He was on openly announced medical leave, and was plainly, visibly, quite ill. The fact that he didn't send a bunch of bloggers and IT pundits a weekly email update on his health is, officially and in all probability, legally, of no consequence, due to his leave of absence.
The difference, of course, being that design or operation errors in wind power systems are highly unlikely to kill dozens of people instantly, hundreds or thousands of people over months and years, nor render thousands of square miles uninhabitable for sufficient multiples of the half-life of uranium, plutonium, or whatever other radioactive by products are released into the water or atmosphere in an industrial accident so as to avoid a legacy of genetic deformity in the affected area. See: Chernobyl Legacy: a photo essay by Paul Fusco.
I'm a proponent of nuclear energy in the abstract sense that it would be useful to help us out of the acidified ocean mess we're heading into, but there exist enormous problems which the nuclear power industry didn't fully appreciate in the 1970s (when the technologies in all currently operating reactors were designed). The industry will continue to treat waste disposal and many components of accident risk as externalized costs, left to their own devices. (Externalized costs are a natural by-product of a capitalist system. To counter balance that effect we invented the useful concept of government regulation. Note that quite similar externalities also existed in the communist systems which produced Chernobyl, which, like the capitalist systems of the west, also didn't do natural resource accounting nor assign a value to the cost of safety, accidents, pollution, nor maintenance of a thousand-square-mile "exclusion zone" for hundreds of years, in their economic models and business plans.)
Much safer designs are possible, but we need dramatically safer, accident-proof, terrorist-proof, designs. We can probably do that, too, but it will cost more, and we'll need to actually do it, before we deploy a new generation of plants. Oh, and uranium and plutonium are fossil fuels, too. Here's a discussion of Thorium, molten salt, low pressure containment, reactors.
Moderators, please correct the unfortunate rating of the parent post, from "interesting" to "desperately overrated at 0". The comment is not interesting, it's actually facile. The electric grid does need to be modernized to handle millions of scattered wind turbines, each generating a relatively quite small amount of power, with substantial fluctuation over time scales of seconds, minutes, and hours.
A few hundred scattered hydroelectric dams, generating enormous amounts of power, consistently over human-manageable-by-making-phone-calls-and-pulling-levers time horizons like days and weeks, is not anywhere near a sufficient analog to be considered worthy of an up-mod in this discussion.
The parent isn't even aware of the most basic information about the problem of the electric grid, which has been widely discussed in recent years in places geeks read. The path to enlightenment on this issue begins here: Electric Power Transmission.
Objective C is used to build the apps on the iPhone. Sure, some developers might elect to use some C or C++ code, particularly if they have a mountain of it they are porting, but there is a lot of Objective C running on the phone, even in games, and it's... snappy!
The platform and tools are OSX and XCode, and are not available on other platforms, hitherto frequently derided as being either insufficient or insufficiently "open" by developers with an interest in multiple platforms, and certainly not considered to be "pretty standard".
The types of games include FPS and highly graphics oriented games, some of them derived from "regular/bigger" projects.
If there's anything "slow" hereabouts, it's probably not Objective C.
In addition to the rapid growth of the platform's installed base, the flood of interest in iPhone gaming has some interesting characteristics:
game developers are learning Objective C, Cocoa, and libraries like Core Animation,
game developers seem to like the Apple platform and tools,
games are being ported to and developed for OS X, which is really "Mac OS X Mobile Edition".
Together, these substantially reduce the marginal costs of, and the psychological barriers to, porting games to Mac OS X. Apple could do a few things to shake the gaming industry up even more.
License Mac OS X and/or iPhone OS X to another game console maker for next generation consoles.
Extend the reach of Apple TV into the gaming console market by adding some horsepower, features, and accessories.
Buy one or more prominent game content makers, like, oh, say... Blizzard Entertainment, perhaps.
Those sort of moves might seem unlikely, but might not be all that far fetched. Licensing OSX to a game console maker is even conceivable, since it doesn't present the threat that licensing to clone makers did to the Mac. One such licensing agreement would vault Cocoa to the top gaming platform.
Apple could absorb a few game content providers without smothering the life out of them, as apparently the Microsoft acquisition of Bungie threatened to do, until Bungie managed to burst out of Microsoft screaming, "liberation!"
Given the enormous number of their customers who called with similar complaints, a modern well run help desk (which they do seem to have) would have resulted in this issue floating to the top of the list. This happens on auto pilot for a modern help desk, which reviews categories of unresolved issue types at least every month, probably daily in the case of a phone company.
In the review session, a manager who gets a bonus based on the percentage of resolved calls says something like: "Hey, we're still getting a boatload of complaints about the auto warranty robo dialers, and we still don't have an answer for this."
In this case, the issue would float to the top of the list month after month for over a year. The help desk has a huge incentive to at least come up with a "stock answer", because unresolved issues hammer their stats, causing customers to fill out surveys negatively, and eat away at bonus incentives. Heck, if they only received calls from 5% of iPhone using Slashdot readers, then they got enough calls to raise this issue up to the level of senior management.
I'm guessing at some level a lot higher than the person answering the phone, this question was considered, escalated one more unfortunate career limiting level, probably more than once in the past year. They thought about it. They chose not to act. This kind of thing often results in epic internal bureaucratic struggle, usually between people who have a bonus based on some customer satisfaction metric affected by the problem, and senior management who bet that the customer annoyance will not result in an FCC fine larger than the profit from the questionable activity, which, after all, is conducted not by your organization, but by a customer. I hope one day someone leaks a memo or two, so we can all see that yes, in fact, the issue was raised above the front line help desk.
These people robo dialed the hell out of the 202 area code, starting well over a year ago, and not ending until they were busted. I sat in rooms in DC where I'd get this call, and a few minutes later someone else in the room got it, more than once. There were, undoubtedly, many influential federal government employees, Congresspersons, Senators, an White House staffers also victimized by these calls to their cell phones, both government and private. Why did it take this long to put a stop to this? The world may never know.
The real problem here is the phone companies. I tried reporting this issue to AT&T a few times, and found them to be singularly disinterested. They wouldn't even tell me who kept calling my cell phone over and over, trying to sell me the same thing over and over. The scammers were clearly robo calling as they didn't know *who* they were calling. I received from a few to several of these calls each week for several months.
Scams like this undoubtedly generate hundreds of thousands, maybe millions of dollars a year in revenue from long distance and 800 number services, which probably include helping the scam artists hide their contact information from their victims. The phone companies had no interest at all in this problem, even when clearly thousands of legitimate customers complained about it. Not only were they making money from the scammers annoying calls, but the phone company also offered me the chance to pay an additional monthly fee to stop solicitation calls. When I asked point blank, they admitted that the service would not stop the robotic calls about which I'd called to complain. In addition to that, the phone companies were charging air time to victims, when the robotic caller dialed cell phones (like mine).
The phone companies, all of them, are complicit in this scam, and should be jointly prosecuted with the scammers.
Microsoft has, for years, maintained three separate tools in this space (that I know of, there might be others). They change the names of them periodically, to confuse their hapless victims.
Microsoft Windows Malicious Software Removal Tool
You gotta read this page. They release a new version every month. It apparently cannot remove viruses which are not actively running. Why is this tool not built in to Microsoft Windows Defender?
Windows Live One Care
This link shows a forum moderator, chastising a poor infested user for asking a question about a different Microsoft antivirus product -- Microsoft Windows Defender. Why are these separate products, again?
These should be one product. The fact that Microsoft maintains three separate products to deal with this problem is, itself, an indication of a very serious ongoing problem at Microsoft. As a company, they still don't take this seriously.
You're looking at Akamai content caches. It doesn't seem to be a secret that the iTunes Music Store (purchasing engine, link handlers, content master archives) runs on Mac OS X Server, on XServer hardware. When the store first started, there was some Solaris in the mix, but that hasn't been the case for years.
Since your organization probably has Windows clients, you can only long for something as nice as Mac OS X Spotlight Server.
Google Search Appliance is definitely what you want.
If you have a mid sized company you definitely don't have the surplus of highly talented systems administrator talent laying about to run one of the document management systems that others here are likely to suggest. Be very careful going down the document management server path. It's far, far more work than you think it will be, than the vendor will tell you it is. Not simply more work for you, but for your IT staff and your users, too.
The Google Search Appliance, by contrast, is "fire and forget". Plug it in. Turn it on. Patch it when Google suggests you do so. That's about it.
"I'm sure 99.9% of the people on Slashdot, who care enough to open the discussion know what ZFS is, and those who don't are perfectly capable of entering the term "ZFS" into Google."
Uhm... did you *read* this discussion? I'd say it's more like 50%.
It's a widely known fact that Apple uses Mac OS X Server to host the iTunes Music Store. No, I'm not going to provide you with a link. Learn to use Google.
" I mean, lets be honest no one really uses OSX Server for anything really mission critical that relies on it for the kind of storage capabilities ZFS would provide. Do they? Feel free to correct me with real world usage senarios of OSX Server ( I haven't heard of much)."
.
By the way, have you heard of the iTunes Music Store? The iPhone App Store? Yikes.
Right. Apple's going to take their fancy schmancy high powered kernel hacking filesystem writing developers (some of which were rescued at great expense and inconvenience from Sun, and Be, Slashdot's other favorite filesystem makers) and reassign them to work on Voice Memo for iPhone. That's why ZFS is behind schedule. Why didn't I think of that?
Filesystems often don't appear to be extensible, which is why Sun invented VFS. In any case, Apple's previously announced plan was to incorporate ZFS into Mac OS X Server, where a case-sensitive filesystem would be just fine with many potential users. Certainly a version of ZFS which directly incorporated some of these other HFS+ features might be useful on Mac OS X, and couldbe named ZFS+ or something.
Please contemplate the reason that Google recently begged and pleaded that only developers download the *developer* release of Google Chrome for Mac and Linux, and begged people not to blog and whine and bitch about its shortcomings. (They were aware of its shortcomings. It's a work in progress.)
If you want to know more about ZFS, start here: ZFS
If you want to know more about designing and building filesystems, there is an excellent discussion here (this book should be required reeading for all software developers and systems administrators, regardless of what types of systems you tend): The Design and Implementation of the 4.4 BSD Operating System
If you want to know more about the chief failing of the human intellect (our own limitations) start here: Incompetent People Really Have No Clue, Studies Find: They're blind to own failings, others' skills
Personally, (just between you and me, the internet, and alien archeologists a billion years from now) I interpret this finding to be scientific evidence supporting The Dilbert Principle: "People are stupid." That is to say, we are all stupid about most things, most of the time. The trick is to figure out when you don't know what you're talking about, at which point you stop talking, and start reading or asking questions.
Complex and revolutionary software systems, like good food, take time. ZFS has tremendous potential. It might not be finished yet, or Apple might take the lessons learned from ZFS and use them in a different way (HFSEFK - HFS Extremely Fraking Cool).
"track record says the bad guys already have the exploit code"
This is "popular wisdom". However, popular wisdom isn't providing a sufficiently complete analysis of the data. The best public information about this comes from the history of worm exploits. It's not at all clear that exploits are always known by the bad guys first. In fact, there have been quite a few incidents which appeared to be cases of bad guys racing to create an egg and drop it into a pre-canned bit of malware. The starting gun has often appeared to be the first public notice about a type of exploit in a particular part of a product. When exploit code was published, the defensive team usually lost the race.
"Oh, please. They had sufficient time for a relatively simple exploit to be patched. This guy stalled them with vague non-responses and shit never got done, so milw0rm posted it publicly. That's what security folks do. It's not their fault that he decided that fixing the software he put his reputation behind wasn't worth it."
Well, not exactly. There is a raging debate over whether this is an appropriate tactic, and this incident will go down in the security text books as an example of why the debate exists. Opposite your opinion is something like, "That's what publicity seeking sociopathic nerds, masquerading as [security folk] do."
There is a fundamental tension between wanting to know if a system you own is vulnerable to some defect, and wanting to keep the exploit code out of the hands of The Bad Guys(TM). In this case, however, it seems pretty clear that simply knowing the name of the product (not even the version) was enough, exploit code wasn't required (as it sometimes is when scanning large numbers of systems that might be at indeterminate patch levels, for example).
There are quite a few actions one could take between "notify the vendor" and "release exploit code" which appear to have been skipped. That's irresponsible, not, "what security folks do".
Frankly, I don't understand how organizations or consultants who do this kind of thing manage to stay in business. If you were a big company with a bunch of interlocking IT systems and limited resources, would you hire someone who had a track record of publishing exploit code before patches were available? Suppose this consultant found some issues, which your organization couldn't respond to as quickly as you would like? Does that consultant become a risk to you now, simply because you didn't fix something in a manner timely enough to suit them? How do you know they wouldn't publish details of your vulnerabilities, because some snot nose punk with an inflated sense of self-righteousness thought you were ignoring him?
I don't operate that way, and neither do any of the fine security consultants who work for me or with me. I work discretely with my clients until they get their problems fixed. That sometimes means doing a lot more work than *should* be required to get the attention of a vendor. However, it has never yet meant publishing exploit code prior to patch availability.
It's because it generates more ad revenue for web sites like Slashdot, Gizmodo, Engadget, et al. Stories like this about the latest Nokia wouldn't generate any traffic.
Every other phone on the AT&T network does *not* support 30 fps + audio vga resolution video messages. It's very likely that AT&T believes that their infrastructure would collapse under the load. They are probably right in that assessment. You, however, are correct that AT&T still doesn't "get it" on the whole. They have a lot of ground to cover before they can be a phone company that I don't want to flee, first chance I get to take iPhone elsewhere.
Apple was clearly not pleased with AT&T regarding MMS and tethering. If AT&T had a good reason, Apple would have held these features back until AT&T could be ready. In fact, it might well be the case that Apple already *did* hold these features back, as much as a year, and AT&T still isn't ready. Apple is inviting their audience to complain to AT&T. I recommend that AT&T receive a call from all of you iPhone customers who are annoyed by this.
Slashdot Mirror
He was on openly announced medical leave, and was plainly, visibly, quite ill. The fact that he didn't send a bunch of bloggers and IT pundits a weekly email update on his health is, officially and in all probability, legally, of no consequence, due to his leave of absence.
The difference, of course, being that design or operation errors in wind power systems are highly unlikely to kill dozens of people instantly, hundreds or thousands of people over months and years, nor render thousands of square miles uninhabitable for sufficient multiples of the half-life of uranium, plutonium, or whatever other radioactive by products are released into the water or atmosphere in an industrial accident so as to avoid a legacy of genetic deformity in the affected area. See: Chernobyl Legacy: a photo essay by Paul Fusco.
I'm a proponent of nuclear energy in the abstract sense that it would be useful to help us out of the acidified ocean mess we're heading into, but there exist enormous problems which the nuclear power industry didn't fully appreciate in the 1970s (when the technologies in all currently operating reactors were designed). The industry will continue to treat waste disposal and many components of accident risk as externalized costs, left to their own devices. (Externalized costs are a natural by-product of a capitalist system. To counter balance that effect we invented the useful concept of government regulation. Note that quite similar externalities also existed in the communist systems which produced Chernobyl, which, like the capitalist systems of the west, also didn't do natural resource accounting nor assign a value to the cost of safety, accidents, pollution, nor maintenance of a thousand-square-mile "exclusion zone" for hundreds of years, in their economic models and business plans.)
Much safer designs are possible, but we need dramatically safer, accident-proof, terrorist-proof, designs. We can probably do that, too, but it will cost more, and we'll need to actually do it, before we deploy a new generation of plants. Oh, and uranium and plutonium are fossil fuels, too. Here's a discussion of Thorium, molten salt, low pressure containment, reactors.
Moderators, please correct the unfortunate rating of the parent post, from "interesting" to "desperately overrated at 0". The comment is not interesting, it's actually facile. The electric grid does need to be modernized to handle millions of scattered wind turbines, each generating a relatively quite small amount of power, with substantial fluctuation over time scales of seconds, minutes, and hours.
A few hundred scattered hydroelectric dams, generating enormous amounts of power, consistently over human-manageable-by-making-phone-calls-and-pulling-levers time horizons like days and weeks, is not anywhere near a sufficient analog to be considered worthy of an up-mod in this discussion.
The parent isn't even aware of the most basic information about the problem of the electric grid, which has been widely discussed in recent years in places geeks read. The path to enlightenment on this issue begins here: Electric Power Transmission.
Objective C is used to build the apps on the iPhone. Sure, some developers might elect to use some C or C++ code, particularly if they have a mountain of it they are porting, but there is a lot of Objective C running on the phone, even in games, and it's... snappy!
The platform and tools are OSX and XCode, and are not available on other platforms, hitherto frequently derided as being either insufficient or insufficiently "open" by developers with an interest in multiple platforms, and certainly not considered to be "pretty standard".
The types of games include FPS and highly graphics oriented games, some of them derived from "regular/bigger" projects.
If there's anything "slow" hereabouts, it's probably not Objective C.
Together, these substantially reduce the marginal costs of, and the psychological barriers to, porting games to Mac OS X. Apple could do a few things to shake the gaming industry up even more.
Those sort of moves might seem unlikely, but might not be all that far fetched. Licensing OSX to a game console maker is even conceivable, since it doesn't present the threat that licensing to clone makers did to the Mac. One such licensing agreement would vault Cocoa to the top gaming platform.
Apple could absorb a few game content providers without smothering the life out of them, as apparently the Microsoft acquisition of Bungie threatened to do, until Bungie managed to burst out of Microsoft screaming, "liberation!"
Given the enormous number of their customers who called with similar complaints, a modern well run help desk (which they do seem to have) would have resulted in this issue floating to the top of the list. This happens on auto pilot for a modern help desk, which reviews categories of unresolved issue types at least every month, probably daily in the case of a phone company.
In the review session, a manager who gets a bonus based on the percentage of resolved calls says something like: "Hey, we're still getting a boatload of complaints about the auto warranty robo dialers, and we still don't have an answer for this."
In this case, the issue would float to the top of the list month after month for over a year. The help desk has a huge incentive to at least come up with a "stock answer", because unresolved issues hammer their stats, causing customers to fill out surveys negatively, and eat away at bonus incentives. Heck, if they only received calls from 5% of iPhone using Slashdot readers, then they got enough calls to raise this issue up to the level of senior management.
I'm guessing at some level a lot higher than the person answering the phone, this question was considered, escalated one more unfortunate career limiting level, probably more than once in the past year. They thought about it. They chose not to act. This kind of thing often results in epic internal bureaucratic struggle, usually between people who have a bonus based on some customer satisfaction metric affected by the problem, and senior management who bet that the customer annoyance will not result in an FCC fine larger than the profit from the questionable activity, which, after all, is conducted not by your organization, but by a customer. I hope one day someone leaks a memo or two, so we can all see that yes, in fact, the issue was raised above the front line help desk.
These people robo dialed the hell out of the 202 area code, starting well over a year ago, and not ending until they were busted. I sat in rooms in DC where I'd get this call, and a few minutes later someone else in the room got it, more than once. There were, undoubtedly, many influential federal government employees, Congresspersons, Senators, an White House staffers also victimized by these calls to their cell phones, both government and private. Why did it take this long to put a stop to this? The world may never know.
Would you like to buy a "y" or two?
The real problem here is the phone companies. I tried reporting this issue to AT&T a few times, and found them to be singularly disinterested. They wouldn't even tell me who kept calling my cell phone over and over, trying to sell me the same thing over and over. The scammers were clearly robo calling as they didn't know *who* they were calling. I received from a few to several of these calls each week for several months.
Scams like this undoubtedly generate hundreds of thousands, maybe millions of dollars a year in revenue from long distance and 800 number services, which probably include helping the scam artists hide their contact information from their victims. The phone companies had no interest at all in this problem, even when clearly thousands of legitimate customers complained about it. Not only were they making money from the scammers annoying calls, but the phone company also offered me the chance to pay an additional monthly fee to stop solicitation calls. When I asked point blank, they admitted that the service would not stop the robotic calls about which I'd called to complain. In addition to that, the phone companies were charging air time to victims, when the robotic caller dialed cell phones (like mine).
The phone companies, all of them, are complicit in this scam, and should be jointly prosecuted with the scammers.
Microsoft has, for years, maintained three separate tools in this space (that I know of, there might be others). They change the names of them periodically, to confuse their hapless victims.
Microsoft Windows Malicious Software Removal Tool
You gotta read this page. They release a new version every month. It apparently cannot remove viruses which are not actively running. Why is this tool not built in to Microsoft Windows Defender?
Windows Live One Care
This link shows a forum moderator, chastising a poor infested user for asking a question about a different Microsoft antivirus product -- Microsoft Windows Defender. Why are these separate products, again?
Microsoft Windows Defender
Formerly known as Microsoft AntiSpyware.
These should be one product. The fact that Microsoft maintains three separate products to deal with this problem is, itself, an indication of a very serious ongoing problem at Microsoft. As a company, they still don't take this seriously.
You're looking at Akamai content caches. It doesn't seem to be a secret that the iTunes Music Store (purchasing engine, link handlers, content master archives) runs on Mac OS X Server, on XServer hardware. When the store first started, there was some Solaris in the mix, but that hasn't been the case for years.
Since your organization probably has Windows clients, you can only long for something as nice as Mac OS X Spotlight Server.
Google Search Appliance is definitely what you want.
If you have a mid sized company you definitely don't have the surplus of highly talented systems administrator talent laying about to run one of the document management systems that others here are likely to suggest. Be very careful going down the document management server path. It's far, far more work than you think it will be, than the vendor will tell you it is. Not simply more work for you, but for your IT staff and your users, too.
The Google Search Appliance, by contrast, is "fire and forget". Plug it in. Turn it on. Patch it when Google suggests you do so. That's about it.
Uhm... did you *read* this discussion? I'd say it's more like 50%.
It's a widely known fact that Apple uses Mac OS X Server to host the iTunes Music Store. No, I'm not going to provide you with a link. Learn to use Google.
. By the way, have you heard of the iTunes Music Store? The iPhone App Store? Yikes.
Right. Apple's going to take their fancy schmancy high powered kernel hacking filesystem writing developers (some of which were rescued at great expense and inconvenience from Sun, and Be, Slashdot's other favorite filesystem makers) and reassign them to work on Voice Memo for iPhone. That's why ZFS is behind schedule. Why didn't I think of that?
Filesystems often don't appear to be extensible, which is why Sun invented VFS. In any case, Apple's previously announced plan was to incorporate ZFS into Mac OS X Server, where a case-sensitive filesystem would be just fine with many potential users. Certainly a version of ZFS which directly incorporated some of these other HFS+ features might be useful on Mac OS X, and couldbe named ZFS+ or something.
Please contemplate the reason that Google recently begged and pleaded that only developers download the *developer* release of Google Chrome for Mac and Linux, and begged people not to blog and whine and bitch about its shortcomings. (They were aware of its shortcomings. It's a work in progress.)
If you want to know more about filesystems, start here:
Filesystems @ Wikipedia (Hint: the blue words are links. Click on them to read and learn even more.)
If you want to know more about ZFS, start here:
ZFS
If you want to know more about designing and building filesystems, there is an excellent discussion here (this book should be required reeading for all software developers and systems administrators, regardless of what types of systems you tend):
The Design and Implementation of the 4.4 BSD Operating System
If you want to know more about the chief failing of the human intellect (our own limitations) start here:
Incompetent People Really Have No Clue, Studies Find: They're blind to own failings, others' skills
Personally, (just between you and me, the internet, and alien archeologists a billion years from now) I interpret this finding to be scientific evidence supporting The Dilbert Principle: "People are stupid." That is to say, we are all stupid about most things, most of the time. The trick is to figure out when you don't know what you're talking about, at which point you stop talking, and start reading or asking questions.
Complex and revolutionary software systems, like good food, take time. ZFS has tremendous potential. It might not be finished yet, or Apple might take the lessons learned from ZFS and use them in a different way (HFSEFK - HFS Extremely Fraking Cool).
This is "popular wisdom". However, popular wisdom isn't providing a sufficiently complete analysis of the data. The best public information about this comes from the history of worm exploits. It's not at all clear that exploits are always known by the bad guys first. In fact, there have been quite a few incidents which appeared to be cases of bad guys racing to create an egg and drop it into a pre-canned bit of malware. The starting gun has often appeared to be the first public notice about a type of exploit in a particular part of a product. When exploit code was published, the defensive team usually lost the race.
Publishing exploit code :
Care to play again?
Well, not exactly. There is a raging debate over whether this is an appropriate tactic, and this incident will go down in the security text books as an example of why the debate exists. Opposite your opinion is something like, "That's what publicity seeking sociopathic nerds, masquerading as [security folk] do."
There is a fundamental tension between wanting to know if a system you own is vulnerable to some defect, and wanting to keep the exploit code out of the hands of The Bad Guys(TM). In this case, however, it seems pretty clear that simply knowing the name of the product (not even the version) was enough, exploit code wasn't required (as it sometimes is when scanning large numbers of systems that might be at indeterminate patch levels, for example).
There are quite a few actions one could take between "notify the vendor" and "release exploit code" which appear to have been skipped. That's irresponsible, not, "what security folks do".
Frankly, I don't understand how organizations or consultants who do this kind of thing manage to stay in business. If you were a big company with a bunch of interlocking IT systems and limited resources, would you hire someone who had a track record of publishing exploit code before patches were available? Suppose this consultant found some issues, which your organization couldn't respond to as quickly as you would like? Does that consultant become a risk to you now, simply because you didn't fix something in a manner timely enough to suit them? How do you know they wouldn't publish details of your vulnerabilities, because some snot nose punk with an inflated sense of self-righteousness thought you were ignoring him?
I don't operate that way, and neither do any of the fine security consultants who work for me or with me. I work discretely with my clients until they get their problems fixed. That sometimes means doing a lot more work than *should* be required to get the attention of a vendor. However, it has never yet meant publishing exploit code prior to patch availability.
In addition, if you have had a phone for +/- 12 months, you can get a discount on a new one if you agree to a contract extension of a year.
It's because it generates more ad revenue for web sites like Slashdot, Gizmodo, Engadget, et al. Stories like this about the latest Nokia wouldn't generate any traffic.
Every other phone on the AT&T network does *not* support 30 fps + audio vga resolution video messages. It's very likely that AT&T believes that their infrastructure would collapse under the load. They are probably right in that assessment. You, however, are correct that AT&T still doesn't "get it" on the whole. They have a lot of ground to cover before they can be a phone company that I don't want to flee, first chance I get to take iPhone elsewhere.
Apple was clearly not pleased with AT&T regarding MMS and tethering. If AT&T had a good reason, Apple would have held these features back until AT&T could be ready. In fact, it might well be the case that Apple already *did* hold these features back, as much as a year, and AT&T still isn't ready. Apple is inviting their audience to complain to AT&T. I recommend that AT&T receive a call from all of you iPhone customers who are annoyed by this.