One example is font and font size choices - because the system fonts and font rendering styles differ between platforms, it becomes very hard to tell what looks broken or 'not quite right' on the platform you're not used to. It's not uncommon to see sites launch with font choices that look rubbish on ClearType, but if you're not used to ClearType, it's hard to tell whether the rubbish is your fault or not.
Apple's excellent execution and Windows' (no-longer-deserved) poor reputation also mean you frequently hear excuses for this behavior like "Windows users won't care because they don't care about design" or "The Apple way is better, so we should do it that way on Windows too". Both of these are infuriating and lead to terribly designed products.
Depending on the site's demographic, as a developer, I see approx 15% Mac users making up traffic. Not to mention an ADDITIONAL 25% iPhone users. That's an average of 40% of apple traffic on the sites I work on. Some of which are getting 30k - 60k hits a month. Obviously this isnt the same stats across the board on all websites... but It is by no means FIVE percent.
Somehow I don't think this translates to the general market.
But, yeah, if half your money comes from windows, you should really focus on windows, The growth potential there is just staggering.
Agreed. I don't know if it's just me, but Helvetica looks rather bad on Windows. I've found that Segoe UI almost always looks more pleasing, and yet Helvetica is omnipresent on the web (partially because of Twitter bootstrap).
I develop and maintain a bunch of sites.
Majority of visitors are on Windows (Many using IE/WinXP).
Servers run Linux and I can never seem to get an accurate dev environment under Windows (some libraries don't seem to behave differently there).
Also a bunch of the front-end tools that I would like to use only run on Mac.
I don't really want to keep 3 uptodate computers.
This phone is so terribly broken and nonfundtional at times you wouldn't believe me.
I decided against focusing on android mobile dev (although I'm a gnu/linux gguy because the experience is so friggin terrible, and Google is just letting the carriers molest the users at this point.
If you mean Gingerbread (2.3), it was always rock solid when I used it. So no, I don't believe you.
"that is some nice software you have there, would be a shame if users thought it was dangerous"
"pay a little money to one of these approved companies and that warning will go away"
If MS was serious about this only being for security they could issue the certificates for free and prove me wrong.
On the other hand, why is it that about 20% of users click past BOTH of these EXTREEMLY scary warnings? Don't they read them at all?
Make it too easy, and the scamware software will just get a free cert and sign apps.
It takes some amount of effort, possibly by a human, to approve you to receive a cert.
Even the "free" certs I've applied for have taken time and human interaction on the side of the registrar, and I'm certain those certs are offered as loss-leaders for their other products.
No mobile apps, no conventional desktop apps, no command line apps... looks pretty "evaluaty" to me. Also: "private developers will have to pay $49 a year, corporations $99 a year."
So, on the one hand we have (from Apple):
Xcode (free or $5.00, depending on what kind of mood Apple is in that week)
Developer program with store access: $99/year
Code-sigining certificate: included.
From Microsoft we have:
Non-crippled Visual Studio: $499
Developer program with store access: $49-$99/year
Code-signing certificates: must be purchased separately from a third party.
What a bargain!
Your info about "no command line apps" is also outdated. It USED to be true, but I have VS2010 Express, and it came with the command line tools:
Setting environment for using Microsoft Visual Studio 2010 x86 tools.
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
Copyright (C) Microsoft Corporation. All rights reserved.
usage: cl [ option... ] filename... [ /link linkoption... ]
Congratulations - you have been enlightened to the state of PKI as it stands today. (I.e. a complete fucking scam).
Is public/private key cryptography itself fundamentally flawed? What's the alternative?
Convergence http://convergence.io/ (notary)
Perspectives http://perspectives-project.org/ (notary)
CertPatrol http://patrol.psyced.org/ (cert checking)
TACK http://tack.io/ (only one cert per organizational group would need signing or notarizing)
Tack is much more interesting. I'm too sleepy to fully understand the proposal, but what I've gathered so far looks promising.
Of course, the sheer number of certs given out guarantees that some bad guys will be able to get one using fake id. But the point is to make malware rare and easier to investigate, not to eliminate it completely.
And that identity assurance is where most of the scam comes in. Encrypting communication securely is dead simple (from an implementation standpoint - pick a cipher and go), making sure server X actually represents who they say they do, that's a whole different can of worms.
Or we might just have a bunch of reasonably-savvy users that have realized that lack of a signature is not the same as untrustworthy software.
Racketeering indeed! I am sure that was the goal of the SmartScreen filter in IE. Cert vendors and MS must have colluded to add this feature so that developers of all binaries are forced to buy certs. Right?
That way even those who ship free software would sign it and thereby make windows safer.
But of course MS isn't interested in that when they can get paid for it.
This is one of the things that infuriates me about StackOverflow and its army of article closing moderators. A real community will change its practices and perceptions over time according to the needs of the community. If you have a subset of people who decide what a site is for, forever and ever without change, then it's not a community, it's a cast. Or it's a system of castes.
That said, their customer service has been very good and very prompt.
It is at least 55 dolars too high.
$60 sounds a little high to me, but if you think you could do it for substantially less, why not set yourself up in competition with them?
If you're on Windows, one thing to keep in mind is to use IE or Firefox when buying the cert. After the purchase is approved, you need to navigate to the site in the same browser that you purchased it, and only IE and FF are supported.
My family taught me to always do the right thing, which, most of the time, is neither the most convenient nor the most profitable.
It should be trivial to provide a free binary signing service that required some steps to prove the person (or website) is the person asking the binary to be signed (much like Google asks me to upload a file or setup a DNS record) and match the file signature to the URL of the download. Let's not forget every one who would rely on it already paid for a license of Windows.
Of course, this would probably kill download sites, but the internet would be better off without them anyway.
It's obvious in hindsight, but since I hadn't released many Windows applications in the past, I didn't realize what I didn't know.
1. Dev checks out his site using IE
2. Dev realizes that IE users were getting scary warnings about his software
3. Dev has to pay up money to a third company to make the scary warnings go away.
Seems like a bad state of affairs to me.
A couple of relevant points that may be overlooked:
1) Signing your code, even with an expensive class-3 Authenticode certificate from Verisign that allows you to sign kernel drivers, is no guarantee that IE will not accuse you of distributing potential malware.
2) Contrary to various postings by Microsoft, there appears to be no avenue for appealing IE's poor judgement calls. This happened to me a few months ago -- again, with a signed .exe -- and all of the links on microsoft.com that I followed to submit my download to a whitelist went nowhere useful.
3) Mentioned in the article but worth emphasizing: the ridiculous "This application is not commonly downloaded" criterion almost seems designed to penalize smaller vendors who release frequent updates.
This SmartScreen bullshit is one of those cases where if you're not outraged, you're either not paying attention, or you're profiting from the scam somehow.
Since it's almost unheard-of for malware to be signed with a legitimate, unrevoked certificate, they could also afford to give signed executables much greater leeway when deciding what to report to the user. People seem to be assuming that signing the .exe is enough to keep the dire warnings from appearing. That is not the case, or at least it wasn't the case a few months ago.
Finally, they can provide a standardized method for whitelisting URLs (and not individual executables) instead of what they're doing now, which is apparently nothing.
I suppose if you're selling to the Windows market, the App Store will be required in a few years as Metro becomes the dominant Windows UI (and Metro apps have to be sold in the Microsoft App Store).
I mean, it's true, there is a difference here- the active "This software isn't certified" notification- but is that a critical distinction?
Errr, um, sort of.....well.... Mafia protection racket, yes?
Put it this way. What is the first thing that springs to mind when some one is scaring off your customers demanding, sorry, politely implying a payment to stop?
Yes, yes, yes, I know. Security, user safety, lots of lovely logical arguments for it, Im sure there are plenty. But strip it back to basics and, well, there it is. I presume since MS is a big huge "evil" business which probably funds some political rodent its all cosy and legal.
Its more complicated, right?
NOTE: All of the above was sarcasm
On Windows 7 with IE 9, there were no warnings presented when downloading the zip file containing the unsigned installer executable. When the installer was extracted from the archive and run after the download completed, I got the standard Windows security warning about "The publisher could not be verified", which was far less scary that the SmartScreen warning.
So yes, it looks like that could be a viable work-around.
Thanks for the suggestions!
The problem with Microsoft's strategy has always been the reliance on companies like VeriSign for whom recurring revenue from certificate renewal is a primary revenue source. And when I've had to deal with VeriSign for code-signing certificates in the past, it's easily cost more than $99 in time ("I'm sorry for the delay, but could you please fax that to us again, only this time, on official company letterhead?").
Even more significant: as a registered developer, it took me less than ten minutes on developer.apple.com to obtain a Developer ID, to use it to successfully sign an executable and an installer package, and to verify the resulting signatures.
In contrast, as an MSDN Universal member, Microsoft directs me to a list of root certificates installed in current versions of Windows , leaving me to puzzle out which are willing and able to sign third-party code-signing certificates (as, presumably, organizations like the French Secrétariat Général de la Défense Nationale are not).
As an aside, the official copy of this list is posted on TechNet as an unlocked wiki page I'm permitted to edit!?!
"1. Getting your Developer ID.
Mac Developer Program members can get their Developer ID now. If you’re not already a member, join today."
"Join today" links to https://developer.apple.com/programs/mac/, where they politely ask for their $99/year software development tax.
The more likely route for Mac support is to release a native OS X version, since the GUI is written in Python and the underlying deconvolution stuff is written in portable C++.
This seems to be that effort: http://fixblurryphotos.com/ Blurity is mentioned after the deblur is performed.
When I was experimenting with the SaaS version of Blurity, I found that many of the people who did eventual make purchases were, firstly, interested in only a single photo; and secondly, satisfied with the most trivial of improvements. I lamented that those people would be just as satisfied with auto-levels and unsharp mask as they were with Blurity, so my friend Tyler threw exactly that simple service together in about 10 hours.
The results? Turns out that people aren't willing to pay for something simple like that after all.
Yet another reason Apple's "one and only one way to do it" approach to code signing certificates may not be such a bad idea after all.
Could you drop me an email at the address in my profile? Thanks!
On the other hand you have my grandma,aunt. Random old folks who fall into the red messege = panic & insta call super urgent call to me.
So yea far more layman are using IE
Sent from android.
As for the cert. When you know about you simply explaon this on the page.
In actuality, images have a wide range of sharpness. In this case, Blurity can improve the image. (Using mathematics no less!) Will it be perfectly sharp? No, not always, but it will be better. And that's something people will pay for. Even experts.
It's a nice money maker for them getting all those yearly certificates, some charging several hundreds of dollars per year.