Jon Alper's probably insufficiently humble opinion

One of the most common forms of comment spam I get are robot generated trackbacks. The two most common, and we’re talking hundreds of them, are trackbacks intended to benefit SEO ‘consultants’ and sell Yankee Candle Company candles.

I’d like to suggest that when your product is tackily packaged comprised of more air than substance, and exudes a potent odor that befouls the atmosphere even for  adjacent businesses, no amount of  fleetingly improved Google rank can help.

Oh, and I don’t much like being in the malodorous wing of a Mall near a Yankee Candle Company shop either.

I need to spend more time with it but here are my preliminary reactions to the Mac App Store in no particular order:

• The standard license is actually nicely liberal in terms of what you’re allowed to use where. (Any Mac you own or control if you’re not a commercial user.)
• The pricing model, for now anyway, is hardly settled. It appears Apple will discount and unbundle some of their products for sale on the App Store as compared to their retail price. (Aperture as an example of discounting and iWork and iLife apps as examples of unbundling.) Some third party Products are priced oddly. Full versions of RapidWeaver and upgrades of RapidWeaver are the same price.
• The installation process is, to me, creepily opaque. It is exactly like iPhone/iPad. Download, a little icon proxy flies from the App Store application to the dock and an iOS-like progress bar appears on the app icon in the dock while it downloads and installs.  No idea what goes where, no way to inspect a package prior to install to see what you can about what might go where.
• The installation process leaves you nothing ‘portable’. While you may own a license, it appears you must pull down each copy of your App Store purchased software from Apple on each machine you use it on.
• Because what you download doesn’t seem to be kept in any kind of package or, better yet, a .dmg, you loose control of configuration management. If you are in the midst of a project on one machine and need, for example, to move it to your laptop, you have to install whatever version is currently available on the App Store. That version may not be bug for bug compatible with the version you’ve started your project with. It’s an essential truth, once in the full throws of production you avoid changing your tool chain if at all possible. If you rely on the App Store, you have lost this control.
• Apple seems to be able to tell a lot more about my Mac than I want them to by simple dint of my launching the App Store. They know what third party software I have installed. This is, arguably, good for the the user so they don’t re-purchase something they bought via another channel but the App Store application should ask me if I want it to check. What third party software I’ve bought via other channels is, frankly, is none of Apple’s business. It’s unclear whether Apple gets a complete list of all apps or only query my machine for those apps that are made available in the app store. The former is surely more troubling but even the latter doesn’t give me a warm fuzzy. Now, before you call me paranoid, The law allows me to, under some circumstances, decrypt CSS encoded DVD’s. Getting into the question with Apple, or anyone else, whether or not my possession of the tools to do so is in keeping with fast changing law isn’t something I would pro-actively choose to share with Apple.
• I actively use no less (and often more) than 3 Macs (and sometimes WinTel and Linux machines) at a time in the course of doing both my personal and professional work, all of the above poses administrative challenges for me but, for clients where I manage sometimes hundreds of Macs, it could get very messy very fast.
• Creation and maintenance of install (deployment) images could be nightmarish given the issues above. If you maintain 100 Macs, you build a standard install disk image(s) and you clone to your machines as you deploy new hardware. The use of receipts as authentication for legitimate licenses and the lack of stand-alone installers will make this as unfun as online activation. There’s a reason corporate volume licensing usually includes an installer that doesn’t rely on online activation. (Adobe and Microsoft for example)

Here are my predictions as of day one, the App Store is going to be a mixed bag:

• The iOS app store is essentially an uncurated disaster area. Discovering quality applications is next to impossible for the novice user and the frivolous applications crowd out those of genuine utility and refinement. Even at day one, the Mac App Store is littered with faux-free apps that are useless without the purchase of a commercial iOS app. Cluttered with apps that fall well below any kind of reasonable design quality standard (language NSFW) and chock-a-block with casual games. This will make it VERY hard for some publishers and there will be good products killed.
• The presumption of a broadband connected computer is not the same as the presumption of a network connected mobile device. This could undermine Apple’s currently improving place in non-consumer environments. The valid usecases where desktop computers are not connected to the public internet (or shouldn’t be) include:
  • Forensics Workstations for law enforcement
  • Administration Consoles for Servers in a Data Center
  • Production workstations for video and graphics in some environments
  • Production workstations used for live performance
  • Software development environments for life-safety critical environments.
• The perception of Apple as a closed company is not aided by the walled garden of an Apple-mediated software marketplace. This will undermine Apple’s claims about openness, the value of open source and will alienate significant portions of their developer community.
• Laws of economic inertia risk making it impractical for third party software vendors to sell their products outside of Apple’s App Store ecosystem. Retail boxes, online stores, distribution providers like Kagi etc. are all jeopardized.

As of today, I will not be purchasing my software from the App Store and do not recommend clients and colleagues to either. There needs to be a lot more thought put into how it works and how the above concerns can be addressed. For now, the traditional distribution chains solve many of these problems in many cases. In the cases they don’t, you should already have been seeking alternate vendors. If you stick to those chains and communicate your concerns to the companies whose tools you rely on (including Apple), you can help ensure your options remain workable.

**Updates** (note, there will, surely, be new articles on this subject, updates below will only be for corrections and minor additions during early days)

Also, via Daring Fireball: http://ifiboughtyourappalreadycaniupdateitthroughthemacappstore.com/

(some updates inline)

****** See Updates at bottom******

I bought a bundle of apps sold under the banner of ‘Mac Promo’ that included a number of terrific tools I’ll probably talk about later but I also discovered things I now find very disturbing.

First, “Mac Promo” was a promotion run by Intego. It’s not Mac Update Promo. The, I think, deliberate ambiguity in the branding was mildly troubling but that’s hardly a major issue and, to be fair, the design and appearance of the promotion was clearly different from Mac Update Promo. Intego did, in the small print, say the bundle was being offered by Intego. (That the clock ticking down to the end of the offer period silently reset and extended the time limit is cheesy but not exceptionally weaselly. It’s standard issue marketing weaselly.)

Included in the bundle was a product called Personal Backup by Intego. When I initially looked into the Personal Backup product a few days ago prior to purchasing the bundle, the only documentation for Intego’s Personal Backup on their web site was Mac OS 9-era information including Classic UI elements. Personal Backup was not then, and is not now listed as a current Mac product on Intego’s site. That’s, at best, amateurish. At worst, it’s creepy.

The creepiness just got worse.

1. The creepy behavior goes all the way down to the license and getting started documents on the disk image for the application. They appear to be documents and are badged PDF and HTML respectively. In fact, both are applications, executables, programs, things that run code on your Mac. These executables appear to be as benign as wrappers that check what language your Mac is localized to and then open the appropriate documents. This is deliberately misleading the user, badging the document icons PDF and HTML respectively. Users lulled into trusting these things, apps masquerading as docs are, absolutely an infection vector for malware. That Intego’s faux docs aren’t literally malware doesn’t change the fact that to imply they are delivering documents when, in fact, they are delivering applications is bad behavior at best and, at worst, creating the kind of problems they then want to sell you products to avoid.
2. Intego’s Personal Backup product required online activation. The need for online activation is not warned of prior to purchase or installation and the installation experience is ambiguous as to what’s really going on. Don’t run LittleSnitch or the like and you’re likely never to even know it does it without looking closely. The serialization documentation on their web site doesn’t tell you that their products online activate and is, in my opinion, written to obfuscate the fact that they do. A developer is obligated to tell the user at least when you do the online activation that you are doing it. If they’re remotely polite, they should warn their customers prior to purchase that their product requires online activation.
3. Installing and using the product demands you run an installer as opposed to being a drag-install. This should usually raise a red flag because, if you run your Mac without administrator permissions (as you should), you will need to enter an administration-enabled user name and password  to allow the installer permission to run. Think about, for example, BBEdit. When you install BBEdit, you drag the application to your Applications folder (or wherever else you want to). When BBEdit needs additional functionality that demands it place executables outside it’s app package (the command line tools) it asks you first.
4. The Intego Personal Backup installer installs, at least: Two Applications to the Applications Folder (NetUpdate and Personal Backup), two Dashboard widgets, a daemon to handle scheduling of automated backups (necessary for automation functionality but they should tell you), a prefpane, a menu bar item and, on launch, a goody pile of plists and app caches. It’s simply excessive. To run a personal backup application with the functionality they include, you need an application that can, with the users’ permission, escalate privileges to access certain files to back them up. You optionally need to allow a daemon (background application) to be run at every startup to allow the app to start itself and run a scheduled backup. If you don’t schedule automated backups, you don’t need the deamon. If you do schedule automated backups, the app should ask to install the deamon. Intego’s documentation for NetUpdate or the Personal Backup application it payloads onto at install doesn’t tell you what, specifically, is installed let alone what is not removed by their uninstaller. A developer is, in my opinion, obligated, when they install anything more than the App and generate a prefs file, to tell the user what they are installing. If not in a ‘read me’ available at installation, at least on your web site in a clearly discoverable place.
5. The installer’s “Uninstall” option does not remove all of these things or warn you that to remove that portion of cruft it does uninstall, a restart is necessary.
6. Finding all the crud (including still running code after a post-uninstall restart) demands you know how to look for it. OS X spotlight won’t find it all. DEVON Easy Find (Free, yay DEVON Technologies) is one method, there are others. If you sell anti-malware software, installing faceless and fairly deeply buried things that run every time you start your Mac is tres uncool.

Now, why is all this so creepy, so utterly unacceptable,  in this case when all sorts of apps behave similarly badly? Intego is in the business of selling tools that are all explicitly about keeping your Mac safe.

They sell:

• AntiVirus Software
• Software Firewall/Internet Security Software
• Privacy software to clean your Mac of browsing history.
• Backup Software (not that you’d know they sell that product from their product listings and there’s no press release for Personal Backup more recent than July of 2008).

If Intego expects their customers to trust them to help keep them safe from malware, they shouldn’t behave like malware. If they are actually interested in controlling the spread of malware on MacOS, they should behave in a manner beyond reproach. If they want to have users learn basic habits that inherently make them safer from malware, they shouldn’t acculturate users to do exactly the sorts of things that lead to spreading malware. Intego is, without major changes in their behavior, not to be trusted. Period.

**************Update**************

The Mac Promo bundle mentioned above  also includes “Personal Antispam” from Intego. It too has faux HTML and PDF ‘documents’ and, it too installs a similar suite of cruft. The habits described above seem to apply to at at least two Intego products.

**************Update again**************

The text:

“You must provide a valid e-mail address when serializing the Software, which will then proceed with the activation procedure. At the end of the Period of Use, the Software will no longer be active, and to continue using the Software You will need to purchase a new license or subscription for a new Period of Use.”  does appear in their License. The license is included the collection of ‘masquerading as documents’ applications on the installer disk image and here: http://support.intego.com/kb/index.php?x=&mod_id=2&id=70

Why do they want an email address? “6. Communication and Personal Information. By accepting this license, You grant to Intego the right to send You occasional e-mails or postal mailings regarding security alerts, new software, software offers, as well as reminders that Your Period of Use is due to expire. Intego will not sell or lease Your e-mail address or other personal information to third parties.”

In other words: In order to use the product you paid for, it is a condition of the license that they be allowed to email you ‘offers’. You can’t use the product you paid for unless you give them permission to spam you. Conversely, if you ask to be removed from their promotional email lists, you forfeit the license you paid for. How do you like them apples?

**************Update again…again**************

Email sent to support@intego.com:

Subject: License disclaimer and removal request.