Slashdot Mirror

In order for this not to happen again do the following:

Stop using Windows and MacOSX.

So you are saying that full disk encryption on Windows and Mac OS X has backdoors? Any link to back that up?

Download and install Fedora F16.
When installing, encrypt the harddrive with a really hard to break password.

Now you are saying that Fedora has no backdoors. But the only way the Syrian activists will be sure is if they download the code, check it themselves, and compile everything, as it is pretty much impossible to know that the precompiled binaries haven't been tampered with. But the code for the relevant parts of Mac OS X is also available. In any case, the Syrian activists, being social activists and not hackers most likely lack the skills and the time to understand the code and to compile it themselves, nullifying the advantage.

Install pidgin and off the record like this: 'yum install pidgin pidgin-otr'

Pidgin? You mean the open source messaging client that also runs on Windows and Mac OS X?

Generate keys and verify them before communicating.

Yeah, cause we all know there is no SSH nor GPG for Mac OS X or for Windows. Oh, wait...

And not using major OSes will keep you away from the most common exploits and trojans.

Except that there is far more malware for Linux than for Mac OS X. (Why? Because Linux is widely used in servers that the "evil doers" specifically want to crack.)

Also, try to use TOR, HTTPS-everywhere and other good tools.

Again, tools available for Mac OS X and Windows.

Apple for years claimed their OS didn't have any.

Citation needed. From the Apple Support Communities site (non-authoritative): To deal with the Malware, Apple recommends disable Java for anyone with 10.6.7 or less who can't upgrade.

Here's a link from Apple's support site posted in 1998 describing how to protect yourself against viruses in Mac OS 8.1.

  I'm too lazy to look for older links.

Apple for years claimed their OS didn't have any.

Citation needed. From the Apple Support Communities site (non-authoritative): To deal with the Malware, Apple recommends disable Java for anyone with 10.6.7 or less who can't upgrade.

Here's a link from Apple's support site posted in 1998 describing how to protect yourself against viruses in Mac OS 8.1.

  I'm too lazy to look for older links.

Shut up, you idiot, those are upgrade prices. How do I know, I read the Leopard license which is found here (available here: http://images.apple.com/legal/sla/docs/macosx105.pdf). Here is the relevant section:
2. Permitted License Uses and Restrictions.
A. Single Use. This License allows you to install, use and run one (1) copy of the Apple Software on a single Apple-labeled computer at a time. You agree not to install, use or run the Apple Software on any non-Apple-labeled computer, or to enable others to do so. This License does not allow the Apple Software to exist on more than one computer at a time, and you may not make the Apple Software available over a network where it could be used by multiple computers at the same time.

Now, since apple has never sold a computer without an OS, it is an UPGRADE. You can not install it on any computer in which it did not already have an OS installed.

Did you miss the Mac Pro Server? http://store.apple.com/us/configure/MC915LL/A?

If so, why do I hate their stuff? Oh, right - because locked down, proprietary bullshit that I pay for but technically do not own is the complete opposite of "functional" in my book.

So buy a MacBook Pro; it's not locked down at all. My comment is a joke to anyone who knows Apple. Apple even tells you how to root it.

I rooted a Mac once so I could change the name of the main administrative user (as I recall).

All "open source" is prohibited in many app stores.

And what app stores would those be? It's certainly not the iOS App store.

Doom is GPL Licensed
Doom is in the App Store
The Source for for iOS Doom

You are mixing revenue and profits.

Read my post again. Samsung reported $3.8B in profit on 44.5M phones. Apple reported $22.7 in revenue on 35.1M phones. Apple does not report margin or profit on individual product lines. For a decent product, 30% margin is a reasonable number. If we assume 30% then Apple made $6.7B profit for an average of $194 per phone. I suspect Apple make more because Apple does report overall gross margin which as 47.4%

Apple sold 35.1 million phones and made $11.6bn profit in total, but this includes 11.8M iPads as well as its iPods, PCs, OSX, and iTunes. If the iPhone made up 50% of Apple's profits (a guess as random as your 30% margin) this would make Apple around 25% more profitable than Samsung with the same profits for 3/4 of the handsets.

No. Read Apple's Q2 results. iPhone does not include anything other than iPhone related finances.

• Total Mac (1): $5.07B
• iPod (3)(9): $1.21B
• Other Music Related Products and Services (4): $2.15B
• iPhone and Related Products and Services (5)(9): $22.7B
• iPad and Related Products and Services (6)(9): $6.59B
• Peripherals and Other Hardware (7): $643M
• Software, Service and Other Sales (8): $832M

(1) Includes revenue from iMac, Mac mini, and Mac Pro sales.
(2) Includes revenue from MacBook, MacBook Air, and MacBook Pro sales.
(3) Includes revenue from iPod sales.
(4) Includes revenue from sales from the iTunes Store, App Store, and iBookstore in addition to sales of iPod services and Apple-branded and third-party iPod accessories.
(5) Includes revenue from sales of iPhone, iPhone services, and Apple-branded and third-party iPhone accessories.
(6) Includes revenue from sales of iPad, iPad services, and Apple-branded and third-party iPad accessories.
(7) Includes revenue from sales of displays, networking product, and other hardware.
(8) Includes revenue from sales of Apple-branded and third-party Mac software, and services.
(9) Includes amortization of related revenue deferred for non-software services and embedded software upgrade rights.

To make $11B in profit, most of the profit must come from the iPhone and iPad and Mac lines because all other lines combined don't total $11B in revenue. 30% gross margin is not a random guess. It's a rule of thumb for most companies. Above 30% you are making enough to cover overhead that goes beyond product costs.

You don't "kill on profit" if two companies are immensely profitable, there are no losers there.

Nowhere did I imply that Samsung was a loser. "Apple is killing on profit" only compliments Apple.

However Apple is more vulnerable. They run on inferior hardware, are over-priced, and rely on remaining a must-have fashion item. Samsung's market was forged in the ultra-competitive Android market against players like Motorola, HTC, LG, etc, and have created a genuine range of value for money products. In terms of hardware and value for money, the S2 is the best in the market.

Yes people like you have said that for nearly two decades now. I suppose if you say it long enough it might come true some day. Or may be you're just a hater that can't stand to see Apple do well.

Actually, it's worse then I thought. The iPhone 4s was released in China and 21 other countries on Jan 13: http://www.apple.com/pr/library/2012/01/04iPhone-4S-Arrives-in-China-on-January-13.html

This is during Q2'12. So they had a drop in sales despite entering new markets.

Point 3 should be point 1 - since it already exists: http://itunes.apple.com/au/app/steam-mobile/id495369748?mt=8

hell they did worse than they did last quarter which, although still good, is a sign they're slowing somewhat, right?

Uh, wrong. Year-over-year comparisons of the same seasonal quarter are what you want (I'll leave it as an exercise to the reader to Google up the reason why). Apple's unit sales were up YOY in every single product category (other than old-style iPods, which are clearly on the way out).

See the "data summary" document linked from this page for more info.

Except for material we may license to you, Apple does not claim ownership of the materials and/or Content you submit or make available on the Service. However, by submitting or posting such Content on areas of the Service that are accessible by the public or other users with whom you consent to share such Content, you grant Apple a worldwide, royalty-free, non-exclusive license to use, distribute, reproduce, modify, adapt, publish, translate, publicly perform and publicly display such Content on the Service solely for the purpose for which such Content was submitted or made available, without any compensation or obligation to you.

Which sounds pretty reasonable. The problem comes earlier in the "agreement,"

Apple reserves the right to take steps Apple believes are reasonably necessary or appropriate to enforce and/or verify compliance with any part of this Agreement. You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party,

So the "agreement" grants Apple privileges to spy on your data and pass it along to any unspecified "third party" or their choice, if they feel like you might be doing something they dislike. I read it; I didn't sign it. I don't think anyone should.

Nah, no need, not even at a business level. Note that there are no known viruses for OSX, and a properly configured mac makes even malware difficult to run.

All that aside, this article is extremely suspect - 1 in 36 macs were infected with malware? 600K macs estimated to be infected with flashback, the only really known problem malware at the moment. So that would indicate about 22 million macs according to the story. According to Apple's Q1 2012 results, they sold over 5 million macs just this quarter, meaning that this article is saying 25% of the macs out there were sold this quarter? Of course, Sophos sells "security" software, so is this a surprise?

WP7 does allow apps to run in the background. It does not allow apps to access certain APIs while running in the background, such as VOIP controls (e.g., Skype). That's not too dissimilar from what Apple does on iOS.

With WP7, background tasks cannot run constantly like they can do on Android. The OS schedules them every 30 min(on battery and cellular data) or every 15 mins(on plugged in power and WiFi) or totally shut off (battery is low and the battery saver is enabled).

WP7 does allow apps to run in the background. It does not allow apps to access certain APIs while running in the background, such as VOIP controls (e.g., Skype). That's not too dissimilar from what Apple does on iOS.

Yep, Apple sure is hostile to open software.

http://www.macosforge.org/
http://www.webkit.org/ - Oh look! GPL licensed!
http://opensource.apple.com/
http://www.cups.org/

..

It's almost trivially easy to set up email encryption using ssl certificates with all the major email clients, whether you use a CA certified certificate or generate self-signed certificates (which presumably you'd have to distribute by USB key...)

Here's how to do it in Apple mail:

1. Generate the certificates using a CA or Self-signed
2. Trade certificates (usb key in the mail, in person.. anything other than email. Also, email is ok, if you confirm the correct cert by outside means, say by comparing SHA1 hashes over the phone.
3. Install the certificate
4. Send the encrypted mail

I'm sure it's just as easy with Microsoft or Linux machines. You can do the research yourself. The above took me like four minutes to find.

Forget the NSA for a minute. Email is typically sent either entirely in the clear, or only the last mile is encrypted between you and your email provider. I suppose if you both use gmail, and you can be sure that google is storing and processing both of your messages on the same server and/or uses encrypted links for their own internal processing, that you might be ok, but otherwise it would not be very hard for interested parties to intercept your conversation somewhere along the way.

There's really no excuse for two parties who have the ability to negotiate with each other to use unencrypted email for anything that might be sensitive. Just because you have to deal with your bank or state government being stupid doesn't mean you should deal with your business partners being stupid.

..

It's almost trivially easy to set up email encryption using ssl certificates with all the major email clients, whether you use a CA certified certificate or generate self-signed certificates (which presumably you'd have to distribute by USB key...)

Here's how to do it in Apple mail:

1. Generate the certificates using a CA or Self-signed
2. Trade certificates (usb key in the mail, in person.. anything other than email. Also, email is ok, if you confirm the correct cert by outside means, say by comparing SHA1 hashes over the phone.
3. Install the certificate
4. Send the encrypted mail

I'm sure it's just as easy with Microsoft or Linux machines. You can do the research yourself. The above took me like four minutes to find.

Forget the NSA for a minute. Email is typically sent either entirely in the clear, or only the last mile is encrypted between you and your email provider. I suppose if you both use gmail, and you can be sure that google is storing and processing both of your messages on the same server and/or uses encrypted links for their own internal processing, that you might be ok, but otherwise it would not be very hard for interested parties to intercept your conversation somewhere along the way.

There's really no excuse for two parties who have the ability to negotiate with each other to use unencrypted email for anything that might be sensitive. Just because you have to deal with your bank or state government being stupid doesn't mean you should deal with your business partners being stupid.

..

It's almost trivially easy to set up email encryption using ssl certificates with all the major email clients, whether you use a CA certified certificate or generate self-signed certificates (which presumably you'd have to distribute by USB key...)

Here's how to do it in Apple mail:

1. Generate the certificates using a CA or Self-signed
2. Trade certificates (usb key in the mail, in person.. anything other than email. Also, email is ok, if you confirm the correct cert by outside means, say by comparing SHA1 hashes over the phone.
3. Install the certificate
4. Send the encrypted mail

I'm sure it's just as easy with Microsoft or Linux machines. You can do the research yourself. The above took me like four minutes to find.

Forget the NSA for a minute. Email is typically sent either entirely in the clear, or only the last mile is encrypted between you and your email provider. I suppose if you both use gmail, and you can be sure that google is storing and processing both of your messages on the same server and/or uses encrypted links for their own internal processing, that you might be ok, but otherwise it would not be very hard for interested parties to intercept your conversation somewhere along the way.

There's really no excuse for two parties who have the ability to negotiate with each other to use unencrypted email for anything that might be sensitive. Just because you have to deal with your bank or state government being stupid doesn't mean you should deal with your business partners being stupid.

..

It's almost trivially easy to set up email encryption using ssl certificates with all the major email clients, whether you use a CA certified certificate or generate self-signed certificates (which presumably you'd have to distribute by USB key...)

Here's how to do it in Apple mail:

1. Generate the certificates using a CA or Self-signed
2. Trade certificates (usb key in the mail, in person.. anything other than email. Also, email is ok, if you confirm the correct cert by outside means, say by comparing SHA1 hashes over the phone.
3. Install the certificate
4. Send the encrypted mail

I'm sure it's just as easy with Microsoft or Linux machines. You can do the research yourself. The above took me like four minutes to find.

Forget the NSA for a minute. Email is typically sent either entirely in the clear, or only the last mile is encrypted between you and your email provider. I suppose if you both use gmail, and you can be sure that google is storing and processing both of your messages on the same server and/or uses encrypted links for their own internal processing, that you might be ok, but otherwise it would not be very hard for interested parties to intercept your conversation somewhere along the way.

There's really no excuse for two parties who have the ability to negotiate with each other to use unencrypted email for anything that might be sensitive. Just because you have to deal with your bank or state government being stupid doesn't mean you should deal with your business partners being stupid.

Wow...10.5 was released in 2007 and its ALREADY unsupported according to the wiki? damn maybe folks shouldn't have marked the AC a troll that made the joke about buying a new Mac every year. I thought the big selling point on the Mac was how "high quality" Macs were? Yet the support drops after less than 5 years? I guess that's why I never really got into macs, i just don't get it.

10.5 was the last version that ran on PowerPC machines. People with older PowerPC machines who wanted to keep up to date with the OS needed to upgrade to Intel hardware to run 10.6.

10.6 for existing Intel Mac owners was $25. From what I've read and seen, a massive percentage of the user base upgraded to 10.6 pretty quickly. 10.6 wasn't a massive upgrade, but by shedding all of the PowerPC support and through compiler optimization, threading and multi-core support improvements (Grand Central Dispatch, and its use by most of the core applications), improved 64 bit support (including a 64-bit kernel and 64-bit apps), and various Intel-specific improvements, 10.6 was a pretty massive upgrade from 10.5 in terms of speed. According to this press release, OS X 10.6 saw twice as many purchases in its first week of release as 10.5 (four times more than 10.4's first week), with sales declining by only 25% in the second week. As such, from a practical standpoint for most Mac users, it's a non-issue, as the majority are now running 10.6 or 10.7 (roughly 78% according to the Adium page quoted by the GP post). 10.6 was such a massive improvement and so cheap (relative to other commercial OS's) that the only real reason to stick with 10.5 was if you're still on PowerPC hardware.

In terms of hardware support according to Apple systems go into "Vintage" classification if they're between 5 and 7 years old (which for most of the world means "obsolete/unsupported").

If I was a paranoid person i'd have to wonder if this wasn't by design, after all who would fault Apple if they restricted or outright banned Java as a security risk now?

Apple already dropped Java from OS X 10.7. It isn't included at all, but can download and install itself if it's needed (it will typically offer to do so if you try to run anything that requires it).

The latest Java updates disable Java applet support in Safari and other browsers that use Apple's Java plug-in. You can re-enable this if you need it, however it will disable itself again after a period of disuse. To be honest, while I've long been a Java developer and have no problem with rich Java applications, Java applets are a dead technology anyhow. I haven't come across one in many, many years now.

Point being, Apple has been moving in this direction for a while. At one point (back in 10.1 IIRC) Java was supposed to be one of the top-level development languages for the Mac. Apple developed and provided the Java Cocoa bindings, which allowed UIs designed in their Interface Builder tool to be bound to Java applications, and Cocoa objects to be easily accessed via Java (and vice-versa). This was deprecated in 2005. Then Apple decided not to support Java in iOS (smart move IMO). Now it's no longer included with the OS, is only available as a downloadable add-on, and applet support is disabled by default. I don't predict they'll be getting rid of it entirely (there are a lot of Java developers on OS X, yours truly included) -- IIRC they're trying to transition to having Oracle maintain it alongside the Linux and Windows versions, instead of doing it themselves. They just want to move into a model more akin to Window's Java support -- it works fine, and applications run just fine, but you have to get it from Oracle as a separate install.

All of which reminds me -- my parents are the type who continually ignore the pop-ups that software updates are available for their Mac (no matter how many times I've told them they need to stay up-to-date). I should call them this

...when Apple could write statements like this:

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

http://www.apple.com/support/windowsvirus/

"Nice roundup of articles, but at the end of the day anyone that uses a blanket statement like "Linux = secure" is as stupid as anyone that says Macs are virus-proof." - by Tharsman (1364603) on Friday April 20, @02:07PM (#39748269)

The articles were there to make the point with "evidences thereof" as to my statements. Especially to this statement of yours which seems to "2nd that motion::

"I know Linux server admins, and all of them take security seriously and acknowledge they are as vulnerable as any other OS if you just lay back and look at them pretty. You have to make sure they are updated, secure, and properly configured for your needs with minimal permissions granted to processes that need them." - by Tharsman (1364603) on Friday April 20, @02:07PM (#39748269)

Agreed, & they're being sensible + realistic is all, as they ought to be regarding that much.

* As far as that "sentiment" around here though, well... I've been coming around this website since 2002 (posting since 2005 pretty steadily) & it's VERY "Pro-*NIX" around here & a great deal of that type of sentiment was spread around here (Linux = secure, Windows != secure, etc./et al).

However:

Since the things I posted have been happening & especially due to ANDROID, a linux itself being so massively "hit" by attacks the past few years since it's "king of the smartphone", thus showing once any OS gains a lot of "easy meat end users"?

They're not doing nearly as much as they used to, less & less...

It wouldn't be too wise to keep that up now that things are changing for both *NIX variants in MacOSX + Linux being more used than before (iirc, Apple's around a 10% overall marketshare, & Linux is around 1%, on end-users desktops....

Which is more than both were used before - & that said?

Here comes the attacks on them more than before (since more possible potential victims exist now, it's worth writing attacks for those OS platforms now too!)

APK

P.S.=> Anything can be attacked & penentrated if not setup as securely as possible... & by default, Windows isn't setup anywhere near how it could be, such as:

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH

Neither is Linux (not even SeLinux bearing distros - hence WHY it was "bolted-on" by the NSA in many distros but still not as 'security-hardened' as it can be):

http://www.bing.com/search?q=%22Security+Hardening+Linux%22&go=&qs=ns&form=QBLH

Hence, those guides for doing that... better than it is by default, even on SeLinux bearing distros.

Plus, certainly not MacOS X either - Not "outta-the-box"/"oem stock", for sure & because yes, they have guides for doing that, here:

http://www.apple.com/support/security/guides/

Which pretty much show anyone how it comes "by default" (which is NOT that "security-hardened").

The CIS Tool I noted that used in the link for "security-hardening" Windows, also works for Linux + MacOS X also & other *NIX variants like Solaris + more... makes it FAR easier to do in fact, & almost FUN!

... apk

A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.

Is this true? Yes, but only because the malware they are talking about was written specifically for Windows. It has nothing to do with the "built-in defenses in Mac OS X that keep you safe". It is at best disingenuous because the average user reads that to mean "Macs can't get malware".

The only mention I found from prior to 4.2 that mentions the feature was originally published around the time of 4.0, but it had clearly been edited to include 4.2, 4.3 and 5.0 info, making the original publication date worthless. I've been with iOS since 2.0, and I'm fairly certain 3.1 didn't bring in-app purchase disabling as a feature

Howabout this iOS 3.1 User Manual PDF.

See Chapter 19, page 146.

Quote:

"Restrict purchases within applications: Turn In-App Purchases off. When enabled, this feature allows you to purchase additional content or features within applications downloaded from the App Store."

Then skip to the last page of the PDF (technically page 217, I think) and see the Copyright 2009.

So, I guess that makes me two for, uh, two... ;-)

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Nice, was trying to hunt down at what point In-App purchase blocking came in!

And yet, I was MODDED DOWN for my trouble...

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Nice, was trying to hunt down at what point In-App purchase blocking came in!

And yet, I was MODDED DOWN for my trouble...

Do we believe Wikipedia, or Apple about when features were added? I say "Apple". To quote THIS Apple KnowledgeBase article:

"With iOS 3.0 or later, you can purchase subscriptions and extra content from within an application using your iPhone, iPad, or iPod touch. Some examples of In-App Purchases are bonus game levels/maps, additional experience points, subscriptions, and recurring services."

Caveat: I did not have any iOS devices personally until November, 2011 (iPhone 4S); so, the KnowledgeBase article could be incorrect; but I see other sources that agree.

I DO agree that there was no way to DISABLE In-App-Purchases until iOS 3.1; but we're talking about a time period between iOS 3.0, which released on June 17, 2009, and iOS 3.1, which released on September 9, 2009. Not until iOS 4.3.

Having said that, I do think that the iOS PW timeout was way too long, and further, IMHO, I think that cycling through "standby" (by pressing the "sleep/wake" pushbutton switch twice) ought to then require at least ONE password from ANYTHING that would be requiring same, AFTER you (re)wake the device. That way, a Parent could learn the simple muscle-memory act of cycling "sleep" before they hand their iOS device (this would be a good fix for Android, too) to their kid, especially after doing something that required "Privilege Escalation"/"Payment Authorization", etc., and the problem of "inadvertent privilege escalation" would be instantly a thing of the past.

Yes, I KNOW someone has to know about the switch, etc; but at some point you just have to quote Comedian Ron White and say "You can't fix stupid."...

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Nice, was trying to hunt down at what point In-App purchase blocking came in!

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Nice, was trying to hunt down at what point In-App purchase blocking came in!

My iPhone will not run the 4.3 "fix". Apple abandoned older models for "security" updates, but claims the fix is available.

Nice try. The update in 4.3 just made it more CONVENIENT for the PARENT. Apple has allowed the PARENT to restrict In-App purchases since iOS 3.1 was released on September 9, 2009. And iTunes 10, which was released on September 1, 2010, has allowed , which don't even have to be attached to ANY Credit Card, and are ADDITIONALLY restricted to a PARENTALLY-SET maximum of $10 to $50 per month.

So, STFU. You have PLENTY of tools at your disposal to prevent this. The fact that you can't update to use one MORE tool is of absolutely no moment.

Douchebags like that need to be humiliated (if that is even possible) into shame for total lack of parental skills.

Wow, this is how an Apple fanboy thinks?

No, it's how a responsible adult thinks.

Only children naively think that there is someone there to protect them.

But wait! Apple actually DID put the tools in the PARENT's hands to "protect" them, and even better, to teach them about how "money" works. These tools were in place LONG before the little darling clicked her way to $200 of In-App purchases (in 15 minutes!!!) The kid knew EXACTLY what she was doing. It was the PARENT that CHOSE not to use the tools that Apple provided to prevent the "damages" from occurring in the first place.

That, my friend, is the very definition of "bad parenting".

Douchebags like that need to be humiliated (if that is even possible) into shame for total lack of parental skills.

Wow, this is how an Apple fanboy thinks?

No, it's how a responsible adult thinks.

Only children naively think that there is someone there to protect them.

But wait! Apple actually DID put the tools in the PARENT's hands to "protect" them, and even better, to teach them about how "money" works. These tools were in place LONG before the little darling clicked her way to $200 of In-App purchases (in 15 minutes!!!) The kid knew EXACTLY what she was doing. It was the PARENT that CHOSE not to use the tools that Apple provided to prevent the "damages" from occurring in the first place.

That, my friend, is the very definition of "bad parenting".

Prior to the iOS 4.3 update in March 2011, there was a 15-minute grace period after you entered your password where you didn't have to enter it again. Following some complaints that were similar to this plaintiff's, Apple changed it so that there was an option to make passwords mandatory every time, rather than having a grace period. And if you did choose to keep the grace period enabled, they made it so that your first in-app purchase in that grace period would require you to re-enter the password.

Effectively, this closed the "hole" that the plaintiff's daughter used (well, to be fair, Apple can't fix bad parenting), wherein the parent downloaded an app, entered their password, and the child managed to ring up $200 worth of in-app purchases in 15 minutes or less. The plaintiff here filed suit in April 2011, shortly after the issue came to light in the press and after it had already been fixed by Apple.

April 2011??? Apple has allowed the restriction of In-App Purchases since iOS 3.1, which was released on September 9, 2009.

Not to mention that Apple also allows parents to actually TEACH kids something by having the PARENT set up an "iTunes Allowance" account. That has been allowed since iTunes 10 was released on September 1, 2010. These don't even have to be attached to ANY credit card (you "fill them up" with iTunes Gift Cards, IIRC). So, all of this is just asinine. The parent is just LAZY and LITIGIOUS. Kinda par for the course these days, unfortunately...

Yes and no.

By default, you only need to enter your password every 15 minutes in the iTunes app for purchases. This is convenient if you're buying a lot of apps (you don't have to keep entering your password over and over), but if you buy your kid the Smurf's Village app and then immediately hand him or her your phone, that kid has a 10-15 minute window to buy up all the Smurfberries he can click without having to enter in your password! And Smurfberries are surprisingly expensive.

That's YOUR fault for not changing the DEFAULT (which is more like 2 minutes, not 15, anyway).

It does so... now. It didn't in the past, which is presumably when this occurred.

How far back? iOS has had Parental Restrictions on In-App Purchases nearly from the beginning.

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Apple released iOS 3.0 on June 17, 2009. iOS 3.1 (with had the in-app purchase restrictions) debuted on September 9, 2009. So, we're talking about THREE MONTHS, TOPS that Parents ONLY had the ability to hide their iOS Password from their kids. Hell, Apple even allows a less-draconian option called "iTunes Allowance", which allows you, THE PARENT, to teach fiscal responsibility by allowing LIMITED iTunes purchases (there are also "content" restrictions to control this further).

Honestly, I really don't see how Apple could have been more responsible. They identified that perhaps some additional controls would be a good thing (over and above a Parent simply NOT GIVING THEIR PASSWORD OUT), and had a solution in PARENT'S hands in under three months. I think that is pretty damned good!

It does so... now. It didn't in the past, which is presumably when this occurred.

How far back? iOS has had Parental Restrictions on In-App Purchases nearly from the beginning.

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Apple released iOS 3.0 on June 17, 2009. iOS 3.1 (with had the in-app purchase restrictions) debuted on September 9, 2009. So, we're talking about THREE MONTHS, TOPS that Parents ONLY had the ability to hide their iOS Password from their kids. Hell, Apple even allows a less-draconian option called "iTunes Allowance", which allows you, THE PARENT, to teach fiscal responsibility by allowing LIMITED iTunes purchases (there are also "content" restrictions to control this further).

Honestly, I really don't see how Apple could have been more responsible. They identified that perhaps some additional controls would be a good thing (over and above a Parent simply NOT GIVING THEIR PASSWORD OUT), and had a solution in PARENT'S hands in under three months. I think that is pretty damned good!

It does so... now. It didn't in the past, which is presumably when this occurred.

How far back? iOS has had Parental Restrictions on In-App Purchases nearly from the beginning.

iOS 3.0 introduced In-App Purchases. These still required a Password, but there might have been no other "Restriction".

iOS 3.1 introduced In-App Purchase Restrictions. (See pg. 146 of the user manual PDF).

Apple released iOS 3.0 on June 17, 2009. iOS 3.1 (with had the in-app purchase restrictions) debuted on September 9, 2009. So, we're talking about THREE MONTHS, TOPS that Parents ONLY had the ability to hide their iOS Password from their kids. Hell, Apple even allows a less-draconian option called "iTunes Allowance", which allows you, THE PARENT, to teach fiscal responsibility by allowing LIMITED iTunes purchases (there are also "content" restrictions to control this further).

Honestly, I really don't see how Apple could have been more responsible. They identified that perhaps some additional controls would be a good thing (over and above a Parent simply NOT GIVING THEIR PASSWORD OUT), and had a solution in PARENT'S hands in under three months. I think that is pretty damned good!

There should be an easy way in settings to ban all in-ap purchases (not a new password, but just flat ban them),

You mean like THIS?

Have you no concept of adults, actual grown skilled professionals scamming children for their pocket, a beating is required but you are utterly wrong about the target.

This is no excuse adults setting out purposely to scam children. Reality here due to the cost of purchases credit card details should be required to be entered every time with emphasis on the amount of money being spent. Not euphemisms, buy bullshit berries with pretend credits (only those pretend credits are really pretend they are direct deductions from your parents credit card and in turn the loss of all your pocket money).

This is sick stuff, professional stealing children's lollipops in real life. It is mind boggling, can you imagine the meetings were psychologists, accounts, coders get togethor to create games to scam the pocket money from ten year olds. Each plotting more enticing, psychological manipulations to get the kids to press the pocket money wiping out button. "Yeah add that, that'll suck in the little rats","Oh Yeah, that'll get the little beggars competing","We need that to feed the little suckers egos so they spend big","We all gonna get rich scamming dumb kids pocket money, what a bunch of suckers, yuck, yuck ".

Seriously wake the fuck up to yourself, "ADULTS SCAMMING CHILDREN'S POCKET MONEY", what the fuck is the matter with you.

Welcome to the REAL world, bub. I think that this sort of conduct is reprehensible, too; but that doesn't automatically make it Apple's fault (which is the point of the lawsuit).

Apple gave the PARENT the tools to completely and effectively prevent this from happening, but the PARENT utterly failed in their PARENTAL responsibility. There is no other answer that comports with reality.

I trust that Apple's lawyers will be able to quickly demonstrate that iOS has measures in-place to stop this, but the parent simply didn't bother.

To use a gruesome car analogy: If you don't put your child in the safety seat and make sure the seatbelt is used, is it the car-makers' fault if your kid flies out the window in a crash?

And does it rise to the level of a "Class-Action" if a thousand parents refuse to use the seatbelts that the manufacturer supplies, and all have children that fly out the window in car accidents? Should the manufacturer simply remove all windows from every one of their vehicles?

The game does not have to tell you that it is going to charge your account. It simply asks for a password.

1. I have never seen an iOS in-app purchase confirm dialog that wasn't quite explicit about charges.

2. Perhaps this is a chance for the child to learn that you don't just enter your password without thinking.

3. Perhaps this is a chance for the parent to learn a little about iOS security; which, if the parent had bothered to become familiar with their device, has completely adequate security measures to avoid this sort of thing, including, but certainly not limited to, restricting in-app purchases, and even adjusting the "password timeout".

At some point, the parent has to act like a responsible adult, and not just blame poor parenting and willful ignorance on a company who has instituted measures to prevent children from racking up bills on the parent's credit card.

This lawsuit is entirely frivolous. If this had happened on Android, slashdotters would have said "Well, the app said it wanted permissions to allow in-app purchases when it installed..." or some such.

More Slashdot Click-bait. Bad Slashdot! Bad! No, No, No!

Info on creating an app store account with no credit card is here. I would assume purchases can then be made using an iTunes voucher.

the default setup of an iDevice still allows unlimited purchases to be made for 15 minutes after a parent enters their iTunes password without warning them of this.

So don't use an iTunes Store account that is linked to a credit card. Problem solved.

http://support.apple.com/kb/HT2534

Sorry, but you can put the Apple/American flag down.

http://support.apple.com/kb/HE57

    I know, a phone number can really go anywhere in the world. But here's a sampling.

http://jobs.jobs/search?q=Apple&company=Apple&exact_title=&location=&exact_loc=

    Or check them out on Apple's own site. Select Job Categories -> Customer Sales and Support.

http://jobs.apple.com/index.ajs?BID=1&method=mExternal.showSearchInterface

    I'm sure there's more localized hiring going on too. It's advantageous to have the local management team looking for local talent, rather than advertising globally for all entry level positions.

Sorry, but you can put the Apple/American flag down.

http://support.apple.com/kb/HE57

    I know, a phone number can really go anywhere in the world. But here's a sampling.

http://jobs.jobs/search?q=Apple&company=Apple&exact_title=&location=&exact_loc=

    Or check them out on Apple's own site. Select Job Categories -> Customer Sales and Support.

http://jobs.apple.com/index.ajs?BID=1&method=mExternal.showSearchInterface

    I'm sure there's more localized hiring going on too. It's advantageous to have the local management team looking for local talent, rather than advertising globally for all entry level positions.

If Apple promised to replace parts they knew to be defective for up to four years then they'd better step up. The court costs far outweighed the costs of replacing the GPU in his MacBook (and probably 100's of others). The cost of the bad press? It seems Apple has always been willing to test the patience of their customers' loyalties.

For more details on the problem check this link. Here's the header:

In July 2008, NVIDIA publicly acknowledged a higher than normal failure rate for some of their graphics processors due to a packaging defect. At that same time, NVIDIA assured Apple that Mac computers with these graphics processors were not affected. However, after an Apple-led investigation, Apple has determined that some MacBook Pro computers with the NVIDIA GeForce 8600M GT graphics processor may be affected. If the NVIDIA graphics processor in your MacBook Pro has failed, or fails within four years of the original date of purchase, a repair will be done free of charge, even if your MacBook Pro is out of warranty.

I'm surprised anyone has been refused replacement inside 4 years. I bet I've repaired around 170 of these units for this problem, and I have only just recently started seeing Apple refuse a warranty repair, because the computers are starting to cross 4 years old. The only time I see problems of this nature is if they purchase old stock and don't register. Apple assumes a computer is sold 30 days after manufacture if you don't send in your registration. If you need warranty service and are on the edge you may need to submit your proof of purchase to update your purchase date on record with Apple to get warranty coverage. Maybe that played into this case?

And this problem stems not from Apple, but from Nvidia. I started seeing this issue on new machines a few months after this model was first released, and Apple started going rounds with Nvidia around the 10 month mark, just before these machines were going to start falling out of the 1 year warranty. Nvidia insisted this was not a defect and refused to cover anything. We had to start refusing repairs for some machines after the 1 year mark. Then about 2 months after that I found that Apple had gotten sick of Nvidia stalling and denying, and decided to cover these repairs, before they had even gotten Nvidia to budge. Apple sent notice to users that had paid for a repair that would now be considered covered, and refunds were issued. Apple started the repair extension program for this issue and covered repairs from that point forward. This was months before Nvidia was forced to accept responsibility and start reimbursing Apple for the defect.

So I find it unfortunate that Apple is receiving a lot of FUD and bad press on this. They do tend to go the extra mile for their customers, they're consistently rated at the TOP for customer service. They were footing the bill for Nvidia's screw-up long before they were guaranteed of getting anything back. Try to find an example of that from any of the other computer manufacturers out there.

I say iTunes in its current iteration runs just fine on my PC (i5, 6GB ram, win7 x64). It no longer installs or requires quicktime so no idea what "bloat" people are still complaining about.

The app is snappy and apart from some wifi sync trouble ( https://discussions.apple.com/thread/3390119?start=0&tstart=0 ) has no other significant issues. A solid 4/5 for a media/phone manager suite.

I generally agree, although I do wonder why it needs 2 different processes going at all times just to let me plug in my iPod - every other USB device I have manages the same task with zero extra processes (though I do have to pick which program I want to run when I plug them in - horror of horrors). Not that it matters a lot, they use up a pretty insignificant amount of memory these days, it's just an annoyance. My only other complaint is that it constantly tries to get me to install things I don't want - iCloud, Quicktime, Safari; here's an idea, how about just updating iTunes with the updater instead of trying to trick users into installing crap they don't want or need.

That said I only use it to play music, rip CDs, and manage an iPod, so I don't exactly use it for anything as complicated as managing calendars or contacts (does it really do that? Weird - I hope it at least interfaces nicely with Outloook or some other calendar/contact software people might actually use?).

I say iTunes in its current iteration runs just fine on my PC (i5, 6GB ram, win7 x64). It no longer installs or requires quicktime so no idea what "bloat" people are still complaining about. The app is snappy and apart from some wifi sync trouble ( https://discussions.apple.com/thread/3390119?start=0&tstart=0 ) has no other significant issues. A solid 4/5 for a media/phone manager suite.

App Store iGun

Well, to be fiar the claims were that they were immune to Windows viruses.

That's like saying Macs can't run Windows software like, Photoshop, which is true, they can't, but they can run the Mac version of Photoshop.

In the second link they state 'Mac OS X isn’t plagued by constant attacks from PC viruses and malware.' and given that even Apple say that a Mac is a PC that is indeed untrue. It certainly lulls many (not all) Mac users into a false sense of security.