Amazon Audible says that it provides as part of it's conditions of use/policies the Amazon Privacy Notice. Then in that document they the mobile app may use the user's location but that "most mobile devices provide users with the ability to disable location services." This privacy policy is misleading because the instructions (and instructions from Android device manufacturers) is to turn the GPS service off.
It should also be noted that users of Audible are locked into using this app on Android because the content is provided in an obfuscated format. So not only does the advice of the privacy policy to turn off location services not work, using alternatives apps are also not a supported option under Audible's terms of use.
I have tried a couple times to get in touch with Audible/Amazon support. They refused to admit to the use of Kochava embedded in Audible or that any location tracking was continuing to take place. It was implied that the activity of Audible must be due to a different app installed. And while they claimed an Audible developer would get in touch with me, it has been several months with no follow-up.
Overall, I get the feeling that customer privacy really is not a priority for Amazon and being misleading about the lack of privacy they provide is just part of the business model.
Google Home only comes with a 1 year warranty. This is exactly the same length of time that Revolv Hub users had. Once the warranty ended, Google indicated it had the right to intentionally brick the device. I don't want to spend $129 on a device which is set to die by policy in just 12 months. And I really do not want to take the time to write to an API to encourage others to buy into the scam. Given how Google has clarified their policies to be so anti-consumer, I don't see how anyone could see this product worth spending time or money on.
When GMail-Man invades your privacy to match ad-words, it is called Scroogling.
When Hotmail-Boy invades your privacy, that should probably be called MicroScrewing. But unlike Google that want to hit you with all sorts of advertising, you can sleep more soundly knowing that Hotmail-Boy is just trying to build a criminal case against you.
By the way, when Microsoft called for Safari users to boycott Google for privacy violations and switch to Bing, they probably should have also noted that Bing's privacy statement required Bing users to also agree to the Google Analytics privacy policy. So, they want you to boycott Google by agreeing to yet another Google privacy policy.
Thank goodness Microsoft is working so hard to protect our privacy. With friends like them... *sigh*
[they] strongly encourage the top projects to use a new (closed source only) installer
SourceForge not only seems to have missed this key point but has completely reversed it's previous position on Open Source being a key component to transparency. Instead, SourceForge claims:
The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps...
Who says it has no deceptive steps? How do I audit the source code to the installation flow?
For anyone that reads the SourceForge blog, this seems to be a very jarring change in prospective on the part of SourceForge. Several previous SourceForge blog posts bring up transparency, but always in the context Open Source Software. Before November 2013, I can't find any SourceForge blog posts that refer to close source as "fully transparent." I also can't find any other SourceForge blog post that tries to claim close source software contain no deceptive steps. Once SourceForge is able to make the leap that a close source installer is fully transparent, there really is no common ground to continue a discussion on. It isn't a matter of a third party being a bad actor, SourceForge itself is the bad actor. This SourceForge blog post is proof of erosion taking place on fundamental ideal which where the foundation of SourceForge.
Microsoft continues to make use of MD4 for password hashing in the Security Account Management part of the registry. The authors of MD4, RSA, had recommended for a long time switching to MD5 and now recommends using MD6, Other members of the security community also recommend using a stronger hash function, combining a salt string with the password and doing multiple rounds of the hash function. Microsoft has failed to do any of these recommendations.
MS-CHAPv2 also continues to be part of Microsoft's offering as well. Support for this is included in their OS for PPTP, iSCSI and 802.1x (and possibly others). As pointed out in the article, attacking MS-CHAPv2 is now as simple as cracking a single DES key.
It is nice the Microsoft is recognizing some of the advice of the security community and taking steps to phase out SHA-1 and RC4. But I have a hard time applauding Microsoft when this is just the tip of the iceberg of weak hashing functions and protocols in popular use in their software.
I think it is an interesting idea of have a third party audit the code. However, I see the following problem with it:
They do not name who will be auditing the code. I think it makes a huge difference if Harold & Kumar perform a security audit in comparison to Bruce Schneier, Steve Gibson and Theo de Raadt perform a security audit.
The security audit will be against a specific version and doesn't answer the question of if someone with government level resources could sneak something into a future version.
Purpose of funding a security audit is usually with the hope it will turn up nothing. However, even if nothing is found, that does not prove nothing sneaky exists.
The advantages of also having a Bug Bounty is:
It extends to a wider base of security auditors since anyone interested in collecting the bounty can be included.
It extends across multiple versions for as long as the bounty is still being offered.
It only needs to be payed out if some problem is actually found.
It seems like this might be the best time to start promoting use of Ekiga to friends that are still back on Skype. I keep seeing less advantages to Skype over the alternatives with each update. What Microsoft considers enhancements seems to be far from what the rest of the community would consider to be providing value. Overtime, I expected Skype to be known as the client needed to interact with Xbox One users. Other than that, it really isn't that great of a communication client.
The article states: "... it is a feature, and a lingering sign that Apple continues to trust their customers not to steal software – and that, my friends, is a beautiful thing indeed."
The question I have is why does a company that has trust in it's customers need to be a member of anti-piracy groups like the Business Software Alliance [1]?
There are two things that has bothered me about people claiming Apple should be praised for allowing people to choose if they want to buy iWorks/iLife or just continue using the trial version:
(1) Steve Jobs had once claimed that with the upgrades of Mac OS X that "And everyone gets the ‘Ultimate’ version."[2] He was referring to Windows providing some features only if you upgrade to the highest priced flavor of the OS. But the truth is that Mac OS X by itself doesn't have all of the features of Windows Ultimate. It didn't have it back in 2007 when Steve Jobs made the statement and still doesn't now. For everyone to get a Mac OS X that has feature for feature what Windows Ultimate provides, Apple should have just bundled iLife and iWorks with Mac OS X.
(2) The true cost of using iLife and iWorks is not the initial purchase price but rather the vendor lock-in. Once someone becomes used to using iLife/iWorks as part of their daily routine, it is somewhat jarring to switch to another application. There are other alternatives that do similar things but they are not the same. While Apple has a set of libraries to makes it possible to port their application to Windows (as they have done with iTunes), iLife/iWorks mostly is only available on Mac OS X. The iCloud flavor of some of the apps is very much beta and incomplete. So, the bottom line is once you become accustom to iLife/iWorks, regardless of how you got hold of the applications, you are much more likely to continue using Mac OS X since those applications lock you into OS X to continue to use them.
Worst of all, Apple has a history of distrusting their users to let them know what products which where marketed as having a "flawless design" clearly have serious design flaws (overheating, not being able to power on after a shorter than expected life, not able to make phone calls when held a common way, etc). To claim Apple trust of it's customers is a beautiful thing is just failing to look at the big picture when it comes to Apple.
While it doesn't change the bad taste in the mouth that forcing this change, it is not exactly true the minimal cost for a code signing certificate is $100 per year. Startcom has for a long time now challenged common CA pricing including free server and s/mime certificates. While their code signing certificates aren't free, $60 per year is not bad. It still beats the $100 per year fee to be an Apple iOS application developer.
For those on the majority market share browser [1], Chrome, there has already been a trend away from Java. It already will pop up a warning that Java can't be trusted. Firefox has also been producing warnings regarding use of Java. Also, future versions of Chrome will take things to the next level as they plan to remove all NPAPI support (which Java currently depends on for in-browser applets) by the end of 2014. Given how poor a job Oracle has done with serving the Java community so far, I find it unlikely there will be any port of Java to use Pepper API to NaCl to continue to provide Java applets for Chrome. It is more likely that Oracle will try to push the webstart out of browser launching of Java applications as a replacement for the in-browser plugin. As for in-browser applets like projects, the message seems clear that casual and professional programmers alike should be considering HTML5 and javascript instead of Java.
[1] http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
You may have some miscommunications with your current provider which if you can get resolved may allow to you address your 503's without have to change providers.
I do not typically see HTTP 503 error codes for static web pages so I am going to guess you are seeing the error for dynamic web pages. For dynamic webpages, a CDN is of limited usefulness.
Things to look into:
For 1,000 concurrent visitors you may be having over 200 concurrent HTTP sessions at which point the Apache web server does not fair as well. The solution is to upgrade to a multi-threaded web server such a LiteSpeed Technologies web server (works with cPanel, Plesk, etc) or you could try nginx.
Confirm the system is not running out of RAM. Have the manage web host check the logs from "sar" to see if the system is using a lot of swap space at the times you get 503 errors.
Confirm the system is not waiting excessively for disk access. Have the manage web host check the logs from "sar" to see if the I/O Wait is high at the times you get 503 errors.
If the application uses a back-end database server such as MySQL, the ask your manage web host to tune the server parameters (such as my.cnf). They can also enable slow query logging to monitor for queries which are causing performance problems such as table locking. Custom applications which incorrectly do SQL joins using non-indexed variables may need to be re-written to address the performance issues they cause. Usually getting a developer to correct any poor application code is the responsibility of the customer even with full management. However, the full management should allow you to find out what poor performing queries are being made.
If the application causing 503 errors is written in PHP, ask the managed web host to enable a byte-code cache such as eAccelerator or APC.
If the application causing 503 errors is a commercial application such a vBulletin then ask them for additional advise. The authors of the application will better be able to advise how to address issues with their own application than any web host can. They may be able to assist you in how best to interact with your managed web host to get things resolved.
If the application causing 503 errors has an active community forum or other forms of support to get advice, then take advantage of it. Just like with commercial web applications, the application community will be able to give you the benefit of their experience that is specific to the application which will exceed the experience any generalized web host will have with it.
If you continue to have problems with your current web host, then the company I work for (Steadfast) does provide managed web servers and have been able to resolve these types of issues for other customers in the past. You can also get advise about other web hosting companies with managed web server solutions from the Web Hosting Talk forums. If you have a control panel such as cPanel, Interworx or Plesk, it should be fairly easy for you to migrate your websites between hosts. Otherwise, changing web hosts may open up another can of worms where you become responsible for transferring the web sites to the new host before being able to proceed further with addressing what is causing the 503 errors.
Good luck.
At the speed at which Google is shutting down services, it kind of begs the question if Sophie will grow up fast enough to ever read her dad's journal to her? It seems increasingly likely that the majority of services Google provides today will each be discontinued over the next 18 years (16 if you consider 2011 to be the year of "her" birth).
Over the course of this year Googles has shown an quickly diminishing quality in handling how to treat and communicate with it's users:
Announced discontinuing of Google Reader due to lack of use/popularity (without ever having done anything to promote it)
Shut down Google SMS without any advanced warning due to lack of use/popularity
Announced shut down of XMPP regardless of amount of use/popularity and in violation of the claims of Larry Page that there exists an "open offer to interoperate forever"
Maybe someone should teach Larry Page how to find the meaning of "forever." I heard there is a company that specializes in finding web pages about specific topics. I wonder if that could assist in teaching him what forever means. My understanding is forever is a very long time and not just until later the same day another employee decides to announce it will be discontinued.
What makes the Ouya exciting is it's ability to play games and it's performance exceeds several existing platforms which have worked fine for playing games. Ouya is ranked 73rd because of it's score of 4077.
This beats the following popular platforms (score/name):
3551 ASUS Nexus 7
3569 ASUS Transformer Pad TF300T
3920 ASUS Transformer Prime TF201
3347 Samsung Galaxy Note II
2894 Samsung Galaxy S III (Exynos 4 Quad)
3590 HTC One X
3341 LG Optimus 4X HD
3501 Amazon Kindle Fire HD
1959 Amazon Kindle Fire
If the Ouya ends up being restricted to only be able to play the same sort of games already available for the following devices above, it is still exciting for being able to bring them to the TV for $99. It is unlikely that Gamestick will perform any better.
Slashdot Mirror
Even with the GPS turned off Audible still sends the network router MAC address and SSID to kochava.com which is resolved to the user's location. Kochava admits to using their "IdentityLink" tracking in the Audible app. Kochava also promotes the fact their reports include geolocation.
It should also be noted that users of Audible are locked into using this app on Android because the content is provided in an obfuscated format. So not only does the advice of the privacy policy to turn off location services not work, using alternatives apps are also not a supported option under Audible's terms of use.
I have tried a couple times to get in touch with Audible/Amazon support. They refused to admit to the use of Kochava embedded in Audible or that any location tracking was continuing to take place. It was implied that the activity of Audible must be due to a different app installed. And while they claimed an Audible developer would get in touch with me, it has been several months with no follow-up.
Overall, I get the feeling that customer privacy really is not a priority for Amazon and being misleading about the lack of privacy they provide is just part of the business model.
Google Home only comes with a 1 year warranty. This is exactly the same length of time that Revolv Hub users had. Once the warranty ended, Google indicated it had the right to intentionally brick the device. I don't want to spend $129 on a device which is set to die by policy in just 12 months. And I really do not want to take the time to write to an API to encourage others to buy into the scam. Given how Google has clarified their policies to be so anti-consumer, I don't see how anyone could see this product worth spending time or money on.
When Hotmail-Boy invades your privacy, that should probably be called MicroScrewing. But unlike Google that want to hit you with all sorts of advertising, you can sleep more soundly knowing that Hotmail-Boy is just trying to build a criminal case against you.
By the way, when Microsoft called for Safari users to boycott Google for privacy violations and switch to Bing, they probably should have also noted that Bing's privacy statement required Bing users to also agree to the Google Analytics privacy policy. So, they want you to boycott Google by agreeing to yet another Google privacy policy.
Thank goodness Microsoft is working so hard to protect our privacy. With friends like them ... *sigh*
[they] strongly encourage the top projects to use a new (closed source only) installer
SourceForge not only seems to have missed this key point but has completely reversed it's previous position on Open Source being a key component to transparency. Instead, SourceForge claims:
The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps...
Who says it has no deceptive steps? How do I audit the source code to the installation flow?
For anyone that reads the SourceForge blog, this seems to be a very jarring change in prospective on the part of SourceForge. Several previous SourceForge blog posts bring up transparency, but always in the context Open Source Software. Before November 2013, I can't find any SourceForge blog posts that refer to close source as "fully transparent." I also can't find any other SourceForge blog post that tries to claim close source software contain no deceptive steps. Once SourceForge is able to make the leap that a close source installer is fully transparent, there really is no common ground to continue a discussion on. It isn't a matter of a third party being a bad actor, SourceForge itself is the bad actor. This SourceForge blog post is proof of erosion taking place on fundamental ideal which where the foundation of SourceForge.
Microsoft continues to make use of MD4 for password hashing in the Security Account Management part of the registry. The authors of MD4, RSA, had recommended for a long time switching to MD5 and now recommends using MD6, Other members of the security community also recommend using a stronger hash function, combining a salt string with the password and doing multiple rounds of the hash function. Microsoft has failed to do any of these recommendations.
MS-CHAPv2 also continues to be part of Microsoft's offering as well. Support for this is included in their OS for PPTP, iSCSI and 802.1x (and possibly others). As pointed out in the article, attacking MS-CHAPv2 is now as simple as cracking a single DES key.
It is nice the Microsoft is recognizing some of the advice of the security community and taking steps to phase out SHA-1 and RC4. But I have a hard time applauding Microsoft when this is just the tip of the iceberg of weak hashing functions and protocols in popular use in their software.
I think it is an interesting idea of have a third party audit the code. However, I see the following problem with it:
The advantages of also having a Bug Bounty is:
It seems like this might be the best time to start promoting use of Ekiga to friends that are still back on Skype. I keep seeing less advantages to Skype over the alternatives with each update. What Microsoft considers enhancements seems to be far from what the rest of the community would consider to be providing value. Overtime, I expected Skype to be known as the client needed to interact with Xbox One users. Other than that, it really isn't that great of a communication client.
The question I have is why does a company that has trust in it's customers need to be a member of anti-piracy groups like the Business Software Alliance [1]?
There are two things that has bothered me about people claiming Apple should be praised for allowing people to choose if they want to buy iWorks/iLife or just continue using the trial version:
(1) Steve Jobs had once claimed that with the upgrades of Mac OS X that "And everyone gets the ‘Ultimate’ version."[2] He was referring to Windows providing some features only if you upgrade to the highest priced flavor of the OS. But the truth is that Mac OS X by itself doesn't have all of the features of Windows Ultimate. It didn't have it back in 2007 when Steve Jobs made the statement and still doesn't now. For everyone to get a Mac OS X that has feature for feature what Windows Ultimate provides, Apple should have just bundled iLife and iWorks with Mac OS X.
(2) The true cost of using iLife and iWorks is not the initial purchase price but rather the vendor lock-in. Once someone becomes used to using iLife/iWorks as part of their daily routine, it is somewhat jarring to switch to another application. There are other alternatives that do similar things but they are not the same. While Apple has a set of libraries to makes it possible to port their application to Windows (as they have done with iTunes), iLife/iWorks mostly is only available on Mac OS X. The iCloud flavor of some of the apps is very much beta and incomplete. So, the bottom line is once you become accustom to iLife/iWorks, regardless of how you got hold of the applications, you are much more likely to continue using Mac OS X since those applications lock you into OS X to continue to use them.
Worst of all, Apple has a history of distrusting their users to let them know what products which where marketed as having a "flawless design" clearly have serious design flaws (overheating, not being able to power on after a shorter than expected life, not able to make phone calls when held a common way, etc). To claim Apple trust of it's customers is a beautiful thing is just failing to look at the big picture when it comes to Apple.
[1] http://www.bsa.org/about-bsa/bsa-membership
[2] http://macdailynews.com/2007/10/16/apple_mac_os_x_leopard_leaps_october_26/
While it doesn't change the bad taste in the mouth that forcing this change, it is not exactly true the minimal cost for a code signing certificate is $100 per year. Startcom has for a long time now challenged common CA pricing including free server and s/mime certificates. While their code signing certificates aren't free, $60 per year is not bad. It still beats the $100 per year fee to be an Apple iOS application developer. For those on the majority market share browser [1], Chrome, there has already been a trend away from Java. It already will pop up a warning that Java can't be trusted. Firefox has also been producing warnings regarding use of Java. Also, future versions of Chrome will take things to the next level as they plan to remove all NPAPI support (which Java currently depends on for in-browser applets) by the end of 2014. Given how poor a job Oracle has done with serving the Java community so far, I find it unlikely there will be any port of Java to use Pepper API to NaCl to continue to provide Java applets for Chrome. It is more likely that Oracle will try to push the webstart out of browser launching of Java applications as a replacement for the in-browser plugin. As for in-browser applets like projects, the message seems clear that casual and professional programmers alike should be considering HTML5 and javascript instead of Java. [1] http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
I do not typically see HTTP 503 error codes for static web pages so I am going to guess you are seeing the error for dynamic web pages. For dynamic webpages, a CDN is of limited usefulness.
Things to look into:
If you continue to have problems with your current web host, then the company I work for (Steadfast) does provide managed web servers and have been able to resolve these types of issues for other customers in the past. You can also get advise about other web hosting companies with managed web server solutions from the Web Hosting Talk forums. If you have a control panel such as cPanel, Interworx or Plesk, it should be fairly easy for you to migrate your websites between hosts. Otherwise, changing web hosts may open up another can of worms where you become responsible for transferring the web sites to the new host before being able to proceed further with addressing what is causing the 503 errors. Good luck.
Over the course of this year Googles has shown an quickly diminishing quality in handling how to treat and communicate with it's users:
Maybe someone should teach Larry Page how to find the meaning of "forever." I heard there is a company that specializes in finding web pages about specific topics. I wonder if that could assist in teaching him what forever means. My understanding is forever is a very long time and not just until later the same day another employee decides to announce it will be discontinued.
What makes the Ouya exciting is it's ability to play games and it's performance exceeds several existing platforms which have worked fine for playing games. Ouya is ranked 73rd because of it's score of 4077. This beats the following popular platforms (score/name): 3551 ASUS Nexus 7 3569 ASUS Transformer Pad TF300T 3920 ASUS Transformer Prime TF201 3347 Samsung Galaxy Note II 2894 Samsung Galaxy S III (Exynos 4 Quad) 3590 HTC One X 3341 LG Optimus 4X HD 3501 Amazon Kindle Fire HD 1959 Amazon Kindle Fire If the Ouya ends up being restricted to only be able to play the same sort of games already available for the following devices above, it is still exciting for being able to bring them to the TV for $99. It is unlikely that Gamestick will perform any better.