A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.
Almost everything you said is partly correct in some limited cases.
Some of the browser exploits don't require a user to allow the wrong thing nor visit an obviously bad web site. "Good" web sites get cracked and used as distribution vectors. Exploit chains are created such that malware can get on the box as an ordinary user, then elevate to super-user status by taking advantage of a local privilege escalation vulnerability. The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.
Except in cases where they are seeking data from particular sources (confidential information, plans to fighter jets, government documents, millions of credit card numbers, etc.) botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.
Finally, it may be popular wisdom, but it really isn't clear at all that Windows market share causes botnet masters to ignore other platforms. Particularly in the last couple years it has become clear that cost/benefit analysis drives botnet technology. If it were easier to infect and own Mac OS X, there are over 20 million of them around, far more than the number needed to spam the bejeezus out of the entire planet. It's the number of bots needed by a botmaster that's important to their cost/benefit analysis. If they could own 10,000 Mac OS X systems at a lower cost than owning 10,000 Windows systems, they would do it tomorrow.
Well, I think our discussion is less a case of right and wrong than a case of talking past each other. I think that's happening because I seem to be employing a more conventional and less narrow definition for vendor lock-in than you seem to be. Since you're interested, I'll try to elaborate a bit so you can understand my intended argument better. Do check out that short Wikipedia page on vendor lock-in before proceeding, so you get a better idea of my perspective.
Most of what people put forth as evidence regarding vendor lock-in is self-inflicted, or isn't really valid (e.g. based on misunderstanding the technology choices), or at best falls into the "perceived" rather than "actual" cost of switching platforms. Most home users, for example, don't have a pile of expensive applications which must be replaced when they get a new system. Often times they would pay to upgrade the applications they have, at a cost not much different than switching to an equivalent application on the new platform. Most home users typically surf the web, check email, and maybe play a game or two that are obsolete and which they have already quit playing by the time they get a new machine, etc. They never upgrade the OS over the lifetime of the machine. Most home users are so totally not locked-in at all, and they tend not to realize it. Almost everything they need when they switch platforms comes with the new system.
Most businesses wind up with a considerably greater set of interlocking dependencies which tie them to a platform. However they often could, with only the smallest amount of well placed clue, begin migrating their custom applications to sport web interfaces as a part of their regular development cycles, unwinding such interlocking bits over time. The could (but typically do not) make other decisions to emphasize loose-coupling in their IT architecture. Over a period of time they could achieve a substantial degree of vendor independence without making large sacrifices. Typically the resulting IT infrastructure would have a lower maintenance cost and greater robustness as a result of these same architectural decisions, too. They tend not to do this because at any step of the path they are looking only at the next step. Not much bigger picture thinking happens, so you don't see companies routinely switching platforms, because years of sub-optimal decisions wind up locking them in tightly to whatever they started with. Well, the vendors can only be blamed for part of that, and I think it's the smaller part, frankly.
The worst example was Microsoft which for a long time considered vendor lock-in to be an intentional and essential feature of their architectures for both Windows and applications. (The pace of development at Microsoft has been so slow the past several years that it isn't really clear if this is the case any longer, it may or may not be.) Apple and Sun, by contrast, consider vendor lock-in to be an anti-feature because their customers are already dominated by Windows and their growth opportunities come from attracting people from other platforms. They emphasize loosely coupled architectures and portability, to a large extent in their designs. They emphasize good import/export between file formats. They emphasize loosely coupled client-server architectures and development tools that provide proprietary advantages, but don't require you to use them. Yes, they offer proprietary features which can result in some degree of lock-in if you write custom apps to those features, but look at the difference between Java and POSIX APIs compared to Win32 and that ilk. Java is the anti-vendor-lockin development environment. Apple, Sun, IBM, HP, and everybody else with a sense of "platform" who isn't the monopoly platform provider likes and supports portable and inter-operable technologies.
Sure, if you build a mountain of code on top of Solaris, AIX, H
No, it is the same operating system. Everybody else dialed in this clue long ago and moved on. It has a whole tonne of stuff removed that isn't needed on the phone just yet. It's built for a different CPU architecture, so the OS now builds on 3 platforms (at least) PowerPC, Intel x86, and ARM (or whatever is in the iPhone). In all likelihood, Apple compiles the iPhone OSX, Apple TV OSX, Mac OS X, and Mac OS X Server from the same SVN repository. The fact that people are installing additional software on the Apple TV is a bit of a clue here.
No, it would also be relevant if UNIX applications could run on Mac OS X, or if Mac OS X applications interoperated seamlessly with UNIX servers, both of which are true. Thus my comment.
Time Machine solves a different problem than Windows System Restore. Time Machine is a backup system designed to make it so easy for ordinary users to back up and restore data that they actually do it. It can back up over the network or to a secondary hard disk (FireWire, USB, internal, Airport Disk). It allows restore of individual files.
Finally, System Restore solves a problem that to a large degree doesn't exist on Mac OS X (which has less of a tendency to randomly degrade into an un-usable or non-startable state due to regular activity like software installation and removal) and even if a system is rendered non-bootable, the Mac OS X installer allows easy restore of the system without losing user data.
Given the Apple emphasis on support for open standards (such as a standards-compliant web browser and email client) and the UNIX base of Mac OS X, I'd say Apple users are relatively much less locked in than Windows users.
Apple users are certainly no more locked in than users of any other platform. The average useful life of a general purpose personal computer has been two to four years, depending largely on individual use case. If you don't like being locked in to Windows, buy a Mac the next time you need a new system. Same works in reverse.
The biggest secret Apple were protecting at the time is obviously the iPhone.
Sure, there are probably some things Apple didn't show because they were not ready, interface stuff that they can build on top of resolution independent display for example, or a long list of desperately needed Finder improvements. The Mac rumor mill has been going on about secret features ever since Steve Jobs mentioned those in the Leopard feature Keynote at WWDC last year. Well, device driver support for GSM/GPRS and multi-touch displays was a pretty big secret. The Mac rumor mill will grind on about this until Leopard ships in October, then they will whine shrilly about the lack of interesting "promised" secret features.
Meanwhile, Time Machine will solve one of the most important problems with personal computers today, and the rumor mill is singularly unimpressed. I've lost track of how many people I know who have lost data to a hard disk failure because they didn't have a reasonabe backup. Time Machine will make this headache go away. It's almost guaranteed that none of the other un-announced features in Leopard will have the real world impact of Time Machine. Start setting your expectations now.
I'm surprised how difficult it seems to be for people to grok this, but the iPhone a computer. By some measures it will probably be the best Macintosh ever made. It's blazing the trail to the future of high resolution multi-touch displays, integrated into your daily life in ways that are truly useful to you. Today's PC simply isn't all that useful to a lot of people, but their cell phones are.
Geek imaginations seem to have been hobbled a bit by a decade or two of monopoly-induced stagnation in the technology industry. Steve Jobs said it first, but people don't realize how much faster progress could have been. The pace in the past few years has been picking up, thanks largely to Apple and Google lighting a fire under the industry.
Others have speculatd that iPhone will probably double the user base for Mac OS X within a few years. That estimate is way, way low. It's clear that Apple intends to base nearly all of their future appliances, like the Apple TV and iPhone are now, on Mac OS X. The iPod line will migrate to OSX over time. Is the new Airport Extreme Base Station running OSX? If not, future versions probably will be, given the direction that product is heading. The next 100 million iPod (iPods? iPodi? iPodden?) will be running OSX. That's four or five times the current OSX user base in probably 3 years or so. That will be good for the platform as a whole, and all you luddite backward-facing "I want my old fashioned desktop PC" nerds will benefit, too.
It's very likely that resolution independent display technology from Leopard is required to take full advantage of the iPhone's 160 dpi display. This is the key feature that discerning technology analysts look at when speculating on which vesion of Mac OS X runs on the iPhone. Has anybody done a uname on the Apple TV yet? What kernel is that running?
The iPhone is probably running a version of Leopard, as effective use of its 160-dpi screen probably needs the resolution independent display technology from Leopard. Apple's strategy of using Mac OS X on their appliances like the Apple TV, and on the iPhone, as well as on their computers will serve them very well over the next decade as computing devices evolve. I'm actually quite excited by the likely evolution of the Macintosh that will be made possible by the development of the iPhone. This minor bump in the road doesn't represent anything more significant. The iPhone isn't a grand conspiracy to abandon the Macintosh platform, it's the first installment of the future of really truly remarkable computing devices. The iPhone is the computer.
What is this "advanced availability club"? Are you referring to ADC? Not really all that expensive. ADC memberships. In any case, your timing arguments are just silly. If you were planning to wait until June (e.g. for the final Leopard release) to "develop for Leopard" then Leopard timing obviously isn't critical to your plans, just just wait until October to buy your 8 core machine. Maybe RAM prices will come down a bit by then even and you'll come out ahead.
It's likely that we'll see custom integration before standards like that settle out. When cell phone vendors crank out tens of millions of a given model, the economy of scale can be achieved reasonably. It won't be much different than the custom IC work that already happens in some devices like this. (The iPhone is a well known example).
The final step in this process is clearly that Microsoft will buy one of the tiny little malware vendors, or maybe two of them, and work for a couple years to integrate the service directly into the next version of Windows, taking the revenue stream from McNastafee and Evil-Symantec.
It's not entirely clear that YouTube has a viable business model without violation of reasonable copyright law, setting aside for the moment the DMCA. Of all the YouTube links sent to me by friends, probably 8 of 10 are links to copyrighted material. Frank Zappa on Crossfire, Talking Heads performing on some television show or another, clips from The Daily Show, these are the things that draw viewers to YouTube. If you take a few moments and gape in open-mouthed shock for a moment at some unfortunate soul who has probably ruined any chance they will ever have for a normal life by posting some remarkably embarrassing thing to YouTube, well, that tends to be incidental, and it doesn't really draw people back for more.
The owners of these massive archives need to get with Google and compromise on a revenue sharing model. People want to find and use this stuff. It's rotting in a vault otherwise. Bring it out into the light. Let people find and share it. Make a fraction of a penny everytime somebody clicks on an ad because of it.
People want it. It would make the world a more fun place. There isn't any other way to make money off the stuff. Just do it.
Of course, the attacker might have a team of experts, moles planted in the corporation, and their own Tom Cruise who slapped magnetic signs on a white van, posed as a janitor, rappelled into the hermetically sealed server room, looked under keyboards for the post-it with the root password, modified the corporation's custom software on the fly and installed the resulting trojaned version (all without touching the floor) and then cleaned the urinals on his way out so that nobody would suspect a thing for years in a mission-impossible-style coordinated assault requiring deep insight to the code, but given that most such incidents of data theft are quite a bit less sophisticated, I doubt deep insight was required.
Deep insight is mainly useful to attackers who seek a very specific set of data from a particular target. People after credit card data typically just cast a wide net and exploit the low hanging fruit. Let a worm loose, it gets in somewhere. See what it finds. Exploit it. Much, much simpler. Of course since we lack the technical details you mentioned (and others) we have no idea what really happened, and the technical details would probably be interesting. I suspect that the weeks long delay in releasing the information that came out today was due to the fact that the investigators suspected, or merely feared, an inside job.
This is a common and largely emotional response to an attack like this. "Somebody broke into our highly secure system and stole 45 million customer records complete with credit card numbers? Inconceivable!" ("You keep using that word. I do not think it means what you think it means.")
It's certainly *not* a requirement to have "deep insight" into the code or even the specific computing infrastructure of the typical corporation in order to steal data. In fact, ordinary insight is sufficient once you have access, given the attacker has basic technical skills. Rather than deep insight, what is usually seen is a plodding industrial spam-like approach.
bots are built and released to the wild internet (network worms, email worms, web trojans, etc.)
a single system behind a company firewall is infected with the bot (e.g. through a web browser, or a laptop hit by a worm at a coffee shop)
the bot spreads behind the company firewall, infecting many machines, attracting much attention
company managers crack the whip over IT to clean up the mess without re-installing the infected systems, often against the advice of people who understand the problem who say things like, "we have no way to know what damage has been done, the only secure fix is to re-image the infected systems," which sounds are like one hand clapping to managers who have been told to contain IT costs
some of the infected systems are "noisy", probing around the network trying to spread itself
some of the infected systems are "stealthy", the bot does not attempt to spread further from them, it seeks data on the local system including what processes are running on the system
some of the infected systems appear to have data of interest to the attacker
the bot is instructed to install a root kit and possibly remove itself from the system
the attacker explores the systems of interest, looking for files, looking at database contents, stealing what they want, etc.
From the article:
"In addition, the technology used by the intruder has, to date, made it impossible for us to determine the contents of most of the files we believe were stolen in 2006," the company said. It did not elaborate on the technology it was referring to.
This sounds like a smokescreen. The "technology" might be quite simple and common. Any of these could apply, for example:
the intruders used scp to upload files to a remote host so our IDS logged the connection, but we can't tell what was in the files
the intruders used ftp, but our IDS system was configured to log only meta-data
I hope Samsung has a good Help Desk because the interface is confusing. "I answered a call like you showed me, but then my music went away! Where did my music go?":-)
I live in Missoula and discussed this initiative with quite a few people, none of whom are consumers of unregulated or illegal substances. They all voted for this, and they all understood it clearly. "The police should be investigating real crimes" was the most commonly cited reason. There are unsolved robberies every week in this town that receive, as far as anyone can tell, scant police attention. Police can build careers and the county can confiscate property (and generate revenue) "busting people for drugs" but investigating robberies is hard work and not glamorous in any way. The people of Missoula county understand this clearly. The people who overturned this will very likely be voted out of office next chance.
Slashdot Mirror
A minute or so with Google, or occasional reading in the field of information security would lead you quickly to understand that those claims are, sadly, not overstatements.
Almost everything you said is partly correct in some limited cases.
Some of the browser exploits don't require a user to allow the wrong thing nor visit an obviously bad web site. "Good" web sites get cracked and used as distribution vectors. Exploit chains are created such that malware can get on the box as an ordinary user, then elevate to super-user status by taking advantage of a local privilege escalation vulnerability. The amount of worm traffic probing around the internet, and the continual new versions of botnets with worm capabilities seem to indicate that remote execution holes have not been abandoned as a propagation vector.
Except in cases where they are seeking data from particular sources (confidential information, plans to fighter jets, government documents, millions of credit card numbers, etc.) botnet masters don't seem to much care about the nature of the systems they infect. They are clearly a mixture of home users, corporations, and government agencies.
Finally, it may be popular wisdom, but it really isn't clear at all that Windows market share causes botnet masters to ignore other platforms. Particularly in the last couple years it has become clear that cost/benefit analysis drives botnet technology. If it were easier to infect and own Mac OS X, there are over 20 million of them around, far more than the number needed to spam the bejeezus out of the entire planet. It's the number of bots needed by a botmaster that's important to their cost/benefit analysis. If they could own 10,000 Mac OS X systems at a lower cost than owning 10,000 Windows systems, they would do it tomorrow.
Well, I think our discussion is less a case of right and wrong than a case of talking past each other. I think that's happening because I seem to be employing a more conventional and less narrow definition for vendor lock-in than you seem to be. Since you're interested, I'll try to elaborate a bit so you can understand my intended argument better. Do check out that short Wikipedia page on vendor lock-in before proceeding, so you get a better idea of my perspective.
Most of what people put forth as evidence regarding vendor lock-in is self-inflicted, or isn't really valid (e.g. based on misunderstanding the technology choices), or at best falls into the "perceived" rather than "actual" cost of switching platforms. Most home users, for example, don't have a pile of expensive applications which must be replaced when they get a new system. Often times they would pay to upgrade the applications they have, at a cost not much different than switching to an equivalent application on the new platform. Most home users typically surf the web, check email, and maybe play a game or two that are obsolete and which they have already quit playing by the time they get a new machine, etc. They never upgrade the OS over the lifetime of the machine. Most home users are so totally not locked-in at all, and they tend not to realize it. Almost everything they need when they switch platforms comes with the new system.
Most businesses wind up with a considerably greater set of interlocking dependencies which tie them to a platform. However they often could, with only the smallest amount of well placed clue, begin migrating their custom applications to sport web interfaces as a part of their regular development cycles, unwinding such interlocking bits over time. The could (but typically do not) make other decisions to emphasize loose-coupling in their IT architecture. Over a period of time they could achieve a substantial degree of vendor independence without making large sacrifices. Typically the resulting IT infrastructure would have a lower maintenance cost and greater robustness as a result of these same architectural decisions, too. They tend not to do this because at any step of the path they are looking only at the next step. Not much bigger picture thinking happens, so you don't see companies routinely switching platforms, because years of sub-optimal decisions wind up locking them in tightly to whatever they started with. Well, the vendors can only be blamed for part of that, and I think it's the smaller part, frankly.
The worst example was Microsoft which for a long time considered vendor lock-in to be an intentional and essential feature of their architectures for both Windows and applications. (The pace of development at Microsoft has been so slow the past several years that it isn't really clear if this is the case any longer, it may or may not be.) Apple and Sun, by contrast, consider vendor lock-in to be an anti-feature because their customers are already dominated by Windows and their growth opportunities come from attracting people from other platforms. They emphasize loosely coupled architectures and portability, to a large extent in their designs. They emphasize good import/export between file formats. They emphasize loosely coupled client-server architectures and development tools that provide proprietary advantages, but don't require you to use them. Yes, they offer proprietary features which can result in some degree of lock-in if you write custom apps to those features, but look at the difference between Java and POSIX APIs compared to Win32 and that ilk. Java is the anti-vendor-lockin development environment. Apple, Sun, IBM, HP, and everybody else with a sense of "platform" who isn't the monopoly platform provider likes and supports portable and inter-operable technologies.
Sure, if you build a mountain of code on top of Solaris, AIX, H
No, it is the same operating system. Everybody else dialed in this clue long ago and moved on. It has a whole tonne of stuff removed that isn't needed on the phone just yet. It's built for a different CPU architecture, so the OS now builds on 3 platforms (at least) PowerPC, Intel x86, and ARM (or whatever is in the iPhone). In all likelihood, Apple compiles the iPhone OSX, Apple TV OSX, Mac OS X, and Mac OS X Server from the same SVN repository. The fact that people are installing additional software on the Apple TV is a bit of a clue here.
No, it would also be relevant if UNIX applications could run on Mac OS X, or if Mac OS X applications interoperated seamlessly with UNIX servers, both of which are true. Thus my comment.
Time Machine solves a different problem than Windows System Restore. Time Machine is a backup system designed to make it so easy for ordinary users to back up and restore data that they actually do it. It can back up over the network or to a secondary hard disk (FireWire, USB, internal, Airport Disk). It allows restore of individual files.
Time Machine
Leopard Technology Series for Developers
Time Machine
Although System Restore on Windows is a useful concept on Windows, it's not designed as a backup system for user data.
Windows System Recover
What is restored and what isn't?
System Restore FAQ: What files are monitored by System Restore?
Finally, System Restore solves a problem that to a large degree doesn't exist on Mac OS X (which has less of a tendency to randomly degrade into an un-usable or non-startable state due to regular activity like software installation and removal) and even if a system is rendered non-bootable, the Mac OS X installer allows easy restore of the system without losing user data.
Given the Apple emphasis on support for open standards (such as a standards-compliant web browser and email client) and the UNIX base of Mac OS X, I'd say Apple users are relatively much less locked in than Windows users.
Apple users are certainly no more locked in than users of any other platform. The average useful life of a general purpose personal computer has been two to four years, depending largely on individual use case. If you don't like being locked in to Windows, buy a Mac the next time you need a new system. Same works in reverse.
The biggest secret Apple were protecting at the time is obviously the iPhone.
Sure, there are probably some things Apple didn't show because they were not ready, interface stuff that they can build on top of resolution independent display for example, or a long list of desperately needed Finder improvements. The Mac rumor mill has been going on about secret features ever since Steve Jobs mentioned those in the Leopard feature Keynote at WWDC last year. Well, device driver support for GSM/GPRS and multi-touch displays was a pretty big secret. The Mac rumor mill will grind on about this until Leopard ships in October, then they will whine shrilly about the lack of interesting "promised" secret features.
Meanwhile, Time Machine will solve one of the most important problems with personal computers today, and the rumor mill is singularly unimpressed. I've lost track of how many people I know who have lost data to a hard disk failure because they didn't have a reasonabe backup. Time Machine will make this headache go away. It's almost guaranteed that none of the other un-announced features in Leopard will have the real world impact of Time Machine. Start setting your expectations now.
I'm surprised how difficult it seems to be for people to grok this, but the iPhone a computer. By some measures it will probably be the best Macintosh ever made. It's blazing the trail to the future of high resolution multi-touch displays, integrated into your daily life in ways that are truly useful to you. Today's PC simply isn't all that useful to a lot of people, but their cell phones are.
Geek imaginations seem to have been hobbled a bit by a decade or two of monopoly-induced stagnation in the technology industry. Steve Jobs said it first, but people don't realize how much faster progress could have been. The pace in the past few years has been picking up, thanks largely to Apple and Google lighting a fire under the industry.
Others have speculatd that iPhone will probably double the user base for Mac OS X within a few years. That estimate is way, way low. It's clear that Apple intends to base nearly all of their future appliances, like the Apple TV and iPhone are now, on Mac OS X. The iPod line will migrate to OSX over time. Is the new Airport Extreme Base Station running OSX? If not, future versions probably will be, given the direction that product is heading. The next 100 million iPod (iPods? iPodi? iPodden?) will be running OSX. That's four or five times the current OSX user base in probably 3 years or so. That will be good for the platform as a whole, and all you luddite backward-facing "I want my old fashioned desktop PC" nerds will benefit, too.
It's very likely that resolution independent display technology from Leopard is required to take full advantage of the iPhone's 160 dpi display. This is the key feature that discerning technology analysts look at when speculating on which vesion of Mac OS X runs on the iPhone. Has anybody done a uname on the Apple TV yet? What kernel is that running?
Leopard Technology Series for Developers .
The iPhone is probably running a version of Leopard, as effective use of its 160-dpi screen probably needs the resolution independent display technology from Leopard. Apple's strategy of using Mac OS X on their appliances like the Apple TV, and on the iPhone, as well as on their computers will serve them very well over the next decade as computing devices evolve. I'm actually quite excited by the likely evolution of the Macintosh that will be made possible by the development of the iPhone. This minor bump in the road doesn't represent anything more significant. The iPhone isn't a grand conspiracy to abandon the Macintosh platform, it's the first installment of the future of really truly remarkable computing devices. The iPhone is the computer.
What is this "advanced availability club"? Are you referring to ADC? Not really all that expensive. ADC memberships. In any case, your timing arguments are just silly. If you were planning to wait until June (e.g. for the final Leopard release) to "develop for Leopard" then Leopard timing obviously isn't critical to your plans, just just wait until October to buy your 8 core machine. Maybe RAM prices will come down a bit by then even and you'll come out ahead.
Although I tend to agree with your statement, there is at least one well known example of a snafu in that area.
It's likely that we'll see custom integration before standards like that settle out. When cell phone vendors crank out tens of millions of a given model, the economy of scale can be achieved reasonably. It won't be much different than the custom IC work that already happens in some devices like this. (The iPhone is a well known example).
The direction looks similar to the direction the IBM Power-based Cell architecture is going.
The only purposes that can be served by creating additional top level domains is to increase revenue for registrars.
The final step in this process is clearly that Microsoft will buy one of the tiny little malware vendors, or maybe two of them, and work for a couple years to integrate the service directly into the next version of Windows, taking the revenue stream from McNastafee and Evil-Symantec.
Mods, do not punish people for your difference of opinion. Mod down sparingly. Read the guidlines before modding, every time you get mod points.
You don't need outbound access on port 25. Use a non-standard port for your mail server like the rest of the cool kids.
It's not entirely clear that YouTube has a viable business model without violation of reasonable copyright law, setting aside for the moment the DMCA. Of all the YouTube links sent to me by friends, probably 8 of 10 are links to copyrighted material. Frank Zappa on Crossfire, Talking Heads performing on some television show or another, clips from The Daily Show, these are the things that draw viewers to YouTube. If you take a few moments and gape in open-mouthed shock for a moment at some unfortunate soul who has probably ruined any chance they will ever have for a normal life by posting some remarkably embarrassing thing to YouTube, well, that tends to be incidental, and it doesn't really draw people back for more.
The owners of these massive archives need to get with Google and compromise on a revenue sharing model. People want to find and use this stuff. It's rotting in a vault otherwise. Bring it out into the light. Let people find and share it. Make a fraction of a penny everytime somebody clicks on an ad because of it.
People want it. It would make the world a more fun place. There isn't any other way to make money off the stuff. Just do it.
Deep insight is mainly useful to attackers who seek a very specific set of data from a particular target. People after credit card data typically just cast a wide net and exploit the low hanging fruit. Let a worm loose, it gets in somewhere. See what it finds. Exploit it. Much, much simpler. Of course since we lack the technical details you mentioned (and others) we have no idea what really happened, and the technical details would probably be interesting. I suspect that the weeks long delay in releasing the information that came out today was due to the fact that the investigators suspected, or merely feared, an inside job.
This is a common and largely emotional response to an attack like this. "Somebody broke into our highly secure system and stole 45 million customer records complete with credit card numbers? Inconceivable!" ("You keep using that word. I do not think it means what you think it means.")
It's certainly *not* a requirement to have "deep insight" into the code or even the specific computing infrastructure of the typical corporation in order to steal data. In fact, ordinary insight is sufficient once you have access, given the attacker has basic technical skills. Rather than deep insight, what is usually seen is a plodding industrial spam-like approach.
This sounds like a smokescreen. The "technology" might be quite simple and common. Any of these could apply, for example:
SHIFTKEYBROKENTOO.
I hope Samsung has a good Help Desk because the interface is confusing. "I answered a call like you showed me, but then my music went away! Where did my music go?" :-)
"...and then, depression set in."
I live in Missoula and discussed this initiative with quite a few people, none of whom are consumers of unregulated or illegal substances. They all voted for this, and they all understood it clearly. "The police should be investigating real crimes" was the most commonly cited reason. There are unsolved robberies every week in this town that receive, as far as anyone can tell, scant police attention. Police can build careers and the county can confiscate property (and generate revenue) "busting people for drugs" but investigating robberies is hard work and not glamorous in any way. The people of Missoula county understand this clearly. The people who overturned this will very likely be voted out of office next chance.