Tag Archives: apple

Why Android still sucks

4 Comments

This is the second post in my November writing challenge series.

I’ve been an Apple convert for a few years now (I started to see the light in 2010-ish), but every 12-18 months, I grab a Google-endorsed device that can run the latest version of Android and put it through its paces.

I do this because I feel obliged to speak without ignorance on the advantages and disadvantages of the major mobile platforms. Also because playing with new tech is fun.

There’s more to it than the UI

When it comes to Android vs. iOS, the differences are much bigger than user experience. Apple’s business model is completely different to Google’s, which impacts on everything about its hardware, software and online services.

Some of the differences are less obvious than others. For example, Google’s efforts to retain and profit from its users’ data are no secret, but most people don’t realise just how much of their personal information is being passively disclosed. Apple, meanwhile, draws most of its profit from hardware sales and actively avoids the disclosure and retention of user particulars.

A more obvious difference is in the area of version fragmentation. Android hardware vendors aren’t obliged to provide timely software updates for their devices–even if they contain critical security patches–and most of them don’t. Meanwhile, iOS updates are made available, to all devices capable of running them, simultaneously. You can guess which of these ecosystems is riddled with unpatched, deprecated operating system software.

But let’s talk about the UI anyway

Assuming we’ve made peace with Android’s underlying constraints, the next question to ask is: how does its user experience stack up?

To find out, I tested Android “Lollipop” (5.1.1) on a Nexus 7 (2013 version). I tried to use it productively for about a week, in place of an equivalent iPad.

I accept that without migrating all of my data to Google’s cloud services, my experience of the platform wasn’t completely immersive, but hopefully you’ll agree that it was immersive enough to make a few meaningful observations.

1. Reading and typing

iOS always set a high bar when it came to the display, entry and editing of text, but with Lollipop, Android has caught up pretty comprehensively. Its new font (Roboto) is crisp and appealing; the default keyboard has an improved layout and responds without the lag of earlier versions; and working with text selections is much less frustrating than it used to be.

It’s not just the keyboard that’s more responsive. Animations are vastly smoother, and scrolling is finally on par with iOS. I can’t overstate the importance of these these improvements–they significantly increase user enjoyment and confidence.

2. App updates

Android’s built-in apps receive updates via Google’s Play Store. This allows core apps to be updated without the overhead of a full operating system update (great!), but it also makes for a volatile experience when the Play Store app itself needs updating (not so great!). After factory resetting my Nexus 7, I had the Play Store app crash, then declare it wasn’t installed, before eventually starting to work again. Unfriendly much?

The Play Store also had trouble resolving dependencies between core apps while they were being upgraded. A bunch of “You must upgrade X before you can upgrade Y” notifications were thrown at me after I hit “Update All”. This sort of thing shouldn’t happen ever, much less immediately after a factory reset (i.e. with no third-party apps in play).

3. Settings, settings, settings

The design of Android’s “Settings” app has improved significantly since previous versions, but I still found it relatively cluttered, with too many superfluous “advanced” options offered too prominently. Your mileage may vary.

Enterprise users will be annoyed to find that proxy auto-discovery remains unavailable in Lollilop. Manually entering a PAC file URL is still necessary. Apple has been all over this for years now. C’mon, Google!

Also, disabling those annoying keyboard tap sounds is not a simple task, because settings for “Sounds” aren’t all in one place. (I eventually found the toggle I was looking for–deep in “Keyboard” settings. Argh.)

Finally: IMAP users still can’t configure the stock email app to use custom mailboxes for Sent messages and Trash. Their names are hard-coded into the app.

4. Notifications

I liked that I could turn off all notifications for a set period of time (unlike “Do Not Disturb” mode on iOS, which needs to be manually switched off). I didn’t like that I could allow “priority” interruptions during this notification blackout–simply because it’s not clear what a “priority” interruption is (“Did I configure this? Do I trust my former self to have configured it properly? Is my presentation going to be interrupted by a Facebook message?”) I also didn’t like that the UI for this feature only appeared when I used the volume rocker. It belongs on the main notification panel.

My verdict

Android as an operating system isn’t bad. Like iOS, it has annoying shortcomings in some areas, but overall, it’s fast, beautiful and easy to use. When it’s not, pop-up tips pick up the slack.

So why do I think it “still sucks”?

It’s the apps.

Or, to be more specific, it’s the tablet apps.

Android has been tablet-friendly for years now, but a large of number of app developers (including Facebook) stubbornly refuse to build tablet versions of their apps. With a few exceptions, most of the apps I tried on the Nexus 7 opened as stretched or magnified phone apps. I could access all of my content, but the apps were so useless I couldn’t do anything with it.

The iOS App Store, meanwhile, is full of high-quality tablet apps.

Also, iOS plays nice with IMAP.

Also, Apple doesn’t hunger and thirst for my metadata.

OS X Server doesn’t cache iOS 8

4 Comments

Based on my testing this morning, although the caching service on OS X Mavericks Server is supposed to cache iOS updates, and although it does a perfectly good job caching App Store content, it does NOT cache iOS 8 itself.

For those of us who manage large iPad deployments (and would prefer iOS 8 to be installed by end-users), this is a problem. Potentially a multiple-terabytes-through-a-finite-pipe problem.

Thankfully the Squid hack I figured out during the iOS 7 launch works with iOS 8 too. Otherwise we’d be in trouble.

Daring Fireball on iMessage encryption (and privacy in general)

Daring Fireball on iMessage encryption (and privacy in general)

John Gruber put this together late last year, and I’ve had it queued for posting since then. It remains a helpful summary of Apple’s approach to privacy, especially as it applies to delivering iMessages between devices.

Assurances from corporations aren’t always very, um, assuring, but so far it seems Apple are leaders in respecting the privacy of their users (even if it’s just to minimise their exposure to subpoenas and such).

Hacking Profile Manager on Mavericks

Dear Fellow OS X Server Geeks,

Just a heads up that I have updated my earlier posts about gaining access to Apple’s Profile Manager PostgreSQL database. The commands therein now work on Mavericks.

If you’ve upgraded from OS X Server 2.0 on Mountain Lion, you’ll have to open up remote access from scratch. Data is retained (flawlessly in my case), but the PostgreSQL instance has been moved and a new database (with a new name) created beside the old one.

Virtual hugs,

Me

Mail.app on Mavericks: now plays nice with Exchange

If you use Mail.app on OS X Mavericks, there’s a good chance you already know this, but if not: Apple have just updated it.

Much has been made of Gmail not working under Mail.app on Mavericks, but for those of us who use it with Exchange, it’s been a similar story (with less rage). I’m happy to report that the latency/timeout/crash problems I was experiencing with Mail.app and Exchange 2010 appear to be resolved with this update.

And there was much rejoicing!

Creating OS X Mavericks install media

2 Comments

It’s been a big morning for Apple punters: OS X Mavericks, new iPads, iOS 7.0.3 and a bunch of new apps.

The only downside (aside from the “later in November” ETA on the Retina iPad Mini) is the downloading involved. Mavericks is ~5.5GB, and with 4 machines to upgrade [just in my house – there are a bunch more at work], downloading through the App Store each time would be painful.

As usual, Apple haven’t made it TOO easy to download-once-install-many (you can’t just restore a DMG onto an install partition anymore), but at least there’s an install media console utility built into the Install OS X Mavericks app.

Here’s how you use it:

  1. Use the App Store to download Mavericks. It’s pretty hard to miss at the moment; go to the Updates tab if it’s not immediately obvious.
  2. After downloading, cancel the installation process that will automatically start. (I just used Cmd-Q to quit the installer, but I think there’s a proper Cancel button too.)
  3. Prepare your install media. I partitioned off 8GB on a USB hard drive. A USB stick might be your weapon of choice (8GB minimum, unless 6GB sticks exist). For the command below to work without alteration, you’ll need an empty Mac OS Extended (Journaled) partition called “Untitled”. Disk Utility makes light work of this.
  4. Open a terminal and run the command below. When it asks for a password, give your OS X user account password.
  5. Press and hold the Option key while rebooting. Select your new install media and proceed.
sudo /Applications/Install\ OS\ X\ Mavericks.app/Contents/Resources/createinstallmedia --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ Mavericks.app --nointeraction

Caching iOS updates on a Squid proxy server

24 Comments

Update (22 December 2014): The following instructions have been updated and tested with iOS 8.

Right now, my challenge is upgrading almost 200 iPads to iOS 7 with minimal pain (read: zero device handling). Factor in less-than-ideal Internet bandwidth and Apple’s disinterest in allowing proxies to cache iOS updates, and it’s been a bit of a headache.

First, a word of advice: ask your users not to upgrade when prompted. Do this before Apple release a major update, to buy yourself some time to test it on your network and to check that the update is being cached properly.

Hopefully your iPad fleet is already using your Squid proxy. Ours is configured (via Apple’s Profile Manager) to use a PAC file when it’s on our WiFi network. The PAC file directs all but onsite requests to Squid.

Unfortunately, iOS doesn’t use the proxy for everything; system update authorizations, in particular, don’t get out unless permitted on your firewall. Here’s the relevant rule on our iptables firewall (no_proxy_ok is one of our custom chains, as is tcp_allowed):

-A no_proxy_ok -p tcp -m comment -m tcp -m multiport -d 17.0.0.0/8 -j tcp_allowed --dports 80,443,5223,2195,2196 --comment "allow Apple services (e.g. APNs, updates)"

Mercifully, the update itself is requested via the proxy, but getting it to cache is non-trivial. Obviously max_object_size needs to be big enough to accommodate a 1GB+ file. I went with 2GB:

maximum_object_size 2048000000 bytes

But this wasn’t enough to get the update to cache. A bit of sleuthing led to the first problem: Apple adds HTTP headers like these to its updates, so Squid discards them:

Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

The workaround is to break HTTP a little by adding this line above any other refresh_pattern entries in your squid.conf:

refresh_pattern -i appldnld\.apple\.com 129600 100% 129600 ignore-reload ignore-no-store override-expire override-lastmod ignore-must-revalidate

refresh_pattern -i phobos\.apple\.com 129600 100% 129600 ignore-reload ignore-no-store override-expire override-lastmod ignore-must-revalidate

This forces Squid to treat objects from *.appldnld.apple.com and *.phobos.apple.com as “fresh” (i.e. cacheable) for 90 days (129600 minutes), no matter what appldnld.apple.com and phobos.apple.com say.

Finally, I made sure appldnld.apple.com requests were excluded from Squid’s delay pools and filtering ACLs; you may need to make similar tweaks. I also found that maximum_object_size wasn’t being applied correctly to cache_dir, so I defined it explicitly, i.e.:

cache_dir aufs /var/spool/squid3 256000 128 256 max-size=2048000000

iOS 7 is rolling out smoothly as I type.

Squid authentication via OS X Profile Manager and Active Directory

Updated on 6-Nov-13 for OS X Server 3.0 on Mavericks

My last post was about getting access to OS X Server’s Profile Manager database; this post is about doing something useful with it.

Hypothesis: given live access to data from Profile Manager and Active Directory, it should be easy to write a Squid external_acl_type helper that maps incoming IP addresses to usernames. An optional check for group membership? Trivial. Amirite?!

I was half-right. The lookups weren’t hard, but getting the helper to terminate when Squid wanted it to, and to NOT terminate prematurely, required a little trial-and-error. Turns out Squid keeps its helpers alive by sending them empty lines, so terminating on empty input isn’t such a good idea.

Anyway, here’s the code that has our iPad fleet “authenticating” with our Squid proxy server transparently. It’s been tested on Linux (Ubuntu 12.04 LTS) and OS X. Yes, Python would have been better than PHP, but I’m more fluent in PHP, and the PHP CLI interpreter is efficient enough for this purpose.

Update 23-Dec-2014: this script is now hosted on GitHub.

To use it in squid.conf (assuming you’ve pulled it down to /opt/git/extensions/squid/external_auth.php):

external_acl_type external_auth ttl=300 negative_ttl=5 children-startup=10 children-max=40 children-idle=10 ipv4 %SRC %MYPORT /opt/git/extensions/squid/external_auth.php

acl Apple_Devices external external_auth
acl Staff_Apple_Devices external external_auth staff
acl No_Filter_Devices external external_auth no_filter
acl No_Access_Devices external external_auth no_access

The “staff”, “no_filter” and “no_access” values map to $SQUID_LDAP_GROUP_DN in the configuration file – customise as needed (many groups may be defined).

Finally, use your new acls in some access rules, e.g.:

http_access allow localnet Staff_Only_Websites Staff_Apple_Devices
http_access deny localnet Staff_Only_Websites Apple_Devices

Questions? Errata? Do comment.