You're wrong. I've done this, in multiple groups of people. The majority answer is always along the lines of "I ignore ads, so I don't care".
Yes, most people say that, but it really isn't true. If they saw an ad for something that really interested them, they would notice it, and they would look into it further (and maybe even buy something). The problem is that the overwhelming majority of ads are completely irrelevant to the person seeing them, and as a result, people ignore them. Fix the first problem, showing only ads that have a real chance of resulting in user action, and the second problem goes away, because users stop being numb to the ads.
... and that information sold to various third parties they're not even aware of who then use it to build profiles of them...
You just changed the rules pretty dramatically with that part. An ad distributor knowing things about me is very different from them offering that information for sale to arbitrary third parties. Targeted ads don't really work that way. The actual advertisers know how many times an ad was shown, but not who saw it, specifically. That's an important distinction from a privacy perspective. It's the difference between knowing there are 1900 people in the U.S. who like midget porn, and knowing who those 1900 people are. (Yes, this number is made up.)
oh, by the way, they *might* also see ads which are more targeted toward their specific interests rather than targeted toward the content of the pages they're visiting
Substitute "would" instead of "might". The main thing that is missing right now is a reliable signal about whether you've bought something already, and whether you are likely to buy that same thing again in the near term. Targeted ads are often delayed so much that they're useless by the time you start seeing them.
The big thing you're missing is that having more information about consumers would result in fewer ads, both because advertisers wouldn't show ads with low likelihood of success and because each ad that they do show would pay more because of the higher likelihood of success. And the ads that do get shown would be more useful to the consumer. If you think that fewer, more targeted ads isn't a benefit to consumers, then you're naïve.
From my perspective, ads that interrupt me and prevent me from doing things are evil and should die. Ads that play sound and video over my cellular connection should also die. But low-bandwidth, passive ads are ignorable, which means they don't really do much harm, and occasionally, they even end up being useful. The problem is that those occasions are so rare that they almost go unnoticed. (Also, when they might have been useful, 99% of the time, they're things like "shop for XXX on site YYY" and I think "Oh, I hadn't thought about searching for it there," and then I try it, only to discover that site YYY doesn't actually sell XXX. But that's kind of a targeting problem, too, just of a different sort.)
Sorry, I worded that badly. The point I was trying to make was that having the data is valuable for more than just pure design issues. It also helps when figuring out bugs. For example, you might discover through reproducing the exact steps that in some particular path through the app, some critical view never becomes visible for some reason, thus resolving a customer complaint in a way that wouldn't be possible without data. And, of course, it helps in reproducing crashes and other misbehavior.
Microsoft did not poison the well. The companies that ignore the do not track flag are the ones that are at fault here.
Microsoft turning on that flag for everyone could not possibly have made any difference in the behavior of advertisers that were already ignore that flag. The only thing that turning the flag on by default did was give advertisers that *didn't* already ignore it a compelling reason to do so. They most certainly did poison the well.
Microsoft actually did what most people would want - NOT to be tracked.
Citation needed. If you ask random people, "Would you rather see random ads for things you don't care about or ads that direct you towards products you might actually be interested in," I guarantee you that 99% or more of people would choose the latter. This is what tracking makes possible. It doesn't just benefit advertisers. It also benefits users.
The real question is should tech companies track people the way they do. If you ask the average person they would almost certainly say "No I do not want to be tracked"
If you asked the average person, "Do you want us to give you a shot," they will also say no. If you asked the average person, "Do you want to be vaccinated against a deadly pandemic plague that is sweeping across Europe right now and will almost certainly hit our shores in a matter of days," they will all say yes. Asking people a question without giving them the information needed to make an informed decision is a useless thing to do, because the results are meaningless.
The right question to ask is not whether users should be tracked, but rather whether users should have the right to see, inspect, correct, and, if desired, delete data that has been collected or inferred about them. If users have that right, then very, very few people will want to not be tracked, because the benefit of tracking will greatly exceed the negligible loss of privacy.
I disagree with this point. It's my app/website/whatever. If I want to use information that your browser or operating system sends to my server, I don't have to tell you what I'm collecting or how I'm using that information.
And that, my friend, is the reason the EU made the GDPR and will slap a fine on you if you ever practice that kind of thinking towards consumers in the EU.
When people do not expect to be spied on, it's not legal to spy on them.
Just like it's not legal to hide a camera in a public restroom and take a snapshot of your private parts.
Storing data about how an app is used is hardly tantamount to hiding a camera in a public restroom. It's more like sticking a security camera in a parking lot and recording who comes and goes, and what path they take through the parking lot. Just as there's a presumption that companies can install security cameras to monitor their property, there's a presumption that every website has access to any data that the user or the user's agent (the browser) sends it.
And even for personal data, as long as the website does not expose that personal data to anyone, it really isn't a privacy issue no matter how the website processes and aggregates that data. Personal data only really becomes a privacy issue when actual human beings other than the end user gain access to that information, either intentionally or through negligence, unless the user has expressed a desire to share that information.
So while the GP isn't entirely correct insofar as sharing that collected information with others is potentially illegal (even in the U.S.), it isn't an entirely unreasonable starting point for understanding the website's rights. It is just missing a couple of key parts:
I don't have to tell you what I'm collecting or how I'm using that information, so long as that information is never shared with anyone (including employees of the company) in a non-anonymized manner unless the user has agreed to such sharing.
The GDPR requires that this agreement be explicit; such requirements seem like overkill to me, as they lead to nonsensical interpretations, such as a user having to explicitly agree to share the data that they put in their public profile on a web bulletin board (or, more comically, their posts on Slashdot). But requiring some form of agreement, either explicit or implicit, before sharing data seems kind of obvious.
Of course, even with that narrower interpretation, the elephant in the room is the question of whether any actions that the website performs using that data could indirectly expose it. And the extent of such a violation depends on how sensitive the information is. For example, suppose you have a secret fetish for some unusual kind of porn and some website manages to learn about that fetish. If the website having that information causes you to see advertising for that type of porn while visiting some otherwise innocuous website while other people are looking over your shoulder, that's a huge privacy violation even though it didn't explicitly reveal that you like that type of porn, because the presence of those ads strongly implies it. This is equally true for medical conditions, job searches, etc. under the right circumstances.
So merely not sharing the data with other people is not quite enough. You have to also avoid using the data in ways that could negligently imply the data even without explicitly stating it.
You can sort that kind of stuff out in UX testing: you can see what they are doing if you're there, in the room with them, while they are doing it, and your tester knows you are watching them.
No, you can't. Not even close. When you're trying to debug a hard-to-reproduce crash, being able to know exactly what was happening in the app that led up to the crash can often provide crucial insight into reproducing it.
So yes, ostensibly locking the screen prevents someone from running the app, but if somebody manages to couple this with a remote exploit that allows running code without console access, I don't think a locking screensaver will help.
Those are hypotheticals that are not demonstrated in the video. Maybe if the thief has root access they can steal even more, but that's not demonstrated.
Those are not hypotheticals. I'm just describing a chained privilege escalation exploit, which is how most actual exploits in the real world happen. Like all local security holes, this can't cause users any problems until somebody comes up with an attack that lets them run code on the box, but that doesn't mean the exploit isn't worth worrying about.
Those are hypotheticals that are not demonstrated in the video. Maybe if the thief has root access they can steal even more, but that's not demonstrated.
The design of the keychain is such that even with root privileges, it is not supposed to be possible for a local attacker to gain access to the contents of the keychain. Data is encrypted at rest, and it is not supposed to be possible for arbitrary processes to access data except as permitted by each item's ACL (and even then, only after the keychain is unlocked). If any of those security measures aren't working, then it is a very *big* security hole, because it means that your keychain's keys are only as secure as the least secure app on your system.
And, if you're already logged in to the account...
Are you sure? I mean, ostensibly it doesn't work if the keychain is locked, which at least is supposed to happen when you sign out (*not* when the screen saver locks the screen), but can we be certain that this isn't a password bypass attack on the keychain locking itself? The article says nothing about the mechanism of action, nor about conditions under which it is reproducible.
Logout or have a locking screensaver and you're safe.
I'm pretty sure that's not true. Apps continue to run in the background when the screen is locked, and AFAIK have the same access to the keychain as they do when the screen is unlocked. So yes, ostensibly locking the screen prevents someone from running the app, but if somebody manages to couple this with a remote exploit that allows running code without console access, I don't think a locking screensaver will help.
Basically, you're relying on defense in depth and hoping for the best, unless I'm missing something, and that's less than ideal.:-)
It is probably better to change your keychain settings to lock the keychain on sleep and then put your machine to sleep instead of leaving it protected only by a screensaver — assuming, of course, that this is not a complete password bypass.
Even if we ignore Adobe's historically poor grasp of security (the only company I would trust less to be in my hardware than Adobe is the NSA), there's no sane reason for them to even consider this, because they don't build hardware.
The only plausible reason that they could have for considering this would be to build some sort of special GPU optimized for Photoshop or something, and given that they would almost certainly not let anybody else develop software for such a beast (or else it would stop being a competitive advantage), the net effect would be vendor lock-in for no obvious consumer gain (because even if they managed to somehow beat the GPU makers at all on some specific task, the advantage would undoubtedly disappear within months).
So the only question left to ask is "What are you smoking, and where can we get some of that?"
The iMac Pro was great. The new Mac mini was fantastic.
They're overpriced and underwhelming, way more than before. I had one of the first intel xeon Mac Pros, and at the time if you tried to build or buy something similar it would be about the same price for the components. Now you're touting the new mac mini as being fantastic?
FWIW, the Mac Mini was always overpriced, from the first day that the Intel version shipped. Competing on cost was never Apple's strong point, though they were usually within a few percent on high-end models in their base configuration (with no extra RAM or HD upgrades). Their upgrades have almost always historically been more expensive than buying the machine in the base configuration, buying the upgrade outright, and throwing away the parts you took out.
I don't understand why people would be resistant to this merger, really? Sprint is a dying company that's been up for grabs for a while now. Their cellular service has lousy coverage and they've resorted to heavily discounting iPhones to get people to take their garbage network.
That's not my experience in the Bay Area. I've found them to be more reliable in the places I care about than AT&T was, and a close second to Verizon. Perhaps you just live in a place where it isn't financially viable for more than two carriers to compete. But that's not a good reason to ruin it for the folks who live in places where Sprint is a viable competitor.
In that light, we're not losing much of anything by having Sprint go away. T-Mobile has been growing, but is still the "underdog" compared to Verizon or AT&T. If they can make use of the Sprint network as something to supplement their own, and get the boost to the subscriber-base by acquiring Sprint customers -- it seems like it puts them on more even footing with the "big 2".
They can do that anyway. There's nothing stopping Sprint or T-Mobile from leasing access to each other's towers to each other, and there's also nothing stopping them from spinning off some of their towers into a holding company that is owned jointly by both companies. In fact, I would argue that this is the only sensible thing to do for towers that serve outlying areas (and maybe even small cities), assuming any of those towers are even owned by Sprint or T-Mobile rather than leased from the North Podunk Cellular Company or whatever.
Really, the only impact of a merger, other than reducing administrative overhead, is reducing consumer choice by taking away half of the rate plan options.
I don't see much chance of somebody coming along and wanting to buy Sprint just to continue operating it as a separate entity. The opportunity was there to do that for the last 7 years or so, and nobody seriously expressed interest.
Why does someone need to buy them? They're a profitable business. I see no reason that the status quo can't be maintained indefinitely.
They won't raise prices following the merger. No. They'll wait 3 whole minutes and then raise prices in a completely unrelated way.
This kind of misses the point. The reason that reducing the number of carriers hurts consumers is that it reduces consumer choice. Even if the prices don't change as a result (and they might not), the fact remains that different carriers have different plans with different options. Some people might prefer unlimited data. Others might prefer a cheaper, metered plan. Some might be okay with reduced quality from Netflix, and others might not. And so on.
As consumers, we have these choices because we have multiple carriers competing. The fewer carriers, the fewer options, and the more likely consumers are to get screwed, even in the absence of companies jacking up the price.
Now if they want to agree to provide all plans from both of the two services going forwards, and to subject themselves to a public utilities commission with the right to veto plan changes, that's a different matter, but short of that, fewer choices is bad for consumers, period. The size of the resulting network doesn't change that, and neither does a promise not to raise rates.
The fact that response was delayed is an issue yes, but within a week is still pretty good compared to many companies customer response - which is never...
Apple included. The slowness and inconsistency of Apple's bug handling is well known among everyone who has ever worked there or developed software for any Apple platform. In fact, at least a few years ago, it was a long-standing joke among Apple engineers that they'll close most of the bugs when they deprecate and subsequently drop support for the technology, at which point they can close them as "Cannot reproduce".
Regarding shingles, the problem with the chicken pox vaccine is that it destroys the NATURAL "herd" immunity. Previously parents and grandparents would be re-exposed and get natural boosters.
The problem with that is that not everybody is a parent or grandparent. The vaccine does not destroy the natural herd immunity. It augments it in people who otherwise would not be exposed.
There are two types of T cells. T1 and T2. You need a balance of both to have a good immune response. Almost all vaccines only stimulate the T2 system, making "anti-bodies".
That's complete crap. First, Th1 and Th2 responses overlap; both are responsible for creating antibodies, and vaccines inherently stimulate both. Anyone saying otherwise is almost twenty years behind in his or her medical understanding. Further, neither T1 nor T2 are responsible for long-term immunity; the follicular helper cell, Tfh, is.
The body is complex. The environment is complex. It is complete hubris to think that we can wipe out all pathogens.
And because things are hard, we should not try? With that attitude, we would not have satellites. We would not have computers. We would not have automobiles. It might be hubris to think we can succeed, but it is complete defeatism to think we cannot do any better than we have already done.
There are sound religious, scientific, and social reasons to be skeptical of vaccines.
No, there are not sound scientific reasons to be skeptical of vaccines. Decades and decades of vaccines bringing previously mass-fatality diseases to their knees tell us that vaccines work. Do they work for everything? No. See also influenza. But science tells us that the fear of vaccines is nonsense. Only people spewing pseudo-scientific crap about T2 overstimulation and other absurdity are telling us to fear vaccines. There's a reason that no actual science has ever implicated vaccines as a real health concern, and that's because it isn't.
It's usually much faster to fix your own flat, assuming you took that course at MIT.
It would be if Teslas came with a spare tire. But they don't, so it isn't.
At best, any road-side patch job is going to be poor and failure prone; at worst, it will corrupt the inside of the tire in a way that makes it impossible for the tire shop to do a proper patch later. That's why the recommended approach is to have Tesla roadside assistance bring you a free loaner spare.
Unfortunately, because their call centers are massively understaffed, that can take hours, so you're often better off calling a local towing company and paying for a flatbed to haul your car to a tire shop. And that's what they're trying to fix. Hope it works.
In the meantime, having heard some recent horror stories, I'm seriously considering just buying a spare tire and keeping it in the frunk.:-)
The vast majority of issues were non-engine related. Things like brakes, cv-joints, ball joints, wheel bearings.
Thats the opposite of my experience. In my experience, not counting preventative maintenance (replacing the brakes, oil, or tires, none of which are really repairs, per se), the vast majority of failures I've seen are for emissions control systems — things like:
O2 sensor
EVAP system.
Fouled vacuum lines
Mixture issues causing the engine to run lean / produce high NOx
Even though most of these should just be a nuisance most of the time, they aren't if you live in a state that requires a smog check. Also, transmission problems are surprisingly common, particularly in certain models of vehicle.
And none of the things on my list exist on EVs. The number of engine parts in an EV are at least an order of magnitude lower than the number of similar parts in an ICE car, and maybe two. And there's just a fixed gearbox with no transmission. That means way fewer things to break.
And speaking of brakes, an ICE car's brakes last 30-70k miles, depending on model. EV brake pads (and plug-in hybrids) can last hundreds of thousands of miles, thanks to regenerative braking. And no oil changes. So the preventative maintenance is much less, too.
Do you get a smallpox vaccine? No, smallpox was eradicated.
Unless you are working in labs that maintain samples of smallpox for research, this is probably true. That said, if a new outbreak ever occurs somehow (e.g. cross-species transmission), then being able to rapidly ramp up those immunizations could be pretty important.
Do you get a chicken pox vaccine when you already had chicken pox? Probably not. The efficacy of having had chicken oox is better understood than the efficacy of the vaccine.
Actually, that's untrue. People who have previously been infected by chickenpox need a vaccine booster later in life. The chickenpox virus is never completely eliminated from the human body, and as a result, it can resurface in the form of shingles, a painful and debilitating condition that affects a million people per year in the United States alone. Given that the chickenpox vaccine was not approved for use in the U.S. until 1995, exactly zero percent of the main at-risk age group (elderly) were vaccinated as a kid, which is to say that (approximately) all cases of shingles occur in people who had chickenpox, not the vaccine. But periodic booster vaccination can prevent it from occurring/recurring.
Do you get your second dose of gardasil as a child? No, you get it later in life assuming you even want it or some guideline has not changed.
Huh? Like all vaccines, protection lasts for a period of time.
I would ask that you idiots please stop talking about vaccines as though they were some monolithic thing that everybody gets from big brother.
Vaccines aren't all the same, but they are pretty darn similar except for the virus itself. They confer an immunity to a particular virus and similar viruses for a period of time. They must periodically be supplemented by a booster if continued immunity is required, and mutation of viruses can result in less or no protection (e.g. influenza). The only questions you need to ask are:
Am I at any real risk of exposure to that virus?
That's it. There's really only a single factor to consider when deciding whether to be vaccinated. People who go to countries that have more viruses need more immunizations. People in the U.S. need fewer (but still more than none). And when groups of people refuse to get immunized, the herd immunity of the society they live in is reduced, and everyone is at greater risk of dying from what would otherwise be an entirely preventable disease.
Let me preface this by saying that I would not mind Forstall coming back as the head of the iOS UI design team. IMO, everything Apple has done to the user interface since Forstall's departure is approximately as abhorrent as you can get from a human interface perspective. The clean lines and flat simplicity result in a lack of depth cues that would otherwise make icons and buttons easily recognizable, which slows down user input significantly. And just about all the new features have been useless crap like Memojis (which are fine, but not as the *only* improvement). Bringing Forstall back and putting him in charge of the UI design team would be a positive improvement, because that is where his strengths lie. However, Apple should absolutely not put him in charge of iOS as a whole, and certainly not the company as a whole.
You see, Scott Forstall created the iOS culture that ran roughshod over the Mac culture within Apple. That new culture is basically responsible for everything that is wrong with the company today. Under his leadership, paranoia and internal power struggles grew massively, which really hurt the company by reducing the amount of feedback on products early in the design phase (when problems can be easily fixed). Of course, those problems didn't get fixed when Forstall left, because the people who took over didn't make any meaningful changes. Instead, the status quo continued, which is why things haven't gotten any better, and indeed, have continued to deteriorate.
IMO, the problems with Apple's post-iPhone culture run deep, and fixing them will be a big job for anybody who takes over the reins. I don't think for one minute that Forstall would be able to do that if brought back as a VP or CEO, much less be inclined to do so. Instead, I'd expect him to double down on all the things that are wrong, and generally make things worse until the company implodes.
So no, Apple doesn't need Forstall. It needs Wozniak. He's one of the few people who routinely calls Apple on its bad ideas, and I think he mostly shared S.J.'s vision for the company and its products. Whether he could be convinced or not is another question, but I can't think of anyone who would be better for the job.
The whole reason they are looking for a new head is because, compared to Google and Amazon's Alexa, Siri isn't smart.
Of course, IMO, the whole reason Siri isn't smart is that their privacy rules prevent the sorts of deep analysis that lead to it becoming smart. If the latter doesn't change, neither will the former, and no change of leadership is going to make any difference.
Sometimes, the best strategy is to do nothing at all, wait for a competitor to get good enough, and then license its services under terms you can live with, i.e. replace Siri with Assistant or Alexa, with whatever sort of anonymization you feel the need to layer on top of it (with the caveat that any anonymization will inherently make it inferior when answering questions based on things like personalized calendar events).
Either that or do absolutely nothing at all, and cede the field of services to companies that do it well, and focus on what you're good at,
Wu wrote. "In addition, several of these apps can also hide themselves via the same hidden technique mentioned above."
Wait.... Why is that even possible? Every app that is installed should have an icon on the home screen, and if the icon is missing or damaged, the OS should substitute a default icon. Is there some valid/reasonable use for this behavior that I'm missing? If not, it seems like the right fix is to just remove the feature.
Of course, it's also the way you move protobufs from client to server, so don't be surprised if you see it used pretty frequently in some server software.:-)
I wouldn't call the grid "one giant 0-day". While there are plenty of utilities with their heads up their asses about cyber security (or "cyber" anything, honestly), there are plenty of others that DO take it seriously.
The problem is, the power grid is a grid. All it takes is one utility doing things sufficiently wrong to potentially bring down the entire grid for a quarter of the country with a spectacular surge or sag. This happened in the northeastern U.S. in 1965 and again in 2003. The first one was caused by the failure of a single relay. The second one was caused by a software bug. Both of these failures are the sorts of things that an attacker could potentially trigger remotely if network security is inadequate.
Mine is one of them (no I will not name them either).
You really kind of should. If more folks knew who was competent, the companies that aren't would at least know who to ask for help.:-)
No, we did fine without group FaceTime for years. This is the sort of bug where there right thing to do is shut it down (as they did) and not turn it back on until they’re certain that they have it right. If that takes a week, fine. If that takes a year, also fine. You do not screw around with these sorts of things.
Slashdot Mirror
Yes, most people say that, but it really isn't true. If they saw an ad for something that really interested them, they would notice it, and they would look into it further (and maybe even buy something). The problem is that the overwhelming majority of ads are completely irrelevant to the person seeing them, and as a result, people ignore them. Fix the first problem, showing only ads that have a real chance of resulting in user action, and the second problem goes away, because users stop being numb to the ads.
You just changed the rules pretty dramatically with that part. An ad distributor knowing things about me is very different from them offering that information for sale to arbitrary third parties. Targeted ads don't really work that way. The actual advertisers know how many times an ad was shown, but not who saw it, specifically. That's an important distinction from a privacy perspective. It's the difference between knowing there are 1900 people in the U.S. who like midget porn, and knowing who those 1900 people are. (Yes, this number is made up.)
Substitute "would" instead of "might". The main thing that is missing right now is a reliable signal about whether you've bought something already, and whether you are likely to buy that same thing again in the near term. Targeted ads are often delayed so much that they're useless by the time you start seeing them.
The big thing you're missing is that having more information about consumers would result in fewer ads, both because advertisers wouldn't show ads with low likelihood of success and because each ad that they do show would pay more because of the higher likelihood of success. And the ads that do get shown would be more useful to the consumer. If you think that fewer, more targeted ads isn't a benefit to consumers, then you're naïve.
From my perspective, ads that interrupt me and prevent me from doing things are evil and should die. Ads that play sound and video over my cellular connection should also die. But low-bandwidth, passive ads are ignorable, which means they don't really do much harm, and occasionally, they even end up being useful. The problem is that those occasions are so rare that they almost go unnoticed. (Also, when they might have been useful, 99% of the time, they're things like "shop for XXX on site YYY" and I think "Oh, I hadn't thought about searching for it there," and then I try it, only to discover that site YYY doesn't actually sell XXX. But that's kind of a targeting problem, too, just of a different sort.)
Sorry, I worded that badly. The point I was trying to make was that having the data is valuable for more than just pure design issues. It also helps when figuring out bugs. For example, you might discover through reproducing the exact steps that in some particular path through the app, some critical view never becomes visible for some reason, thus resolving a customer complaint in a way that wouldn't be possible without data. And, of course, it helps in reproducing crashes and other misbehavior.
Microsoft did not poison the well. The companies that ignore the do not track flag are the ones that are at fault here.
Microsoft turning on that flag for everyone could not possibly have made any difference in the behavior of advertisers that were already ignore that flag. The only thing that turning the flag on by default did was give advertisers that *didn't* already ignore it a compelling reason to do so. They most certainly did poison the well.
Microsoft actually did what most people would want - NOT to be tracked.
Citation needed. If you ask random people, "Would you rather see random ads for things you don't care about or ads that direct you towards products you might actually be interested in," I guarantee you that 99% or more of people would choose the latter. This is what tracking makes possible. It doesn't just benefit advertisers. It also benefits users.
The real question is should tech companies track people the way they do. If you ask the average person they would almost certainly say "No I do not want to be tracked"
If you asked the average person, "Do you want us to give you a shot," they will also say no. If you asked the average person, "Do you want to be vaccinated against a deadly pandemic plague that is sweeping across Europe right now and will almost certainly hit our shores in a matter of days," they will all say yes. Asking people a question without giving them the information needed to make an informed decision is a useless thing to do, because the results are meaningless.
The right question to ask is not whether users should be tracked, but rather whether users should have the right to see, inspect, correct, and, if desired, delete data that has been collected or inferred about them. If users have that right, then very, very few people will want to not be tracked, because the benefit of tracking will greatly exceed the negligible loss of privacy.
I disagree with this point. It's my app/website/whatever. If I want to use information that your browser or operating system sends to my server, I don't have to tell you what I'm collecting or how I'm using that information.
And that, my friend, is the reason the EU made the GDPR and will slap a fine on you if you ever practice that kind of thinking towards consumers in the EU.
When people do not expect to be spied on, it's not legal to spy on them.
Just like it's not legal to hide a camera in a public restroom and take a snapshot of your private parts.
Storing data about how an app is used is hardly tantamount to hiding a camera in a public restroom. It's more like sticking a security camera in a parking lot and recording who comes and goes, and what path they take through the parking lot. Just as there's a presumption that companies can install security cameras to monitor their property, there's a presumption that every website has access to any data that the user or the user's agent (the browser) sends it.
And even for personal data, as long as the website does not expose that personal data to anyone, it really isn't a privacy issue no matter how the website processes and aggregates that data. Personal data only really becomes a privacy issue when actual human beings other than the end user gain access to that information, either intentionally or through negligence, unless the user has expressed a desire to share that information.
So while the GP isn't entirely correct insofar as sharing that collected information with others is potentially illegal (even in the U.S.), it isn't an entirely unreasonable starting point for understanding the website's rights. It is just missing a couple of key parts:
I don't have to tell you what I'm collecting or how I'm using that information, so long as that information is never shared with anyone (including employees of the company) in a non-anonymized manner unless the user has agreed to such sharing.
The GDPR requires that this agreement be explicit; such requirements seem like overkill to me, as they lead to nonsensical interpretations, such as a user having to explicitly agree to share the data that they put in their public profile on a web bulletin board (or, more comically, their posts on Slashdot). But requiring some form of agreement, either explicit or implicit, before sharing data seems kind of obvious.
Of course, even with that narrower interpretation, the elephant in the room is the question of whether any actions that the website performs using that data could indirectly expose it. And the extent of such a violation depends on how sensitive the information is. For example, suppose you have a secret fetish for some unusual kind of porn and some website manages to learn about that fetish. If the website having that information causes you to see advertising for that type of porn while visiting some otherwise innocuous website while other people are looking over your shoulder, that's a huge privacy violation even though it didn't explicitly reveal that you like that type of porn, because the presence of those ads strongly implies it. This is equally true for medical conditions, job searches, etc. under the right circumstances.
So merely not sharing the data with other people is not quite enough. You have to also avoid using the data in ways that could negligently imply the data even without explicitly stating it.
No, you can't. Not even close. When you're trying to debug a hard-to-reproduce crash, being able to know exactly what was happening in the app that led up to the crash can often provide crucial insight into reproducing it.
Those are not hypotheticals. I'm just describing a chained privilege escalation exploit, which is how most actual exploits in the real world happen. Like all local security holes, this can't cause users any problems until somebody comes up with an attack that lets them run code on the box, but that doesn't mean the exploit isn't worth worrying about.
The design of the keychain is such that even with root privileges, it is not supposed to be possible for a local attacker to gain access to the contents of the keychain. Data is encrypted at rest, and it is not supposed to be possible for arbitrary processes to access data except as permitted by each item's ACL (and even then, only after the keychain is unlocked). If any of those security measures aren't working, then it is a very *big* security hole, because it means that your keychain's keys are only as secure as the least secure app on your system.
Are you sure? I mean, ostensibly it doesn't work if the keychain is locked, which at least is supposed to happen when you sign out (*not* when the screen saver locks the screen), but can we be certain that this isn't a password bypass attack on the keychain locking itself? The article says nothing about the mechanism of action, nor about conditions under which it is reproducible.
I'm pretty sure that's not true. Apps continue to run in the background when the screen is locked, and AFAIK have the same access to the keychain as they do when the screen is unlocked. So yes, ostensibly locking the screen prevents someone from running the app, but if somebody manages to couple this with a remote exploit that allows running code without console access, I don't think a locking screensaver will help.
Basically, you're relying on defense in depth and hoping for the best, unless I'm missing something, and that's less than ideal. :-)
It is probably better to change your keychain settings to lock the keychain on sleep and then put your machine to sleep instead of leaving it protected only by a screensaver — assuming, of course, that this is not a complete password bypass.
This.
Even if we ignore Adobe's historically poor grasp of security (the only company I would trust less to be in my hardware than Adobe is the NSA), there's no sane reason for them to even consider this, because they don't build hardware.
The only plausible reason that they could have for considering this would be to build some sort of special GPU optimized for Photoshop or something, and given that they would almost certainly not let anybody else develop software for such a beast (or else it would stop being a competitive advantage), the net effect would be vendor lock-in for no obvious consumer gain (because even if they managed to somehow beat the GPU makers at all on some specific task, the advantage would undoubtedly disappear within months).
So the only question left to ask is "What are you smoking, and where can we get some of that?"
They're overpriced and underwhelming, way more than before. I had one of the first intel xeon Mac Pros, and at the time if you tried to build or buy something similar it would be about the same price for the components. Now you're touting the new mac mini as being fantastic?
You can build one for about half the price that's smaller and faster: https://www.youtube.com/watch?...
FWIW, the Mac Mini was always overpriced, from the first day that the Intel version shipped. Competing on cost was never Apple's strong point, though they were usually within a few percent on high-end models in their base configuration (with no extra RAM or HD upgrades). Their upgrades have almost always historically been more expensive than buying the machine in the base configuration, buying the upgrade outright, and throwing away the parts you took out.
That's not my experience in the Bay Area. I've found them to be more reliable in the places I care about than AT&T was, and a close second to Verizon. Perhaps you just live in a place where it isn't financially viable for more than two carriers to compete. But that's not a good reason to ruin it for the folks who live in places where Sprint is a viable competitor.
They can do that anyway. There's nothing stopping Sprint or T-Mobile from leasing access to each other's towers to each other, and there's also nothing stopping them from spinning off some of their towers into a holding company that is owned jointly by both companies. In fact, I would argue that this is the only sensible thing to do for towers that serve outlying areas (and maybe even small cities), assuming any of those towers are even owned by Sprint or T-Mobile rather than leased from the North Podunk Cellular Company or whatever.
Really, the only impact of a merger, other than reducing administrative overhead, is reducing consumer choice by taking away half of the rate plan options.
Why does someone need to buy them? They're a profitable business. I see no reason that the status quo can't be maintained indefinitely.
This kind of misses the point. The reason that reducing the number of carriers hurts consumers is that it reduces consumer choice. Even if the prices don't change as a result (and they might not), the fact remains that different carriers have different plans with different options. Some people might prefer unlimited data. Others might prefer a cheaper, metered plan. Some might be okay with reduced quality from Netflix, and others might not. And so on.
As consumers, we have these choices because we have multiple carriers competing. The fewer carriers, the fewer options, and the more likely consumers are to get screwed, even in the absence of companies jacking up the price.
Now if they want to agree to provide all plans from both of the two services going forwards, and to subject themselves to a public utilities commission with the right to veto plan changes, that's a different matter, but short of that, fewer choices is bad for consumers, period. The size of the resulting network doesn't change that, and neither does a promise not to raise rates.
Apple included. The slowness and inconsistency of Apple's bug handling is well known among everyone who has ever worked there or developed software for any Apple platform. In fact, at least a few years ago, it was a long-standing joke among Apple engineers that they'll close most of the bugs when they deprecate and subsequently drop support for the technology, at which point they can close them as "Cannot reproduce".
Netflix is a company. :-D
But the content in question is produced inside the NAFTA area. :-)
The problem with that is that not everybody is a parent or grandparent. The vaccine does not destroy the natural herd immunity. It augments it in people who otherwise would not be exposed.
That's complete crap. First, Th1 and Th2 responses overlap; both are responsible for creating antibodies, and vaccines inherently stimulate both. Anyone saying otherwise is almost twenty years behind in his or her medical understanding. Further, neither T1 nor T2 are responsible for long-term immunity; the follicular helper cell, Tfh, is.
And because things are hard, we should not try? With that attitude, we would not have satellites. We would not have computers. We would not have automobiles. It might be hubris to think we can succeed, but it is complete defeatism to think we cannot do any better than we have already done.
No, there are not sound scientific reasons to be skeptical of vaccines. Decades and decades of vaccines bringing previously mass-fatality diseases to their knees tell us that vaccines work. Do they work for everything? No. See also influenza. But science tells us that the fear of vaccines is nonsense. Only people spewing pseudo-scientific crap about T2 overstimulation and other absurdity are telling us to fear vaccines. There's a reason that no actual science has ever implicated vaccines as a real health concern, and that's because it isn't.
It would be if Teslas came with a spare tire. But they don't, so it isn't.
At best, any road-side patch job is going to be poor and failure prone; at worst, it will corrupt the inside of the tire in a way that makes it impossible for the tire shop to do a proper patch later. That's why the recommended approach is to have Tesla roadside assistance bring you a free loaner spare.
Unfortunately, because their call centers are massively understaffed, that can take hours, so you're often better off calling a local towing company and paying for a flatbed to haul your car to a tire shop. And that's what they're trying to fix. Hope it works.
In the meantime, having heard some recent horror stories, I'm seriously considering just buying a spare tire and keeping it in the frunk. :-)
Thats the opposite of my experience. In my experience, not counting preventative maintenance (replacing the brakes, oil, or tires, none of which are really repairs, per se), the vast majority of failures I've seen are for emissions control systems — things like:
Even though most of these should just be a nuisance most of the time, they aren't if you live in a state that requires a smog check. Also, transmission problems are surprisingly common, particularly in certain models of vehicle.
And none of the things on my list exist on EVs. The number of engine parts in an EV are at least an order of magnitude lower than the number of similar parts in an ICE car, and maybe two. And there's just a fixed gearbox with no transmission. That means way fewer things to break.
And speaking of brakes, an ICE car's brakes last 30-70k miles, depending on model. EV brake pads (and plug-in hybrids) can last hundreds of thousands of miles, thanks to regenerative braking. And no oil changes. So the preventative maintenance is much less, too.
What happens when it hits a prism?
No idea, but when you shoot it at a Prizm, the driver gets out and yells at you.
Do you get a smallpox vaccine? No, smallpox was eradicated.
Unless you are working in labs that maintain samples of smallpox for research, this is probably true. That said, if a new outbreak ever occurs somehow (e.g. cross-species transmission), then being able to rapidly ramp up those immunizations could be pretty important.
Do you get a chicken pox vaccine when you already had chicken pox? Probably not. The efficacy of having had chicken oox is better understood than the efficacy of the vaccine.
Actually, that's untrue. People who have previously been infected by chickenpox need a vaccine booster later in life. The chickenpox virus is never completely eliminated from the human body, and as a result, it can resurface in the form of shingles, a painful and debilitating condition that affects a million people per year in the United States alone. Given that the chickenpox vaccine was not approved for use in the U.S. until 1995, exactly zero percent of the main at-risk age group (elderly) were vaccinated as a kid, which is to say that (approximately) all cases of shingles occur in people who had chickenpox, not the vaccine. But periodic booster vaccination can prevent it from occurring/recurring.
Do you get your second dose of gardasil as a child? No, you get it later in life assuming you even want it or some guideline has not changed.
Huh? Like all vaccines, protection lasts for a period of time.
I would ask that you idiots please stop talking about vaccines as though they were some monolithic thing that everybody gets from big brother.
Vaccines aren't all the same, but they are pretty darn similar except for the virus itself. They confer an immunity to a particular virus and similar viruses for a period of time. They must periodically be supplemented by a booster if continued immunity is required, and mutation of viruses can result in less or no protection (e.g. influenza). The only questions you need to ask are:
That's it. There's really only a single factor to consider when deciding whether to be vaccinated. People who go to countries that have more viruses need more immunizations. People in the U.S. need fewer (but still more than none). And when groups of people refuse to get immunized, the herd immunity of the society they live in is reduced, and everyone is at greater risk of dying from what would otherwise be an entirely preventable disease.
Not just no, but h*** no.
Let me preface this by saying that I would not mind Forstall coming back as the head of the iOS UI design team. IMO, everything Apple has done to the user interface since Forstall's departure is approximately as abhorrent as you can get from a human interface perspective. The clean lines and flat simplicity result in a lack of depth cues that would otherwise make icons and buttons easily recognizable, which slows down user input significantly. And just about all the new features have been useless crap like Memojis (which are fine, but not as the *only* improvement). Bringing Forstall back and putting him in charge of the UI design team would be a positive improvement, because that is where his strengths lie. However, Apple should absolutely not put him in charge of iOS as a whole, and certainly not the company as a whole.
You see, Scott Forstall created the iOS culture that ran roughshod over the Mac culture within Apple. That new culture is basically responsible for everything that is wrong with the company today. Under his leadership, paranoia and internal power struggles grew massively, which really hurt the company by reducing the amount of feedback on products early in the design phase (when problems can be easily fixed). Of course, those problems didn't get fixed when Forstall left, because the people who took over didn't make any meaningful changes. Instead, the status quo continued, which is why things haven't gotten any better, and indeed, have continued to deteriorate.
IMO, the problems with Apple's post-iPhone culture run deep, and fixing them will be a big job for anybody who takes over the reins. I don't think for one minute that Forstall would be able to do that if brought back as a VP or CEO, much less be inclined to do so. Instead, I'd expect him to double down on all the things that are wrong, and generally make things worse until the company implodes.
So no, Apple doesn't need Forstall. It needs Wozniak. He's one of the few people who routinely calls Apple on its bad ideas, and I think he mostly shared S.J.'s vision for the company and its products. Whether he could be convinced or not is another question, but I can't think of anyone who would be better for the job.
Of course, IMO, the whole reason Siri isn't smart is that their privacy rules prevent the sorts of deep analysis that lead to it becoming smart. If the latter doesn't change, neither will the former, and no change of leadership is going to make any difference.
Sometimes, the best strategy is to do nothing at all, wait for a competitor to get good enough, and then license its services under terms you can live with, i.e. replace Siri with Assistant or Alexa, with whatever sort of anonymization you feel the need to layer on top of it (with the caveat that any anonymization will inherently make it inferior when answering questions based on things like personalized calendar events).
Either that or do absolutely nothing at all, and cede the field of services to companies that do it well, and focus on what you're good at,
Wait.... Why is that even possible? Every app that is installed should have an icon on the home screen, and if the icon is missing or damaged, the OS should substitute a default icon. Is there some valid/reasonable use for this behavior that I'm missing? If not, it seems like the right fix is to just remove the feature.
Of course, it's also the way you move protobufs from client to server, so don't be surprised if you see it used pretty frequently in some server software. :-)
The problem is, the power grid is a grid. All it takes is one utility doing things sufficiently wrong to potentially bring down the entire grid for a quarter of the country with a spectacular surge or sag. This happened in the northeastern U.S. in 1965 and again in 2003. The first one was caused by the failure of a single relay. The second one was caused by a software bug. Both of these failures are the sorts of things that an attacker could potentially trigger remotely if network security is inadequate.
You really kind of should. If more folks knew who was competent, the companies that aren't would at least know who to ask for help. :-)
No, we did fine without group FaceTime for years. This is the sort of bug where there right thing to do is shut it down (as they did) and not turn it back on until they’re certain that they have it right. If that takes a week, fine. If that takes a year, also fine. You do not screw around with these sorts of things.