Emergent Chaos

Okay, this is a rant.

Cut and paste is broken in most apps today. More specifically, it is paste that is broken. There are two choices in just about every application: “Paste” and “Paste correctly.” Sometimes the latter one is labeled “Paste and Match Style” (Apple) and sometimes “Paste Special” (Microsoft).

However, they have it backwards. Usually, what you want to do is the latter one, which is why I called it “paste correctly.” It is the exception that you want to preserve the fonts, formatting etc. Usually, you want to just paste the damned text in.

I mean, Jesus Hussein Christ, how hard is it to understand that when I go to a web page and copy something and then paste it into my document that I want to use MY fonts, formatting, color, and so on? Even if I do want to preserve those, I ESPECIALLY do not want you to leave my cursor sitting at the end of the paste switched out of whatever my setting I’m using. In the rare occasion that I want paste as it is done today, the keys I type are:

modifier-V              ! Paste (modifier is either (ironically) command or control)
start typing            ! Continue on my merry way
modifier-Z              ! Oh, crap, I'm no longer in my font,
modifier-Z              ! I'm in Web2.0Nerd Grotesque 10 light-grey
! undo the typing and the paste
space, back-arrow       ! Get some room
modifier-V              ! Paste
forward-arrow           ! Get back to my formatting
(delete)                ! Optionally delete the space
start typing again      ! Now where was I? Oh, yeah....

Note the extra flourish at the end because pasting is so helpful.

The usual sequence I type is:

modifier-V              ! Paste
modifier-Z              ! %$#@*!
search Edit menu        ! Gawd, where is it, what do they call it?
select Paste Correctly  ! Oh, there
start typing again      ! Now where was I? Oh, yeah....

This is much simpler, but has its own headaches. First of all, Microsoft binds their “Paste Special” to control-alt-V and brings up a modal dialog because there are lots of options you could conceivably want, and just wanting to paste the %$#@&* text is so, so special. Apple (whose devos must long for the Knight keyboard) binds it to command-option-shift-V, but at least doesn’t make me deal with Clippy’s dumber cousin. They put “Paste Style” on command-option-V, which pastes into place only the formatting. Oh, yeah, like I do that so often I need a keyboard shortcut.

The upshot is that the user experience here is so bad that the stupid blog editor I’m using here that actually makes me type in my own <p> tags is a more predictable editing experience. I can actually achieve flow while I’m writing.

Most tellingly, the most even, consistent, out-of-my way editing experience is getting to be LaTeX! Yeah, I have to type accents by hand, but at least I don’t lose my train of thought every time I paste.

The solution is simple. Make modifier-V be paste. Just plain old paste. Put paste-with-frosting on control-meta-cokebottle-V and give it a helpful dialog box. Please?

Photo by adam.coulombe.

I was on a business commuter flight the other day, which was also the maiden voyage of my MacBook Air. I had it out before takeoff. This was an international flight and I was in bulkhead. On international flights, they’re not as strict about not having your laptop on your lap during takeoff. This flight was only an hour and ten, and if I had to wait ’til cruising altitude, I’d never get any work done.

I slid it into the middle of my Economist (manila envelopes are the only think it fits in), but other guys had their mondo Dells out, so I stopped hiding it.

One of the flight attendants saw it and came over, pouncing on me. Drat. Nabbed.

I blinked when she cooed, “Ooooooo, is that the new MacBook? Can I touch it?”, because this wasn’t what I would think of as a nerd-bird. It was Etihad from DMM to AUH, and after a few days in Al Khobar, I found the fact that the flight attendants had neither an abaya nor hijab to be a pleasant surprise.

I handed it to her. She called over another flight attendant, who also cooed over it. They passed it back and forth extolling, “It’s so light! It’s so smooth! It feels sooooo good!”

They called over a third young woman who turned up her her nose and sniffed, unimpressed, “My brother has one of those.” She thus put the others in their place for being so unsophisticated as to not be totally bored by it yet. It’s a good thing that SAFEE isn’t implemented, yet, or we’d never have gotten off the ground. If looks could kill….

Pointedly ignoring her, my pair of flight attendants marveled over the Air for a bit longer and then handed it off to me so they could play with seatbelts and oxygen masks.

After they left, the guy across the aisle turned to me and said, “My god, I never thought I’d see the day when a laptop was better at picking up girls than a Ferrari. That’s it, I’m ditching Windows.”

Or something like that. You have to know how to use a Mac and be British. Her Majesty needs you.

Emacs users get addicted to the standard key bindings (which are also available in Cocoa apps). Microsoft Word doesn’t support these by default, but you can add them through customization. Here are the ones I find most useful:
StartOfLine: Control-A
EndOfLine: Control-E

To set these up in Word…

…you’ll have to read “Add emacs key bindings to Microsoft Word” at MacOSX Hints.

• Michael Giest is covering Canadian Parliamentary hearings over that country’s privacy law in “PIPEDA Hearings – Day 01 (Industry Canada)” “PIPEDA Hearings – Day 02 (B.C. Privacy Experts)”
• Bakelblog vents about the petty tyranny of immigration bureaucrats in “Welcome to America, Fuckwads!”
• Alec Muffet has interesting and detailed comments about the broken security of the Apple store at “Easy AppleID Password & Account Theft.”
• Bruce Schneier points out that EPIC has gotten ahold of documents that show that “RFID Passports are less reliable than traditional passports.” So let’s see: less reliable, less secure, less private and more expensive. What’s not to love?
• Sameer Parekh points to a story about the elimination of traffic controls, and asks what emerges from chaos in “No More Traffic Controls.”

“Decaf” over on DeadBeefCafe, relates the story of a colleague whose response to yet another virus outbreak is to convince management to purchase Macintoshes, with the following justification:

We’re going to buy Mac Minis and run Windows on them because Macs aren’t affected by these security problems.

Decaf breaks down the several fallacies of this statement and sardonically sums it up with:

So we’re left with the best security method I’ve heard of: A different case! By affixing an Apple logo onto the host, we’ve made it more secure, because Macs aren’t subject to the same security problems.

Just when I think that my organization is getting behind the curve for one reason or another, I come across something like this and I feel lucky to be where I am today.
[Image from: techno-science.net ]

So John Gruber, who has written quite a bit on the whole did-they-didn’t-they spat between Apple and Dave Maynor and Jon Ellch, offers up “An Open Challenge to David Maynor and Jon Ellch,” offering them a Macbook if they can root it.

I’d like to mention something that hasn’t happened lately. By not happening, it seems to have not drawn attention to itself. After a war in which gallons of ink were spilled, and every utterance by Apple, Maynor, and Secureworks were analyzed by Talmudic scholars, there’s silence.

What might be the cause of such silence? Are Apple and Maynor finally talking? (In my personal experience of trying to learn more about security issues with Apple products, Apple ignores questions. They ignored questions when I name dropped. They ignored questions when I mentioned things like being an editorial board member at the CVE project.)

So one possible interpretation of events is that there was serious mis-communication, and the parties involved are now having interesting discussions.

If that’s the case, then Gruber is trying to pour gasoline on a fire that others are trying to extinguish.

After I wrote this, Jon Ellch posted to DailyDave, that post was covered in Linux.com, “Johnny Cache breaks silence on Apple Wi-Fi exploit,” and that story was picked up by Slashdot.

[Update: Rob Lemos has a short article, "MacBook Controversy continues with Challenge" at SecurityFocus.]

See “Mac OS X Server Firewall Serial Hole:”

…What they haven’t noticed yet is Mac OS X Server 10.4 overrides an explicit administrator firewall security setting to keep its copy protection functional.

OSXS 10.4’s “Server Admin” lists “Serial Number Support” on UDP port 626 under its firewall pane, with an option to turn it off. You can, in fact, block that port with the UI. And it will work for a little while.

However, serialnumberd will eventually notice this and re-enable UDP port 626 itself. This results in a disparity where Server Admin’s UI says you have port 626 disabled, but it’s clearly active in the “Active Rules” pane.

I promised not to comment. I think it’s still fair to link.

So if you have a Mac, you really want to open software update now. You can read about Apple Security Update 2006-0003 after you’ve installed it and the Quicktime patch. In “Apple Security Update RoundUp,” DaveG explains:

So, in short, without the latest update, OS X is secure as long as you don’t look at any movies, images, websites, zip files, flash content or email messages.

Snarkiness aside, I like that a number of these vulnerabilities appear to have been found internally (assuming that is what uncredited vulnerabilities mean).

He also says “That’s around 35 vulnerabilities in one day!” Why the ‘around?’ As I explained in “Counting In Computer Security,” that counting can be tricky.

One final comment. For comparison, Microsoft shipped three patches this month, covering roughly 5 vulns (CVEs). Apple shipped 2 patches, covering roughly 35. I feel so warm and fuzzy.

Over at Security Curve, Ed Moyle has some good thoughts on “the Gigantic ‘Bull’s Eye’ on Apple’s Forehead:”

Now, I don’t know about you but I haven’t seen this kind of hubris since Oracle’s “unbreakable” campaign. Remember that? I do. I remember that at one point in time, most researchers ignored Oracle and pretty much left it alone… Then Oracle stepped up on the soapbox shouting “we’re unbreakable”, only to find themselves getting the kind of scrutiny from hackers usually reserved for new flavors of Mountain Dew.

I don’t think the current threat is that bad. I also don’t think that Apple is ready for the sort of onslaught that’s taught such harsh lessons to Microsoft and Oracle.

So Apple, please think about those shoes you’re wearing. Think about the message you’re sending, because teenage boys will respond.

(Image from istock photo.)