Ah, the iPhoners now get to see what the difference is between a product Apple controls in every way and a product for which it relies on AT&T to provide some level of service. I can’t fathom why a company with as reasonably great a record as Apple wanted to jump into bed with a company as awful as AT&T… it’s just weird.

Update: Gizmodo gets on the bandwagon and describes the amazingly wide gap between the iPhone-buying experience at an AT&T store and at an Apple store. Guess which store’s staff sucked awfully, treated customers like intruders, and did everything to not give information or assistance to the people who wanted to give them money?

Tonight brings a few short takes, since I’ve had a few tabs open in my browser for days now waiting for a chance to get ‘em posted.

  • The New York Times published an incredible article last week about the ways the Karitiana Indians feel they have been misled and abused by various medical research teams who have visited the tribe and made promises in return for participation in research. The Karitiana are a tribe from western Brazil and have historically remained relatively isolated and close-knit, and both in the 1970s and 1990s, both these traits led American medical teams to ask for blood in order to study how disease penetrates through generations of families, promising access to modern medicines and care in return. The tribe never received the promised returns on their participation, though, and recently learned that the collected blood and DNA are now being sold by private companies in the United States and France. Needless to say, they’re not pleased.
  • It seems that DirecTV is about to introduce a sorely-needed feature to their high-def DVRs — autocorrection after fast-forwarding, similar to what TiVos have had pretty much forever. This is, bar none, the biggest annoyance of using the HR20 DVR after having had a TiVo for the last seven years, so I’m certainly thrilled that the feature looks to be coming soon! (I’m also excited about next week’s scheduled launch of the DirecTV-10 satellite, which promises to bring a slew of new HD programming to DirecTV users as soon as they’re able to put it through it’s paces in orbit.)
  • A study was published in this month’s Archives of Internal Medicine looking at the effect of doctors talking about themselves during patient visits, and as I’ve come to expect, most of the news coverage misses the nuance and makes sweeping and indefensible conclusions. The study used fake patients and judged their subjective reactions to physicians talking about themselves during first visits; unsurprisingly, most of the “patients” didn’t feel that the physician’s personal chitchat added much value to that visit. Reuters more or less blew off the “first-time patient” detail in its coverage, implying that there wasn’t really ever a place for that kind of doctor-patient conversation during visits, but the study doesn’t say that, and my personal experience is that with longer-term, established patients who might see you once (or more!) a week, there’s certainly a place for occasional personal comments or observations, all of which can help keep the therapeutic team (doctor, patient, nurse, psychosocial providers, etc.) intact and functioning at its best.
  • Finally, I’m really getting excited about Movable Type 4, which is now in beta — damn, are there some great features lurking in there! If I didn’t have such a complicated setup, I’d migrate over this very second. As it is, though, I probably have an hour or two of work ahead of me before I can get my site into MT4 exactly as I want it to be, so I’ll probably wait a week or two, when I can carve a chunk of time out to make the move. I can’t wait!

Seriously, I’ve been killing myself trying to figure out why the speakers on my Mac Mini at the office have been popping and crackling at me for the past few days; alas, it looks like my upgrade to OS X 10.4.10 is to blame. What could they have possibly changed in the OS to cause this? It’s one of the odder bugs related to a system upgrade I’ve ever experienced…

Update (7/3/2007): it looks like Apple has fixed the bug; go grab Audio Update 2007-001.

Awesome — Cheney appears to believe that the Office of the Vice President is not a part of the Executive Branch. Does that mean that he’s also no longer the first in the chain of Presidential succession? We can only hope…

I generally like his writing and his viewpoints, but I can’t help but wonder whether John Gruber’s missive against the enterprise’s wariness about iPhones is based more in his overt Apple lurve or in a lack of understanding of the things an enterprise has to manage on the wireless front. Far from his laser-like focus on email, when a large business thinks about services that need to be extended seamlessly to wireless devices, useful email access shares equal space with the ability to use a global address book, the need to access services on an intranet, ties into enterprise calendaring services, centrally-managed security policies, encryption (both of the contents of the device and communications between the device and other services), and the ability for the enterprise to control access on a device-by-device basis. And again, despite Gruber pointing out that some of the email issues can be solved using IMAP, there are few or no ways to solve the other issues, especially not in as unified a way as BlackBerry has done with the BlackBerry Enterprise Server (BES).

Let’s look at a few example issues, and think of how the iPhone would compare to what BlackBerry has in place.

1. A wireless user needs to be able to send an email to a few enterprise users, none of which are in his contact list. How does that user do this?

BlackBerry: in the email app, the user creates a new email, and in the “To:” line, types in the name of the recipient and chooses the “Lookup” option. The BlackBerry queries the global address list, returns a list of matches, and the user chooses the correct one, which is then added to the recipient list.

iPhone: according to articles like this, the iPhone doesn’t understand global address lists to the point where a developer had to write a raw LDAP client for the device (which we have to assume is a web-based app, given that there’s no native API for the iPhone). So the user has to open Safari, navigate to the web page which provides an LDAP lookup of the global address list, look up the user, and either click a mailto: link to start a new email to the user or cut-and-paste the address into the email client. (And while mailto: certainly is easier, it won’t work for multiple addressees without a really slick web app that allows multiple lookups to all be appended to a single link which will then launch the email app and start a new message. And none of this takes into account the fact that a company will have to write the LDAP lookup app in the first place.)

2. A wireless user needs access to an online database that only exists on a company’s intranet. How does the user get to it?

BlackBerry: given that the BES provides web connectivity that can be routed through the intranet, the user only has to open the BlackBerry Browser application and enter the URL, and will be taken to the web page hosting the database.

iPhone: there’s no similar way for iPhone users to route their web requests through an intranet server; iPhones get their connectivity to the internet through Cingular, and as such, are outside the enterprise firewall, meaning that they can’t get to intranet-only web applications. There’s no info on whether Safari on the iPhone will support the use of web proxies, but even then, use of the proxy will have to be open to the entire Cingular network, opening up a whole other host of security questions and problems. So to achieve this challenge, a company has to either (a) choose to host the web app on a server accessible to the internet at large and implement web-based authentication, (b) implement a public-facing webserver which has authentication and proxies requests for the application to the intranet server, or (c) set up an HTTP proxy server facing the internet and figure out how to secure it such that only authorized iPhone users can get access.

3. A company mandates that all wireless devices need to encrypt all information they store in memory, need to auto-lock after 15 minutes, and need to auto-erase the contents of the device after a given number of incorrect password attempts. In addition, the company wants to be able to wipe a device remotely that’s reported as lost.

BlackBerry: the system administrators create a new security policy with those three rules, push the policy out to all the BlackBerry devices registered on the BES, and then restrict access to the network to only those devices which have the new policy in place. All the devices receive the new policy and implement it; any devices which have more lax security settings are barred from accessing the enterprise. When a user reports their BlackBerry as lost, the sysadmins push a command to the device to wipe its memory.

iPhone: the system administrators recognize that (as of current information) there’s no way to encrypt all the information on the device, and no way to force the device to initialize itself after a given number of incorrect password attempts, so they give up on those two. They then send an email to all known iPhone users pleading with them to set their auto-lock times appropriately, and they hope that the users read the email and follow the directions. And given that it’s unclear whether there are any mechanisms of access control for specific iPhones, they continue to hope that the rules are being followed. As for lost iPhones giving up their data, there’s nothing that would allow for remote erasing, so the company also hopes that there’s nothing sensitive on the device.

4. Finally, given that I’m a physician, something that’s relevant to my world: an organization exists in a world which mandates that all electronic communications about patient care are encrypted from end to end, and system administrators are tasked with making sure their wireless devices comply with this requirement.

BlackBerry: the system administrators install the S/MIME add-on and the enterprise security certificate chain on all enterprise BlackBerries. They then have the users install their personal secure email certificate in their chains, as well, and then users can query the enterprise directory for other users’ secure certs and can choose encryption as an option on the email composition screen.

iPhone: from the bits of news coverage and reviews I’ve found, there doesn’t seem to be any encrypted email support on the iPhone, so there’s nothing the organization can do. It’s unclear whether the phone’s mail client can require — or even support — users’ connections to an IMAP server over SSL, so in addition to the actual email, the communications channel over which that email travels might be totally unencrypted.

There are oodles more issues that could be brought up, but the gist of the matter is that no matter how much people in the enterprise crave being able to replace their BlackBerries with iPhones, the support for the devices working at the enterprise level isn’t there. And given Apple’s pretty awful track record when it comes to integrating their other products into the corporate environment, you’d be naive to think that a seamless iPhone experience in the enterprise is coming anytime soon.

This is one of the dumber articles I’ve read online in a while: mothers whose husbands are stay-at-home dads feel badly when the dads become good at parenting. Are you f$!@ing kidding me? These people needed to go to marriage counseling because the mother felt like she was being “blocked” from what she felt was her natural role as gatekeeper of the father’s relationship with the kids? I love all the little vignettes and quotes, like when the mother felt delegitimized because her husband had a bathtub routine with their kid, or when she prided herself on forcing her husband to change his “parenting tactics” to meet her standards. Idiotic.

Comparing this with this, it couldn’t be any clearer how different the criminal justice systems are for the rich and poor.

It’s amazing to me that CNN.com is being redesigned and still defaults the search engine to perform a general web search rather than a search of CNN’s own news content. (The current CNN site has been this way since the beginning of 2003.) Are the folks at CNN’s interactive bureau really under the impression that there are people who go to their site in order to search the web? Do they think that nobody wants to search their own content? It’s just weird.