On the iPad Pro and the Constraints of iOS

In their current incarnations, I believe that Windows 10 is better suited to the Surface than iOS is to the iPad Pro.

Now, with that quotable hot take out of the way, let me explain. I have every intention of dropping some serious coin on the highest end iPad Pro, keyboard, and a don’t-call-it-a-stylus Pencil this November. I use my iPad Air 2 every single day for reading my Pocket queue, Kindle books, and watching video from a variety of different source apps. Occasionally I will even do some “real” work on it too.

During the Apple event this week, the company brought on stage various partners to showcase apps they had built to take advantage of the hardware and accessories of the new iPad Pro. They showed someone annotating an email attachment and then sending it back (something I believe has never happened in the history of mankind outside of a technology demo). Microsoft came on stage to show how you can get business done with an iPad Pro and Office. Adobe showcased a few different apps for touching up photos.

What was not highlighted nearly enough, however, is how awkward iOS looks on such a seemingly large device.

Can we all agree that iOS’ homescreen looks increasingly stupid? http://t.co/Qur2Pjvbyg

— 512pixels.net (@512px) September 9, 2015

This is a 13″ screen using the same grid of icons as its other iPad counterparts. On the Pro, however, there is so much space in between each icon that you could rush for a touchdown on every play.

Compare this with the Surface 3 and Windows 10. You can organize your apps on a full screen view that has its icons closer together and in grouped with a far better visual metaphor than a folder. Your most frequently used apps are surfaced (sorry) along the left edge of the screen as well. Is it more complex than iOS? Yeah, but I wouldn’t say it’s too complex to understand. Windows still has the same concept of press and hold to move icons around and swiping left and right to page between different parts of the screens.

And we haven’t even started talking about the third-party ecosystem for the iPad. I can count the number of apps on my left hand that are thoughtfully designed for the iPad screen size. Most are, for lack of a better phrase, blown-up iPhone apps. Just this week, Twitter updated their iPad app to be exactly like the iPhone version but with a bit more padding on the edges to make up for the larger screen size. That’s fine for the iPad mini and mostly tolerable for the Air. On the iPad Pro? That’s approaching clown shoes territory.

A lot of this thinking is thanks to Apple and the invention of size classes in iOS 8. With size classes, you are able to more easily adapt your interface to work with a variety of different screen sizes and orientations. This is a great thing. I’m currently in the middle of converting a rather large legacy project from having two different interfaces (iPhone and iPad) to using a single storyboard and size classes.

Most developers for whatever reason (time and/or money I presume) don’t bother thinking of the iPad beyond throwing their iPhone views into a split view and calling it a day. The majority of users are on the iPhone after all. The iPad has always been somewhat of an afterthought as a destination. Size classes help alleviate that since it’s so easy to now build universal apps, but that doesn’t mean you’re building an app that is going to feel at home on a 13″ tablet. It’ll feel bigger at least?

You will not see any defense by me of Windows software, especially modern Windows apps designed for 8 and 10. It’s also mostly hot garbage, and likely for all the same time and financial constraint reasons as the iPad. Software in this new app era is even harder than it used to be.

Side-by-side apps, a new feature of iOS 9 can help with some of the multitasking issues that have always plagued the iPad. For instance, try writing a paper on an iPad using Pages while looking up research in Safari. There is a lot of double-tapping of the Home button to jump between apps. Now you can at least pin both of them side-by-side, which helps. It’s still fairly rudimentary, especially compared to the types of Window management you can achieve on OS X or Windows. On the iPhone this sort of limitation makes sense. You don’t need to run multiple apps side-by-side on a phone. On the iPad though, the window management story is not that simple. There has to be something better between the bare minimum features of iOS and the window management hell you can theoretically get into on a desktop.

All of this so far and we aren’t even touching on the problems Apple and the iPad have as a software ecosystem. There’s been more than enough pixels spilt over how difficult it is to build a sustainable software business in today’s app economy where $4.99 is considered premium, trials are a thing of the past, and Apple keeps printing money off the back of Smurf Berries and other in-app purchases. The iPad Pro is a device that is begging for great third-party software from both large companies like Adobe and Apple, as well as the smaller guys like Gus at Flying Meat. A larger screen, keyboard case, and a Pencil aren’t going to solve those problems. You can’t have a Pro tablet without pro apps to go with it. There are a few great iPad apps out there, but most of them feel like minimum viable products at best.

And for the record, I don’t think OS X on these devices is the answer. I want a forward-thinking, touch-powered device this size. The iPad Pro is close, but iOS is going to hold it back. iOS could be a great operating system for professional computing, but right now the iPad remains to me a great device that is being held back by its OS being primarily for phones.

But, man. Imagine how fast the Kindle app is going to fly with 4GB of RAM!

Read more about. . .

Shooting the Messenger

We now supposedly know who is responsible for the Apple Developer Portal being down for the past four days. Security researcher Ibrahim Baliç has revealed himself as the source behind what Apple is calling an “intrusion” into their systems.

Baliç discovered a vulnerability, among 12 other security issues, that allowed him to access details on over 100,000 Apple developer accounts including their email addresses and names. To see the hack in action, check out his YouTube video.

Why 100,000 Records?

I’m not a security researcher, but my guess is that he accessed that many records to see how deep he could go when reporting the vulnerability. The more data you can access, the bigger an issue it is.

Could he have stopped at 100 records and reported the issue? Probably, but we don’t know if Apple would have been so quick to react to it.

Why the Video?

If you look at Apple’s statement they put out on Sunday it reads as if they are the victim of a malicious hacker that broke into their systems and stole information. Here’s the actual wording:

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In reality (assuming that Baliç is indeed the source for this downtime), a security researcher with a proven track record of being a white hat hacker discovered the vulnerability and reported it to Apple through their official channels: RadarWeb.

But That Video Shows Personal Information!

Indeed, his biggest crime is posting the personal information of five people in a YouTube video to prove the vulnerability. The irony of a security researcher being so personally insecure about how he is labeled that he goes to YouTube isn’t lost on me.

And there are likely better ways he could have proven the hack to the media such as with technical details, but the video is 2 minutes of absolute proof that the issue is there and far easier to understand than technical jargon.

Baliç’s biggest crime is having an ego and not wanting his work misrepresented. I don’t approve of the way he went about it, but I’m not going to vilify him over showing five or so email addresses when the good he’s done in helping Apple secure their stuff far outweighs the bad.

It will be unfortunate if the only thing people focus on is this video rather than the fact that Apple had a serious vulnerability in their system that left all of our personal information at risk.

How Do Other Companies Handle This?

A lot of tech companies have dedicated pages where they highlight the channels for responsibly reporting security issues. They also give public acknowledgement to the folks who have reported the biggest vulnerabilities. Here are just a few:

Baliç is listed on Facebook’s list of white hat reporters so I’m willing to give him the benefit of the doubt as doing this work for good rather than nefarious purposes.

I’m not a security researcher, but I’ve watched Hackers enough to know that one of the big reasons for exploring these sorts of cracks in systems like Apple’s is for the recognition amongst your peers and other companies. To a white hat hacker, being listed on Google or Twitter’s list of people who have reported major vulnerabilities is not only validation for your work, but also likely money in your pocket as others will hire you to break into their systems.

Apple is a culture built around secrecy so I highly doubt they’d set up a public page that championed folks like this, but they have long listed reporters in their Security Update knowledge base articles.

Someone Must Take The Blame!

The vulnerability isn’t Baliç’s. It’s Apple’s. He just discovered it and Apple deemed it severe enough that their response was to take down their entire developer program until they can close the hole.

I’ve been incredibly vocal about the inconvenience that the downtime has caused me, but knowing how big of an issue it is, I’m fine with Apple taking their time to get the fix right.

I am not fine, however, with them trying to paint themselves the victim of malicious intent when in reality it looks as though someone properly reported a vulnerability in their code to them.

No one comes out of this looking clean, but it could have been a lot worse if a more dark hacker discovered the vulnerability before Baliç.

Read more about. . .