Do you really think that the Apple system works identically today as it did "a few years ago?"
The requirement for a CC or money in the account may very well have changed. However in-app purchases have ALWAYS been performed by Apple's App Store app and have ALWAYS included a confirmation that showed the item and its price. The game may offer an in-app but it can't perform the purchase, only the Apple App Store app can do that.
He had no idea that he was purchasing anything. He showed me. The game would ask if the player wanted something (more time, more bullets, more lives, etc.) and ask for the AppleID password. It was entirely unclear that he was spending real money. No sales receipt was ever generated.
The game NEVER asks for the Apple ID or password(*). The purchase confirmation is ALWAYS done by the built-in Apple App Store app.
Apps display an offer but they have to turn over the purchase to the Apple App Store app once the user indicates that they want to buy. Then the App Store app independently asks for confirmation and shows the item being purchased and its price.
(*) Well unless its malware that got past Apple's review process. In-app purchases are submitted and reviews just like app.
Game purchase authorized. What Apple didn't in general tell people is that that authorization would last past the initial purpose, unless the user dug deep in Settings to turn that feature off.
I believe this was fixed long ago in an iOS update. The app authorization no longer works for in-app authorization. Once in the app a second authorization is always needed for an in-app purchase. This second authorization for the in-app purchase does seem to create a window of approval for subsequent in-app purchases, however the original app purchase no longer creates such a window. In any case the parent is aware that the app has in-app purchases.
Having such a diversity of platforms makes errors more apparent (some bugs which while they might impact all platforms might only be obvious one one platform for whatever reason)...
I absolutely agree. As someone who simultaneously developed for Windows/x86 and MacOS/PowerPC I definitely saw bugs manifest more easily on one system or the other. However, past two or three hardware architectures there is probably quite the diminishing return.
... and the interest of some devs might be tied to these weird architectures.
Well people tied to these "weird" architectures can make a donation. Take a look at the supported architecture list, quite a bit of trimming is possible if the respective esoteric communities can't at least pitch in for the electric bill.
The GPL does not require companies to give back. A company may use a GPL based product internally, fix it, adapt it and never share a line of code. The GPL only applies when someone wants to distribute their derivative work.
For examples, in two different films with Matthew Broderick, his modifying school records, assuming that he does indeed have credentials, is not implausible. In The Matrix Reloaded Trinity's hack is more realistic that most other movies.
In the original Terminator some 6502 code scrolled by. At the time a friend throughout he recognized it from the Apple DOS Read/Write Track Sector function.
Yeah, everyone knows that "Password123" is probably what will get you into most corporate systems.
And for govt nuclear weapons, the code is 123456.
From Ars Technica: "Well, for two decades, all the Minuteman nuclear missiles in the US used the same eight-digit numeric passcode to enable their warheads: 00000000. That fact, originally revealed in a column in 2004 by then-president of the Center for Defense Information Dr. Bruce G. Blair, a former US Air Force officer who manned Minuteman silos, was also mentioned in a paper by Steven M. Bellovin, a computer science professor at Columbia University who teaches security architecture. Both of these sources were cited this week in an article on the site Today I Found Out written by Karl Smallwood, as well as in an article in the UK's Daily Mail."
If everyone starts checking all the servers they use...
This is done in some commercial settings. When some companies enter into a relationship periodic 3rd party security audits may be required. However the key point is that the owner of the machines have consented to the penetration testing and other audits.
Basically one company is told we won't do business with you unless you allow these 3rd party audits. Consumers could get together and do the same.
That is just flat-out wrong. There are several models which can run 10.8 but cannot run 10.9.
Apple's listed specs look the same to me. The MacBook list was consolidated but they are equivalent.
OS X Mavericks: System Requirements http://support.apple.com/kb/ht5842
To install Mavericks, you need one of these Macs:
iMac (Mid-2007 or later)
MacBook (13-inch Aluminum, Late 2008), (13-inch, Early 2009 or later)
MacBook Pro (13-inch, Mid-2009 or later),
MacBook Pro (15-inch or 17-inch, Mid/Late 2007 or later)
MacBook Air (Late 2008 or later)
Mac mini (Early 2009 or later)
Mac Pro (Early 2008 or later)
Xserve (Early 2009)
Your Mac also needs:
OS X Mountain Lion, Lion, or Snow Leopard v10.6.8 already installed
2 GB or more of memory
8 GB or more of available space
OS X Mountain Lion system requirements http://support.apple.com/kb/ht5444
To install Mountain Lion, you need one of these Macs:
iMac (Mid 2007 or newer)
MacBook (Late 2008 Aluminum, or Early 2009 or newer)
MacBook Pro (Mid/Late 2007 or newer)
MacBook Air (Late 2008 or newer)
Mac mini (Early 2009 or newer)
Mac Pro (Early 2008 or newer)
Xserve (Early 2009)
Your Mac needs:
OS X v10.6.8 or OS X Lion already installed
2 GB or more of memory
8 GB or more of available space
The law does not care if you are white hat or black hat. Well at least with respect to guilt, it can be considered at sentencing.
Actually, it does. Your intentions can make an important difference. One example of this is the good Samaritan who breaks into a car to rescue a baby locked inside on a hot day. He would be guilty of vandalism according to your logic. Same applies here, if the kid notices a vulnerability and reports it without unnecessarily retrieving data, he is obviously a good Samaritan.
Your analogy is flawed. The vulnerable data is not in plain sight to an innocent bystander as the baby in the car is. A better analogy would be someone sees a panel van and wonders if they can break into it. They do and once they have opened the door they find a baby in distress. They were not aware of the baby until after the break in.
The injured party was suing the driver, not the driver's insurance company. However the attorney was from the insurance company, it was not the driver's personal attorney.
You sue who you have the relationship with (the one who it you), regardless of who's liable (unless the person at issue is a minor, in which case you sue the parents). The insurance company's lawyer was there because the insurance company is the responsible party. They contractually took that role from the owner.
I don't think that they took over responsibility in any legal sense, the driver is still liable to the judge. The insurance company having an obligation to the driver is something separate, something secondary.
Nope. My insurance accepts liability (up to a certain point, and for certain things). If I'm sued, the insurance company enjoins the suit, becoming a co-defendant, taking direct liability.
I don't think so. I think enjoin means they take control of your defense. You are still the potentially liable party. There are merely contractually bound to pay the bill if you are found liable, subject and limited to the terms of the contract.
I was on a jury for a law suit over a traffic accident. The injured party was suing the driver, not the driver's insurance company. However the attorney was from the insurance company, it was not the driver's personal attorney.
The site is worthless without registration, because all the information is on what you're registering for. The primary purpose of the site is registration.
Absolutely wrong. The purpose of the site is to comparison shop insurance policies. The subsidy that requires registration is irrelevant. If one policy is $50 more than another before subsidy it will still be $50 more after subsidy. The subsidy is the same no matter what company you sign up with.
"... blamed a decision by CMS within two weeks of the launch to require users to fully register in order to browse for health insurance products, instead of being able to get information anonymously, as originally planned."
if this is hard, then they're assholes. that should practically be a checkbox.
You are missing an important point. They only had two weeks for integration testing, which is woefully inadequate - ridiculous actually, and then they are asking for changes to be made in this same timeframe.
Plus its not simply registration, there is also the calculation of the person's insurance payment after the federal subsidy is applied. Supposedly this requires transactions with various government agencies and/or insurance companies. This was the point of registration, to avoid showing the unsubsidized payment.
"In the first detailed account of what happened, officials of four contractors involved in the website creation described a convoluted system of multiple companies operating separately under the oversight of CMS, a part of the Department of Health and Human Services.
Each said their individual components generally performed as planned after internal testing, but all conceded that CMS failed to conduct sufficient "end-to-end" testing of the entire system before the launch... an end-to-end test conducted within two weeks of the launch caused the system to crash. She said it was up to CMS to decide on proceeding with the rollout."
"... blamed a decision by CMS within two weeks of the launch to require users to fully register in order to browse for health insurance products, instead of being able to get information anonymously, as originally planned."
The preceding should not be interpreted to mean that the contractor did good work. That may have been a problem as well. My point is that government officials were basically sabotaging their project through mismanagement. It appears that politicians were in control.
You don't have insurance until you actually pay. This is difficult when the insurance company itself refuses to accept payment.
In some cases it may still be the government's fault. If the government has not communicated to the insurance company what that person's subsidy is the insurance company would not know what to charge the person.
... but I don't think firing everyone in charge of a massive project does a lot of good when it you're trying to make it work.
Supposedly only the front end is implemented, the web site that citizens use. The backend, the part that coordinates the various federal agencies and insurance companies involved, does the billing, etc has not been implemented yet.
If so it may not matter so much who implements the backend, the original contractor or the new.
Are you also angry that they've got decent computers rather than underspecced, second hand $100 shitboxes?
I suspect that if every programmer had to use a $100 second-hand shitbox, that indignity would be justified by the time that I alone would recover from hourglasses, beach balls, and other various twirlies.
A previous employer found a compromise. We had two computers on our desk, a current decent machine (not extravagant though) and the older machine that it replaced. Our software was expected to run well on both machines.
I think the issue is that Google is using city bus stops without permission. In other words appropriating a public asset for private use. And possibly impacting the performance of a city service, have city buses had to wait while the google shuttle cleared the stop?
If Google were picking up its employees somewhere else there would probably be no controversy.
You are making a distinction without a difference.
I've proven that untrue, for example where the judgement exceeds the insurance policy terms.
Another difference would be where the person/company's actions violated the terms of the policy with the insurance company. The insurance policy is conditional, it does not protect the person/company in all situations.
Basically the insurance policy is a contractual obligation, and contracts are easier to get out of than a judicial order that assigns liability. The insurance company could contest their obligation for some reason and the judge will still expect the person/company to pay. The person/company can sue the insurance company for a breach of contract or whatever but that it a completely separate legal action. While you are suing your insurance company the judge may still seize your assets, garner your wages, etc.
So, the insurance company is "liable" for up to $1M... Liability is obligation.
My dictionary defines "liable" as "legally responsible". A court will assign legal responsibility to a person, not the person's insurance company. If an insurance company pays the obligation it does so on behalf of the person liable.
They're also the ones who can get security policy overridden so that something can be easy for them. Regardless of the problems.
That is why you develop "dashboard applications" for their computer or phone that gives them the overview that they want, it pre-empts them from asking for access to the actual data. The data can be accessed and summarized by the server side software that only send the summary info needed for graphics and labeling on the client app.
Slashdot Mirror
Do you really think that the Apple system works identically today as it did "a few years ago?"
The requirement for a CC or money in the account may very well have changed. However in-app purchases have ALWAYS been performed by Apple's App Store app and have ALWAYS included a confirmation that showed the item and its price. The game may offer an in-app but it can't perform the purchase, only the Apple App Store app can do that.
He had no idea that he was purchasing anything. He showed me. The game would ask if the player wanted something (more time, more bullets, more lives, etc.) and ask for the AppleID password. It was entirely unclear that he was spending real money. No sales receipt was ever generated.
The game NEVER asks for the Apple ID or password(*). The purchase confirmation is ALWAYS done by the built-in Apple App Store app.
Apps display an offer but they have to turn over the purchase to the Apple App Store app once the user indicates that they want to buy. Then the App Store app independently asks for confirmation and shows the item being purchased and its price.
(*) Well unless its malware that got past Apple's review process. In-app purchases are submitted and reviews just like app.
Game purchase authorized. What Apple didn't in general tell people is that that authorization would last past the initial purpose, unless the user dug deep in Settings to turn that feature off.
I believe this was fixed long ago in an iOS update. The app authorization no longer works for in-app authorization. Once in the app a second authorization is always needed for an in-app purchase. This second authorization for the in-app purchase does seem to create a window of approval for subsequent in-app purchases, however the original app purchase no longer creates such a window. In any case the parent is aware that the app has in-app purchases.
Having such a diversity of platforms makes errors more apparent (some bugs which while they might impact all platforms might only be obvious one one platform for whatever reason) ...
I absolutely agree. As someone who simultaneously developed for Windows/x86 and MacOS/PowerPC I definitely saw bugs manifest more easily on one system or the other. However, past two or three hardware architectures there is probably quite the diminishing return.
... and the interest of some devs might be tied to these weird architectures.
Well people tied to these "weird" architectures can make a donation. Take a look at the supported architecture list, quite a bit of trimming is possible if the respective esoteric communities can't at least pitch in for the electric bill.
The GPL does not require companies to give back. A company may use a GPL based product internally, fix it, adapt it and never share a line of code. The GPL only applies when someone wants to distribute their derivative work.
For examples, in two different films with Matthew Broderick, his modifying school records, assuming that he does indeed have credentials, is not implausible. In The Matrix Reloaded Trinity's hack is more realistic that most other movies.
In the original Terminator some 6502 code scrolled by. At the time a friend throughout he recognized it from the Apple DOS Read/Write Track Sector function.
Yeah, everyone knows that "Password123" is probably what will get you into most corporate systems.
And for govt nuclear weapons, the code is 123456.
From Ars Technica: "Well, for two decades, all the Minuteman nuclear missiles in the US used the same eight-digit numeric passcode to enable their warheads: 00000000. That fact, originally revealed in a column in 2004 by then-president of the Center for Defense Information Dr. Bruce G. Blair, a former US Air Force officer who manned Minuteman silos, was also mentioned in a paper by Steven M. Bellovin, a computer science professor at Columbia University who teaches security architecture. Both of these sources were cited this week in an article on the site Today I Found Out written by Karl Smallwood, as well as in an article in the UK's Daily Mail."
If everyone starts checking all the servers they use ...
This is done in some commercial settings. When some companies enter into a relationship periodic 3rd party security audits may be required. However the key point is that the owner of the machines have consented to the penetration testing and other audits.
Basically one company is told we won't do business with you unless you allow these 3rd party audits. Consumers could get together and do the same.
That is just flat-out wrong. There are several models which can run 10.8 but cannot run 10.9.
Apple's listed specs look the same to me. The MacBook list was consolidated but they are equivalent.
OS X Mavericks: System Requirements
http://support.apple.com/kb/ht5842
To install Mavericks, you need one of these Macs:
iMac (Mid-2007 or later)
MacBook (13-inch Aluminum, Late 2008), (13-inch, Early 2009 or later)
MacBook Pro (13-inch, Mid-2009 or later),
MacBook Pro (15-inch or 17-inch, Mid/Late 2007 or later)
MacBook Air (Late 2008 or later)
Mac mini (Early 2009 or later)
Mac Pro (Early 2008 or later)
Xserve (Early 2009)
Your Mac also needs:
OS X Mountain Lion, Lion, or Snow Leopard v10.6.8 already installed
2 GB or more of memory
8 GB or more of available space
OS X Mountain Lion system requirements
http://support.apple.com/kb/ht5444
To install Mountain Lion, you need one of these Macs:
iMac (Mid 2007 or newer)
MacBook (Late 2008 Aluminum, or Early 2009 or newer)
MacBook Pro (Mid/Late 2007 or newer)
MacBook Air (Late 2008 or newer)
Mac mini (Early 2009 or newer)
Mac Pro (Early 2008 or newer)
Xserve (Early 2009)
Your Mac needs:
OS X v10.6.8 or OS X Lion already installed
2 GB or more of memory
8 GB or more of available space
The law does not care if you are white hat or black hat. Well at least with respect to guilt, it can be considered at sentencing.
Actually, it does. Your intentions can make an important difference. One example of this is the good Samaritan who breaks into a car to rescue a baby locked inside on a hot day. He would be guilty of vandalism according to your logic. Same applies here, if the kid notices a vulnerability and reports it without unnecessarily retrieving data, he is obviously a good Samaritan.
Your analogy is flawed. The vulnerable data is not in plain sight to an innocent bystander as the baby in the car is. A better analogy would be someone sees a panel van and wonders if they can break into it. They do and once they have opened the door they find a baby in distress. They were not aware of the baby until after the break in.
The law does not care if you are white hat or black hat. Well at least with respect to guilt, it can be considered at sentencing.
If its not your computer and if you don't have the owner's permission you can't do penetration testing without putting yourself at risk.
The injured party was suing the driver, not the driver's insurance company. However the attorney was from the insurance company, it was not the driver's personal attorney.
You sue who you have the relationship with (the one who it you), regardless of who's liable (unless the person at issue is a minor, in which case you sue the parents). The insurance company's lawyer was there because the insurance company is the responsible party. They contractually took that role from the owner.
I don't think that they took over responsibility in any legal sense, the driver is still liable to the judge. The insurance company having an obligation to the driver is something separate, something secondary.
Nope. My insurance accepts liability (up to a certain point, and for certain things). If I'm sued, the insurance company enjoins the suit, becoming a co-defendant, taking direct liability.
I don't think so. I think enjoin means they take control of your defense. You are still the potentially liable party. There are merely contractually bound to pay the bill if you are found liable, subject and limited to the terms of the contract.
I was on a jury for a law suit over a traffic accident. The injured party was suing the driver, not the driver's insurance company. However the attorney was from the insurance company, it was not the driver's personal attorney.
The site is worthless without registration, because all the information is on what you're registering for. The primary purpose of the site is registration.
Absolutely wrong. The purpose of the site is to comparison shop insurance policies. The subsidy that requires registration is irrelevant. If one policy is $50 more than another before subsidy it will still be $50 more after subsidy. The subsidy is the same no matter what company you sign up with.
"... blamed a decision by CMS within two weeks of the launch to require users to fully register in order to browse for health insurance products, instead of being able to get information anonymously, as originally planned."
if this is hard, then they're assholes. that should practically be a checkbox.
You are missing an important point. They only had two weeks for integration testing, which is woefully inadequate - ridiculous actually, and then they are asking for changes to be made in this same timeframe.
Plus its not simply registration, there is also the calculation of the person's insurance payment after the federal subsidy is applied. Supposedly this requires transactions with various government agencies and/or insurance companies. This was the point of registration, to avoid showing the unsubsidized payment.
From the congressional testimony, http://www.cnn.com/2013/10/24/politics/congress-obamacare-website/:
... an end-to-end test conducted within two weeks of the launch caused the system to crash. She said it was up to CMS to decide on proceeding with the rollout."
"In the first detailed account of what happened, officials of four contractors involved in the website creation described a convoluted system of multiple companies operating separately under the oversight of CMS, a part of the Department of Health and Human Services. Each said their individual components generally performed as planned after internal testing, but all conceded that CMS failed to conduct sufficient "end-to-end" testing of the entire system before the launch
"... blamed a decision by CMS within two weeks of the launch to require users to fully register in order to browse for health insurance products, instead of being able to get information anonymously, as originally planned."
The preceding should not be interpreted to mean that the contractor did good work. That may have been a problem as well. My point is that government officials were basically sabotaging their project through mismanagement. It appears that politicians were in control.
You don't have insurance until you actually pay. This is difficult when the insurance company itself refuses to accept payment.
In some cases it may still be the government's fault. If the government has not communicated to the insurance company what that person's subsidy is the insurance company would not know what to charge the person.
... but I don't think firing everyone in charge of a massive project does a lot of good when it you're trying to make it work.
Supposedly only the front end is implemented, the web site that citizens use. The backend, the part that coordinates the various federal agencies and insurance companies involved, does the billing, etc has not been implemented yet.
If so it may not matter so much who implements the backend, the original contractor or the new.
Are you also angry that they've got decent computers rather than underspecced, second hand $100 shitboxes?
I suspect that if every programmer had to use a $100 second-hand shitbox, that indignity would be justified by the time that I alone would recover from hourglasses, beach balls, and other various twirlies.
A previous employer found a compromise. We had two computers on our desk, a current decent machine (not extravagant though) and the older machine that it replaced. Our software was expected to run well on both machines.
The second gen Macbook Pro is supported with Mavericks. In fact, the only Macbook Pros not supported seem to be the original 32 bit only ones.
Careful, some "32-bit" Macs have 64-bit hardware but Apple never wrote 64-bit drivers and thus restricted these Macs to 32-bit versions of Mac OS X.
Mac OS X Mavericks (10.9) has the same requirements as Mountain Lion (10.8). So the comparison to Windows 8.0 and 8.1 is correct.
I think the issue is that Google is using city bus stops without permission. In other words appropriating a public asset for private use. And possibly impacting the performance of a city service, have city buses had to wait while the google shuttle cleared the stop?
If Google were picking up its employees somewhere else there would probably be no controversy.
You are making a distinction without a difference.
I've proven that untrue, for example where the judgement exceeds the insurance policy terms.
Another difference would be where the person/company's actions violated the terms of the policy with the insurance company. The insurance policy is conditional, it does not protect the person/company in all situations.
Basically the insurance policy is a contractual obligation, and contracts are easier to get out of than a judicial order that assigns liability. The insurance company could contest their obligation for some reason and the judge will still expect the person/company to pay. The person/company can sue the insurance company for a breach of contract or whatever but that it a completely separate legal action. While you are suing your insurance company the judge may still seize your assets, garner your wages, etc.
So, the insurance company is "liable" for up to $1M... Liability is obligation.
My dictionary defines "liable" as "legally responsible". A court will assign legal responsibility to a person, not the person's insurance company. If an insurance company pays the obligation it does so on behalf of the person liable.
They're also the ones who can get security policy overridden so that something can be easy for them. Regardless of the problems.
That is why you develop "dashboard applications" for their computer or phone that gives them the overview that they want, it pre-empts them from asking for access to the actual data. The data can be accessed and summarized by the server side software that only send the summary info needed for graphics and labeling on the client app.