When they transitioned to DNSSEC validating resolvers for all customers, they dropped the "Domain Helper" service as they viewed it as fundamentally incompatible with DNSSEC validation.
If you are still seeing such behaviors, check which DNS resolver you are actually using, its likely to be OpenDNS or another third party service.
When you offer a takedown system for content which is identified by URL, where you have implemented deduplication, and therefore a-priori know of all instances of the content, but only remove the individual URL, your takedown system is fake: it is an attempt to give the appearance that you offer the removal of known infringing content without actually removing it.
And these deliberate design choices are going to be exhibit 1 (well, probably more like exhibits 372 to 391) in "why Megaupload shouldn't be under the DMCA" and "Its not incompetence, but a criminal conspiracy" when or if this goes to trial.
Nope, you couldn't. Because behind the scenes Megaupload used content deduplication: multiple users who uploaded the same content would get different URLs, but it was stored in a common store.
Not only was this needed for efficiency, it was also needed to implement Megaupload's fake-takedown system: it would allow a content provider to take down single URLs pointing to a file, but the file itself never went away and any OTHER URL pointing to that file would still work.
Megaupload's model was not like Dropbox: it was not a storage service but an advertisement/subscription sponsored distribution service. (And it had deliberate incentives to encourage the distribution of copyrighted content and effectively ignore the takedown obligations required by the DMCA...)
Thus the files can't be encrypted binary blobs, because the point was that anyone with a URL should be able to fetch the file, so encryption wouldn't help on the storage.
The problem is the design is a typical forward-trike. It may not be quite as bad as a Reliant Robin, but its going to be close to it on the road: When in doubt, it will roll, and roll easily.
Buffer bloat infuriates me because it's blitheringly ignorant of implemented research more than a decade old and is allowing people to feel like they're doing something about the problem when really they're just swapping one bad constant for another. It's the wrong prescription. The fact he's gotten this far shows our peer review process is broken.
Actually, this focus is driven very much by a technical approach. We know it is a problem in the real world due to wide spread, empirical measurements. Basically, for most users, the Internet can't "Walk and chew gum": interactive tasks or bulk data work just fine, but combining bulk data transfer with interactive activity results in a needless world of hurt.
And the proper solution is to utilize the solutions known in the research community for a decade plus, but the problem is getting AQM deployed to the millions of possible existing bottlenecks, or using 'ugly-hack' approaches like RAQM where you divorce the point of control from the buffer itself.
Heck, even a simple change to FIFO design: "drop incoming packets when the oldest packet in the queue is >X ms old" [1], that is, sizing buffers in delay rather than capacity, is effectively good enough for most purposes: I'd rather have a good AQM algorithm in my cable modem but, without that, a simple sized in delay buffer gets us 90% there.
[1] X should be "measured RTT to the remote server", but in a pinch a 100-200ms number will do in most cases.
Unfortunately, the analysis is "its almost all bad". We have seen with Netalyzr some network kit that had properly sized buffers, sized in terms of delay rather than capacity, but the hardware in question (an old Linksys cable modem) was obsolete and when I bought one and plugged it into my connection, I got into the cable company's walled garden of 'your cable modem is too obsolete to be used'.
We would encourage all device manufacturers to test their devices with Netalyzr, it can find a lot of bugs, and we would be glad to assist in the testing process.
What is your threat model? Do you use it for websurfing? Download lots of kewl apps? For the latter, from which app store?
I suspect that iOS is a bit more vulnerable on the web browser side, as android has a fair bit better sandboxing which means an exploit of the browser takes more work to fully p0wn the phone, while in iOS-land, 'p0wn the brower == p0wn the phone'
But OTOH, Apple is a much better curator: with only the official App store, and with bad-actor app-developers and apps a rarity, the Apple App Store is very safe.
Android? Not so much. Even the official Google store seems to rely too much on the Android sandboxing to keep users safe (when users just say 'ok' to anything needing scary permissions), and other App Stores are a vile abomination.
Finally, anything that doesn't say "Nexus" on it should be considered end-of-lifed before you buy it. Apple patches things for a long time, so old vulnerabilites shouldn't worry their user base. But Android phones, since they are pretty much EOL'ed right from the start, often never receive critical browser and related security patches, security patches which, due to the open nature, can pretty much be reverse engineered by a competent exploit developer.
So, my ranking: Nexus Phone > (slightly) iPhone >>> generic "Android" phone
In what way is he a proven liar? It's just as likely that Foxonn / the Chinese government rounded up a few workers, got their stories straight, and then tipped off TAL to Daisey's "lies". The follow up fact checking could simply have been fed a different story.
Why believe story B over story A? From your perspective, there is exactly as much evidence for one as there is for the other. Bottom line is that unless youw ork on Foxconn you don't know what goes on there. It boggles my mind that so many people are so eager to default to the "Foxconn is okay and better than most." conclusion with 0 evidence, yet they're so quick to skewer a Western company if they don't hand out raises to the unions who encourage workers to sabotage the line so they can work overtime.
Read/listen to the retraction.
Daisy's personal story was incredibly full of holes, and he admitted it on tape. EG, just to start with, the guards at Foxcon don't have guns. An illegal underground union for $20/day workers wouldn't meet at Starbucks. He lied to TAL about his translator. N-Hexane was a problem at other suppliers a thousand miles away, not Foxcon. Basically, Daisy's story was so full of holes once a US reporter, based in China, started looking at things it all fell apart.
The result is basically anything that Daisy said he has personally experienced in a monologue can't be trusted: it may be based on "truthyness", actual events that he heard or read about in a newspaper, but in no way should one believe that they actually happened to him.
Which is an amazingly disingenuous response. Mike Daisy presents his monologues as first hand experiences. That is a flat out lie. Are his other monologues similarly not encumbered by the truth?
And he was told, repeatedly, that This American Life considers actual facts to be important.
And it also matters a lot. IF a random American in a hawaiian shirt would find out all this it would be a much more serious problem than the reality, which is bad but no where near as atrocious as he presents it.
Google should be all about advertising, because that is their only business which makes money: They made $35 billion or so last year on advertising, and $1.3B on everything else. Assuming 1 Billion on-line people, thats $35 a year for every man, woman, and child on the Internet.
And the way for more effective advertising is more effective stalking, err, profiling of people. Google is very good about tracking its users when there are advertisements, but was losing out to Facebook on non-advertising pages, thus the advent of +1.
It also explains a huge amount of the change in Google's privacy policy: before they would silo data, but now its all-inbounds. If its beneficial for them to data-mine your email (or email sent TO you from gmail users), including paid email accounts and to correlate it to the advertising tracking cookie for DoubleClick, they now can do it. Even services like Cloud Storage and App Engine are under Google's privacy policy. Fun, hu?
"Its hard to believe in a company that says 'Don't Be Evil' when they are busy firing a death ray"
It really depends on 'to where you measure' and 'under what conditions' and 'what technology'. EG, satellite broadband will just have bad latency, period. Its the nature of the beast. And cellular/wireless can vary all over the place.
But for fixed, land-line connections? I'd say well under 50ms of latency for the last hop, so perhaps 125ms latency max to an in-ISP test server (giving them the benefit of the doubt and assuming 75 ms latency to their test server because its somewhere in the middle of the US).
However, this is 'no traffic' latency: if you are doing a file transfer, BitTorrent, etc, the bad buffering in many networks can make the latency under load much much much worse.
It is also "no WiFi latency": your WiFi connection can introduce all sorts of problems, including bottlenecks etc. So it should be the latency you see when plugged into the wall.
Two other resources I'd recommend you look at: Ookla's Speedtest.net, which is a very good speed tester for latency and bandwidth, and Netalyzr, which is a very comprehensive network tester.
So for iPhone customers on the old unlimited plan, they still have a choice:
For the same amount of money, either stick with the "Unlimited" plan which goes useless at 3GB, or go to a metered plan where you get 3GB and above that its $10/GB in overages...
As for the 4G/LTE phones, those are in a much smaller minority, as the big grandfathered ones that AT&T dislikes are the iPhones.
The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.
And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.
a: They collect a LOT of information: not just search, but effectively every web page you visit which includes an add from Doubleclick or +1 or youtube video, plus all the google services: gmail, calendar, docs, are all open season. Not only can Google data-mine your email to show adds on Gmail, but can datamine your email for whatever purpose they want!
b: The privacy policy is amazingly broad. Basically its "We can do anything we want other than sell the raw data to others", and it covers everything they can collect.
c: It covers even services you pay for! It not only says "we can datamine your email, the documents you create on google docs, etc, to profile you", but I have a paid by the University outsourced-to-Gmail account which, on the bottom of the page, clearly states that it is under the Google "you have no" privacy policy!?!?!
So, by accessing my work email, that is paid for, Google gets to track everything I do, INCLUDING my work email! I guess the only thing paying Google gets you is admin access for the university and no-adds-showing in the email page.
Some banks are actively working on fixing that flaw of checks;-)
Others are doing the opposite: a lot of ATMs now have check-scanning on them, and there is also the "Photo the check" apps that several banks are deploying, which are all about "people use checks because they clear at par, so lets reduce our costs so we only lose a penny or so in the process"
Why does cash still exist in widespread usage? It clears at par.
If someone wants to pay you $10, and they give you cash or a check, you get $10. If they want to pay with anything else, be it Paypal, Square, some other mechanism, etc, the payment processor changes some ridiculous fee that will range from $.10 to $.50 or who knows what higher.
"Clearing at par" is why cash and checks still exist, and until electronic transactions are not only convenient and easy, but ALSO clear at par, there will still be a huge role for cash and checks.
The carrier subsidy on the Android phones, especially the fancy ones, also appears to be huge. An unlocked 8 GB Galaxy S2 at Amazon is $600, while a 16 GB iPhone 4S from apple is $650.
Yet AT&T charges $150 for the S II, and $200 for the 4S. So if the carrier subsidy is related at all to the gap between the contract price and no-contract price, the carrier subsidy for an iPhone is no worse than an Android phone.
So its probably not the "iPhone", but just the general trend to expensive smartphones compared with lower subsidy needed feature phones.
I reviewed an academic paper (which unfortunately the others on the PC didn't like, so it wasn't accepted) which examined the economic model of Megaupload, related services, third-party links to Megaupload, and the popular files, especially the "Uploader Rewards", and concluded that the company's business model really was about "Profit from Piracy".
Combined with the email trail that the feds apparently got (eg, emails concerning scraping of Youtube for the creation of MegaVideo, emails about reward payments including clear descriptions of the types of uploads), and the RICO indictments etc are not a surprise. (the indictment)
For example, if its true that their takedown is by URL, but they duplicate based on hash (so one can have multiple URLs for the same file), thats clearly attempting to game the system, as any legitimate takedown system would take down all separate URLs which point to the same file. (Paragraph 23 on the indictment). Especially if this is related to the creation of a "dummy lifetime premium user" to "to prevent the loss of source files due to expiration or abuse reports" (from a Megaupload email).
Also, at least according to the indictment, there really should be very few legitimate files lost in this: Anonymous uploads needed to be downloaded every 21 days or they were deleted, and even free named accounts required 90-day downloads, which is very different from Dropbox and other systems, where persistence, rather than popularity-of-download, is the goal.
EG, on Verizon, the Fascinate didn't receive 2.2 until April 2011, or 5 months after the general release for the Galaxy line, while their Continuum variant, which is still being sold as new, has never been updated and remains on 2.1.
You can try to manually update through Samsung's updater program to 2.3.3, but really, even for the Galaxy line, as deployed by US carriers, the thesis holds: Android phones are practically EOL'ed the moment you walk out the door with it.
You can go to Samsung and update to 2.3.3 (Samsung Android Update), but its really hard to find what version the carriers have over the air for those not willing or able or aware of this procedure.
And it shipped with 2.1 when 2.2 was already out. So although excluding the Samsung Galaxy line is annoying (it might be more recent than the 15 month cutoff in the analysis), the Samsung Galaxy line seems to suffer the same problems of other Android phones.
And this is, in fact, why I didn't buy an Android phone: you have to assume they are software EOL'ed the moment you walk home with the phone (if not before!)
But the 4S actually is a true world phone, so after you've been "good" for 2 months Verizon will release the Sim Lock and you can put your prepaid burner sim in it, and until then they will provide a sim if you want pricey roaming before then.
This is actually better than AT&T which just won't release the sim lock AFAIK.
As a conspicuous consumption item, the iphone 4S is actually a big bucket o fail: it looks the same as the old one. How many people griped that it didn't look like the "iPhone 5" leaks?!?
And I just bought mine (finally shifting from a dumb phone) for the technology.
The screen really is brilliant, and I wouldn't want a bigger screen (read, block-o-stuff) in my pocket, it can now actually work as a phone, the iOS app ecology is better established, the processor is excellent, and it really is an easy to use smartphone.
Although Siri still refuses to open the pod bay doors.
Slashdot Mirror
When they transitioned to DNSSEC validating resolvers for all customers, they dropped the "Domain Helper" service as they viewed it as fundamentally incompatible with DNSSEC validation.
If you are still seeing such behaviors, check which DNS resolver you are actually using, its likely to be OpenDNS or another third party service.
When you offer a takedown system for content which is identified by URL, where you have implemented deduplication, and therefore a-priori know of all instances of the content, but only remove the individual URL, your takedown system is fake: it is an attempt to give the appearance that you offer the removal of known infringing content without actually removing it.
And these deliberate design choices are going to be exhibit 1 (well, probably more like exhibits 372 to 391) in "why Megaupload shouldn't be under the DMCA" and "Its not incompetence, but a criminal conspiracy" when or if this goes to trial.
Nope, you couldn't. Because behind the scenes Megaupload used content deduplication: multiple users who uploaded the same content would get different URLs, but it was stored in a common store.
Not only was this needed for efficiency, it was also needed to implement Megaupload's fake-takedown system: it would allow a content provider to take down single URLs pointing to a file, but the file itself never went away and any OTHER URL pointing to that file would still work.
Megaupload's model was not like Dropbox: it was not a storage service but an advertisement/subscription sponsored distribution service. (And it had deliberate incentives to encourage the distribution of copyrighted content and effectively ignore the takedown obligations required by the DMCA...)
Thus the files can't be encrypted binary blobs, because the point was that anyone with a URL should be able to fetch the file, so encryption wouldn't help on the storage.
The problem is the design is a typical forward-trike. It may not be quite as bad as a Reliant Robin, but its going to be close to it on the road: When in doubt, it will roll, and roll easily.
Buffer bloat infuriates me because it's blitheringly ignorant of implemented research more than a decade old and is allowing people to feel like they're doing something about the problem when really they're just swapping one bad constant for another. It's the wrong prescription. The fact he's gotten this far shows our peer review process is broken.
Actually, this focus is driven very much by a technical approach. We know it is a problem in the real world due to wide spread, empirical measurements. Basically, for most users, the Internet can't "Walk and chew gum": interactive tasks or bulk data work just fine, but combining bulk data transfer with interactive activity results in a needless world of hurt.
And the proper solution is to utilize the solutions known in the research community for a decade plus, but the problem is getting AQM deployed to the millions of possible existing bottlenecks, or using 'ugly-hack' approaches like RAQM where you divorce the point of control from the buffer itself.
Heck, even a simple change to FIFO design: "drop incoming packets when the oldest packet in the queue is >X ms old" [1], that is, sizing buffers in delay rather than capacity, is effectively good enough for most purposes: I'd rather have a good AQM algorithm in my cable modem but, without that, a simple sized in delay buffer gets us 90% there.
[1] X should be "measured RTT to the remote server", but in a pinch a 100-200ms number will do in most cases.
Yes there has.
Unfortunately, the analysis is "its almost all bad". We have seen with Netalyzr some network kit that had properly sized buffers, sized in terms of delay rather than capacity, but the hardware in question (an old Linksys cable modem) was obsolete and when I bought one and plugged it into my connection, I got into the cable company's walled garden of 'your cable modem is too obsolete to be used'.
We would encourage all device manufacturers to test their devices with Netalyzr, it can find a lot of bugs, and we would be glad to assist in the testing process.
What is your threat model? Do you use it for websurfing? Download lots of kewl apps? For the latter, from which app store?
I suspect that iOS is a bit more vulnerable on the web browser side, as android has a fair bit better sandboxing which means an exploit of the browser takes more work to fully p0wn the phone, while in iOS-land, 'p0wn the brower == p0wn the phone'
But OTOH, Apple is a much better curator: with only the official App store, and with bad-actor app-developers and apps a rarity, the Apple App Store is very safe.
Android? Not so much. Even the official Google store seems to rely too much on the Android sandboxing to keep users safe (when users just say 'ok' to anything needing scary permissions), and other App Stores are a vile abomination.
Finally, anything that doesn't say "Nexus" on it should be considered end-of-lifed before you buy it. Apple patches things for a long time, so old vulnerabilites shouldn't worry their user base. But Android phones, since they are pretty much EOL'ed right from the start, often never receive critical browser and related security patches, security patches which, due to the open nature, can pretty much be reverse engineered by a competent exploit developer.
So, my ranking: Nexus Phone > (slightly) iPhone >>> generic "Android" phone
In what way is he a proven liar?
It's just as likely that Foxonn / the Chinese government rounded up a few workers, got their stories straight, and then tipped off TAL to Daisey's "lies".
The follow up fact checking could simply have been fed a different story.
Why believe story B over story A? From your perspective, there is exactly as much evidence for one as there is for the other. Bottom line is that unless youw ork on Foxconn you don't know what goes on there. It boggles my mind that so many people are so eager to default to the "Foxconn is okay and better than most." conclusion with 0 evidence, yet they're so quick to skewer a Western company if they don't hand out raises to the unions who encourage workers to sabotage the line so they can work overtime.
Read/listen to the retraction.
Daisy's personal story was incredibly full of holes, and he admitted it on tape. EG, just to start with, the guards at Foxcon don't have guns. An illegal underground union for $20/day workers wouldn't meet at Starbucks. He lied to TAL about his translator. N-Hexane was a problem at other suppliers a thousand miles away, not Foxcon. Basically, Daisy's story was so full of holes once a US reporter, based in China, started looking at things it all fell apart.
The result is basically anything that Daisy said he has personally experienced in a monologue can't be trusted: it may be based on "truthyness", actual events that he heard or read about in a newspaper, but in no way should one believe that they actually happened to him.
Which is an amazingly disingenuous response. Mike Daisy presents his monologues as first hand experiences . That is a flat out lie. Are his other monologues similarly not encumbered by the truth?
And he was told, repeatedly, that This American Life considers actual facts to be important.
And it also matters a lot. IF a random American in a hawaiian shirt would find out all this it would be a much more serious problem than the reality, which is bad but no where near as atrocious as he presents it.
Google should be all about advertising, because that is their only business which makes money: They made $35 billion or so last year on advertising, and $1.3B on everything else . Assuming 1 Billion on-line people, thats $35 a year for every man, woman, and child on the Internet.
And the way for more effective advertising is more effective stalking, err, profiling of people. Google is very good about tracking its users when there are advertisements, but was losing out to Facebook on non-advertising pages, thus the advent of +1.
It also explains a huge amount of the change in Google's privacy policy: before they would silo data, but now its all-inbounds. If its beneficial for them to data-mine your email (or email sent TO you from gmail users), including paid email accounts and to correlate it to the advertising tracking cookie for DoubleClick, they now can do it. Even services like Cloud Storage and App Engine are under Google's privacy policy. Fun, hu?
"Its hard to believe in a company that says 'Don't Be Evil' when they are busy firing a death ray"
It really depends on 'to where you measure' and 'under what conditions' and 'what technology'. EG, satellite broadband will just have bad latency, period. Its the nature of the beast. And cellular/wireless can vary all over the place.
But for fixed, land-line connections? I'd say well under 50ms of latency for the last hop, so perhaps 125ms latency max to an in-ISP test server (giving them the benefit of the doubt and assuming 75 ms latency to their test server because its somewhere in the middle of the US).
However, this is 'no traffic' latency: if you are doing a file transfer, BitTorrent, etc, the bad buffering in many networks can make the latency under load much much much worse.
It is also "no WiFi latency": your WiFi connection can introduce all sorts of problems, including bottlenecks etc. So it should be the latency you see when plugged into the wall.
Two other resources I'd recommend you look at: Ookla's Speedtest.net, which is a very good speed tester for latency and bandwidth, and Netalyzr, which is a very comprehensive network tester.
For 3G (read, ALL iPhones) its still 3GB.
So for iPhone customers on the old unlimited plan, they still have a choice:
For the same amount of money, either stick with the "Unlimited" plan which goes useless at 3GB, or go to a metered plan where you get 3GB and above that its $10/GB in overages...
As for the 4G/LTE phones, those are in a much smaller minority, as the big grandfathered ones that AT&T dislikes are the iPhones.
The SheevaPlug is Ethernet only. The GuruPlug Server adds 802.11b/g networking.
And there is an even older trick: Take ye-jailbroken-smartphone of choice (a cheap prepaid Android is probably the best). Put it in a box with a big-ol-battery, and mail it to your target. From within the mailroom, you now can attack any WiFi network or Bluetooth device in the vicinity, and you have a cellular data connection to exfiltrate all you want.
a: They collect a LOT of information: not just search, but effectively every web page you visit which includes an add from Doubleclick or +1 or youtube video, plus all the google services: gmail, calendar, docs, are all open season. Not only can Google data-mine your email to show adds on Gmail, but can datamine your email for whatever purpose they want!
b: The privacy policy is amazingly broad. Basically its "We can do anything we want other than sell the raw data to others", and it covers everything they can collect.
c: It covers even services you pay for ! It not only says "we can datamine your email, the documents you create on google docs, etc, to profile you", but I have a paid by the University outsourced-to-Gmail account which, on the bottom of the page, clearly states that it is under the Google "you have no" privacy policy!?!?!
So, by accessing my work email, that is paid for, Google gets to track everything I do, INCLUDING my work email! I guess the only thing paying Google gets you is admin access for the university and no-adds-showing in the email page.
Some banks are actively working on fixing that flaw of checks ;-)
Others are doing the opposite: a lot of ATMs now have check-scanning on them, and there is also the "Photo the check" apps that several banks are deploying, which are all about "people use checks because they clear at par, so lets reduce our costs so we only lose a penny or so in the process"
Why does cash still exist in widespread usage? It clears at par.
If someone wants to pay you $10, and they give you cash or a check, you get $10. If they want to pay with anything else, be it Paypal, Square, some other mechanism, etc, the payment processor changes some ridiculous fee that will range from $.10 to $.50 or who knows what higher.
"Clearing at par" is why cash and checks still exist, and until electronic transactions are not only convenient and easy, but ALSO clear at par, there will still be a huge role for cash and checks.
The carrier subsidy on the Android phones, especially the fancy ones, also appears to be huge. An unlocked 8 GB Galaxy S2 at Amazon is $600, while a 16 GB iPhone 4S from apple is $650.
Yet AT&T charges $150 for the S II, and $200 for the 4S. So if the carrier subsidy is related at all to the gap between the contract price and no-contract price, the carrier subsidy for an iPhone is no worse than an Android phone.
So its probably not the "iPhone", but just the general trend to expensive smartphones compared with lower subsidy needed feature phones.
I reviewed an academic paper (which unfortunately the others on the PC didn't like, so it wasn't accepted) which examined the economic model of Megaupload, related services, third-party links to Megaupload, and the popular files, especially the "Uploader Rewards", and concluded that the company's business model really was about "Profit from Piracy".
Combined with the email trail that the feds apparently got (eg, emails concerning scraping of Youtube for the creation of MegaVideo, emails about reward payments including clear descriptions of the types of uploads), and the RICO indictments etc are not a surprise. (the indictment)
For example, if its true that their takedown is by URL, but they duplicate based on hash (so one can have multiple URLs for the same file), thats clearly attempting to game the system, as any legitimate takedown system would take down all separate URLs which point to the same file. (Paragraph 23 on the indictment). Especially if this is related to the creation of a "dummy lifetime premium user" to "to prevent the loss of source files due to expiration or abuse reports" (from a Megaupload email).
Also, at least according to the indictment, there really should be very few legitimate files lost in this: Anonymous uploads needed to be downloaded every 21 days or they were deleted, and even free named accounts required 90-day downloads, which is very different from Dropbox and other systems, where persistence, rather than popularity-of-download, is the goal.
Don't forget the reflow oven, so not only do you need superhuman skills, but you need a specialized tool that effectively nobody has.
EG, on Verizon, the Fascinate didn't receive 2.2 until April 2011, or 5 months after the general release for the Galaxy line, while their Continuum variant, which is still being sold as new, has never been updated and remains on 2.1 .
You can try to manually update through Samsung's updater program to 2.3.3, but really, even for the Galaxy line, as deployed by US carriers, the thesis holds: Android phones are practically EOL'ed the moment you walk out the door with it.
People look at the upfront cost, not the data-plan cost (which dwarfs the cost of the phone over 2 years) when buying smartphones.
Thus people see the $100 or even "free" Android phones and buy them. How many Android phones are still >$200 9 months after release?
This is why Apple has kept the 3GS in production, so they have a "free" phone to sell for AT&T.
You can go to Samsung and update to 2.3.3 (Samsung Android Update), but its really hard to find what version the carriers have over the air for those not willing or able or aware of this procedure.
And it shipped with 2.1 when 2.2 was already out. So although excluding the Samsung Galaxy line is annoying (it might be more recent than the 15 month cutoff in the analysis), the Samsung Galaxy line seems to suffer the same problems of other Android phones.
And this is, in fact, why I didn't buy an Android phone: you have to assume they are software EOL'ed the moment you walk home with the phone (if not before!)
It is both CDMA and GSM in the same phone.
All US carriers lock the phones.
But the 4S actually is a true world phone, so after you've been "good" for 2 months Verizon will release the Sim Lock and you can put your prepaid burner sim in it, and until then they will provide a sim if you want pricey roaming before then.
This is actually better than AT&T which just won't release the sim lock AFAIK.
As a conspicuous consumption item, the iphone 4S is actually a big bucket o fail: it looks the same as the old one. How many people griped that it didn't look like the "iPhone 5" leaks?!?
And I just bought mine (finally shifting from a dumb phone) for the technology.
The screen really is brilliant, and I wouldn't want a bigger screen (read, block-o-stuff) in my pocket, it can now actually work as a phone, the iOS app ecology is better established, the processor is excellent, and it really is an easy to use smartphone.
Although Siri still refuses to open the pod bay doors.