I don't mean to stray off-topic, but this article just confirms my intuition to avoid anything with icloud in the name.
Similarly the file sharing is just to set a third-party baseline so that file/save sync'ing between Apps on the mobile devices 'works' without sending people off to Dropbox. And in that capacity it also works just fine.
Sure, it resists power-user use. But that's just because, in true Apple fashion, it's not built for it and doesn't care too much about it. But that only makes it 'shit' inasmuch as about 90% of Apple's services are 'shit' and places it distinctly outside the way Jobs defined 'shit'.
 Though filtering this crude is cause to reassess that.
It's certainly possible that the Macbook Air would switch to ARM in the next few years, but until you can write software for an iPad on an iPad, there's no getting away from OS X and serious processors.
What makes an architecture (ARM) more suited "for the elite" than another slightly more complex architecture (x86)?
If anything, power users can just recompile their open-source software for ARM and that will be that.
iOS doesn't have a terminal. And considering the recent moves with the Mac app store, how long before terminals will stop shipping with OS X?
Why not take this illogical train of thought even further? iOS tries to hide the filesystem from the user, so how long will it be before OSX does the same? iOS doesn't allow generic USB devices like 3G modems, so when can we expect that support to be removed from OSX?
I purchased an iMac for my mother two years ago, and she never could quite get the hang of it. The iPad that replaced it last Christmas has been working out much better. The same qualities that make iOS shitty for power users make it simpler and easier to use for the average populace.
I wouldn't say iOS is a terrible product, just that it's terrible for someone that knows how to use a computer. Apple is trying to get users that don't know what they are doing at the expense of the experience for users that do. I know I shall never buy another Apple computer if the trend continues.
Hold down Alt while clicking the Go menu to see your Library folder.
However, I reject your solution. It's my machine, I want it to be a pleasant experience to develop on, I don't want to memorize a workarounds for a bunch of trivial problems that I have to apply to every machine I use.
I'm taking the defensive position of not investing too much of my time in their products because I think they will remove access to those folders, or lock down on application installs, or otherwise make the experience wretched for me sometime in the future.
(sudo??) chflags nohidden /Library
chflags nohidden ~/Library
Teenagers today are power users, except for those who have much bigger problems than poor technical skills (like being freaking illiterate).
So shouldn't we optimize for our children instead? Isn't it plain stupid that we spend so much worrying about our mothers and grandmas?
The side effect is that we, as a society, are making efforts in keeping people dumb. Reading, as a skill, is hard to learn and it was considered optional and for power users even in the 17th century. Even today, I find it so stupid that movies are dubbed around the world, as if people can't be bothered to read freaking subtitles. That's how I learned English btw, something which would have never happened if I lived in Spain or Italy.
Being a power user doesn't necessarily mean usage of a terminal, especially since most teens today use Windows on their PC, which has the shittiest terminal experience of them all. Heck, when I was a Windows user I wasn't using the terminal either, even though I was doing programming. Even if you are using the terminal in Windows, you don't really have much need for it since the whole freaking OS is anti-terminal and you can't do much with it. It's easy to forget this if you're a Mac or a Linux user.
This is not about teens being smarter btw. Older people simply don't have the patience to learn anymore, unless they see the real value in doing it. My folks also have a huge language barrier - they never learned English, as they were taught Russian and French in school and they forgot everything due to a lack of practice. For my mother, it doesn't matter how easy to use the device is, if it isn't localized.
Our tools definitely got better, but the only truly meaningful thing that changed since the late 90 is the availability of the Internet. When I was in high-school, in year 2000, we had no Facebook or Twitter, but I still had classmates that were communicating a lot over IRC and email. But they were doing so from school, because home Internet connections were expensive and shitty.
The Mac App Store doesn't really have any relationship with the terminal. There's no reason to believe that its in Apple's interest in any way to take away the terminal. It's still Unix underneath, they still provide developer tools, and they still need developers to write applications for them. In addtion Macs are still huge in the design/developer community because they're well suited to graphic design work with their appearance, focus on large screens and high resolutions, and performance. They're pretty big in the developer community too as you get a great "point and click" kind of OS with full and easy access to the terminal and most of the goodies you get with a full-fledged Linux machine.
Finally, your argument is that Apple is ignoring power users but you use an example where it's actually your carrier that's stopping you, not Apple. You said it yourself, the iPad does support tethering but your carrier is the one who enables/disables it. Seems more like your carrier is against power users, not Apple.
In the end, just because Apple makes the OS more "point and click" friendly and comes with a pretty opinionated set of defaults for non-power users doesn't mean they're trying to keep power users out. By definition, if you're a power user, these things they're doing should be a minor annoyance when you get a new Mac and after a couple of hours you should have your machine how you like it because... drumroll please... you're a power user and know how to do that stuff! I personally don't see much difference between OS X and some of the more "user-friendly" Linux distros. They've both got the same underlying tools and are working hard to make it so your grandma can pick it up and get emails of her grandchildren within an hour. What I think the real problem people have, which maybe they just don't see, is that they just don't like change in general. New versions of OS X come out and they hid an option somewhere and everyone goes nuts and says "Who moved my cheese! This is the worst computer ever!"
Actually the iPad does have a file system. You just don't have access to it.
> That statement is almost like saying "TV manufacturers are forgetting about the power users! My new Sony flatscreen doesn't even come with a terminal so I could... uhh...
Consequently, one of the reasons TV is dying is because it's just a dumb consumption device. I use my laptop, my Android and my iPad for 10 to 12 hours per day. I use my enormous flat-screen that's sitting in my room only for streaming movies from my laptop and yes, while connected to it sometimes I open the terminal.
> it's actually your carrier that's stopping you, not Apple
BULLSHIT. This is a device-level configuration setting that the career can remotely send to you. The device wasn't even bought from that career. It wasn't on a contract or anything like that.
It's my device and I find it unacceptable that the career can tell it what it can and cannot do. It's Apple's fault for giving them the option.
> By definition, if you're a power user, these things they're doing should be a minor annoyance
Actually it's a big annoyance because I'm the customer that pays money and why in the world would I pay for devices that are defective by design when I could be supporting companies that respect me and my needs? My current retina-enabled and shiny iPad is the last Apple product I'll ever buy.
All that was shattered with their new Macbook lineup (which are pretty much just beefier MB Airs). They flat out killed the 17" (which I still consider the perfect on-the-go workstation).
I considered Apple very relevant around the iPhone release. The current direction is not the iPhone direction. It is the iPad direction. That's when they started to go somewhat batshit on driving away professional users. They could have maintained both camps pretty handily in my opinion. Both camps were quite happy and got along great. Why they decided to kill off one is beyond me. Sure, there is more money in everyday clients, but I doubt they were actually hurting their business with power users.
Consider this: When I - a staunch defender of FOSS, user of Kubuntu, Free Software programmer, ardent antagonist of everything Microsoft - got my Macbook, I actually started recommending Macs as a choice to others. It actually did seem to me a better choice than going with Microsoft Windows. These days, I recommend Windows 7.
That's what they have accomplished.
I sprung into action and opened that machine up and started dousing all of the parts with distilled water then drying them. I didn't need any special tools or even a service manual.
That generation MBP had the most beautiful design inside and out that I have ever seen. It was the pinnacle of geekdom beauty and it only lasted a year or two.
While I don't relish the idea of a non-upgradable system, I do appreciate Apple trying to shave off every last possible gram from their laptops. My next laptop will probably be a 13" Air for that reason.
You're retconning. Apple hasn't been 'borderline irrelevant' since before they launched the iPod in 2001. There's a six year gap there in between the iPod and the iPhone, and imho they didn't really change their direction until 2010 or 2011, with the release of OSX Lion, neglect of the Mac Pro, and the killing off of the 17" MBP.
The TiBook was also quite nice, though I wouldn't call it as significant as the iMac in pushing Apple toward stylish and well designed consumer devices.
The iOS stuff certainly moved them to a whole new plane of success, but I don't have to like it.
The only bit I took issue with, is holding up Apple as having 'failed' simply because their focus is on other types of users. Particularly when they're serving those users at least as well as any alternative. And when those users are far, far more numerous than users like myself and their needs far, far easier to meet in an engineering and support sense.
Guess what: when Macs get touch screens, more Launchpad is going to make more sense, and full screen is going to be even better. That doesn't mean that Apple is going to start locking down the Mac. Indeed, as time goes on and their less technical users migrate to iOS instead, they have even less incentive to further lock down the Mac.
It's a very sensible default for people who can't be trusted to not click on banners telling them to download a "FREE CAT SCREENSAVER", thus the universal adoption. And it doesn't hinder anything like software development at all, since programs you compile yourself aren't marked as tainted. (And you can just pop open a Terminal and drop the taint xattr from any file.)
Nevertheless, in all cases, in all these OSes, the Gatekeeper/Smartscreen-like system can be turned off, and always will be able to be. Otherwise, how would programs get deploy-tested? [You can't require signing with individual device deploy keys like for iOS deploy testing, because IBM-compatible PCs have structural identity--there's nothing equivalent to the UDID to tell them apart by. You could try using a fingerprint with the CPU model, MAC address, etc--but all those can be faked. Unless we get something like a TPM-based PC UDID, trying to do device keying on PCs is moot, and no OS vendor will bother.]
Actually, come to think of it, Linux also has this at an even more fundamental level: you can't install a DEB/RPM from the Internet as an automatic dependency unless its signing key is in your keychain, fullstop. There are actual programs I've installed (for example, ESL's distribution of Erlang) which require the user to "curl http://example.com/key.asc | sudo apt-key add -". Ubuntu's PPA system (using apt-add-repository et al) doesn't get around this, it just automates it with a prompt for whether you trust the key.
What people are talking about is locking down what can run at the behest of the vendor. Like how iOS is. Like how Mac OS X would be, if you couldn't disable Gatekeeper.
You think users "always will be" able to disable Gatekeeper, but I don't think there is any evidence to support that. It's entirely up to Apple, and if they want to implement a TPM-based (or other) Mac UDID and lock Macs down to Apple-approved software, they will go right ahead and do whatever the fuck they want to do.
Apple doesn't control what is signed by devs, though they do control handing out certs to devs. If Gatekeeper were permanently on, it wouldn't mean you could only use Apple-approved apps (ie, the app store), it just means you can only used signed apps (ie, random stuff you download from the internet).
But that's the thing. OSX, Linux, Windows--they're PC operating systems, and they run on PCs. Any PC. Which also includes virtual machine environments that emulate PCs. Apple could lock Mac hardware down, yes, but they can't stop a Hackintosh from running whatever it likes--because you wouldn't build a TPM chip into your Hackintosh.
Now, if your argument is that Apple is going to take OSX and make it into something that doesn't run on generic PCs, but rather a specific, closed environment that loosely resembles PCs [thus killing all ability to do Hackintosh builds, run OSX in a VM, etc.], I agree that there's a very slight possibility of that.
But Apple has a heavy incentive to keep OSX running on generic PCs. For one thing, it's required to maintain backward compatibility with all the current hardware that are just generic PCs. For another, it gives them the ability to test their software using generic VM products, rather than a specialized "simulator." For a third, it allows them to just construct a new prototype Mac in the lab out of the newest off-the-shelf components (picture an empty Mac Pro case with random hardware inside), and then use it to write and test drivers for those components, instead of waiting for a specialized mobo to be produced for them that supports all those technologies and carries their special, needed OSX TPM chip.
Sure, Apple could push the industry to standardize a UDID-carrying TPM chip for all devices (this is basically the dystopia everyone was scared would happen with Palladium), so that Apple could use off-the-shelf hardware and still do device-key deploys to it.
And sure, Apple could write their own machine simulator.
And sure, Apple could just make the device-deploy-keys feature optional until an OSX release where all the old hardware is no longer supported.
But why? What advantage does this give them? It sounds like a lot of hassle to create a world where it's harder for everyone--including Apple's own in-house developers--to develop, test, and distribute Mac software. A world where fewer developers want to develop for OSX. A world where it's impossible for enterprises (yes, Apple has enterprise customers) to deploy their own internal software over their networks.
Now, look out below, for :itisacaranalogy: --
If you're a car company who makes sedans [iOS devices] for "consumer driving", and trucks [Macs] for "utility driving", what purpose would it serve to turn all your products into cars? Especially if your own employees require a truck, as part of their job, to haul loads around the workplace?
As far as I can see, Macs are going to diverge from iOS, not converge. The more consumers who buy sedans [instead of buying a truck they don't need and then complaining when it doesn't have heated seats], the more "trucky" the trucks can become without impacting sales. Macbook Pros and Mac Minis--both "trucks"--are here to stay.
On the other hand, iMacs and Macbook Airs--both "sedans"--might just get locked down, run iOS, and probably have touchscreens one day. But that's just fine, isn't it?
The MBP looks like it's going to keep getting lighter until there's no need for a separate "Air" category any more; if they keep the brand after that, it'll be for an iOS device with a keyboard attached.
And the iMac is already a redundant competitor to (Mac Mini + Cinema Display); so it will probably make more sense as a big iOS touchscreen "kiosk." Instead of having a Mac built in, it'll have an Apple TV built in. (I imagine the Cinema Display would also get touchscreen capabilities, and then you'd get the same experience as an iMac by hooking an external Apple TV up to it instead of a Mac Mini.)
...and note that everything I just said could apply equally well to Microsoft. They have all the same choices available to them, and there's already the same "nervousness" surrounding the Surface RT. It's just simpler to do the analysis with Apple, since their long-term hardware strategy is more obvious.
But yep, Apple could do every single thing you say. Without breaking a sweat.
As for why? I think Apple would prefer that OS X not run on commodity PCs. They already take halfassed measures to control running OS X in a VM, and to prevent booting OS X on non-Apple hardware. If they could do that more reliably, they woudln't care about their slightly higher internal costs, and they definitely don't care about making life miserable for their developers (as I've witnessed being one for the past 12 years). But it's just a hard problem for them and a hard sell to existing users used to PCs being wide-open. But with every single iOS user they add, that sell gets one user easier.
I'd bet that within five years, the percentage of users running unapproved software [EDIT: somehow deleted 2nd half of this sentence:] on new Mac hardware will be about the same as it is on iOS today. It won't probably be impossible, just hard enough to not be feasible for most normal/busy people.
OK, that wasn't short, but in summary: The fact that Mac OS X has been the best power user OS for the last several years wasn't by design, it was just an accident of history and where they got their OS from. Apple doesn't give a fuck about power users, and Apple doesn't give a fuck about trucks. That market is just way too small for Apple to care about -- which is sad for those of us currently in that market.
Because if/when Apple finally abandons Intel and power users (timing that makes sense to me) it will be years before Ubuttnu or any other plausible player is anywere near as good as Mac OS X 10.7. 10.8 still has too many bugs and stability issues, but it will get there. Probably 10.9, too. But after that? I don't think anybody knows, but I am very skeptical.
(I think Microsoft will move in this direction, too, so those Surface RT users are probably right to worry.)
Ubuntu is going all touchy, Windows 8 (although confused) is touch-enabled, the new ChromeBook Pixel looks very touch-centric; It seems that Apple are really falling behind the eight-ball on something they purportedly pioneered.
I can only assume they'll release their new OS (OSXI, OSX.I, X.I.OS, etc.) fairly soon as OSX in it's current form is about as touch friendly as Windows 7 or KDE.
They generally dropped that line when Mac OS X became a GUI perched on top of a character-based operating system.
Oddly, Mac users have also stopped mocking Windows users for having Intel processors, for not using SCSI and whatever else made Macs special before they turned into a variant of Windows PCs.... ;-)
To be fair most services have to force you to do something one you have ran through your free space.
Running out of storage is an expected occurance. Your microwave door falling off is not expected to happen:)
Read book on iPad at page 20. Open book on macbook or iPhone and book left open at page 5 when last exit turns to 20.
I think Apple's inability to run web services is going to really come to pass in the near future. Everything is moving towards that way and Apple is still left in the "just sync with iTunes" world.
They run the world's largest media store and one of the world's busiest online stores in addition to iCloud. Just because MobileMe was a piece of junk doesn't mean they are completely clueless.
Their store for physical goods goes down every time they make a significant change to the product offerings.
Both are highly successful, but all this tells us is that a web service doesn't have to be particularly well run in order to be successful.
That still amazes me. No wonder why WebObjects never took off...
And by the time they ported it to Java there were plenty of open source alternatives.
Are you sure that is for technical reasons? I don't see a big advantage of pushing such updates to all customers in one go, and I can see an advantage of staggering updates (say 1% every hour over a couple of days): if your update breaks something, it gives you a fighting chance to at least adjust your web site before all your customers send you mail at the same time.
If Amazon CloudFront worked that poorly at replication, everyone would rightly tear them a new one.
Many years ago it used to go down for technical reasons.
Now it is purely PR/Marketing. They get massive traffic spikes whenever it goes up and it instantly results in thousands of web pages going up with free PR. Why would you give that up ?
-Outside of Apple employees, you would be hard pressed to find a person with better inside information on Apple than John Gruber
-Additionally, in the tweet, he is corroborating another Apple journalist's similar claim
-Saying it is a technical flaw reflects somewhat poorly on Apple, and Gruber isn't exactly one to go out of the way to claim Apple is doing something poorly without a real reason to say so
-"It is for the PR!" always struck me as pretty weak post hoc reasoning. Sure, it drums up some interest in the tech blogs, but it also means the store just does not work for a period of time for everyone. Including people who don't care and just want to hand Apple money. I presume Apple wouldn't go out of their way to frustrate customers and possibly lose money.
iTools/.Mac/MobileMe and iCloud were all pieces of junk. As was Ping. As is GameCenter. And iMessage.
They have a lot of work to do.
iTunes Music Store is a web service. Whether it delivers HTML or XML to a thick client is irrelevant. It still needs to deliver a tremendous volume of them in addition to managing the downloads. And by and large it has worked tremendously well.
iTools/.Mac etc are all the same thing just rebranding. Ping was a product failure not a technological one. And GameCenter/iMessage use iCloud so not sure why you listed them.
iTools/.Mac/MobileMe/iCloud are all the same thing, but signify the number of reboots they have had over the years. Each time they say "it's fixed!" and then yea, it's not.
Be my guest if you want to believe Apple is great at the web. Meanwhile Google will be feasting.
Hater be hatin', but what have you done that handled 65 billion multi-megabyte downloads, securely? And we haven't even talked about movies yet.
I just opened the Mac app store application, clicked the "updates" tab/button, and waited 15 seconds to be told that there are no updates available.
When I install app updates on my iPhone (5, running iOS 6), the badge icon does not go away until I re-open the app store app, on a consistent basis (greater than 50% of the time). When the badge icon does show updates, tapping the updates tab produces a wait similar in magnitude to the Mac app store example above, even though the app already knows there are updates available, since it showed me via the badge icon!
Apple's web services, in my experience, are comparatively slow when viewed alongside other major providers of web services.
I recently got a couple of HD movies for my Nexus 7 from Google. I didn't really think that much about downloading them, just stuck the pin and they were downloaded reasonably quickly and painlessly in the background.
But now that I think about it, the contrast with my wife's experience downloading HD TV shows and movies from iTunes could not be more stark. The downloads take hours. She'll often check and be frustrated about how little had downloaded. She'd sometimes end up reshuffling her downloads. Until our recent wireless upgrade, she'd worry about where to place her laptop, sometimes resorting to a network cable. And probably more frustrations I'm forgetting.
To top it off, this is in a country Apple officially supports and Google doesn't. From my (admittedly limited, external perspective) I'd say Apple still has a long way to go with web services, including iTunes.
No, Apple can run a centralised download store where the content comes from a limited number of sources.
As far as I can tell, you pay $99 or whatever, and it periodically sends a text to your iPhone telling you it hasn't actually backed up anything in XX weeks.
Kind of a weird business model but then they didn't ask me.
* You need a Mac or iOS device to join, though. And you can pay for additional storage if you want ($20, $40, or $100 per year), but that's not necessary.
And then next year to keep iCloud "free", you need to buy more overpriced goods from Apple.
Must have been a pretty recent change though.
>> "you can't even do standard cloud stuff like share photos"
You can, shared photo streams which came with iOS 6 I think. You can also create shared photo journals in iPhoto (on iOS) which I presume work through iCloud.
Thanks for letting me know. I tried to do a mobileme style photo album about six months ago and was amazed that they had removed such a useful feature. Glad to hear it's back, even if it's in a slightly different form.
It's a syncing service first (and you can optionally opt in to get an email-id). The website provides you webapps for your synced iCloud contacts, calendars, notes, reminders and iWork documents and for "Find your iDevice". For other applications it serves as cloud "storage" but there's no web interface for those.
The app icons are equivalent to iOS app grid and the little cloud button serves as the home button for the "Apps"
Ironically with iCloud they removed that one feature that made the whole service worthwhile for me.
Then comes deletion, making the issue worse than before. Call it privacy, personal data control issue, doesn't matter.
Apple will likely correct this anyway. Two academics could be chatting over email about the potential social harm of "barely legal teens" categories in mainstream porn. They argue the slogan as a provocative, predatory gesture towards all young women. Often the category strives towards "as young looking as possible while legal" which is poor taste and creepy, yet sits alongside "brunette". They might be emailing about that, in which case Apple is wrong to delete the email.
> X-Proofpoint-Spam-Details: rule=notspam policy=default score=3 spamscore=3 ipscore=0 suspectscore=2 phishscore=0 bulkscore=1 adultscore=73 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1212290000 definitions=main-1302280125
I would argue that this kind of filtering is fine. Maybe it was a glitch in the server, maybe other metrics of the mail pushed the spamscore up. If iClouds Mail servers should silently decline mails for delivery is a whole different argument.
haha lets not get carried away
I find it obscene to an Orwellian extent that Apple actually seems to think that no valid email would ever contain the words "barely legal teens". I wonder what other things Apple thinks are not worth talking about?
I have no trust in Apple's email services any more.
Edit: that article appears to be mostly user names. Here's a forum thread to get you started: http://www.amsn-project.net/forums/index.php?topic=157.0
This is different from what Apple is doing, as it seems to be file-name based, to avoid phishing. I still think it's completely misguided.
That is hilarious.
On the other hand, the issue above represents a horrible failing on the part of MSN as a network/protocol. Silently dropping messages without giving error to either party is insanely stupid behaviour, and MSN's done it frequently for as long as I can remember.
So I'd disagree with the 'utterly useless' aspect.
In any case, not allowing specific file types as an attachment feels pretty different here, at the very least because the list of filetypes not allowed are enumerated, the refusal is explicit, and it's not due to the subject of the exe you're trying to send.
The intent is to require the receiver to take some affirmative action (e.g. deleting the .remove) before blindly running the attachment and getting pwned. Seems perfectly reasonable.
Unlike what Apple just got caught doing. I'm ripe for a new phone. I don't think it's going to be an iPhone ...
"Kim Dotcom... plans to launch an end-to-end encrypted email service to go with his Mega encrypted file storage offering." http://www.guardian.co.uk/technology/2013/feb/26/kim-dotcom-...
At time of writing, neither MacWorld, MacObserver, MacRumors or AppleInsider have covered this story, even though it's been up all day.
You would need Jon Stewart or Saturday Night Live to get on the case before Apple deemed it necessary to respond.
So I am not that very surprised to hear a news article like this. It makes perfectly sense with the current mentality. It also adds another nail in the coffin about idea that "only a machine is reading my emails. Why should I care about that?".
Hopefully this will encourage some people enough to run their own mail servers. It's far less problematic than most people think it is. Maybe it was hard to install and configure this in 1990s, but this is 2013. You buy a domain name, install a Debian machine, and do:
aptitude install postfix
aptitude install postgrey
It always surprises me that people can use a software library with complicated, half insane API's, but can't follow a single page of simple single steps installation. It's not hard and you get the bonus of actually owning your own emails again. If you are a company, this should not even be a question. If the options are to give away all your emails and customers emails to a third-party and thus lose all ownership to them, or asking a sysadmin/programmer to spend 5-10-30m tops to do an email installation, the answer should be obvious.
As for a few examples:
1. Mailservers around the world have different degrees of strictness in what they accept. Some require the sender’s mailserver to have a valid and matching PTR and A/AAAA (!) DNS records. Others don’t care. Some check black lists, some don’t. Some even resolve the MX record of your sender domain, connect to it and try to start delivery of an email to ensure your address is valid.
2. By default, postfix doesn’t warn you about undeliverable messages for quite some time (a week is the default, I think). So if there is any error in your config (e.g. I changed my DNS resolver config, then didn’t restart postfix), your mails will be stuck without any notice, for a number of days.
3. If there are SSL certificates invoked, they should be valid. Some mail servers will not use TLS at all, some will fall back to plain text, others will cancel delivery if your certificate is invalid.
These are just a few examples I have encountered recently, but every time they happen I am incredibly frustrated that emails either did not reach me (usually I detect that quickly) or are not delivered (detected only after a few days).
apt-get install gmail-server
Still, shouldn't be that hard to do as long as it is your own server and you trust it; I imagine a lot of the difficulty of gmail is scaling, and even a single user with 20-50GB of mail isn't in the same league.
If you were to outsource it to a service provider:
I'd love a way to do privacy-protecting search on my mailbox, either by building/maintaining a local index, or even more amazingly, some kind of cryptographic/data structure magic: do processing once either pre-encryption or on the local device, then add it to an index, with a configurable slider for data leakage vs. search quality. Search could execute locally and remotely.
(This is to allow you to use webmail with no local persistent storage, or a new phone, to search your email on a server, without trusting the server).
Mutt is more like "everything I can come up with from the command line." Sure, I won't make my grandma use it, but I've never needed any searching capability beyond grep and co.
I download my email to the Mac mail app. That has let me find some emails that were unfindable on the web interface (even when I searched by sender email!)
Still, I do think there exist some very talented grafic designers out there that would enjoy playing around with a webmail interface. Hopefully, articles like this will increase the demand and interest in run-it-your-self webmail packages, so one would do that and not spend all focus on building more CMSes.
Then there's spam.. what a headache. Suddenly one day I realised that I have better things to do with my time and now everything goes through google servers.
As for hotmail, I strongly remember doing a telnet to hotmail servers and succeeded in sending emails while writing commands by hand on my private computer. Thus without any special headers or other magic, I could send email without any issues. It would had been interesting to hear details on why hotmail rejected your emails. Default postfix installation?
I wonder if there is a "Mail Admin Best Practices" doc floating around the web yet?
This is pretty good. :)
But to address some of those concerns.
While errors in the config can cause big problems, it's not very common for people to change it once it's installed. It's like doing changes to the kernel, Apache, or Xorg settings. Sure, things can easily be broken there but for the common case, the defaults are good once one has passed the installation wizard/guide.
In case of SSL issues between mail servers, I am rather sure that postfix only does a best-effort. Thus if your certification expires, they will fall back to plain text. However most CA's will warn you several times once it gets close to the one year mark, so it's not a very big workload to handle. If you know of an email server that will cancel delivery, please let me know as I would be very interested to hear it.
PTR is a real issue, but if you have static IP, PTR records should be rather easy to get. It is also a one time cost for the domain name. For a company network, a static IP and support is commonly included in the price. You email/call them, and they add a PTR. For private users, a VPN solution might be needed in some cases, but I'm unsure if it's that much of an requirement. Gmail seems fine in sending emails to locations without PTR, or receiving emails from servers without one. However I have not tested this fully or with other services like to Apple or Microsoft.
Reviewing the history of the mailop list  shows how frustrating it can be when a behemoth (AOL, MS, etc.) stops accepting your mail. It's bad enough when you're a sizeable mail operation; as a tiny standalone mailserver, you are not at all a priority, and it's possible you'll lose the ability to communicate with a significant fraction of the Internet's email users (regardless of how complete/correct your configuration) and with little recourse.
Buying a mail server in the cloud is the most practical option. I doubt EC2 would peek inside your VM to censor mail as Apple is doing here.
Running a mail server at home can get complicated. Other than having to manage the hardware yourself, there are limitations on residential internet connections. Not only do residential ISP often provide dynamic IP addresses, they tend to block port 25 (at least outgoing) so as to counter spambots. Some spam filter may also treat mail delivered from your home server more harshly.
Though, if you really can't trust anyone (cloud providers, SMTP relays, or the network in general) you're be better of using PGP.
But Apple isn't in their right mind. They have never understood the cloud, they still don't, and every single Internet service Apple has ever produced, from eWorld to .Mac to Mobile Me to iCloud has utterly sucked gigantic balls.
Which makes relying on Apple to handle your email a lot crazier than relying on say, Google, Yahoo, Rackspace Mail, Tuffmail, etc.
As a developer / sysadmin who used to host his own mail and uses complicated half insane APIs every day, I know that even things that are reliable and easy to set up (such as debian servers) require maintenance and all the work and planning that goes into making something secure, reliable, and performant.
I don't see how anyone with experience could contend with a straight face that running a network service like email is a set-and-forget proposition. I remember having to brush up on my mail stack every time I needed to troubleshoot a problem, and over time it became clear that I had over-prioritized hosting my own email.
Edit: It's a fine hobby project though, as long as you're honest with yourself about what you're undertaking.
(2) set up mail server, create account(s)
(3) reset public email account with domain registrar + hosting facility to newly set-up email addresses
(4) kill public email account
You only need one for a very short while to bootstrap your own email server, you don't need it forever.
But I'll bite, if your mail server goes down - and it will - you now have no email. You can't email your hosting support. You try to log in to your host control panel to do a reboot or raise a ticket but forgot your password. You can't get the reset email. Somehow you manage to login and raise a ticket but won't get any email notifications when the technician responds asking for your server id number...
Thanks, but no thanks. I just went in the opposite direction a couple of months ago, switching to a paid Google Apps account so they can handle email for us. I couldn't be happier. Our Postfix / Cyrus / Squirrelmail setup worked fine, but then the server got compromised and taken over by spammers, out IP got blacklisted by most everybody, and right in the middle of trying to fix all that, I got sick and wound up in the hospital.
When I got home, I sat down to start trying to fix this mess and had an epiphany "WTF am I doing this? Hosting email servers is not a core competency for us, there is no competitive advantage to be gained here, and Google Apps is fairly cheap."
I switched over the same night and haven't looked back. After fighting with Postfix and Friends on and off multiple times over the past decade, I'm out. I want no part of hosting email, now, or probably ever again. I have much, much, much better uses for my time than fixing broken email servers.
It always surprises me that people can use a software library with complicated, half insane API's, but can't follow a single page of simple single steps installation.
I have yet to find an email setup that can be described as "following a single page of simple single steps installation". And even if I could, I still don't want to, because there just isn't any real point to it. Email delivery is a commodity, not a core competence. Outsource the hell out of that shit, IMO.
1) in some industries (like in finance) the regulatory requirements make it near impossible to use external email services. For example, there needs to be a record of every email sent out of accounts in the company that needs to be presented to regulators when they demand it.
2) People within the same company may slip up and send emails to coworkers that shouldn't be read outside the company. When you run the email servers, no other party reads them. It stays in the family, so to speak. When you use google or whatever service, they get a peek at the emails.
3) AFAICT Gmail is not HIPAA compliant, making it inappropriate for health care businesses.
Or to put it another way... we're a 2 person, self-funded, bootstrapped startup. Our most precious resource right now is the time of myself and my cofounder. Every minute we spend tweaking and tuning an email server, is a minute we're not talking to customers, doing market research, working on our product, developing strategy, doing competitive intelligence research, etc. For us, that's not a tradeoff that makes sense.
That and then there are periods throughout my day (especially at the $DAYJOB, like right now) when there isn't anything productive I can really do on the startup, and there aren't any pressing assignments, so reading HN is about as productive as anything else. :-)
Even if you think deliverability is good for 95% of mail servers there's always some ISP that won't cater for you. So you're constantly having to be monitoring the logs to ensure your emails are being delivered.
Sometimes people get hacked, either because they pick a abc123 password (nowdays blocked by policy), or because a customer webserver CMS theme has not been updated in the last 2 years. When that happen, a few mail servers (mostly yahoo) has temp banned mails for a few hours. Mails still got delivered however.
So lesson to learn there is to not use passwords like abc123, and to actually update that 2 year old CMS theme. Or you don't combine webserver with webmail.
Also: how do you know you've never had deliverability issues? If the server on the receiving end is blocking your mail it will happen silently.
In many years of running my own server, this was never a problem. I checked blacklists on a somewhat regular basis but was never in them. And people I sent mail to usually replied, which means they are either psychic or my mail got delivered. (The problem comes when you start sending spam, of course, which is what many people do get blacklisted for.)
The problems with running your own email server are spam and the time it takes to keep things running. All the other issues are trivially solved.
Even on Ubuntu Server it's very very easy to setup a mail server. Linode has guides, and there are others on the interwebs as well.
Just make sure to implement a regular backup regime.
In my experience IMAP to my own mail server is WAY faster than dealing with Gmail (even web interface).
The most conservative approach would be a co-located machine that you own (i.e. your physical property, so they probably need a warrant) or on a machine in your home.
edit: I just tried again, for more than a couple of hours. First I had to guess that I had to install MDB2_Driver_mysql. Set up a DNS to match my /var/lib/roundcube and now I'm struggling to understand how I could sign-in since he didn't create any user for me.
As for users, roundcube uses imap and thus do not create new users.
Anyway, GL, and if you want to have some fun, try out PostgreSQL.
You seriously think this is simple for non IT people?
This is as expected, as most people require some expertise to do technical work. I would have no idea how to fix the electrical system in a car, but I do expect that the mechanic knows how to figure it out if it one broke. Same, I expect a sysadmin or a programmer has the expertise to follow single steps installation guides.
In Germany, email is actually protected by the Fernmeldegeheimnis , even while the email is saved on the provider's server. The reasoning behind that  seems to be that the mail server's storage is part of the communication process, no matter how long the data sits there.
But "There is no postal secrecy law, no rule against reading." Seems like something of an exaggeration.
I used to do greylisting with spamd and ended up silently losing quite a lot of email. (Many mail hosts do not re-send from the same IP, meaning messages essentially get stuck forever.) Doing spam checks at DATA time and rejecting obviously bad emails outright seemed much more effective and less dangerous. I never managed to get Spamassassin to do this, but auto-rejecting languages you don't read also cuts down on spam a lot.
(I missed out on a consulting opportunity because the client's host of choice seemed to be a known spammer and my mail server's filtering was too aggressive about trusting blacklists. I chose to silently-reject those types of messages, so nobody got a bounce. Fortunately, someone was nice enough to ask me about it out-of-band so at least I was able to turn off greylisting and blacklisting before losing much more mail.)
I never found an imapd that scaled to having a lot of messages in a folder, so I ran a cron-job to move mail offline after 2 weeks (for mailing lists) and 1 year (for INBOX). Similarly, I never found a good client to use; Gnus had a very cryptic configuration that I could never believe worked, and mutt was not Emacs-y enough. Reading my email mostly consisted of waiting for Gnus and deleting spam. (I never figured out a good way to get Gnus to move messages marked as spam somewhere so that I could run a cron job to automatically train Spamassassin on the known-bad emails.
For search, I used HyperEstraier: http://sourceforge.net/projects/hyperestraier/
You set it up to run the ingestion program as a cron job every 10 minutes, and then you get a CGI that will show you matching emails for your query. Of course, you can't actually click the links and go anywhere unless you set up some sort of web-based email viewer. I never found anything I liked so I lived without webmail. (There are lots of options. All difficult to configure and probably riddled with security holes.)
Once your server is up and running, you need a secondary MX and a backup plan for your email. (I used Dyn.com's secondary MX hosting service. A lot of spam comes in through the secondary MX, so you can't just implicitly trust it. This involves more configuration.)
Finally, spam filtering uses a lot of CPU and RAM, so you have to pay for a rather expensive virtual machine. Linode's $40/month plan seemed mostly adequate.
I don't really like composing email in the web browser, but I've gotten used to it and $5/month for Gmail and $0/month of my time screwing around with spam filters seemed like a good tradeoff.
Then it goes through amavisd that does the spamassasin checks, as well as verify DKIM and the like, and then it gets delivered to dovecot.
Now, Dovecot as an IMAP server is fantastic. Along with dovecot-pigeonhole I can sort messages into different folders server side.
Dovecot currently handles one mailbox for me that I archive a mailing list into ... 150k messages and counting, and no issues. Uses Maildir on the backend. Although, I do think at those sizes it comes down to good file system caches, and a good file system that doesn't have a problem caching the entire directory.
It works well for me, so well in fact that I am moving all my stuff from Google Apps for Domains back to in-house. For two reasons, 1. more control, and 2. I have had issues with Google Apps in the past, and even with a paid account the support has been lackluster. I'd like to know more about my email, be able to check logs if need be to see what is going on.
Using it effectively, and knowing the dark corners of scalpeling, is quite another thing. It would be easy to get into deep trouble with a scalpel.
Note that I do NOT know much about email servers and that is precisely the point. I eat iptables rules for breakfast, I can set up a Debian server from scratch and I can certainly configure a mail server. But there's more to it than meets the eye. Been there, done that. And we got burn.
I don't know "why", but all I know is that we had problems!
tl;dr: 30 team person startup and we tried to use our own mail server. Too many problems. We moved to Google Apps for domain and all our problems were fixed...
As for using a previous owned spammer domain, I strongly question that logic. Black lists tend to be both conservative and done by copy-pasting. A blocked domain abcd will not block abc or abcde. If the block lits do not see mails from abcd within a month or so, they also tend to remove them to clear up space. This time frame is also way below common domain name expire dates.
Regarding reverse lookup, I assume that 30 team startup bought a company network contract from the ISP. Such deals should include support and static IP, which mean reverse lookup is a single email away from being done. Co-location contract might be different, but I wouldn't know.
It might have to do with spam filtering. Trying sending an email that talks about Cialis.
Some are sold on Amazon.
Presumably the people who operate in the legal pornography business -- working for Hustler, their distributors (I'm assuming there are several) and US-based retail outlets -- don't use iCloud or it could have an unpleasant impact on their legitimate businesses.
It sounds to me more like spam cleanup.
I can barely imagine the legal consequences of deleting without notice an important email that a distressed mother might have sent to her teen.
The article suggests some connection between the phrase "barely legal" and images of child sexual abuse.
It's clear that "barely legal" has a well-established meaning of "absolutely legal; documented adults; no chance of being under age". The article failed to establish a connection between the term "barely legal" and images of child sexual abuse.
Distribution of porn requires paperwork, age certificates from models/actors etc. Things get even more dangerous when actors can be reasonably suspected to be underage.
The author speculates that this filter was driven by paranoia and CYA mentality at Apple.
EDIT: Thanks, I misunderstood.
My point was, it has nothing to do with children.
Because they are specifically promoting porn featuring women as young as legally possible. "Legal teens" would include 19 year olds, and they are trying to create the specific expectation of women who very recently turned 18.
>Why barely, which also means "not really"?
That is not what barely means at all. Barely means "only just". Barely legal means legal, but very close to the cut-off.
Not at all? Well, it is possible my translator (leo) is wrong. I think i have a fairly good understanding of the english language, but i am not a native speaker, so i tried to check my understanding.
I still think it has in this case at least the connotation.
That is the link: http://dict.leo.org/ende/index_en.html#/search=barely&se...
Anyway, if I were learning English I'd pay the $300 for an Oxford English Dictionary. You'll learn a lot that way.
This is a special case. I know that normally barely meanst "only just" (though i believed leo that it sometimes - in special cases when used in a specific way - can mean "only almost"). But if someone hears a sentence like "that is barely visible", one always implies that it is not visible at all for someone seeing a degree worse. Now, if you vist a pornsite with usergenerated content - take 4chan as example - I'd bet a lot of money that one would find a mod-guideline or at least a discussion about such a guideline to delete any threads with "barely legal teens" as topic because a lot of users would post pictures of underage girls in such a thread. In such a case, barely implies not really. And therefore such a term can have another connotation than its formal meaning.
It is really a stretch to say "it doesn't have that connotation", connotations can vary even in one language for every speaker.
you mean, "person"?
But I'd like to be in control of whether emails are being deleted or not. (Or flagged as spam or not.)
Some people prefer to get everything; others don't care if stuff is silently dropped. But it's important that they get to choose.
Edit: Gatekeeper is OSX technology. It allows users to only install Apple certified Apps on your mac, not your phone. It's fairly new and possible to turn it off (for now at least).
Of course this could be a really poorly working spam filter, but I'm inclined to believe this isn't the case.
In contrast, deleting email based on content is neither inconsequential nor their own business.
I don't think this is at all like the ISP redirection pages that were more clearly non compliant with IETF internet standards.
There, fixed that for you.
1) What's on their store, and
2) How apps get on your phone, e.g. they must be codesigned by Apple.
The former is where they apply their content standards. The latter is a (very effective) security measure.
But, for example, Apple doesn't care in the slightest if I make a hardcore pornography app, sign it with my own developer cert, and install it on my phone. They only care if I try and submit it to their store. Similarly, they don't care if I open up Safari and visit some pornographic website, even if it uses HTML5 offline mode and gets added as an independent icon to my home screen.
You don't know that. They don't know you've done this and they can't know you've done it, so how you do you if they care or not?
Apple has been pretty open about the fact that they just care about what's on their storefront. The only reason that this effectively means they control what's on your phone is because most people can't install apps on their phone except via Apple's App Store. Although, as usual, everyone in the world is free to view whatever objectionable website they want.
It is illogical to block just this phrase and not the many others that would be far worse.
Heh. Wonder how much of it is produced with iMovie, or FinalCut.
Please don't. Just right click and choose open. You will be able to open it, and whitelist the app in the process.
Let's not exaggerate. Everyone got by perfectly well for years and years just using common sense about what to install. Gatekeeper is a welcome layer of defense but I doubt many experienced users would be "hosed" without it.
Because paranoia is so much more fun than rational thought.
Oh wait, they already did that: it's called iOS.
iOS is the ultimate proof that Apple does not intend to lock users out of their Macs: they already created a different product to enable that hand-held computing experience.
Unintended installs may be a type of exploit, but they're not synonymous with them, as 'aka' indicates. Gatekeeper does nothing to protect against, say, your browser being compromised remotely, as you can run unsigned code in a signed application. Gatekeeper raises the barrier to entry, but only slightly.
As others have pointed out in this thread, gmail silently drops emails that contained zipped EXE files. It doesn't tell you it dropped it, it doesn't tell you it didn't send it, it just vanishes.
This is (sadly) not new behavior. Other email providers drop emails (which is sad), and Apple acting puritanical isn't exactly news.
I'd be willing to write it off as a one-time error on the part of some individual contributor, but what else will get your mail deleted? Since there are no checks in place for "rogue" ICs adding phrases on server-side, what will cause stuff to go missing tomorrow?
No way to defend this. No spam filter should ever work like that, even if set up overly broadly.
Today it's a bad search filter, but tomorrow... what'll they do tomorrow?
Apple is the epitome of "we'll do what we think is best and you'll like it". For now they usually seem to have admirable (or semi-admirable) goals, even if you don't agree with them on the details. I'm curious how long until they make similar moves that are clearly Evil(TM).
- Not upgradable
- Super overpriced
- Dictator-style company that seemingly caters to grandma
more than technical folk
- Obnoxious smug ethos created by marketing team
- Lots of people complaining about OSX going downhill
- The OP story and associated reports of mass censorship
- Just look at Objective C for 5 minutes
I'm perfectly happy with my beefy Win 7 box paired with a *nix machine that I can shell into when I need to do something that would suck in Powershell. Just don't install Java/Flash/ect and don't open JessicaAlbaBoob.jpg.exe and you will not get a virus.
I'm willing to bet you've looked at it for much less than that.
Have I looked at the source code on numerous occasions, trying to come to terms with it's verbosity and ugliness? Yes.
| verbosity and ugliness
Also, my verbosity argument would be hard to defend without concrete examples of equivalent functionality being performed more succinctly (while still maintaining readability) in another language. That would be hard given my ignorance of ObjC. I withdraw that argument.
Solution: Avoid problem.
It's not a question of whether you should use certain products. It becomes a question of whether you should trust Apple at all.
Agreed. It's very difficult to convey this point, however. People don't really listen once you say these sorts of things. Even if they do, they don't change the way they work with those companies. This is especially true with Facebook. I've shown a lot of scary practices of Facebook to various people. All agree that Facebook is therefore pretty dangerous but continue to use it on a daily basis.
>"the cloud" is a stupid idea.
I do take issue with "the cloud" regarding the issues of your things not belonging to you, privacy issues, etc. There are benefits to e.g. hosting providers. I also would love Dropbox if my files were encrypted and impossible to view by staff.
The bottom line is that we need more companies who insure privacy rather than just claiming to respect it even though they store large quantities of personal information. Other such companies should work to avoid vendor lock-in.
People said the same thing about the internet and insisted that only direct-dial communications made any sense. This is one of those cases where I think the market will take care of things.
Trust them with what, exactly?
There are some things you shouldn't trust them with, but there are also things you _can_/should trust them with.
Do I trust Apple to make awesome laptops and cell phones? Yes.
Do I trust Apple to keep OS X open to third party development? Yes, I do. Mostly.
Do I trust Apple to keep my personal email, email that might contain passwords and account names, secure and safe? Probably not, which is part of the why I don't use my iCloud email account.
Do I trust Apple to not sunset iCloud email in a few years, invalidating my @icloud.com address that I would have handed out to everyone, leaving me high and dry? No, I don't - and I think that's a much more potent danger for anyone using their @icloud.com email account.
I would trust my doctor to some extent, but I wouldn't blindly assume that anything s/he said was correct.
Just saying it is possible that this is an over-aggressive spam filter vs. Apple taking such an invasive measure. Although, Apple has done similar crazy things before, so who knows.
4.2.5 Reply Codes After DATA and the Subsequent <CRLF>.<CRLF>
When an SMTP server returns a positive completion status (2yz code)
after the DATA command is completed with <CRLF>.<CRLF>, it accepts
- delivering the message (if the recipient mailbox exists), or
- if attempts to deliver the message fail due to transient
conditions, retrying delivery some reasonable number of times at
intervals as specified in section 4.5.4.
- if attempts to deliver the message fail due to permanent
conditions, or if repeated attempts to deliver the message fail
due to transient conditions, returning appropriate notification to
the sender of the original message (using the address in the SMTP
"As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice."
You should REJECT a message if you won't deliver it. If it was a legit message inappropriately REJECTed, then the server that's relaying it can generate a bounce back to the sender, and something can be figured out.
Dropping a message on the floor like that, after you have promised to deliver it is almost always the Wrong Way.
Whether or not that's appropriate is another thing, but that is probably the rationale behind it.
This is news to me. Citation needed?
Anecdote: we use hosted Exchange from Microsoft. I tried to setup a cron job to email us all at 4:57 with the subject line "Get The Fuck Out". Those don't come through either.
And they don't respond to complaints, even from their own users.
I've been running the same pukka mailing list for 12 years, I'm in their abuse feedback loop, have proved exclusive ownership of the mail server, all mail is DKIM signed with valid SPF records, mail is accepted with a 250 OK, you name it.
Still they bin my emails, but only to some accounts. No rhyme or reason, no bounce, no spam folder. Just never arrives.
You could also reasonably configure a filter to not land emails over a spam threshold.
Given the amount and type of spam in my Gmail Spam label, I'm quite sure there's a hard filter in place there too.
So it could be a bug in their definitions files.
I'm going to take a guess that this is just a misconfiguration in the spam filters.
A misconfiguration in your email server that results in emails being silently dropped is about as bad of a misconfiguration as you can have. That shouldn't even be an option to configure.
I just remember there being debate/discussion about this before.
"As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice. However, it is extremely dangerous and violates a long tradition and community expectations that mail is either delivered or returned. If silent message-dropping is misused, it could easily undermine confidence in the reliability of the Internet's mail systems. So silent dropping of messages should be considered only in those cases where there is very high confidence that the messages are seriously fraudulent or otherwise inappropriate."
All the other experiments on here were from a few hours ago. Does this still happen for other people? If it does, it'd suggest it's more complicated than a simple filter on emails containing the phrase.
That said, deleting user data without user input at all is completely insane. It's probably a good thing that iCloud sync sucks so much and developers aren't using it.
"barely legal teens" isn't delivered (edit: now does)
"actually illegal teens" arrives
...along with everything else of the sort (that I've tested).
Surely the phrase was blacklisted by some algorithm after it occurred verbatim in massive amounts of spam.
Using other people's software or services which you don't control should be based on trust, in my opinion. What I mean is that you should build up evidence about different service providers, and choose whether or not they are trustworthy.
This is essentially why I am OK with closed source software. In many aspects of life (from the obvious, like banking, to more abstract, like personal relationships) we have to act based on our degree of confidence in something. The downside is that this thing is obscured (hence the need for trust), the upside is that through obscurity it was made possible (in this case, email providers make money by having a unique, high-quality offering).
Never attribute to malice ... you know the rest.
So, does anyone else have test results to report?
I don't care if someone reads my email to sell me an ad. I do care if someone reads my email to censor it.
Even on HN it's only good as a learning exercise or for a small number of people who have the use for it.
The problem isn't with the length of time it takes to set it up. The problem is with making sure you have all the quirks sorted out so your mail can get delivered through other people's set ups.
Also, I've never seen real spam advertising porn - mostly it's fake watches, penis enlargement and fake social media or other identity theft scams.
They are great with products. Less so with the area around the product. Can't have something as nebulous as a cloud without trying to control the product experience.
It's nice that I can use iCloud to find my iPhone and that it keeps my contacts in sync.
Except that it can't keep notes in sync correctly. Which shouldn't be surprising because notes aren't actually notes, they're stored in an email box. That's why you need an @me.com account to sync them.
Really there is no iCloud. There is an email service, a calendar service, a contacts service, a layer on the email service, a file storage service, a network transparent CoreData sync service (that is supposed to be very problematic), a todo service, a photo sharing service, and probably other things.
If it doesn't involve a network service, Apple can do wonderful things. If it does... well... it might work well enough; most of the time.
I think GP has it exactly right. Their hardware is great but their software is an embarrassment for a company with such resources.