Can you imagine a scenario where Apple releases a fully-fledged laptop locked down like the iPhone or iPad? A fully fledged computer on which the only way to install software is through Apple’s built in App Store?

To borrow an overused phrase, it’s more likely than you think.

Would you buy it? Would other people buy it?

Package management can be awesome

I’ve written about package management before. I believe that locking down a package manager such that the user can’t change the available software channels is unethical and flies in the face of years of innovation. We’ve always treated computers as though they were owned by their users, and I see the popularization of devices like the iPhone and iPad as a disturbing precedent. Might Apple be emboldened to try locking down full computers the same way?

We live in an age in which the technology is powerful enough to implement such a thing. Apple is certainly capable of running the servers necessary for supplying its users with all their software, and it would certainly be lucrative, given how successful the iPhone’s app store is and how much 3rd party pay software exists for Macs right now (which Apple would then be able to take a cut of the profits on). There is thus a clear financial incentive for Apple to set up such a system, and for developers to continue to target it (and submit to their harsh developer restrictions).

And let’s face it: such a system would be amazing for users who don’t care. They would enjoy Apple’s rigorous testing process for all their software, and thus enjoy machines that almost never become bogged down by slow or unstable apps. They’d have an easy way of finding and installing all the software they could ever want–even simpler than what they currently have on Macs, and that’s saying something–along with Apple’s approval of all of it, which carries all the quality control that their name has become synonymous with.

I can imagine other possible models. Maybe they’d offer people “simple” or “advanced” options when purchasing computers, the former being cheaper and locked down for the “I really don’t know how to use computers” crowd. Such a thing doesn’t seem like them though, given how well they’ve avoided fragmenting their product ecosystem. Or perhaps they’d simply release their own blessed way to jailbreak the system if a user cares enough.

Right, jailbreaking! Can’t you just jailbreak it?

A cursory glance at the history of the iPhone would make one all but certain that if Apple released such a system without offering a way to unlock it, their users would find a way (as they will undoubtedly with the iPad).

I find this scenario similarly unpleasant, for two reasons. One is that if your enjoyment of a machine depends on an unauthorized hack, you are entirely dependent on those hackers to keep it jailbroken the next time Apple pushes out a system update that invariably locks you down again–the ease of which is never a certainty. It’s a cat-and-mouse game that some users appear more than happy to play, but in the long run it definitely doesn’t seem worth the effort to me.

The other is that you’re ignoring the device’s biggest selling point. If a device is locked down, it’s locked down as a genuine means of quality control, which Apple has shown itself to be superb at. To my mind, jailbreaking an Apple device invalidates everything good about it–Apple’s assurance that you’re getting the best you can get.

This argument may seem self-contradictory–suddenly a device being locked down is a good thing? It’s important to remember that the reasons for locking down a device in the first place are, in order:

1. Making a cut off of lucrative third-party software sales.
2. Making sure that 3rd-party software enriches the platform rather than makes it look bad.
3. Making the system easy to use.
4. Making the system stable, secure and fast.

For most users, a locked down system is protection from systems they don’t care about knowing how to use, and from software that might harm their systems. To users who care about customization, it’s a heavy-handed restriction on something they want to use that just gets in their way. Users in the former category genuinely benefit from a locked down system, and users in the latter category don’t.

So how likely is it?

I’ve always felt that Apple’s primary market is the former category, and that’s why I think this scenario is so likely. It worries me, because I’ve always clung to the idealistic notion that someone who uses a computer has a responsibility to know how to make changes to how it functions. An Apple user might counter that all Apple’s lockdowns do is simplify the method for those changes so more people have access to them. I would counter that such a thing is worthless if more fine-grained customizability is lost in the process.

But then, I suppose that’s why I’m an Ubuntu user. I have the tools I need to change where my software is coming from, and I use them. I just wish more people noticed or cared.

That curse is URL shortening. And yes, it did exist before Twitter, but Twitter both limits how much its users can post and depends on those users sharing content with each other, often in links–and those URLs can take up a lot of space. The growth of URL shortening has brought with it the growth of URL shortening services, which apparently hope to monetize it.

Leaving aside the issue of how monetizing such a thing can be done, URL shortening is bad from a user’s perspective for the simple reason that if someone shares a link with me, I have no clue where it’s going. If someone just posts “OMG this is awesome”, the shortened URL they post it with could just as easily be a rickroll attempt as it could be an evildoer hijacking their account and sending me to malware. And while I may be running Ubuntu, there’s no way of knowing that there isn’t some kind of zero-day exploit already being used on it (I have no illusions about Ubuntu being perfectly secure, after all).

This isn’t just a security problem–it’s also a usability one. What if I’m playing music and I don’t want to see a Youtube video? What if I’m working and only want to click on a link if I know it’ll be something quick? What if it’s a link to an inflammatory Reddit post that’ll just get me angry and ruin my mood?

Clever users may respond that there are browser extensions and Twitter clients that can solve this problem by showing a preview of the destination. Maybe, but if they don’t show you the URL, do you really think it would be hard for a malware writer to put up a fake display of the site at the destination? If they’re willing to meticulously fake the appearance of a Windows security warning or antivirus program, would it really be hard to put up a fake image of a Youtube page and then switch it out with Javascript if an actual browser is detected? Admittedly, this would likely have to target specific previewers to fake them out, but it’s a real possibility, and not one that an informed user can ignore.

In order to avoid subjecting people to this danger, I’ve installed YOURLS (Your Own URL Shortener… clever!) on my hosting to try to avoid putting people through that. I don’t intend to let anyone else use it for URL shortening, just me–so you can be reasonably certain that if you see a short URL beginning with perpetualstudent.net/, it came from me and not someone who hijacked my account. Yes, my domain isn’t especially short, but it’s probably short enough for my purposes. YOURLS is a great project, if only because it shows just how little work it takes to make a URL shortener beyond thinking of a clever short domain name. All it takes is a cleverly-written .htaccess file, a bit of PHP code and a MySQL database. YOURLS even gives you all the same URL tracking features that the likes of bit.ly do.

So please–if you’re going to use a URL shortening service like bit.ly or u.nu, have the decency to explain in context where those links go and what I’ll get if I click on them. The occasional rickroll won’t kill me, but the last thing I want is to feel paranoid when clicking on links my friends share.

Except in this case it clearly isn’t healthy. The App Store has attracted quite a bit of negative press in recent months for its seemingly arbitrary, bizarre, anticompetitive and possibly even politically motivated submission rejections.

These rejections represent a fatal flaw of the system that dooms it to always being a subpar and unethically managed package manager.

Let’s step back.

For years in the Linux world, we’ve relied on package management to handle software installation and removal. We install our OS as a distribution from some sort of organization, which could be an actual company that makes money or just a hacker releasing software in their spare time. The important thing about installing software in Linux is that without some form of automation, it’s a pain–you would have to compile your software yourself after looking up all of its dependencies, a time-consuming process that really doesn’t make sampling software easy or fun.

So, to ease that process, the distributor of the OS runs servers that your machine can download software from, automatically handling dependencies and keeping track of what’s installed where on your system and what software uses what assets. Package management has only improved over the years, as software libraries expanded and user demand grew. Today, it couldn’t be easier to install a program in Ubuntu; all you have to do is fire up the Ubuntu Software Center, browse, click install, and enter your password.

But package management does have its drawbacks. There’s a bit of a security risk–while it’s pretty easy to use cryptography to reasonably guarantee that no one’s breaking into the server and sending you malicious software, you can’t know for certain that the distributor isn’t doing nasty things (and while I’m willing to bet there aren’t many users who audit all the source code of everything they install on their machines, releasing everything as source code still gives you the ability to do so, which there’s a lot to be said for). But by far the biggest one is that you’re completely dependent on the distributor for software availability. If something you want isn’t in there, or if it’s not up to date enough, there’s not much you can do besides try to manually install it, which tends to muck things up.

The App Store’s fatal flaw is refusing to allow independent distribution channels. Allowing them instantaneously removes the biggest issue package managers have by freeing developers to distribute their products their own way, instead of having to go through Apple. If such a thing were allowed, Apple could further create incentives for developers to produce software for them by not taking a cut of the profits (or maybe even taking it anyway through licensing agreements), thus enriching the platform. It’s how Microsoft became successful–by allowing developers tremendous freedom with their development frameworks and leaving the market open to grow according to demand. It would even force Apple to clean up their own act in order to compete with them (though that can hardly be seen as a good reason from their perspective).

But the iPhone is a very heavily locked down platform, which only ever gained the App Store to quell demand that was being satisfied by jailbreaking, before it became one of Apple’s main moneymakers when it proved enormously popular and lucrative. It’s fundamentally changed an industry, and yet it remains a painful symbol of exactly how unfair it is to have a single entity acting as the entire channel through which users can install software. Some users still jailbreak, but others continue to use only what Apple makes available, and that’s not good for anyone–not for Apple’s users, not for developers hoping to make money off of them, and not for Apple’s reputation.

If I were an iPhone user or programmer, I wouldn’t be happy. I’d be demanding that Apple open up the platform immediately to 3rd party distributors, not just developers. That, to me, is a prerequisite for software development. I don’t want to be at the mercy of a company that gets to decide what software I use on a machine that I purchased–especially if I hope to make money off of selling software for it. The Linux world figured it out years ago, and there’s no reason why Apple can’t. Even other mobile OS developers figured it out–Android and Palm both allow it.

Is it just too lucrative for Apple to give up? Maybe. It’s still more than enough to dissuade me from ever wanting to touch their development platform. I can do better. And until Apple cleans up their act, so can you.

Imagine a world in which using email requires every user to pay someone–say, Apple–for the privilege of being able to read what others send you, or send them messages in the first place. Imagine a world in which Apple Mail were the only email client, and without Apple Mail, restrictive licenses and technical obfuscation would prevent you from reading or writing correspondence with others.

If that were how email worked, would it be nearly as ubiquitous as it is today?

Then why are so many people willing to store (or worse, distribute) important data in formats they have to trust a single entity for the privilege of using it?

Mind you: these people aren’t stupid. They’re certainly not malicious. But they’re victims of one of the greatest caveat emptor tricks of the computer age.

Incidentally, if you’ve ever emailed someone a Word document, I’m talking about you.

Now, I’m no free software zealot. I think free software is amazing–being able to understand, modify and improve the code of a piece of software you possess is wonderful and greatly increases its usefulness. But, I understand that there’s a lot of money in software, be it through the web or the desktop or the cloud, and that there are some things that require too much time and effort to be feasible to produce for someone working in their spare time. And I also understand that a developer whose livelihood depends on sales of said software might be reluctant to release it for everyone else to modify.

But, I submit to you now that it’s the ethical responsibility of any developer to write programs that store data in a human-readable, unobfuscated way.

Even if the program’s interface makes its innerworkings perfectly clear. Even if customer service is excellent. Even if  a lifetime’s worth of upgrades are included in the purchase.

It is perfectly fair for a software company to charge for a license to use software that they developed. But data produced by the program does not belong to that company–it belongs to the user, and the user should have every right to use it as they see fit, be it by developing their own software to use it, or even importing it into software made by other developers. And in order to do that, files should be stored in plaintext.

Pre-2007 Word documents (and in fact, any file produced by a Microsoft Office program by default settings) are a perfect example of how not to do this. If you use a plaintext editor like Notepad to view what these documents actually contain, all you’d see is garbage. Nothing human-readable. The only way to decipher it is by feeding it into Word itself, which, as many people forget, is an expensive program. And one that makes no guarantee of being supported in the future. And with no documentation available to understand exactly how it’s stored in the file for posterity.

Other Office suites such as OpenOffice.org and Google Documents can read Word documents, but only by reverse engineering–an error-prone process that leads to imperfect importing algorithms. This is a format frequently distributed among users, often disseminated to many different users for review or perusal, with a tacit assumption that everyone can use it. There’s no guarantee!

Microsoft isn’t quite as bad as it used to be. In response to disapproval from governments, antitrust suits and intellectual desertion, they’re in the process of migrating users to the new Office Open XML format (you know those .docx files that drive everyone crazy? With a bit of effort, they can even be compatible with older versions of Office!), even going so far as to strong-arm the ISO into making it an actual standard format.

And, as we all know, Microsoft has never been all that good at encouraging users to upgrade software in a timely manner.

This behavior is nonetheless a huge improvement over past practices. Microsoft also recently announced a release of documentation on Outlook’s data storage model, which is undoubtedly a stride in the right direction. But the days of obfuscated data storage should be over. We live in a world where users routinely share data between vastly different systems; conforming to open, documented standards can no longer be considered optional. The Web suffers enough from an incompatible browser holding back its innovation; it depends entirely on interoperability across browsers and platforms. Its success makes restricted, proprietary data formats obsolete.

You may read this post as a cheap shot at Microsoft. I may rail against them a lot, but they’re not the only offenders here. Adobe Flash is another example that’s wormed its way into Web ubiquity, for example. (The player may be downloadable for free, but who is Adobe accountable to? And once you’ve made your .swf files, how do you break them down into components without Adobe software?)

So please–don’t send me .doc files. You don’t know I can use it. Use .docx, .odt, .rtf or even .pdf. Just no .docs.