Category MWJ

MWJ expected soon

We don’t think we’ll get Saturday morning delivery of MWJ, but we do anticipate an issue this weekend. Meanwhile, we’ve added the last two MDJ issues to the MWJ RSS feed available to all (non-trial) subscribers.

Clarification: Sorry, our bad – some uncaught US-centricism in that last paragraph. This is a holiday weekend in the United States (“Columbus Day”), and we’re targeting late Monday for MWJ. Sorry we didn’t make that clearer.

Update: We didn’t make it, alas. The publisher is still working to get all of his energy back and reset the schedule to something more writing-friendly (that is, less time available during daylight where people demand his time and more time available otherwise). We’re really trying, folks.

A few answers to current questions

  • I last got MDJ or MWJ on such-and-such a date. Has there been an issue published since then?

    Our status page lists the current issues of both MDJ and MWJ, including issue sizes, and when distribution began – and it’s been there (and up-to-date) for more than five years. Unless your or our Internet connection is down, this information is always instantly available to you.

    As of this summer, subscribers can also get the same information in their secure RSS feeds. We sent this information to all current subscribers in June, and it’s been part of the “Welcome to MDJ” (or ‘MWJ’) letter for all subscribers since then. See here for more information about how difficult it’s proven to be to tell people about this.

  • Have you published anything since then?

    We published over 30 pages of on-the-spot information from WWDC 2006 right here, available to all MDJ and MWJ subscribers. See here for our attempts to tell people about this and how they seem to not have worked very well. We’ve also provided a few updates on this news blog, including an article on why E-mail is broken, and why we can’t use it to tell you things the way we’d like. It’s not a standard “issue,” but it’s still a significant amount of material that some of you didn’t seem to know about.

  • Where’s the next issue of MWJ?

    We’re sorry if we haven’t made this very clear somehow, but due to problems with the ventilation in our office, working here this summer has made staff members seriously ill. We’re talking emergency rooms, chest X-rays, heavy-duty prescriptions for weeks on end, significant respiratory distress, inability to sleep due to breathing problems, extensive coughing fits, multiple doctor visits – seriously ill.

    We haven’t been trying to emphasize this because, honestly, there’s really nothing more boring than stories about how other people are sick, is there? But from the questions we’re getting, we apparently need to make clearer that the fungus in our office this summer is not like a day of a hay fever attack – it was a continuous, slow-to-build, undiscovered source of poison in the air we breathe. At this point, we’re basically just extremely lucky that more staff members didn’t get even more ill than they did.

    The most distressing thing about it is that when it was just getting started in June and July, and we had no idea what was going on or how serious it was, we kept spending more time in the office trying not to fall behind. The symptoms were of allergy attacks (not infections), and it seemed perfectly reasonable to go slow in front of a computer instead of at home on bedrest, so we kept trying to get more work done – and every moment we tried, we were getting even more seriously ill and had no idea.

    This does not heal instantly. We’ve had the ventilation fixed for nearly a week, but the staffers who work here are still having severe coughing fits and other symptoms of the toxins clearing out. (This is similar to what Matt experienced near the end of WWDC, he says – after a week away from the bad ventilation, he felt like he was getting worse, but now he realizes his lungs were just trying to expel the last of the nastiness.)

    It really has been a nasty episode, and we’re still amazed that we managed to get MDJ 2006.08.30 out the door (now available to all MWJ subscribers in their RSS feeds). We’re hoping to get on a regular schedule next week, and we’re planning to spend time away from the studio Friday and Saturday to help make sure things are on track. (That is, if being outside for a long spell and then coming back to the studio makes us feel worse, it’s a good sign something is still wrong. We have felt significantly better this week, but a sanity check seems like an excellent idea. We have follow-up doctor appointments this month as well.

    There’s really only one thing we want to do more than get back to a June-style schedule around here – we hope you miss us for the same reasons we miss providing the high-quality information and reality check you expect from MDJ and MWJ. That one thing we want more? Unobstructed, regular, oxygen-rich breathing. Once that happens, the rest should be a cinch.

  • But how come I haven’t seen any traffic on the MacJournals-Talk (or, as some still call it, MWJ-Talk) mailing list?

    The discussion list has been unavailable for months due to abuses of the honor system, and with everything else going on, we have not had the time to try to complete the work tying it to the subscription database. If you didn’t know this, please let us know how we could have communicated it better other than trying to send E-mail to everyone, which has its own set of problems (again, see here for more information on those problems – basically, even if we put important news in the very front of an issue, a lot of people just don’t see it, and then ask us months later what’s going on). We’d really like to know how to do this better.

Good ideas spread like daring wildfire

Here’s a section from MDJ 2006.08.30:

Given the secrecy, duplicity, and inconsistency that has marked Maynor and Ellch’s presentation, starting with going to the press to take on that Mac user “aura of smugness” before Black Hat and continuing through the next month, there are only two easy ways for the pair’s credibility to be restored. One would be for Apple to release a patch for the problem they found, describing it and fixing it so that everyone would be free to talk about it. That, of course, presumes the bug exists and affects Apple’s hardware, not just third-party drivers.

The other way is trivial. Maynor or Ellch (or both) need to perform their demonstration attack not in front of people like Krebs who don’t know the platform well, but in front of recognized Macintosh security and networking experts who do. We’d nominate Glenn Fleishman, but Alan Oppenheimer at Open Door Networks or Macworld Labs would be just fine, too.

The task is simple: Maynor or Ellch would bring whatever tools they wanted to use for their attack, but the target machine would be a stock, unmodified, black MacBook computer (though extra RAM might be allowable), with AirPort turned on and a valid network available if the researchers need it. They would then be free to do whatever they wanted to attack the MacBook except physically touch it.

If they can repeat the demo feat of logging into the MacBook, with or without root privileges, and create and delete files on the desktop, they are redeemed. If they can’t do it in, say, two hours, then they withdraw their claims about MacBook vulnerabilities and apologize to everyone involved. The experts who monitor the test would have to agree not to divulge details about how the vulnerability works, of course, but that’s a small thing – if the vulnerability is real, Mac experts won’t want it in the wild any more than Maynor and Ellch would.

Less than two days later, John Gruber took this upon himself!

I’m issuing the following challenge to David Maynor and Jon Ellch:

If you can hijack a brand-new MacBook out of the box, it’s yours to keep.

Gruber’s version of the challenge doesn’t allow extra RAM in the MacBook, nor does it require a black MacBook as seen in the demo, or stipulate the presence of known Macintosh security experts like Fleishman, Oppenheimer, or the Macworld Labs folks. Still, if either Maynor or Ellch demanded these things, we suspect Gruber might acquiesce – and you have to admire him stepping up and putting his own money at risk for it.

Third-party monitors might make Maynor and Ellch feel like they’re not being railroaded, but if Gruber wants to pay for the MacBook, we say he has the right to watch the attack succeed or fail – provided no one tries to snoop on the network packets as Maynor and Ellch have always said they feared.

But especially now, with a stock machine ready for the demonstration any time this week that they want, Maynor and Ellch either need to put up or shut up. Either they can compromise a MacBook’s internal AirPort Extreme hardware with no additional user requirements, or they can’t and have just enjoyed the attention from almost publicly claiming that they could. They need to do it and be revered, or note the end of their 15 minutes and go away.

If the duo will not demonstrate this attack under controlled conditions now, a full month after demoing it at Black Hat, no reasonable person should be expected to believe the vulnerability ever existed.

(MWJ subscribers: This issue of MDJ is now in your MWJ RSS feed per our previous policy of providing MDJ issues when MWJ is delayed – enjoy!)

Pre-WWDC MDJ and MWJ Status (final)

MDJ 2006.08.04 is in distribution and MWJ 2006.08.05 have both been distributed: double or triple size, figures and tables, even a sidebar. It’s a festival on your screen! We’ll update you from San Francisco this weekend.

Part of the original item from Wednesday:

With this heat wave now having affected almost all of the United States, we appreciate that everyone seems to understand what working with sub-optimal cooling is like. According to Weather Underground, we’ve had temperatures of 100°F or more for 18 of the past 23 days, a bad time to be without good cooling. (It’s still not perfect, but it’s functional – slightly distressing, because the current system was installed brand new while we were away from the building for WWDC 2001!)

We’ll replace this item with further updates on our pre-WWDC issues as they transpire.

No MWJ this weekend

After coming back from the 2005-2006 MDJ Power 25 and the US 4th of July holiday, we had only two days left in the work week – and several complicated stories (10.4.7, Apple’s iPod factory investigation being “complete,” the stock options story, and now the whole “phoning home” thing) that just didn’t get sorted out before Friday.

Our calendar had shown Apple announcing Q3 results on Wednesday (2006.07.12), but it turns out that’s wrong – the announcement comes in 10 days, on 2006.07.19. We expected it a week earlier last quarter, too, and when we discovered our error, we checked Apple’s investor calendar and adjusted the dates. Now the adjusted dates for July and October are still a week too early, so we’re wondering if it’s a Gaslight kind of deal.

Anyway, we build a week off into every month that has five weekends. We’ll have to do something similar the second week of August, though, because staffers will be attending WWDC 2006. We’ve tried to publish MDJ and MWJ while attending the conference before, but it winds up being so exhausting that doctors get involved. We’re not sure what the schedule will be that week, but we’re considering a few unusual options to keep subscribers up-to-date. Stay tuned!

A few July notes

Just a couple of things that you might want to know:

A few subscribers have asked about seeing nothing lately on the MacJournals-Talk mailing list, a high signal-to-noise mailing list we’ve offered for years to paying subscribers of MDJ and MWJ. Your mail client hasn’t gone haywire – the list has been down for a few weeks. We mentioned about a year ago that we intended to tie membership on the mailing list to subscription status, because, sadly, the honor system was not working: people who were not subscribers (or who dropped their subscriptions) were continuing to use the mailing list for free support, sneak peeks at issues, and all kinds of other goodies – with resources paid for by subscribers, of course.

That had to change. Alas, the code work isn’t going as quickly as we’d hoped – the list server doesn’t get its addresses from the subscription database. We can modify the database to send commands to the list server to add and drop subscribers, but if the two get out of sync, it will confuse everyone. (Also, that would mean we’d have to disable manual unsubscribing to avoid sync problems, and we’re wary of making you get list mail until one of us gets around to changing it for you.) We plan to bring it back when we figure out how to make it work for subscribers the way we’d always intended. (We really were surprised at the amount of freeloading going on.)

Also, as you may have noticed, with all the new systems and publishing finally in place (including this blog), we’ve raised the price on MDJ and MWJ for the first time in seven years. Oddly enough, MWJ‘s new price of US$14.95 per month is the same price that MDJ cost nearly a decade ago – for about the same number of pages per week. We still think both are a bargain at twice the price, and we’ll continue to try to prove that to everyone.

Coming on Wednesday: public release of the 2005-2006 MDJ Power 25!