Code and cars

Yes, it's been over a month. This time, however, I have an excuse. I lost my password to this posting account. What's worse is that doing password retrieval would fail. Something about the mime headers. However, I had a few tools at my disposal. On my desktop computer, thanks to the wonders of cookies, I was still logged in. Furthermore, I still had the SSH and FTP passwords to the site. So step one was to login, passwordless.

Daring Fireball linked to an article a while back about The Myth of Market Share. The site is now locked behind a login, but Google is to the rescue.

The article discusses business practices that view the market as a zero-sum game. In other words, the belief that doing well isn't as important as doing better than the competition, that market share is more important than profitability. And the study is a surprise: this tactic doesn't work too well. So much a surprise that the implications are still not fully understood.

News flash: Business re-discovers a half-century old concept, and promptly ignores its lesson. The sad part is, even after the article, the first response (Since I read the cache, I didn't find out if there were replies) still doesn't get it.

Good old Artie. For those not in the know, Artie MacStrawman is the legacy of the recently discontinued Crazy Apple Rumors, the name given to the stereotype of a rabid Mac user. While such people do exist, they should be ignored, as they don't add to the conversation on how to defend against future threats or give any insight onto what issues will arise.

Similarly, there are pundits and consultants that cling to this false image, as a target to rally against. "Mac users don't understand security," goes the cry, "and as soon as a single virus happens, it'll be doomsday for them." Like Artie himself, they should also be ignored, because they also add nothing; they simply troll for publicity and page views.

Somewhere between these two extremes lie the majority that matters, those that care about security, who know that the MacOS is not invincible, yet also know that they are doing something right. Something that should be understood, so that future security can build upon this.

The most debated factor in the Mac's relatively low malware (Including spyware, viruses, worms and trojans) count versus the waves of Windows malware has been market share. With Windows market share in the 90 percentile, and Mac OS only in the single-digits, it makes much better business sense to infect the larger crowd. The paradox of this, however, is of legitimate software on the Mac, especially indie developers. The ratio is so disproportionate, with only a handful of Mac malware, at most, yet a sizable and healthy legitimate software ecosystem, enough to make things like C4, WWDC, and a second hall at MacWorld SF possible. The answer, I believe, has been partially stated, both by Wil Shipley, and by Ian Betteridge. The market forces for software and malware are different, and while the Mac healthily supports the former, it offers no help on the latter. Market share is a factor in Mac OS's security. The pundits are right. However, market share still doesn't matter when discussing security.

We all know the old saying about 7 different eskimo words for snow, and the implications that items that are important in a culture tend to have more words about it in a language. Anyone who's knowledgeable with computers, especially in tech support, knows there's quite a few ways to convey when the user is not understanding what to do, and that it is not a functional bug in the software. PEBKAC- Problem exists between keyboard and chair. The ID ten T error, spelled idiot. Newb, n00b, newbie, luser, pilot error. Trying to find the any key, or use the computer's cupholder. My father has a saying, in terms of bad drivers, of a "Loose nut behind the wheel." With the rise of social engineering, nigerian 419 scams, phishing, malware, spyware, and other online attacks that rely more on psychological insecurities than buffer overflows, the user has become more and more the weak link in software security. Unfortunately, I see much of the security debates focus on technical aspects, when we should be looking at personal ones.

There's a saying in regards to Mac OS X programming, and it's proven useful time and time again. "If it's getting too difficult, stop and back up. You're probably going about it all wrong." And, well, this is another one of those times. I've been working on a pet project, a user-level driver for a toy called Space Navigator (Long story there), and one of the parts to work on is emulating a mouse. Of course, that requires knowing the current mouse location, so that I can set a new location relative to it. With the multi-OS and API heritage of Classic, Carbon, and Cocoa, there's quite a few ways to do this, but they have drawbacks. Since this was emulating an input device, CGEvent.h is used, to create events, adjust them, and post them. This calls for CGPoints, which are floating point values, and from the top left corner.