Obviously, if we had payload data it wasn't from routers, so obviously there had to be MAC Addresses that weren't from routers either.
Really? So, when this story first came out, you think it was "obvious" that Google was collecting MAC addresses from client devices as well? I don't mean in retrospect now that this story is out, but that at the time, you *specifically* had the thought "they also collected MAC addresses from clients, not just from the access points."?
And further, you think that this is something that most people thought as well? Really?
Yeah, only a non-programmer would think that software doesn't just "accidentally" record extra information that it wasn't programmed to...
C'mon, how do you write a program to log all MAC addresses, and not realize that it's going to collect all MAC addresses? Do you think they just talk to their vans and there was some sort of ambiguity? Like they said, "Google Van, please record MAC addresses and GPS coordinates", and it just interpreted it wrong because they were unclear?
Isn't it a bit funny how Google seems to keep "accidentally" recording so much data? There was nothing accidental about it. At best, it wasn't their primary focus, but it's extremely simplistic to think they didn't know what their software was doing.
And when you sit in your home and have a discussion with someone, perhaps you should be rather upset if someone drove around in a van with eavesdropping equipment and recorded your conversation.
Repeat this 1 in 10 ad nauseam for each individual who will never buy from Sony again due to the security breach. Hell even 1 in 20 and you're starting to truly hurt. Bro.
Exactly how many people do you think will never buy from Sony again due to the PSN hacks?
I would be extremely surprised if the actual number of such people exceeded 10,000.
...correct me if I'm wrong, but doesn't this mean that I can make 30% more per sale if I develop for some platform other than Apple?
That depends. Are you going to use an established store? Because they all take commission. And if you aren't going to use a store, you'll have overhead involved with billing and sales and support.
The next question is how many sales you can expect to make developing for some other platform. 70% of a large number is better than 84% of a small number.
And what do you do when you go into a bookstore? Do you not buy books unless the store doesn't add any mark up? How much did you pay for your computer parts at Fry's? I bet you paid more than Fry's paid the manufacturers.
Or what about the Android Market? Do you think Google runs it for free? Or Amazon itself?
And all this whining about Apple, Amazon's pricing policies for books and music have always been as bad, or worse, than Apple's.
That would simply give Apple's iBooks a 30% advantage. This is just Apple fucking with people they see as competitors, and abusing their lock on the iProduct userbase to do so.
How, exactly, is this abuse? What stores are you aware of that don't put some sort of mark up on the products they sell?
If you want to use the In App system, you pay Apple, if you don't, you don't. That's fair. The ban on links isn't about "fucking" with anyone, it's about maintaining the user experience of iOS. It's jarring to have an app kick you out to Safari. That's one of the points Apple made when they introduced iAds.
But Apple has a complete monopoly of the iOS device market
By definition, they are allowed to control their own products. That is not called a monopoly. Otherwise the term "monopoly" becomes meaningless, since every company would be a monopoly.
I just don't get it. Why is it that if Google doesn't want to comply, their only option is to pull the app. But if Google were to strip Apple from it's search engine results, that would be anti-competitive behavior?
Google pulls sites from their search engine all the time. They do so when the rules are violated. Apple does the same thing with their App Store. Neither are anticompetitive behaviors.
It could, but that would mean landing in the same area. Mars is quite large, and it would be a shame to send a probe to the same location unless that location happens to be of extremely notable interest (such as either a potential human landing site, or something truly unique in almost science fiction proportions).
From a scientific point of view, Mars is a much more interesting world than the Moon (not to put down the Moon, there's quite a bit of science to be done there, but it's just that Mars is extremely more interesting).
As for colonies, I'm right there with you. LEO station -> Moon colonies -> Martian colonies. We should already be working on the last of those three, but instead we can barely seem to manage the first one.
What's the deal with all the "it's too complex, it'll crash" posts here?
What's the deal with nerds these days? You never accomplish what you don't try. Maybe it will crash, but maybe it won't. Better than not trying at all. And this is the sort of thing that should bring wonder and excitement to the people this site's masthead references.
That photo really should be at the beginning of the animation. It would provide some context that makes an already rather impressive landing even more so.
Oh please. The modern EULA is such a opaque monstrosity that calling anything buried in it "out in the open" is disingenuous at best.
Have you read Apple's EULAs? They aren't exactly "opaque monstrosities".
In any case, the location database snafu is not an good analogue. In the password case, even if the password was encrypted, the *decryption key MUST reside on the device* in order to be able to send the password.
Which means jack shit. It's still better than simply storing it plaintext in a database. There's just no way whatsoever to defend this without raising severe suspicion of fanboyism.
Apple could have easily encrypted the location database with a public key for which they retain the private key, and transmitted the encrypted data. Decryption on the device was not a requirement.
How does that make any sense? What good would a location database cache be if it's encrypted? The information is there to help the phone lock onto GPS, not for Apple.
And where does the iPhone store the encryption key protecting those passwords? On the device? Makes it a little bit useless then.
Um, the encryption key has to be on the phone at some point for it to work. Do you even understand encryption?
And the only way to keep it from being stored on the phone is to require some method for acquiring the key, either from the user, or from some external source (online, dongle, etc.).
You have severely misunderstood the article you linked to.
Go look at a blackberry to see disk encryption done properly - the key is not stored on the device, it's the derived from the user passphrase.
First off, I don't think you've described how it works on BlackBerry correctly. Second, the way it works on the iPhone is a key is generated, then it is encrypted with the user's passphrase. This is standard for encryption systems, including FDE.
Hint: the location database cache was not "secretly mining location" Hint: Apple did tell their users. Hint: Lack of encryption was one of the complaints against Apple.
That is a troll. The big problem with the iPhones wasn't that it was storing data in plain text. It was that Apple was collecting the data without the users knowledge. Apple then used doublespeak to make their fanboys believe that no data was being sent back to the mothership.
Absolute rubbish.
1. It was in the EULA. Not hidden or obscured, but out in the open. 2. The data found was a cache of Apple's location database. It never contained your actual location. 3. One of the issues *was* that it was in plaintext. Go to the slashdot article about it and control-f for "stalker" or "police". 4. Apple never claimed (or implied) that data wasn't being sent to them. In fact, they specifically stated that this is exactly what happens.
And, as a result, installing custom software requires jailbreaking the iDevice. I'm pretty sure thats the main reason (probably the only one, in fact) why Apple does this encryption.
Seriously, you hear some of the dumbest fucking things about Apple here on Slashdot. Encrypting the FS makes iOS more secure for the end-user. Apple sells hardware to their end-users. So good things for their end user (like a secure filesystem) is the reason they do this.
The Android model is a bit less secure: but its far more open.
Bullshit. Android is *far* less secure. Where's all the iOS malware? You hear of many dozens of programs being pulled (often using Google's "kill switch", which never seems to ruffle any feathers here, but even the mere *existence* of Apple's "kill switch" (which they've never used) raised a ruckus. this is the exact same mentality that leads to the absurd idea in the first quote of yours above--that anything Apple does is for evil reasons, and anything Google does is for good reasons!).
Android is much less secure, by design, and it's more open, but not "far more open". Where's the source for Honeycomb?
And yes, I realize not all Android phones are open and unlockable, and many companies do everything they can to lock it down. This, however, is not the fault of Android, but greedy phone makes and wireless providers.
That's just apologetics. If Android is locked down and it's still Android, you can't just brush that off. Google specifically designed Android to allow for this, and they even bless these locked down phones as being proper Android, and not just some perverted branch of the AOSP, which is the only truly open version of Android, but is not Android proper.
Oh, and keychains don't add any real security, they just make it slightly harder to hack. Encryption is not magic. Encrypting with data on the device, as iPhones do, is nearly worthless.
Again, bullshit. Keychains add real security. You can't just mount the filesystem and read the contents of the keychain. You can't use an app on a rooted/jailbroken iPhone to read the keychain contents.
No one said "encryption is magic". But it's vastly better than plaintext storage.
It's pathetic that so many Slashdotters (who are supposed to be nerds) won't even accept that some sort of encrypted system is better than plaintext for storing password. Absolutely pathetic.
Absolutely incorrect, and a perfect example of the Android fanboyism I was talking about.
There's absolutely no way to argue against the idea that plaintext password storage is the *worst* way to store passwords. Period. There is no further discussion.
Storing them in a place that is normally restricted is better than just storing them in the user's home directory, or in a globally accessible location. But to say there's no reason to encrypt the password is absurd. Somehow Apple does a great job with the keychain. There's no excuse for an OS to not have some mechanism for locking passwords away.
Further, the "hypocrisy" here is that when Apple stored a location database cache in plaintext, you lot were up in arms. Hypocrisy.
If a user can get access to the folder where these files are stored, they already have enough information to break any remaining encryption on the device.
That is absolutely incorrect. See the iOS/OS X keychain for more details.
Somebody being evil means that they're likely to be evil in whatever they do; someone doing evil means they may have made a rare mistake and will fix it, or perhaps they're blind to the evilness of that one particular area.
Ignoring the absurdity of using the term "evil" when it comes to these sorts of things for a moment, how exactly do you define "being evil" if that doesn't include "doing evil"? And how do you define "doing evil" without that including "being evil"?
It's possible for a non-evil entity to do the occasional evil either accidentally, or by necessity, but which of these is the case here? Google isn't "accidentally" banning whole accounts, and they can easily cancel the Google+ service on an account without banning the whole account, so this can't be "by necessity" either.
Is obvious that someone complaining about <strike>software</strike> Android storing passwords in plain text doesn't know how things work.
FTFY
Everyone knows storing passwords in plain text is the worst possible way to store a password, and there exist ways (such as the OS X and iOS keychain) to store passwords that aren't so abysmally trivial to access.
But since this is Android, well, it's *stupid* to point something like this out! If it were iOS, though, the tone here would be very different. In fact, back when iOS stored the location database cache (*not* a list of where you were, but the cache of Apple's much larger location database, which can be used to infer larger areas in which you most likely were), this was seen on slashdot as a horrible thing!
You guys are practicing platform-centric hypocrisy, to such an extent as to completely rewrite reality to suit your preferences. There's a word that gets tossed around here for merely saying something *nice* about Apple, so I'm sure I don't have to actually write it. But do consider for a moment how many of you can ever use it again without contradiction.
Slashdot Mirror
Obviously, if we had payload data it wasn't from routers, so obviously there had to be MAC Addresses that weren't from routers either.
Really? So, when this story first came out, you think it was "obvious" that Google was collecting MAC addresses from client devices as well? I don't mean in retrospect now that this story is out, but that at the time, you *specifically* had the thought "they also collected MAC addresses from clients, not just from the access points."?
And further, you think that this is something that most people thought as well? Really?
Yeah, only a non-programmer would think that software doesn't just "accidentally" record extra information that it wasn't programmed to...
C'mon, how do you write a program to log all MAC addresses, and not realize that it's going to collect all MAC addresses? Do you think they just talk to their vans and there was some sort of ambiguity? Like they said, "Google Van, please record MAC addresses and GPS coordinates", and it just interpreted it wrong because they were unclear?
Isn't it a bit funny how Google seems to keep "accidentally" recording so much data? There was nothing accidental about it. At best, it wasn't their primary focus, but it's extremely simplistic to think they didn't know what their software was doing.
And when you sit in your home and have a discussion with someone, perhaps you should be rather upset if someone drove around in a van with eavesdropping equipment and recorded your conversation.
Repeat this 1 in 10 ad nauseam for each individual who will never buy from Sony again due to the security breach. Hell even 1 in 20 and you're starting to truly hurt. Bro.
Exactly how many people do you think will never buy from Sony again due to the PSN hacks?
I would be extremely surprised if the actual number of such people exceeded 10,000.
Gwibber?
Leave it to Linux/OSS folks to come up with a name even worse than the thing they are cloning that already has a fairly ridiculous name.
That depends. Are you going to use an established store? Because they all take commission. And if you aren't going to use a store, you'll have overhead involved with billing and sales and support.
The next question is how many sales you can expect to make developing for some other platform. 70% of a large number is better than 84% of a small number.
And what do you do when you go into a bookstore? Do you not buy books unless the store doesn't add any mark up? How much did you pay for your computer parts at Fry's? I bet you paid more than Fry's paid the manufacturers.
Or what about the Android Market? Do you think Google runs it for free? Or Amazon itself?
And all this whining about Apple, Amazon's pricing policies for books and music have always been as bad, or worse, than Apple's.
Um, what? You can buy Kindle books directly from Amazon on iOS, without using In App purchases.
That would simply give Apple's iBooks a 30% advantage. This is just Apple fucking with people they see as competitors, and abusing their lock on the iProduct userbase to do so.
How, exactly, is this abuse? What stores are you aware of that don't put some sort of mark up on the products they sell?
If you want to use the In App system, you pay Apple, if you don't, you don't. That's fair. The ban on links isn't about "fucking" with anyone, it's about maintaining the user experience of iOS. It's jarring to have an app kick you out to Safari. That's one of the points Apple made when they introduced iAds.
"Worst thing"? You mean made a platform that is high quality, trusted, easy to use, and secure?
How awful!
But Apple has a complete monopoly of the iOS device market
By definition, they are allowed to control their own products. That is not called a monopoly. Otherwise the term "monopoly" becomes meaningless, since every company would be a monopoly.
I just don't get it. Why is it that if Google doesn't want to comply, their only option is to pull the app. But if Google were to strip Apple from it's search engine results, that would be anti-competitive behavior?
Google pulls sites from their search engine all the time. They do so when the rules are violated. Apple does the same thing with their App Store. Neither are anticompetitive behaviors.
Where did you get this idea?
It could, but that would mean landing in the same area. Mars is quite large, and it would be a shame to send a probe to the same location unless that location happens to be of extremely notable interest (such as either a potential human landing site, or something truly unique in almost science fiction proportions).
From a scientific point of view, Mars is a much more interesting world than the Moon (not to put down the Moon, there's quite a bit of science to be done there, but it's just that Mars is extremely more interesting).
As for colonies, I'm right there with you. LEO station -> Moon colonies -> Martian colonies. We should already be working on the last of those three, but instead we can barely seem to manage the first one.
What's the deal with all the "it's too complex, it'll crash" posts here?
What's the deal with nerds these days? You never accomplish what you don't try. Maybe it will crash, but maybe it won't. Better than not trying at all. And this is the sort of thing that should bring wonder and excitement to the people this site's masthead references.
That photo really should be at the beginning of the animation. It would provide some context that makes an already rather impressive landing even more so.
Oh please. The modern EULA is such a opaque monstrosity that calling anything buried in it "out in the open" is disingenuous at best.
Have you read Apple's EULAs? They aren't exactly "opaque monstrosities".
In any case, the location database snafu is not an good analogue. In the password case, even if the password was encrypted, the *decryption key MUST reside on the device* in order to be able to send the password.
Which means jack shit. It's still better than simply storing it plaintext in a database. There's just no way whatsoever to defend this without raising severe suspicion of fanboyism.
Apple could have easily encrypted the location database with a public key for which they retain the private key, and transmitted the encrypted data. Decryption on the device was not a requirement.
How does that make any sense? What good would a location database cache be if it's encrypted? The information is there to help the phone lock onto GPS, not for Apple.
And where does the iPhone store the encryption key protecting those passwords? On the device? Makes it a little bit useless then.
Um, the encryption key has to be on the phone at some point for it to work. Do you even understand encryption?
And the only way to keep it from being stored on the phone is to require some method for acquiring the key, either from the user, or from some external source (online, dongle, etc.).
You have severely misunderstood the article you linked to.
Go look at a blackberry to see disk encryption done properly - the key is not stored on the device, it's the derived from the user passphrase.
First off, I don't think you've described how it works on BlackBerry correctly. Second, the way it works on the iPhone is a key is generated, then it is encrypted with the user's passphrase. This is standard for encryption systems, including FDE.
Hint: the location database cache was not "secretly mining location"
Hint: Apple did tell their users.
Hint: Lack of encryption was one of the complaints against Apple.
That is a troll. The big problem with the iPhones wasn't that it was storing data in plain text. It was that Apple was collecting the data without the users knowledge. Apple then used doublespeak to make their fanboys believe that no data was being sent back to the mothership.
Absolute rubbish.
1. It was in the EULA. Not hidden or obscured, but out in the open.
2. The data found was a cache of Apple's location database. It never contained your actual location.
3. One of the issues *was* that it was in plaintext. Go to the slashdot article about it and control-f for "stalker" or "police".
4. Apple never claimed (or implied) that data wasn't being sent to them. In fact, they specifically stated that this is exactly what happens.
And, as a result, installing custom software requires jailbreaking the iDevice. I'm pretty sure thats the main reason (probably the only one, in fact) why Apple does this encryption.
Seriously, you hear some of the dumbest fucking things about Apple here on Slashdot. Encrypting the FS makes iOS more secure for the end-user. Apple sells hardware to their end-users. So good things for their end user (like a secure filesystem) is the reason they do this.
The Android model is a bit less secure: but its far more open.
Bullshit. Android is *far* less secure. Where's all the iOS malware? You hear of many dozens of programs being pulled (often using Google's "kill switch", which never seems to ruffle any feathers here, but even the mere *existence* of Apple's "kill switch" (which they've never used) raised a ruckus. this is the exact same mentality that leads to the absurd idea in the first quote of yours above--that anything Apple does is for evil reasons, and anything Google does is for good reasons!).
Android is much less secure, by design, and it's more open, but not "far more open". Where's the source for Honeycomb?
And yes, I realize not all Android phones are open and unlockable, and many companies do everything they can to lock it down. This, however, is not the fault of Android, but greedy phone makes and wireless providers.
That's just apologetics. If Android is locked down and it's still Android, you can't just brush that off. Google specifically designed Android to allow for this, and they even bless these locked down phones as being proper Android, and not just some perverted branch of the AOSP, which is the only truly open version of Android, but is not Android proper.
Oh, and keychains don't add any real security, they just make it slightly harder to hack. Encryption is not magic. Encrypting with data on the device, as iPhones do, is nearly worthless.
Again, bullshit. Keychains add real security. You can't just mount the filesystem and read the contents of the keychain. You can't use an app on a rooted/jailbroken iPhone to read the keychain contents.
No one said "encryption is magic". But it's vastly better than plaintext storage.
It's pathetic that so many Slashdotters (who are supposed to be nerds) won't even accept that some sort of encrypted system is better than plaintext for storing password. Absolutely pathetic.
Oh look, another dumb person thinking that Slashdot is a single mind.
Where did you get such a foolish notion?
Absolutely incorrect, and a perfect example of the Android fanboyism I was talking about.
There's absolutely no way to argue against the idea that plaintext password storage is the *worst* way to store passwords. Period. There is no further discussion.
Storing them in a place that is normally restricted is better than just storing them in the user's home directory, or in a globally accessible location. But to say there's no reason to encrypt the password is absurd. Somehow Apple does a great job with the keychain. There's no excuse for an OS to not have some mechanism for locking passwords away.
Further, the "hypocrisy" here is that when Apple stored a location database cache in plaintext, you lot were up in arms. Hypocrisy.
If a user can get access to the folder where these files are stored, they already have enough information to break any remaining encryption on the device.
That is absolutely incorrect. See the iOS/OS X keychain for more details.
Somebody being evil means that they're likely to be evil in whatever they do; someone doing evil means they may have made a rare mistake and will fix it, or perhaps they're blind to the evilness of that one particular area.
Ignoring the absurdity of using the term "evil" when it comes to these sorts of things for a moment, how exactly do you define "being evil" if that doesn't include "doing evil"? And how do you define "doing evil" without that including "being evil"?
It's possible for a non-evil entity to do the occasional evil either accidentally, or by necessity, but which of these is the case here? Google isn't "accidentally" banning whole accounts, and they can easily cancel the Google+ service on an account without banning the whole account, so this can't be "by necessity" either.
So how is this justified?
Is obvious that someone complaining about <strike>software</strike> Android storing passwords in plain text doesn't know how things work.
FTFY
Everyone knows storing passwords in plain text is the worst possible way to store a password, and there exist ways (such as the OS X and iOS keychain) to store passwords that aren't so abysmally trivial to access.
But since this is Android, well, it's *stupid* to point something like this out! If it were iOS, though, the tone here would be very different. In fact, back when iOS stored the location database cache (*not* a list of where you were, but the cache of Apple's much larger location database, which can be used to infer larger areas in which you most likely were), this was seen on slashdot as a horrible thing!
You guys are practicing platform-centric hypocrisy, to such an extent as to completely rewrite reality to suit your preferences. There's a word that gets tossed around here for merely saying something *nice* about Apple, so I'm sure I don't have to actually write it. But do consider for a moment how many of you can ever use it again without contradiction.