tend to agree that Deiban stable installation is very secure. The installation I got from 1999 is still running, and the count of breakins are 0. to add on that, it has no firewalls. I kind of wonder what happened that caused your server to be hacked. Insecure password?
As for using a previous owned spammer domain, I strongly question that logic. Black lists tend to be both conservative and done by copy-pasting. A blocked domain abcd will not block abc or abcde. If the block lits do not see mails from abcd within a month or so, they also tend to remove them to clear up space. This time frame is also way below common domain name expire dates.
Regarding reverse lookup, I assume that 30 team startup bought a company network contract from the ISP. Such deals should include support and static IP, which mean reverse lookup is a single email away from being done. Co-location contract might be different, but I wouldn't know.
Why do they mention "child pornography"? Maybe I'm wrong but isn't "barely legal" meant to mean 18 year old adults and not "nearly legal"? Or is it just a common code phrase child pornographers use I wasn't aware of?
As a man who has the ability to search Google (whooo!), I can add that "Barely Legal" teen movies are published by Hustler, and there appear to be hundreds of them with related names.
Some are sold on Amazon.
Presumably the people who operate in the legal pornography business -- working for Hustler, their distributors (I'm assuming there are several) and US-based retail outlets -- don't use iCloud or it could have an unpleasant impact on their legitimate businesses.
In which case, it's been programmed with remarkable incompetence. There's more to spam filtering than deleting messages that are clearly not spam on the basis that they contain a particular sequence of acceptable words.
I can barely imagine the legal consequences of deleting without notice an important email that a distressed mother might have sent to her teen.
It's a term of the pornographer's art. I had a friend from college who wrote for Larry Flynt's Barely Legal magazine for a while. She went on to bigger but arguably less respectable things (political blogging).
Yes, "Barely legal" is used by many legal pornographers.
The article suggests some connection between the phrase "barely legal" and images of child sexual abuse.
It's clear that "barely legal" has a well-established meaning of "absolutely legal; documented adults; no chance of being under age". The article failed to establish a connection between the term "barely legal" and images of child sexual abuse.
Google "barely legal teen" (NSFW) and you will know what it is.
Distribution of porn requires paperwork, age certificates from models/actors etc. Things get even more dangerous when actors can be reasonably suspected to be underage.
The author speculates that this filter was driven by paranoia and CYA mentality at Apple.
It's meant to mean 18 year old adults, or woman around that age (so it could be applied to 17 years old as well). This has nothing to do with child pornograpgy, but it seems to be a trend of our time to use that word when youth pornography is meant (and judge the latter accordingly).
That is correct. It maybe doesn't apply if taken by the formal meaning. Doesn't mean that there isn't a second meaning behind that. It sure is a play of words with the uncertainty of the legalness (else why mention the barely at all? Why barely, which also means "not really"?)
Because they are specifically promoting porn featuring women as young as legally possible. "Legal teens" would include 19 year olds, and they are trying to create the specific expectation of women who very recently turned 18.
>Why barely, which also means "not really"?
That is not what barely means at all. Barely means "only just". Barely legal means legal, but very close to the cut-off.
>That is not what barely means at all. Barely means "only just".
Not at all? Well, it is possible my translator (leo) is wrong. I think i have a fairly good understanding of the english language, but i am not a native speaker, so i tried to check my understanding.
I still think it has in this case at least the connotation.
It seems that your English is good enough that you'd benefit from an English/English dictionary instead of relying on a German/English dictionary. That way, you're understanding the meaning in the same context as native speakers and without being tainted by connotations of words used in the German definition. (I have this problem all the time with English/Japanese dictionaries; I look something up and it doesn't make sense. Then I look it up in a Japanese/Japanese dictionary and everything makes perfect sense. Of course, sometimes that requires a few more trips to the dictionary to understand the definition, but...)
Anyway, if I were learning English I'd pay the $300 for an Oxford English Dictionary. You'll learn a lot that way.
I will explain it once again and in full and then let it go.
This is a special case. I know that normally barely meanst "only just" (though i believed leo that it sometimes - in special cases when used in a specific way - can mean "only almost"). But if someone hears a sentence like "that is barely visible", one always implies that it is not visible at all for someone seeing a degree worse. Now, if you vist a pornsite with usergenerated content - take 4chan as example - I'd bet a lot of money that one would find a mod-guideline or at least a discussion about such a guideline to delete any threads with "barely legal teens" as topic because a lot of users would post pictures of underage girls in such a thread. In such a case, barely implies not really. And therefore such a term can have another connotation than its formal meaning.
It is really a stretch to say "it doesn't have that connotation", connotations can vary even in one language for every speaker.
Certainly iCloud's is the wrong approach for your purposes (or mine). I'm not denying that; just offering a possible alternative to the explanation that "Apple thought these messages were child porn".
In reading this, all I can think of is "buttbuttination" and the broader Scunthorpe problem [1] (to use Wikipedia's term). Strange that Apple is using such a crude filtration technique.
Scanning and auto-deleting your email, combined with the Gatekeeper technology wich houses the possibility of Apple telling me what Apps I can or can not run makes me seriously start to wonder the direction Apple is headed...
Edit: Gatekeeper is OSX technology. It allows users to only install Apple certified Apps on your mac, not your phone. It's fairly new and possible to turn it off (for now at least).
Apparently they're also against criticism of their products, but not against forging network traffic, which is why you get fake 404's if you try to visit "The Best Page in the Universe" from an Apple Store. Interesting sense of morality they have...
That's probably just done via host file (or otherwise at the DNS level) for filtering undesirable sites. It's rather sensationalist to call that "forging network traffic". I don't even know if you can reasonably call it "censorship". What Apple does with the internet in their own stores is both inconsequential and also totally their own business.
In contrast, deleting email based on content is neither inconsequential nor their own business.
As trivial as it may be, I consider it censorship when they stop being transparent. Displaying "Blocked!" when someone tries to access the site is, as you said, totally their business. Implying a successful HTTP connection but a missing file? Still, as you said, inconsequential. The attitude that leads someone to make it look like a 404 instead of a blocked site? That's the same attitude that makes them block emails on the presence of a text string.
I don't know how they have it set up, but the laziest way to block pages is to add them to /etc/hosts mapping them to 127.0.0.1 . If you do that in OS X and Web Sharing (apache) is enabled (and it might be on their machines, although I hear Mountain Lion got rid of it?), then navigating to http://blocksite.com/whatever.html will give a 404 unless the web sharing directory actually contains the file "whatever.html". So it's very likely a simple matter of a lazy configuration rather than a nefarious attempt to make you think that the blocked site doesn't exist (which, really, what would be the motivation there?).
404 is an accurate statement by the browser when the distinct hosts file maps xmission.com to localhost. A 503 error would be a forged response. 404 is the expected type of response with two separate modularized/encapsulated systems where the browser merely reports that it found nothing from the typed in URL. Saying that the site is "blocked" would involve creating a special facility just for this purpose.
I don't think this is at all like the ISP redirection pages that were more clearly non compliant with IETF internet standards.
mistercow's response explains it better. If it redirected to localhost, and there was a certain filesharing service enabled, then it's possible a browser was listening but obviously didn't have the specific file requested.
Why are you inclined to believe this isn't the case? What possible reason would there be for Apple to care one whit about the email that goes to iCloud accounts? The only thing that makes any sense at all is virus/spam filtering.
No you didn't. They don't care what's on your phone. They care about two things:
1) What's on their store, and
2) How apps get on your phone, e.g. they must be codesigned by Apple.
The former is where they apply their content standards. The latter is a (very effective) security measure.
But, for example, Apple doesn't care in the slightest if I make a hardcore pornography app, sign it with my own developer cert, and install it on my phone. They only care if I try and submit it to their store. Similarly, they don't care if I open up Safari and visit some pornographic website, even if it uses HTML5 offline mode and gets added as an independent icon to my home screen.
> But, for example, Apple doesn't care in the slightest if I make a hardcore pornography app, sign it with my own developer cert, and install it on my phone.
You don't know that. They don't know you've done this and they can't know you've done it, so how you do you if they care or not?
You're acting like Apple has some vast conspiracy to eradicate objectionable material from the face of the planet. That's ridiculous.
Apple has been pretty open about the fact that they just care about what's on their storefront. The only reason that this effectively means they control what's on your phone is because most people can't install apps on their phone except via Apple's App Store. Although, as usual, everyone in the world is free to view whatever objectionable website they want.
Because they feel (rightly or wrongly) that they can practically provide a better, more secure, etc. experience for their customers by controlling/curating what executes on their devices.
The security implications of only allowing codesigned code to execute is completely divorced from the decision to control what content is allowed on Apple's storefront. The former limits what's on your phone, but does not make any judgement about the content. The latter makes a judgement about the content, but doesn't limit what you can run on your phone if you can find some other avenue to run stuff (e.g. self-signed with a dev cert, or web apps).
Because of Apples previous stance on porn on 'their' devices. I bet all sorts of spammy messages get marked as spam and filed in SPAM or JUNK, but porn related just disappears.
It's easy to temporarily disable Gatekeeper, install what you want, and then turn it back on. In no way does it prevent you from running what you want on your own computer. The point is to put another wall against unintended installs (aka exploits), and corrupted/infected versions of known-good software.
> If you forget to re-enable Gatekeeper, you're hosed
Let's not exaggerate. Everyone got by perfectly well for years and years just using common sense about what to install. Gatekeeper is a welcome layer of defense but I doubt many experienced users would be "hosed" without it.
iOS devices effectively run Gatekeeper full-time with no way to turn it off (aside from jailbreaking). I don't think it's unreasonable to think that the Mac's current Gatekeeper is just a stop along the way toward that.
Because the use-cases for phones and macs are exactly the same! Because there is no valid use-case for GateKeeper other than Apple wanting to control every piece of software on your machine. Because Apple totally doesn't care if third-party developers jump ship from their platform because the developer tools are locked down.
Because paranoia is so much more fun than rational thought.
Excuse me. I only meant to point out that Apple already has a platform where they control every piece of software on your machine, and so it's not absurd to think that they might try to do this on their other platform. I don't think my post merits your implication that I'm not thinking rationally.
I don't think jumping to that conclusion is any more rational than worrying about the Mustang getting watered down based on Ford's releasing a new Fiesta. Even if Ford does share Fiesta door handle parts with the new Mustangs.
OS X is a certified Unix that ships with a CLI and admin accounts with sudo powers. To lock it down the way you're fearing, they would have to completely rewrite the userland of the OS.
Oh wait, they already did that: it's called iOS.
iOS is the ultimate proof that Apple does not intend to lock users out of their Macs: they already created a different product to enable that hand-held computing experience.
Yes, that's exactly what I was thinking. Their choices make me worry you'll need a licence to develop for mac in the near future. After that you can only install via the OSX App store, with Apple taking their cut.
> The point is to put another wall against unintended installs (aka exploits)
Unintended installs may be a type of exploit, but they're not synonymous with them, as 'aka' indicates. Gatekeeper does nothing to protect against, say, your browser being compromised remotely, as you can run unsigned code in a signed application. Gatekeeper raises the barrier to entry, but only slightly.
Right, but it does create a barrier to entry if you want laymen to run your software. This is especially annoying if you're a developer who doesn't own an Apple PC.
As others have pointed out in this thread, gmail silently drops emails that contained zipped EXE files. It doesn't tell you it dropped it, it doesn't tell you it didn't send it, it just vanishes.
This is (sadly) not new behavior. Other email providers drop emails (which is sad), and Apple acting puritanical isn't exactly news.
Great, now I'm tempted to spend way too much time experimenting to find other banned phrases. :-P But sure enough, whether it's buried in a bunch of lorem ipsum or standing alone, that phrase will send your mail to the ether. It never showed in Junk, it just never came across the wire at all. Edit: this behavior goes in both directions, BTW; receive or send.
I'd be willing to write it off as a one-time error on the part of some individual contributor, but what else will get your mail deleted? Since there are no checks in place for "rogue" ICs adding phrases on server-side, what will cause stuff to go missing tomorrow?
I know everyone is rushing to decry Apple and their draconian behaviour ("first they took my unsigned apps, now they want in my email? TO THE PITCHFORKS!") but the likelyhood is someone has fiddled with the spam filtering and they've broken something. If the first thing you jump to is some conspiracy you're ignoring the simple rule of technology that behind every good wild goose chase is a member of staff who's quickly hitting 'roll back changes'.
Spam should never be deleted, it should be triaged and left to the user to deal with but it's definitely possible someone has screwed up. What I'm saying is it's probably a fuck up, what I'm not doing is defending it.
No. Normally I'm inclined to assume it was am accident, but If it was just triggering false positives on the spam filter, the email would be showing up in people's spam folders. Instead it is getting dropped without any trace.
> After more research, Steven found that under the iCloud terms of service, Apple reserves the right to remove any content at any time that it feels is objectionable, without telling you that they’re going to delete it.
Today it's a bad search filter, but tomorrow... what'll they do tomorrow?
Apple is the epitome of "we'll do what we think is best and you'll like it". For now they usually seem to have admirable (or semi-admirable) goals, even if you don't agree with them on the details. I'm curious how long until they make similar moves that are clearly Evil(TM).
Ugh! Let's just list a few reasons why we shouldn't be purchasing these things anymore. (Disclosure: Never owned one, but have played around with them a little.)
- Not upgradable
- Super overpriced
- Dictator-style company that seemingly caters to grandma
more than technical folk
- Obnoxious smug ethos created by marketing team
- Lots of people complaining about OSX going downhill
- The OP story and associated reports of mass censorship
- Just look at Objective C for 5 minutes
I'm perfectly happy with my beefy Win 7 box paired with a *nix machine that I can shell into when I need to do something that would suck in Powershell. Just don't install Java/Flash/ect and don't open JessicaAlbaBoob.jpg.exe and you will not get a virus.
True. It is inherently subjective. I knew I would receive some flak making that last argument about ObjC being ugly, but I felt the urge to be a little sloppy to see if it resonated with anyone.
Also, my verbosity argument would be hard to defend without concrete examples of equivalent functionality being performed more succinctly (while still maintaining readability) in another language. That would be hard given my ignorance of ObjC. I withdraw that argument.
>You shouldn't trust any company. Not Apple, not Microsoft, and not Google
Agreed. It's very difficult to convey this point, however. People don't really listen once you say these sorts of things. Even if they do, they don't change the way they work with those companies. This is especially true with Facebook. I've shown a lot of scary practices of Facebook to various people. All agree that Facebook is therefore pretty dangerous but continue to use it on a daily basis.
>"the cloud" is a stupid idea.
I do take issue with "the cloud" regarding the issues of your things not belonging to you, privacy issues, etc. There are benefits to e.g. hosting providers. I also would love Dropbox if my files were encrypted and impossible to view by staff.
The bottom line is that we need more companies who insure privacy rather than just claiming to respect it even though they store large quantities of personal information. Other such companies should work to avoid vendor lock-in.
People said the same thing about the internet and insisted that only direct-dial communications made any sense. This is one of those cases where I think the market will take care of things.
Exactly - since when has 'trust' ever been absolute?
Do I trust Apple to make awesome laptops and cell phones? Yes.
Do I trust Apple to keep OS X open to third party development? Yes, I do. Mostly.
Do I trust Apple to keep my personal email, email that might contain passwords and account names, secure and safe? Probably not, which is part of the why I don't use my iCloud email account.
Do I trust Apple to not sunset iCloud email in a few years, invalidating my @icloud.com address that I would have handed out to everyone, leaving me high and dry? No, I don't - and I think that's a much more potent danger for anyone using their @icloud.com email account.
It could be server side spam filtering (not all spam messages make it to your spam folder with any provider - the worst offenders are often just thrown out).
Just saying it is possible that this is an over-aggressive spam filter vs. Apple taking such an invasive measure. Although, Apple has done similar crazy things before, so who knows.
4.2.5 Reply Codes After DATA and the Subsequent <CRLF>.<CRLF>
When an SMTP server returns a positive completion status (2yz code)
after the DATA command is completed with <CRLF>.<CRLF>, it accepts
responsibility for:
- delivering the message (if the recipient mailbox exists), or
- if attempts to deliver the message fail due to transient
conditions, retrying delivery some reasonable number of times at
intervals as specified in section 4.5.4.
- if attempts to deliver the message fail due to permanent
conditions, or if repeated attempts to deliver the message fail
due to transient conditions, returning appropriate notification to
the sender of the original message (using the address in the SMTP
MAIL command).
If it's spam, the email should be rejected while the SMTP connection is still established with an error code (4XX or 5XX). If the email was accepted for delivery, there are really only two options: deliver the email or bounce it back to the sender.
That is the wrong way to run a mail server. I know how common it is at big providers, but it's still wrong.
You should REJECT a message if you won't deliver it. If it was a legit message inappropriately REJECTed, then the server that's relaying it can generate a bounce back to the sender, and something can be figured out.
Dropping a message on the floor like that, after you have promised to deliver it is almost always the Wrong Way.
I imagine the reason that it's done is because rejecting it gives spammers more information that could possibly be used to get around the rejection. It's much harder if they aren't sure whether or not the message was received.
Whether or not that's appropriate is another thing, but that is probably the rationale behind it.
More likely the rationale is that it's easier to filter stuff asynchronously after it is sitting in queue, and there's no longer a TCP connection hanging off it, waiting for a response. In other words, it's cheaper.
Postini.com (Google), Forefront (Exchange), and Barracuda Networks are some products/vendors in the space - its a whole industry. Just Google around a bit for "server side spam filtering" and such.
Anecdote: we use hosted Exchange from Microsoft. I tried to setup a cron job to email us all at 4:57 with the subject line "Get The Fuck Out". Those don't come through either.
Yahoo (particularly when providing services for BT) silently delete some spam, even mail with a raw SA score < 1.5.
And they don't respond to complaints, even from their own users.
I've been running the same pukka mailing list for 12 years, I'm in their abuse feedback loop, have proved exclusive ownership of the mail server, all mail is DKIM signed with valid SPF records, mail is accepted with a 250 OK, you name it.
Still they bin my emails, but only to some accounts. No rhyme or reason, no bounce, no spam folder. Just never arrives.
Greylisting does not throw anything out. It does the exact opposite. The mail server simply says, "I have a temporary problem, so I can't take this right now. Try again later" Mail servers are supposed to (and do) try again, at which time a greylisted message will be delivered. Accepting a message for delivery In Go Faith and then dropping it on the floor, is poor, lazy, cheap, RFC-breaking spam filtering.
What I mean is that greylisting is a trick mechanism where some mails, declared spam based on an unrelated and technical criteria, never reach the user's spam folder. This contradicts the 'spam should go to spam folder' point.
> I'm going to take a guess that this is just a misconfiguration in the spam filters.
A misconfiguration in your email server that results in emails being silently dropped is about as bad of a misconfiguration as you can have. That shouldn't even be an option to configure.
"As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice. However, it is extremely dangerous and violates a long tradition and community expectations that mail is either delivered or returned. If silent message-dropping is misused, it could easily undermine confidence in the reliability of the Internet's mail systems. So silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate."
The sent folder still works as expected. Oddly enough, offending emails even sync in the sent folder across devices. So Apple doesn't delete your original work (they'll even sync it for you), they just won't send it.
Just tried sending this to myself from another account and received the email.
All the other experiments on here were from a few hours ago. Does this still happen for other people? If it does, it'd suggest it's more complicated than a simple filter on emails containing the phrase.
That said, deleting user data without user input at all is completely insane. It's probably a good thing that iCloud sync sucks so much and developers aren't using it.
Spam filter. It's disappointing someone seriously believes this is some sort of "objectionable content" censorship. Namely because that's easy enough to test:
"barely legal teens" isn't delivered (edit: now does)
"actually illegal teens" arrives
...along with everything else of the sort (that I've tested).
Surely the phrase was blacklisted by some algorithm after it occurred verbatim in massive amounts of spam.
Just tried to reproduce the issue but I was able to send the email with the said phrase with no issues. They may have fixed the issue. Seems like some aggressive server side spam filtering which went wrong.
I'm a bit surprised there's no discussion yet about PGP/GnuPG (GPG). If we all encrypted our mails would this be such a big deal? No. Is client-side encryption difficult? Not really. I think there's a big market for a desktop email app that does PGP/GPG really well and does so with other people.
This is great news, actually. It's a free "get out of jail" card. Now you know you shouldn't trust Apple with your email.
Using other people's software or services which you don't control should be based on trust, in my opinion. What I mean is that you should build up evidence about different service providers, and choose whether or not they are trustworthy.
This is essentially why I am OK with closed source software. In many aspects of life (from the obvious, like banking, to more abstract, like personal relationships) we have to act based on our degree of confidence in something. The downside is that this thing is obscured (hence the need for trust), the upside is that through obscurity it was made possible (in this case, email providers make money by having a unique, high-quality offering).
Tangentially related, but emails are often auto-deleted by 'cloud' email services (Hotmail, Google etc) when the email is sent from a server-side script like PHP mail(), therefore it is not unheard of for emails to be auto-deleted when it is very likely to be spam. I don't know how the iCloud spam filtering works, but I wonder if there is a block filter being run before the check is done to see if the sender is a known contact (to bypass the spam check). 'barely legal teens' seems like a phrase that would almost certainly be flagged as spam. Perhaps this is just a badly implemented spam system at work (which wouldn't surprise me given Apple's reputation for web services)?
Perfect situation for applying Hanlon's razor - I see no reason to assume anything other than just a (really stupid) spam rule bug which is deleting messages when it should be filing them as spam.
This is why I don't trust things like email to Apple. Email is a universal thing: whether I'm on my computer, an iDevice (I've owned several), an Android device (I've owned a few), or something entirely different (who knows what the future holds?) iCloud is great for backing up iOS specific things (many apps rely on it for syncing between your devices, etc) but for those things which merely consume "universal" things like mail and photos, I rely on universal solutions.
A few days ago it was reported that they also delete mails with subject "Аренда", meaning "rent" or "lease" in russian, and the subject of many spam mails.
They also (used to) block you from receiving e-mail with "fuck" in the subject line. I had an amusing conversation with support about this and they said it's part of their spam filter. I just re-tested this and the e-mail eventually came through to my spam folder.
I note that the original InfoWorld article is 3 months old. In the comments here one person has said that they still see the deletion and two say that they don't.
Really, running your own email server is a bad idea for most people.
Even on HN it's only good as a learning exercise or for a small number of people who have the use for it.
The problem isn't with the length of time it takes to set it up. The problem is with making sure you have all the quirks sorted out so your mail can get delivered through other people's set ups.
Some of us are old enough to remember the Calvin Klein ads with the girl in the "Catholic schoolgirl" uniform with her white panties showing. I had to admit at first glance I thought CK was using someone underage. It provoked a bit of reaction from the demagogues. Since then, the "barely legal" motif has had a bit of radioactivity hanging on it. The popularity of Manga didn't seem to help.
This may sound weird to say, but I'm starting to think that most of Apple's problems come from the fact that it is a hardware company rather than a software company. In a very real way, it seems that they don't get software. I think it comes from pervasive product focus.
They are great with products. Less so with the area around the product. Can't have something as nebulous as a cloud without trying to control the product experience.
Apple gets software. The problem is they have never gotten network software or network services.
It's nice that I can use iCloud to find my iPhone and that it keeps my contacts in sync.
Except that it can't keep notes in sync correctly. Which shouldn't be surprising because notes aren't actually notes, they're stored in an email box. That's why you need an @me.com account to sync them.
Really there is no iCloud. There is an email service, a calendar service, a contacts service, a layer on the email service, a file storage service, a network transparent CoreData sync service (that is supposed to be very problematic), a todo service, a photo sharing service, and probably other things.
If it doesn't involve a network service, Apple can do wonderful things. If it does... well... it might work well enough; most of the time.
Not really. Most of their software is bad. Their native iOS apps are inferior. iTunes is junk. HFS is garbage. Their office suite is poor except for maybe Keynote. iLife is marginal. They have a solid foundation in Cocoa but I'm increasingly unimpressed with what they do with it.
I think GP has it exactly right. Their hardware is great but their software is an embarrassment for a company with such resources.
I don't mean to stray off-topic, but this article just confirms my intuition to avoid anything with icloud in the name.