Opinion: Why Apple's 'new Newton' will rule

They can send a man to the moon (or at least they could 40 years ago). Why can't they make a tiny computer people want to buy?

Cell phone, laptop and desktop PC markets are all well established, with dominant players in each category raking in billions in sales. But in the world of mobile computers, the field for laptops that are bigger than cell phones but smaller than regular laptops is still wide open. A shockingly large number of companies have invested millions of dollars developing products in this category. They've shipped dozens of gadgets hyped as the Next Big Thing. But the buying public has responded with indifference.

Many observers blame this indifference on problems with the category itself. What's the appeal of a mobile computer too big for your pocket and too small for a full screen and keyboard?

But I disagree. There are many scenarios -- airplanes, restaurants, meetings, around the house -- where tiny mobile computers are ideal. The problem is price, performance and user experience. To date, products have been way too expensive, slow, clunky and awkward to use.

Eventually, somebody is going to get it right. And when they do, the tiny computer market will get huge.

Since Microsoft announced the "Origami" project way back in March of last year, the category has been going nowhere. But, suddenly, everything has changed.

Events in the past 30 days lead me to conclude something unthinkable just one month ago: Apple -- yeah, I said it -- Apple! will ship the first ever successful small computer. Call it the Newton on Crack (or, more accurately, on Mac).

Here's what happened in September.

Palm Foleo

Everyone seems to think that Palm's Foleo project has been canceled. But this isn't true.

The original Foleo concept was a Linux-based, low-power clamshell device that worked exclusively with Palm's Treo line of smart phones.

What is true is that Palm CEO Ed Colligan announced earlier this month that the company plans to discontinue the use of Linux as an operating system. This companywide strategic change will delay the Foleo, which will come out eventually on a new OS platform the company is now working on. The new operating system will be finished next year.

So just to be clear: The Palm Foleo project has not been canceled. It has been given a new operating system and delayed.

The Foleo is still a dark horse candidate. If the company's new platform is great, if the company can survive long enough without real innovation on the phone side, if they can get the price down far enough -- a lot of "ifs" here -- then Palm has a shot at selling a few of these to existing Treo owners.

The Foleo has zero chance of dominating the coming boom in tiny mobile computers.

Nokia

The Federal Communications Commission recently approved a new minitablet, nonphone device from Nokia that supports Bluetooth, WLAN and GPS. The approval was branded as "confidential," so only the sketchiest of details are available on the product, which will almost certainly ship this year.

I'm not sure Nokia has the "right stuff" to compete in the nonphone market. For starters, the company has trouble focusing on individual products and tends to scatter its energy and resources across its massive line of devices. The future king of tiny mobile computers is going to need vision and focus.

Go ahead and take Nokia off the list of contenders.

The UMPCs

The ultramobile PC (or UMPC) platform, originally developed by Microsoft, Intel and Samsung, is designed for small, low-voltage computers with pen-based touch screens and, optionally, QWERTY keyboards. UMPCs can run Windows XP Tablet PC Edition 2005, Windows Vista Home Premium Edition or Linux.

Intel announced last week that it would slash the power on its UMPC chip sets in an upcoming chip set code-named Moorestown and add hot features like WiMax, 3G and others.

The Intel announcement is the best news to ever hit the UMPC space. The future of UMPCs has potential, but so far nobody in the space has achieved the right combination of price, performance and overall user experience. The manufacturers are trying, however, and just this month have announced wide-ranging updates.

• Asus announced yesterday major updates to its R2E UMPC. The new version uses Intel's 800-MHz A110 processor instead of a Celeron, which should improve battery life. The device sports a few impressive specs, including 1GB of RAM, 802.11g wireless and integrated GPS and a webcam. The R2E, however, is simply too expensive to succeed at over $1,500, and it doesn't have a keyboard.

• Fujitsu recently announced its appealing LifeBook U1010 in Asia, which is sold as the U810 in the U.S. The device is for business professionals who also want to watch movies and play games. It even has a fingerprint scanner for security. Of all the UMPCs that are shipping, the Fujitsu has the most promise. It's both a tablet and a clamshell. It has a nice big keyboard. And it has a relatively low price: $1,000. Unfortunately, the UMPC runs Windows Vista, and some users report serious performance issues. If Fujitsu could make the U810 a lot faster and a little cheaper (say, under $700), they'd have a category buster. But they can't, so they don't.
• Sony recently updated the hardware on its VAIO UX-Series UMPC. The computer has a screen that slides up to uncover an unusable keyboard. The company will need to completely overhaul the design for better usability if it wants leadership in the coming minicomputer space. I would think Sony could do better than this.
• OQO's recently updated 02 UMPC is optimized for media, and has a small, awkward keyboard. The device is both too small -- very close in size to a large smart phone -- and too expensive -- at $1,300, it costs as much as a laptop.
• HTC recently announced that it plans to jump on the Vista bandwagon with the company's Shift UMPC -- and also use Windows Mobile. The device uses Microsoft's cell phone operating system to collect e-mail while the computer is in sleep mode. The Shift has a nice, big keyboard and screen, but it's too expensive ($1,500), suffers from poor battery life (three hours!) and is a little on the fat side.

These are just the UMPCs updated during September. There are more than a dozen other devices out there on the Origami platform. Every single UMPC device that has been shipped or announced suffers from lousy usability, high prices, poor performance, ill-conceived user interfaces, or any combination of the above. And far too many of these companies are jumping on the Vista bandwagon. If Vista can't deliver good performance on a brand-new desktop PC, how can it function well enough on a low-powered handheld device with a touch screen?

Can anyone create the right combination of usability, performance and price? Yes: Someone can.

Apple

Two things happened in the Applesphere in September that changed everything. First, of course, is that Apple CEO Steve Jobs announced Sept. 5 the iPod Touch.

The second is that AppleInsider said this week that Apple is working on an updated Newton MessagePad -- basically a big iPod Touch with additional PDA functionality. The Mac OS X Leopard-based mobile minitablet PC will be 1.5 times the size of an iPhone, but with an approximate 720 by 480 high-resolution display. The site estimates that the new device will ship in the first half of 2008.

If true (and some believe it isn't), this rumor is very good news. If Apple ships an iPod Touch, but with good PIM (personal information manager) functionality, an optional wireless keyboard and good battery life for under $1,000, they win.

But even if this particular rumor is false, I still believe Apple will dominate this category with another project. As I've said before in this space, Apple's iPhone user interface is a glimpse of the future, not only of future Apple mobile computers, but desktops and the future of all PCs as well. It's inevitable that Apple will ship a tablet Mac that works like the iPhone. And, just as in the iPod space, the company will likely round out the category with a "mini" version.

Of course, everything could change again in October. But right now, the only company with a prayer of succeeding in the small computer space is also the only company that hasn't even shown a prototype -- Apple.

iPhone's Bluetooth bug under the hacker microscope

Almost lost in the hubbub over Thursday's iPhone firmware update and whether it would "brick" unlocked phones was the fact that Apple Inc. patched 10 vulnerabilities -- twice the number of fixes issued since the phone's June debut.

The iPhone 1.1.1 update, which like previous upgrades is delivered through Apple's iTunes software, fixes seven flaws in the built-in Safari browser, two in the smart phone's Mail application and one in its use of Bluetooth, the short-range wireless technology.

The seven Safari vulnerabilities include several cross-site scripting (XSS) flaws, one that can disclose the URL of other viewed pages -- an online banking site, say -- and another that lets attackers execute malicious JavaScript in pages delivered by the SSL-encrypted HTTPS protocol. One of the Safari flaws, and an associated vulnerability in Mail, involve "tel:" links, which can be exploited by hackers to dial a number without the user confirming the call.

But it was the Bluetooth bug that got the attention of security researchers. Symantec's DeepSight threat network team pointed out the vulnerability in an advisory to customers today. "Reportedly, the Bluetooth flaw occurs when malicious Service Discovery Protocol (SDP) packets are handled; any attacker that is within Bluetooth range can exploit it remotely," wrote DeepSight analyst Anthony Roe in the alert. "Successful exploits are reported to allow the attacker to execute arbitrary code."

According to Apple's security advisory, the Bluetooth bug was discovered and reported by Kevin Mahaffey and John Hering of Flexillis Inc., a Los Angeles-based company that specializes in mobile security development and consulting. Flexillis may be best known for its reverse engineering of the exploit used to hack into several celebrities' T-Mobile cell phone accounts in 2005, include Paris Hilton and Vin Diesel.

The Bluetooth bug may prove to be dangerous to iPhones, Roe speculated, since the potential range of the technology is much greater than most people think. While Bluetooth's potential range -- and thus the maximum distance between attacker and victim -- is about 400 feet, "Several proof-of-concept Bluetooth antennas have intercepted Bluetooth signals at almost a mile," he said.

Roe also pointed out that HD Moore, the driving force behind the Metasploit penetration framework, had recently demonstrated that shellcode could be run on an iPhone. Moore, said Roe, proved that "exploiting security vulnerabilities affecting the iPhone is by no means out of reach." n a post to his blog -- and to the Metasploit site -- on Wednesday, Moore said that because every process on the iPhone runs as root, and so has full privileges to the operating system, any exploit of an iPhone application vulnerability, such as Safari or Mail or Bluetooth, would result in a complete hijack of the device. Moore also announced that he would add iPhone support to Metasploit, which would make it much easier for hackers to access a vulnerable phone.

Moore acknowledged that he's looking at the Bluetooth vulnerability. "The Bluetooth SDP vulnerability is the only issue I am focusing on," he said in an e-mail Friday.

He also hinted that locating vulnerable iPhones wouldn't be a problem. "The Bluetooth MAC [media address control] address is always one less than the Wi-Fi interface's MAC address," he said. "Since the iPhone is always probing for or connected to its list of known access points, the presence of the iPhone and its Bluetooth MAC address can be determining by using a standard Wi-Fi sniffer.

"Once the Bluetooth MAC address is obtained, the SDP issue can be exploited by anyone within range of the Bluetooth chip, or within range of the attacker's antenna, which can be up to a mile away in some cases," he said.

If Moore manages to craft an exploit and add it to Metasploit, it's probable that criminal hackers will quickly follow. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," Alfred Huger, vice president of engineering with Symantec's security response group, said in a July interview.

Jarno Neimela, a senior researcher with F-Secure Corp., a Helsinki-based security vendor, also hit the alarm button, but for a different reason. In a posting to his company's blog today, Neimela pointed out that there's no security software available for the iPhone, thanks to Apple's decision to keep the device's inner workings a secret.

"The amount of technical information [available about the iPhone] makes it likely that sooner or later someone will create a worm or some other malware," Neimela said. "This will create an interesting problem for the security field as the iPhone is currently a closed system and it's not feasible to provide anti-virus or other third-party security solutions for it.

"So if someone were able to create a rapidly spreading worm on the iPhone, protecting users against it would be problematic."

Although iPhone owners will be automatically notified in the next week that the new patches are ready to download and install, a large number of those who have modified or unlocked their phones will probably forgo the fixes, since the 1.1.1 update apparently also disables unlocked phones and wipes unauthorized third-party applications that have been added with various hacks.