Day two of MacWorld/iWorld 2014


The Crowd waiting to get in

Wow.. what a busy day, and yes, I picked up a toy today. The Bass Egg was a kickstarted last year, and after hearing it today and doing a few tests (like placing it on my head), I was amazed and had to buy it. I am listening to a podcast on it right now, and this is the best sound I’ve had on my iPhone. Here’s the setup I am using in the hotel.
The Bass Egg Speaker

The Bass Egg Speaker

I spent the day in sessions, almost non-stop. I tried to tweet out from a few of them. Check out my feed at @michaelrowe01.

The first session was way-way too short. Rich Mogull – CEO of Securosis. You should follow him on twitter at rmogull. I was looking forward to this, but with only 30 minutes for the session, I felt it was more of an overview about how Apple has a Philosophy that focuses on usability, over security, but they have done a really good job of addressing security by default. Also, given the closed nature of the platform, they have the opportunity to enforce some really good practices. He did show how his machine was setup, and there was only one setting that I had not setup the same way. That setting is, when traveling he changes the firewall to Block all incoming requests. (Guess I shouldn’t have mentioned that, and it is changed now.

The second session was a presentation by Robert Scoble & Shel Israel on their new book – The Age of Context. Today you can pick up the ebook version for Kindle for only $1.99. I picked it up and the hard copy book, since it was autographed. This was one of those talks that pump a whole bunch of exciting thoughts and ideas into 45 minutes. I’ve been talking about and thinking about many of these ideas due to my work in my day job around the Internet of Things. Scoble and Shel talked about how all the sensors we have around us are providing a ton of context to our daily lives. It also enables an unbelievable level of pinpoint marketing; however companies are failing to realize this. They also addressed the shift of the freaky line, the point where technology freaks us out. I will make a post after I read the book to describe this talk in more detail.

I skipped the next two sessions I had lined up, since I would not get lunch if I did, and instead I walked the show floor some more. I talked with the guys at Bass Egg, and told them I would probably be back to buy it tomorrow. I also talked to the designers of the everdock. This machined aluminum dock is great for charging two devices at once. What makes it unique is that they use your cables, and have a few rubber/silicon pieces that make it a perfect fit for a iPhone or iPad in a case. You can also use it for non-apple devices. I will probably pick one of these up tomorrow.

I also talked with the team over at They sponsor the 24 hours of gaming in the fall, but they are promoting year round for people to build up teams to game for 24 hours. This is used to raise money for the Children’s Miracle Network Hospitals. What a great idea, play games to help kids. I recorded a few questions with the people in the booth, and that will be included in my weekly podcast over at GamesAtWork.Biz.

I then ran over to catch the session on the NSA and you. This was a panel discussion that wanted to have questions from the audience; however, once again it was too short. The panel was a great group of security exports, but with a panel of five people there were only 5 questions all from the panel moderator. While the questions were good, it didn’t give the panel much time to provide deep and meaningful answers. So what where the questions and who were the experts:

  • What is the biggest security thing in the last year? The revolution that the NSA has undermined crypto standards, the reach and scope of the data monitoring, the hoarding of zero day vulnerabilities (with no obvious fixes to our own infrastructure), and the legal interpretation of collection that the NSA uses.
  • Why should the average person care about mass surveillance and privacy?They do care, but they are not really cognizant of what is really happening with their data, given that most people are opting in voluntarily without understanding what the picture is that the data is providing would freak us out.
  • Can we trust Apple with our data? While their corporate culture may favor the user’s experience, you are ultimately at risk that an individual in a company could make a mistake and that violates your trust. Individuals should be responsible in what they do and how they segment their data, so while as individuals you can trust a person, you cannot apply that to an enterprise.
  • What can the average person do? This used to be a simple answer – encrypt everything, but now that the NSA has undermined some of the standards, you need to segment your data, encrypt it, and be very aware of what you do or do not share.
  • How do we put pressure on congress? Ultimately, you need to put pressure on congress and companies, money talks and unfortunately those with the most influence the most. So it may be easier to influence companies into pressuring congress. Having said that, Parker indicated that the USA Freedom Act is a good start, and sets a minimum approach in this space.

The experts:

I then got into another good session on using Logic Pro X – given the time constrains Andrea Pejrolo, PhD actually focused on some great new features that Logic Pro X has introduced around quantification, flex pitch, and the new virtual drummer. I learned tons from this, but was hoping to improve things around my editing workflow and that was not to be. I am going to; however, play a bit with flex pitch on a few projects I am working on. So definitely worth it.

More tomorrow!

Security and will Monday see another iOS Beta?

Prior to the security issues on Apple’s site over a week ago, Apple had been on a bi-weekly cadence for iOS and OS X beta releases.  Last Monday, (July 22nd) the developer portal was down while Apple rebuilt the site to address the security issues no iOS beta was reported to be released.  With less than 24 hours to go, will they be in a position to release a beta tomorrow?  What is the impact to the overall release schedule of iOS?  What do you think?

I am hoping that the major progress we’ve seen in the last week on bringing the site back online (while still not complete, many of components are up as of this posting), has allowed Apple to focus back on working on iOS and Mavericks.  Perhaps there are some lessons in all of this for us, as developers, that security can’t be something we think about when we are done developing.  Security is something that needs to be built into our apps from the beginning.

One of my favorite podcasts is Security Now! with Steve Gibson of Gibson Research Company. A few months back, Steve talked about the effort he went thru to retrofit his entire website to https.  I think this is something that is worthwhile to consider for this site.  It is a lot of work , and exposed to him the inter-relationship of so much of our connected world.  At an app level, if you use any third party code, are you sure it is secure?  How do you go about testing for security?

The people who want to expose or exploit security issues in your code, spend much more time testing your application than perhaps you do.  They are not worried about shipping the next release.  They are methodical in how they test, probe, and attack your application.  Perhaps this is the time to start re-thinking your development and test strategy, so that security becomes a first class requirement for all that you do.