Slashdot Mirror

The backdoor was basically an eval that ran anything posted to it (according to the Ars article posted up thread). On my web host, Suhosin is enabled by default, and setup to block eval from ever running.

I.e. Even if I had installed this bad version of PhpMyAdmin, I would not have anything to worry about with regards that eval statement. So, security hey. It's hard, but not that hard.

Don't like to reply to ACs, but for everyone else's benefit, but Google may have an iOS mapping app in the works after all.

A widely used web package has a backdoor inserted.

Scary.

One of the regional mirrors of the largested software respository containing tens of thousands of projects is either hacked or was a plant from the start.

Scarier.

The backdoor code looks to be the work of someone who learned PHP on Monday.

Scariest.

Honestly, the only way it could have been more obvious is if the file was called backdoor.php. There was no attempt made to disguise the location or what the code was doing which is why it got caught so quickly. A complete amateur got caught with control over a chunk of Sourceforge downloads. In computer security when you find a breach you don't just close the obvious point of entry, you have to take a big step back and seriously ask 'what else was compromised'. In this case the big question is who else.

If this clown could do it and didn't get caught until an end user saw the stupidly obvious file and its stupidly obvious code (as opposed to a server log or other Sourceforge audit turning it up) what are the competent hackers up to. Real backdoors are blended into the existing code instead of being added as a seperate file. Real backdoors are designed to be hidden from casual inspection instead being completely obvious in their function and 'I don't belong here status'. Really good backdoors are designed to not look like intentionally malicious code even after they are found (ex. the wait4 backdoor attempt in the Linux kernel was pretty good, it got caught because the CVS hack used to insert it in a regional CVS mirror was flawed in several ways that raised alarms).

So, what kind of security/procedure/audit could have been in place, needs to be in place, so that something like this will raise an alarm even when the hacker isn't the most incompetent backdoor author in history? What kind of audit is needed to be sure it hasn't already happened?

This article about Apple (and Qualcomm) wanting to use TSMC came out a few days after the verdict.

You picked a terrible example. The United States Post Office loses billions of dollars every quarter.

Your larger point is sound--government bureaucracy doesn't necessarily mean higher overhead. But, I would rather see the one-cable-co one-phone-co monopolies broken up. Arkansas of all places has terrific connectivity because the Comcasts of the world never bothered locking the market up.

Don't get your hopes up yet.

This ignores the expense of laying out a new processor design BY HAND rather than algorithm.

You'd have to actually change something to increase cost.

http://arstechnica.com/apple/2012/09/iphone-5-deconstructed-packed-with-power-efficient-parts/

iFixit's usual thorough analysis reveals that nearly every hardware component has been upgraded or improved, yet is so power efficient that the battery capacity largely remains the same.

Or until someone comes along and starts taking their future profits away by building it now.

Yeah.. someone tried that, it didn't go so well when they got sued by the Telco.

RIM's main problem is that enterprise companies have started moving away from the platform. People don't want to carry around several smart phones and are much more eager to choose either iPhone or WP7 phones. Microsoft is known for being the office centric company and therefore has fantastic support for Exchange server and office apps. RIM lost the audience it had when Windows Phones were introduced (while Windows Mobile also had many work users, WP was a major improvement)..

While you present an interesting theory, reality is that noone is using Windows Phone. They had a market share of 3% of smartphones shipped. iPhone in particular and Android are the ones eating Blackberry's lunch. To make this even worse, this quarter Windows Phone is currently only sold on known obsolete phones. I'm glad I didn't get suckered into buying a phone that obsolete immediately, unlike Nexus Phones and iPhones.

Of course it does, which is why most companies make you sign non-compete agreements when they hire you. I'm not sure of California's rules on non-competes

At least as of 2008, they had no legal standing, with some narrow exceptions (Edwards v. Arthur Anderson LLP).

Yeah. In particular, the iOS 6 update apparently breaks web standards (and a number of web applications) by incorrectly caching HTTP POST reponses that it's forbidden from caching by the HTTP specification. It also apparently manages to break HTTP polling which a lot of web applications still rely on. And that's even before getting into the obvious user-visible breakage like maps...

Where the iPhone 4S was a dual GSM/CDMA device, meaning one model for all carriers, the LTE-enabled iPhone 5 comes in two separate GSM models and one CDMA model. This means that consumers will have fewer choices when switching carriers, and that LTE access will be limited when traveling abroad.

Since carriers utilize different radio frequencies (also known as frequency bands) for LTE service, Apple has had to diversify its iPhone 5 portfolio. This largely has to do with the fact that 4G LTE is still in the early stages of development, compared to more mature networks like 2G and 3G. It’s a messy situation that Android handset makers like Samsung and HTC have been dealing with when it comes to their 4G LTE devices. For example, the Samsung Galaxy SIII comes in nine model variants, five of which are specific to North American carriers.

The three iPhone 5 models include: GSM model A1428 that supports LTE Bands 4 and 17; GSM model A1429 that supports LTE Bands 1, 3, and 5; and CDMA model A1429 that supports LTE Bands 1, 3, 5, 13, and 25.

In layman’s terms, this means an iPhone 5 user who wanted to jump from, say, AT&T to Verizon or vice versa, would have to buy a new handset, since AT&T runs a GSM network and Verizon is CDMA. And where owners of GSM handsets previously enjoyed wide compatibility with foreign networks, LTE fragmentation means that AT&T customers using an iPhone 5 in Europe, for example, won’t be able to take advantage of LTE speeds while abroad and will instead get kicked down to the 3G network.

More at the link:

http://www.wired.com/gadgetlab/2012/09/iphone5-lte-model/

Is the Wired story incorrect? Is there more to this? Or is "able to connect to any GSM network" totally bogus?

More details here, including this blurb from Verizon:

UPDATE: Verizon got back to us, and said "Verizon Wireless plans to enable global LTE roaming on the iPhone 5 in the future. As there are many LTE frequencies currently being deployed around the world, Verizon will be surveying which markets line up best with the frequencies available in our version of the iPhone 5."

http://arstechnica.com/apple/2012/09/want-global-lte-roaming-on-iphone-5-dont-buy-it-from-att/

Perhaps this should read "able to connect to any LTE network that runs on compatible frequencies"?

One reason the space shuttle was so expensive was because of its size, a requirement from the US Air Force to have a huge cargo bay. What we need to reduce shuttle cost is something like a "baby shuttle" that only carries crew and a little cargo. It should be based on the "lifting bodies" that were being researched before Apollo diverted attention to the Moon, and to be made of modern materials like carbon-fiber - maybe something like Dream Chaser?
http://arstechnica.com/science/2012/09/the-long-complicated-voyage-of-the-dream-chaser-may-yet-end-in-space/

"P.S.=> What I personally LOVE though? The fact "marketers" are CRYING about it now... just like Arstechnica did after pulling bullshit that burned their AdBlock using crowd (but not hosts files, via "webbugs" usage) ->" - by Anonymous Coward on Thursday September 20, @08:10PM (#41406393)

Quoting that from myself, in a hurry here, but had to make SURE that was covered too... here goes:

PERTINENT QUOTES/EXCERPTS FROM ARSTECHNICA THEMSELVES: per my prior post I am replying to noting it @ its termination -> http://yro.slashdot.org/comments.pl?sid=3132773&cid=41406393

----

An experiment gone wrong - By Ken Fisher | Last updated March 6, 2010 11:11 AM

http://arstechnica.com/business/news/2010/03/why-ad-blocking-is-devastating-to-the-sites-you-love.ars [arstechnica.com]

"Starting late Friday afternoon we conducted a 12 hour experiment to see if it would be possible to simply make content disappear for visitors who were using a very popular ad blocking tool. Technologically, it was a success in that it worked. Ad blockers, and only ad blockers, couldn't see our content."

and

"Our experiment is over, and we're glad we did it because it led to us learning that we needed to communicate our point of view every once in a while. Sure, some people told us we deserved to die in a fire. But that's the Internet!"

---

Thus, as you can see? Well - THAT all "went over like a lead balloon" with their users in other words!

(Since Arstechnica was forced to change it back to the old way where ADBLOCK still could work to do its job (REDDIT however, has not, for example)).

APK

P.S.=> However/Again - It's ALL about the BENJAMINS folks...

... apk

Yes, you're very safe running Linux. http://arstechnica.com/business/2012/02/malicious-backdoor-in-open-source-messaging-apps-not-spotted-for-4-months/ http://www.networkworld.com/news/2012/082912-second-java-zero-day-found-time-262017.html etc.

Only it's not really the same "Slashdot" any more now, is it? It's like a sex slave being passed around from one plantation owner to another, but none of 'em likes her enough to cough up a weddin' ring.

The most recent of which was only a few days ago, and I actually found out about through ARS, not slashdot...

http://arstechnica.com/business/2012/09/slashdot-sourceforge-freecode-sold-to-jobs-site-company/

Makes you wonder if they are starting to regret their role as a sex slave.

For those not familiar with this paradigm shift in OS X, John Siracusa nails it in his Mac OS X 10.7 Lion Review.

I don't think either implementation makes the applications easier to use. They seem to have been done for no other reason than "we can".

Mountain Lion's implementations aren't as awful, adding back most of the 10.6 functionality to iCal and making Address Book usable without constantly clicking between screens. However, they've gone this far, it would be trivial to remove the stitching and faux leather leaving them with standard apps that follow colouring conventions.

Certainly from a HUI perspective and imho the changes aren't positive.

> Everyone wants Microsoft Windows on a tablet. They're already
> lining up for it. It's Windows -- the same interface, the same
> applications, compatibility with all the Microsoft back end processes...

Ooh, sorry, you thought Windows 8 on ARM could join a domain? Nope.

looks like slashdot was just sold again.

Gave it up? http://m.engadget.com/2010/09/06/ibm-claims-worlds-fastest-processor-with-5-2ghz-z196/

That's a CISC chip, by the way. (Memory-to-register arithmetic instructions, for example, although some of the more exotic instructions are implemented in a fashion similar to DEC Alpha's PALcode, wherein the instructions trap into a special processor mode with special non-architected instructions available, so the decimal fixed-point stuff and MVC/MVCL/TR/TRT/etc. stuff is sort of done in software.)

But, no, IBM didn't give up the Power architecture (or whatever you want to call the collection of architectures descended from POWER) either: http://arstechnica.com/gadgets/2009/09/ibms-8-core-power7-twice-the-muscle-half-the-transistors/.

However, neither of those are aimed at desktop/laptop machines, so IBM arguably did give up on doing processors for those machines. (In fact, after selling off the PC division to Lenovo and killing off the workstation side of RS/6000 and its successors, they arguably gave up on doing those machines, period.)

Also, porting has much more to do with APIs than instruction set.

In the example given by the person to whom you're responding, you're 10000% correct - it's not as if Apple switching to x86 suddenly made it easy to translate Windows applications to OS X applications (well, other than making the apps run "the lazy way" by running them atop Wine).

1 crore is 10 million, so this comes out to be 875 million USD roughly.

http://arstechnica.com/information-technology/2012/06/with-16-petaflops-and-1-6m-cores-doe-supercomputer-is-worlds-fastest/ says that livermore spent 250 mil on sequoia (which seems like a bit of a lowball to me, given the K computer's price at 1 billion), so throwing a lot more money at the problem would seem to give better performance.

Now I'll try to take a stab at the two questions. As "Can anyone learn to program?" is a requisite for "Can anyone be a good programmer?" I'll start with that question first.

Can anyone learn to program? : I don't know and I'm willing to venture a guess that no one on this forum really know either, regardless of how sure they may think they are. I venture to say, though, that I do think the vast majority of people can learn/be taught to program given the right instruction, motivation, and time. I'd recommend the following post on Ars. I think it provides a good example that the right instruction is crucial.

Obviously, some people are going to find programming more natural than others. For me, learning programming came very easy. Writing did/does not. Other people are the exact opposite. Does this mean that I can never learn to be an ok writer. I tend not to think so and I believe the reverse is true for people who are not naturally gifted for programming. What it does mean, at least to me, is that they have to learn to think in a new way (admittedly not easy, but it is possible). The real question then is how much effort will it take, does the person have the motivation to do it, and is it a worthwhile venture. I'll leave these to somebody else to answer.

Next, can anyone be a good programmer? This is really more of an extreme version of the other question. I'll hold to what I said with the previous question that most people could. However, the issue of whether it is worthwhile to spend the amount of time to develop the skills to become proficient is even valid. I suspect the answer is no. While I'm a believer in developing a range of talents, I also believe that being productive in society means that one needs to hone their skills in an area to become as good as they could possibly be. It seems natural then that the area in which one attempts to excel in is in an area that they are naturally gifted in to begin with. The person could then progress much further and the initial learning curve and potentially the later learning curve is much less steep for them. Lastly, one additional question: can anyone become an amazing programmer? To this I would have to say almost always no. This is akin to saying, "Can anyone become a DaVinci, a chess grandmaster, or an elite athlete?" Reaching the pinnacle of an area requires both dedication and natural ability. Even most programmers will never reach such a level that they can see any problem and quickly come up with an elegant solution for it. This is at the far end of the ability scale and for someone who isn't naturally adept at programming, and asking them to figuratively carve David.

Just my 3 cents.

http://arstechnica.com/tech-policy/2012/07/microsoft-wins-injunction-against-motorola-phones-in-germany/ [arstechnica.com]

http://arstechnica.com/tech-policy/2012/07/import-ban-on-motorolas-android-products-takes-effect-wednesday/ [arstechnica.com]

http://arstechnica.com/tech-policy/2012/07/microsoft-wins-injunction-against-motorola-phones-in-germany/ [arstechnica.com]

http://arstechnica.com/tech-policy/2012/07/import-ban-on-motorolas-android-products-takes-effect-wednesday/ [arstechnica.com]

http://arstechnica.com/tech-policy/2012/07/microsoft-wins-injunction-against-motorola-phones-in-germany/

http://arstechnica.com/tech-policy/2012/07/import-ban-on-motorolas-android-products-takes-effect-wednesday/

The Amazon discussion is kind of off topic here and my personal opinion. I feel that if Amazon had customized Android but retained compatibility, it would actually be better for Amazon because their tablets wouldn't be poorer cousins of devices capable of running Android apps, and would lead to more and higher quality apps across the Android ecosystem. They could still have skinned it to hell with Amazon services and products given prominent space and not license the Play store or Google apps. The difference would be that apps that work on a Nexus 7 would also work on a Kindle Fire.

http://arstechnica.com/tech-policy/2012/07/microsoft-wins-injunction-against-motorola-phones-in-germany/

http://arstechnica.com/tech-policy/2012/07/import-ban-on-motorolas-android-products-takes-effect-wednesday/

The Amazon discussion is kind of off topic here and my personal opinion. I feel that if Amazon had customized Android but retained compatibility, it would actually be better for Amazon because their tablets wouldn't be poorer cousins of devices capable of running Android apps, and would lead to more and higher quality apps across the Android ecosystem. They could still have skinned it to hell with Amazon services and products given prominent space and not license the Play store or Google apps. The difference would be that apps that work on a Nexus 7 would also work on a Kindle Fire.

So this deserves to stay up while footage of the Mars rover should be taken down? Right-o.

Google deserves no praise for this. The making of 'Innocence of Muslim' was likely illegal because the guy who made it was legally obligated to not use the internet for the duration of his probation. As other comments have pointed out, if someone was offended by this movie and wanted it to disappear a simple DMCA takedown notice would have sufficed. Instead, people invested in seeing conflict in the Middle East want this video up so that they can stoke the flames of anti-American sentiment. Google, with all of their idiotic policies, is playing right into this. Shame on all of you.

So this deserves to stay up while footage of the Mars rover should be taken down? Right-o.

Google deserves no praise for this. The making of 'Innocence of Muslim' was likely illegal because the guy who made it was legally obligated to not use the internet for the duration of his probation. As other comments have pointed out, if someone was offended by this movie and wanted it to disappear a simple DMCA takedown notice would have sufficed. Instead, people invested in seeing conflict in the Middle East want this video up so that they can stoke the flames of anti-American sentiment. Google, with all of their idiotic policies, is playing right into this. Shame on all of you.

Is there any source for this statement besides The Inquirer?

Yes.

Interestingly, the Ars Technical piece in question doesn't directly quote anybody from Intel saying Clover Trail “cannot run Linux”, they just say that the Inquirer reported that an Intel spokesperson at the Intel Developer Forum made that statement.

That's not "Yes," that's "No." If Ars is referencing The Inquirer, then there is no other original source than The Inquirer. Given The Inquirer's reputation, I think it's pretty important that we get independent confirmation before rushing to get the torches and pitchforks ready (or rushing to defend Intel's rights, depending on your bent).

Actually, Uniloc has sued Microsoft, Sony, Adobe, Electronic Arts, and a host of other companies large and small. Some of those suits (such as those against Mojang and EA) were based on the same patent as the suit against Laminar Research. It seems to me that the defendants should try to work out a shared defense, since it's in all of their interests to see the patent invalidated.

I'll also note that it's interesting that Google has apparently not tried to intervene in the suit. Compare that to the Lodsys suit in which Apple intervened on behalf of iOS developers.

Could be that MS has beta samples of Clover Trail on which they developed Windows 8 Tablet version.

According to the Ars Technical note on this

To achieve that, Intel worked closely with Microsoft to instrument the chip to allow Windows 8 to control Clover Trail's advanced power management features, which support what Perlmutter called "always-on" functionality.

On the iPhone CarrierIQ did not do most of the stuff the Android version did - no key logging for example.

Apple got rid of CarrierIQ with iOS5 updates anyway.

Your comprehension must not be up to par, sir. Anyone should know I'm talking about Intel's claim that "This will not run Linux" and "This is a Windows 8 Chip" means linux kernel vs Microsoft kernel.

Somebody's skills aren't up to par; I'd vote for the person who spoke of "a competing kernel" without indicating why Intel would care about two competing kernels when they make neither and have supported both and without bringing up collusion - the only thing that could be at issue here would be collusion between Microsoft and Intel, so I don't think anybody could go after Intel alone on an anti-trust issue, they'd have to go after both Intel and Microsoft.

(I'm also a bit skeptical that any antitrust authority would give a rat's ass about Intel just stating that "this chip will not run Linux" - assuming they really did say that; the Ars Technica piece merely says that the Inquirer is claiming that they said that, and are only themselves reporting what David Perlmutter said. I rather doubt Linux developers would be dissuaded from trying to make Clover Trail work merely because Intel says it won't - heck, it might encourage them. It's only a big issue if Intel are telling the truth, e.g. if you have to support the new power management features to run on Clover Trail at all and if Intel are only documenting those features in non-public documents.)

Intel is using a dominant market position

So this chip expected to be used for desktop/laptop computing to a significant degree? Intel hardly has a dominant market position for tablet computing (and Microsoft doesn't have one, either).

to say "This won't run Linux, use Windows 8 instead!"

...which means that, if there are any antitrust issues, they'd have to involve collusion, given that Windows 8 isn't an Intel operating system.

Is there any source for this statement besides The Inquirer?

Yes.

Interestingly, the Ars Technical piece in question doesn't directly quote anybody from Intel saying Clover Trail “cannot run Linux”, they just say that the Inquirer reported that an Intel spokesperson at the Intel Developer Forum made that statement. What the Ars Technica piece reports from IDF is

On September 11, Intel Architecture Group Executive Vice President David Perlmutter told IDF attendees in his keynote that the Clover Trail system-on-a-chip architecture was designed specifically for Windows 8 tablets and “convertibles.” In effect, Clover Trail is Intel’s effort to provide a full Windows 8 experience (including enterprise features missing from Windows RT) on devices competitive with ARM-based Windows 8 tablets.

To achieve that, Intel worked closely with Microsoft to instrument the chip to allow Windows 8 to control Clover Trail's advanced power management features, which support what Perlmutter called "always-on" functionality. It's that special sauce in Clover Trail that won't be supported for other operating systems, including Linux, likely in part because of Intel’s desire to keep those features close to the vest—and because of contractual obligations to Microsoft.

so maybe 1) you can't run on Clover Trail without using the advanced power management features and 2) the documentation of those features won't be public (Intel have had documented-but-not-publicly-documented hardware features in the past), in which case Clover Trail won't be able to run Linux unless and until the features in question are reverse-engineered (and maybe there are Intel and/or Microsoft patents on those features to get in the way of doing that).

Or maybe not. Perhaps, for example, the features aren't required, but Linux-on-Clover-Trail will run the battery down faster if it doesn't use them.

That is entirely different from what intel is implying, which is that the BIOS issues regarding windows 8 preventing other operating systems from running

I don't see anything in TFA to indicate that Intel is implying that. Perhaps you're inferring that, but I'm not sure what those "BIOS issues" are; if you mean "UEFI issues", that's part of Microsoft's requirements for UEFI-for-ARM, not UEFI-for-x86.

TFA doesn't say where the statements in question were made, but the picture accompanying the article makes it look as if it were an Intel presentation somewhere, and if I look for Intel presentations in San Francisco around this date, it suggests this was probably the San Francisco 2012 Intel Developer Forum.

Given that, a little more searching found an Ars Technica item about this; it says

On September 11, Intel Architecture Group Executive Vice President David Perlmutter told IDF attendees in his keynote that the Clover Trail system-on-a-chip architecture was designed specifically for Windows 8 tablets and “convertibles.” In effect, Clover Trail is Intel’s effort to provide a full Windows 8 experience (including enterprise features missing from Windows RT) on devices competitive with ARM-based Windows 8 tablets.

To achieve that, Intel worked closely with Microsoft to instrument the chip to allow Windows 8 to control Clover Trail's advanced power management features, which support what Perlmutter called "always-on" functionality. It's that special sauce in Clover Trail that won't be supported for other operating systems, including Linux, likely in part because of Intel’s desire to keep those features close to the vest—and because of contractual obligations to Microsoft.

Still somewhat speculative ("likely in part because of..."), but a bit less handwaving than the Inquirer piece. Intel do have hardware features that they don't publicly document, and those power management features may fall into that category.

"You do know Android is free, right? "

http://arstechnica.com/information-technology/2011/10/microsoft-collects-license-fees-on-50-of-android-devices-tells-google-to-wake-up/

It's coming to the US first.... Nov 18: http://arstechnica.com/gaming/2012/09/wii-u-coming-to-america-sunday-november-18/

How about it doesn't work in Australia?

Good news! Haswell (the GT3 variants of it anyway) should approximately double Intel's IGP performance. For example: they demoed it playing Skyrim on High settings at 1920x1080.

Plus, some other good stuff.

they may be aweful, but the hosted email has been damn decent for the 4+ years I've been with them. I've always sort of snickered at the shit anonymous did, but now their vendetta against a big company fucks us little guys too.

Please don't misconstrue this as support for Anonymous' actions. You seem to forget that SOPA would fuck the little guys, too. Perhaps you've forgotten who supported that legislation, and why Wikipedia and many others (including myself, a customer for over 10 years) have left GoDaddy.

I dont disagree with most of what you said, except the general implication that because some proprietary companies suck at security they all must.

Sorry, that wasn't the intended implication. The intended implication was that proprietary companies can hire competent security folk, but they have to go out of their way to budget for it, a point most proprietary companies don't focus on. Of course, the truth is that in the open source world, the "many eyes" and "statistically....a few qualified people" only works if the project receives enough attention to have those many eyes. That still leaves the outliers, both in proprietary companies and small projects, where there is enough just good programming practices to mitigate most security risks.

Also,

You see, as horrible as the whole situation might be with the potential OpenBSD's IPSEC backdoor, the fact that we know about it gives us the option to audit the code or to outright avoid the code because we know of the potential threat.

Thats true, but youll note that if the accusations are correct (and I see no indication that anyone has actually done the audit, 2 years later), it took 10 years and then the backdoor was not even caught by OSS devs, it was revealed by an insider whose NDA expired.

To the contrary, OpenBSD code audit uncovers bugs, but no evidence of backdoor covers the point that an audit was done and while bugs were found--one nasty one at that--, that there was no evidence of an extant backdoor. Of course, a more useful question would be if there ever was a backdoor, and that sort of audit wasn't done, AFAIK--and I'd really love to see someone do that audit since I know I'm not qualified. But the original discussion was the probably of a blatant backdoor surviving. And even a less blatant one apparently couldn't survive in OpenBSD it would seem--unless the backdoor was explicitly removed by the backdoor inserter at some point. Of course, without evidence of there ever being a backdoor, it's really hard to use the whole OpenBSD IPSEC Backdoor as any sort of data point. :/

If you want portable, I'd say get a netbook. Even though they get fewer and fewer, there are still some around. You'll have to find one on sale if you want to break $300 though. I'd also recommend installing Linux if you don't want it infested with all sorts of nasty stuff within weeks.

If it doesn't have to be portable, build one. Easily done for <$300 and your kid will learn a lot. And if he built it he'll treat it with more respect.
It's trivial (there are many instruction videos on YouTube) and for parts lists you can start at http://arstechnica.com/gadgets/2012/04/ars-bargain-box/.

So much arrogance and bitterness.

Read the guy's story (yes, I'm re-linking to TFA in a comment) on Ars and the guy's AmA over on Reddit. You don't have to like the guy's game (which most certainly isn't a dinky flash app that he probably knocked out in a couple of weeks - it took him 10 months), but you have to admire his class, and if you inisist on letting the Internet know you don't like his game, you should definitely be more polite than "quite frankly it's crap."

Do you want George Lucas to go edit the Wiki pages on Star Wars and note that Greedo always shot first? Enforcing a secondary source means he first has to convince some citable source that it's what happened, which provides a check that Wikipedia's crowdsourced model on its own can't.

>Apple supports firmware updates including full hardware support for about 3 years at least.

That is probably why I'll buy the new iPhone when it comes out despite knowing it'll have a proprietary power plug instead of microusb and a walled OS. Maintaining the OS is crucial since no OS is bug-free when it's shipped. Android, by not having a routine patch policy, is just a few bugs away from a clever black hat finding the flaw that'll give them complete control of handsets around the world.

I had hoped that perhaps Microsoft would have understood this but the way they rolled over for the telcos suggests that Apple is currently the only handset company that has a grip on how important a uniform platform is.

Which is a sweet price for a 7" tablet as long as it can be rooted and ROM'd.

http://arstechnica.com/gadgets/2012/09/amazon-shows-off-new-kindle-fire-shipping-sept-14-for-159/

A dream that all web sites use https for everything. Why do so many web sites still not use https? Do they *like* third-parties being able to snoop on their visitors?

https://www.eff.org/https-everywhere/faq
https://httpsnow.org/
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/
http://arstechnica.com/business/2011/03/https-is-great-here-is-why-everyone-needs-to-use-it-so-ars-can-too/
http://serverfault.com/questions/161854/how-to-set-up-https-without-paying-anything-anywhere-but-with-no-warnings-from

A dream that all web sites use https for everything. Why do so many web sites still not use https? Do they *like* third-parties being able to snoop on their visitors?

https://www.eff.org/https-everywhere/faq
https://httpsnow.org/
http://arstechnica.com/business/2011/03/https-is-more-secure-so-why-isnt-the-web-using-it/
http://arstechnica.com/business/2011/03/https-is-great-here-is-why-everyone-needs-to-use-it-so-ars-can-too/
http://serverfault.com/questions/161854/how-to-set-up-https-without-paying-anything-anywhere-but-with-no-warnings-from

First, in the physical world, shelf-space is limited. A store can't carry everything because there isn't room. Thus, Barnes and Noble doesn't carry your novel because they'd rather stock their shelves with something they believe will sell. Needless to say, this isn't a factor in the digital world.

Well, I'm pretty sure if I wrote a game, Valve won't sell it on Steam, which is a perfectly virtual marketplace - adding my game would consume little on Valve's servers.

Hell, I know they're also being picky because there's a campaign to get a game ported to PC and distributed by Steam (it's on PS3, Xbox360, iOS, Android, and Mac, but not on PC and Valve for some reason won't talk to the developer to put it on Steam).

Anyhow, the other thing is well, you can bet Apple's actually sitting pretty - considering Androids are outselling iOS 2:1, iOS users though are buying apps and spending money on the whole ecosystem. (They're also using a LOT more data - Mobile Safari is still getting way more traffic than any mobile browser out there... so unless every Android user is using a different browser that fakes desktop user-agents...).

Apple's making money, developers are making money (compared to Google Play for the most part - there are a few devs making more money off Android than iOS), the question becomes - if Apple decided to be a free-for-all like Google Play, will they and developers earn even MORE money?

And that's the real question that needs to be asked. Apple's about making money. If opening up the App Store means Apple can sell even MORE iOS devices (iTunes makes very little money for Apple, so app sales really don't factor in) than they do now, then yes, it makes sense for Apple to open it up. If however, it does diddly, it's not worth it.