If it's a subscription they want 30% of the subscription ongoing. All that stuff you listed that they provide they also provide to app developers who charge nothing for their applications and also on a one-off per-purchase basis for applications that charge money. What is it that subscription services providers get over those who charge nothing and those who charge a one-off price? Nothing.
Now most subscription services don't charge for the app itself so a way for Apple to get some revenue without just leeching onto services providers is possibly to take a 30% of the first month of the subscription. That way they get their one-off payment just like any other paid application.
Point your television remote at your iPhone camera and press a button. See that little blinking Led?
No. Tried it with 3 remotes on my iPhone 6, nothing. Naturally having a camera that picks up light that you can't see results in less true-to-life photos which is why it is filtered.
I think you're missing the point. A lot of people here don't really understand open source, open source is their way of saying "not microsoft" so when microsoft releases something open source which can be forked, modified, improved, changed, etc such people simply cannot understand it.
Well it is evident the one who doesn't know what "more" means is you. If you "show the code to experts" then not only is the code not "more" secure, it has zero changes whatsoever, but you seem to think it is "more" secure so I suggest you get a dictionary.
You are making the claim that the statement "open source is more secure because you can see the code" is NOT true even if you interpret "you can see" as "you can see and show to experts".
Actually no, I did not say it is not true, I said it is disingenuous because even if you can "show it to experts" the code is no different. It is *only* more secure if you can show it to experts and they can identify a bug and they can come up with a solution and they can implement that solution. Until you complete every single one of those steps the code is not in any way any more secure than it was when you started.
In spite of using the word "more" repeatedly, you were "not comparing it to anything". Reminder : https://slashdot.org/comments.....
That's right, I am not the one making the claim that "open source is more secure because the code is visible", I am not the one making a comparison. I'm saying code visibility does not make a project more secure (that requires actual work beyond just being able to see the code). If you believe "open source is more secure because the code is visible" then what are you comparing it to?
Not in place of "code", no. You can use it in place of "coding" if you like, they are pretty much interchangeable. Why do we have to use one rather than the other?
Unless of course you say "coding" as a verb.
Or indeed "code" as a verb the way it is used in the title and summary.
You teach kids to code with toys and then when they grow up they only know how to code with toys.
Yeah that's why everything in the world is built out of Lego, you teach kids to build things with Lego and when they grow up they only know how to build things with Lego.
And precisely what is open source more secure than? How are you quantifying this?
If you were to look at one of the most critical and highly publicized security vulnerabilities in recent memory, Heartbleed, you see that OpenSSL was vulnerable to this while Microsoft's SSL implementation was not vulnerable to it. Yet you are saying open source is more secure. Now while there may be many other undiscovered vulnerabilities in both projects that is an unknown so you cannot honestly say one is more secure than the other, so why are you saying open source is more secure? What evidence leads you to say this? Or are you just mindlessly parroting what somebody told you?
Ok let's try this a different way and maybe you will understand: I'm saying your claim is disingenuos and if it is true then to prove it, in response you are asking me prove that it isn't. You want me to make your argument for you because you can't back it up yourself.
"More" is a completely vague term, this is the whole point, hence the reason I'm calling out the claims as dishonest and disingenuous.
What exacty do you you think the words I have written mean? You have made several failed attempts that have each inferred a different meaning and you are then putting words in my mouth so that you can argue against. You're arguing with own misinterpretation.
Give me a concrete example where being able to see the code makes a project more secure.
Ok, so what do you think "open source" is not "more secure" than
Are you completely dense? I am not comparing it to anything, I don't know how many times I have to repeat this, I think perhaps you need to write it down or say it out loud or maybe you simply lack the capacity to understand this.
I'm not saying Open Source is bad I'm not comparing Open Source to Closed Source I'm not saying OpenSSL is bad I'm not saying there is an alternative to OpenSSL that is better
As I said, your repeated failures to understand this are just mind-boggling and it really cannot be dumbed down to your level. Go back and read it all again, read it several times if you need to.
Yes, and code visibility does not make software more secure. It is only one part of it, you still need to have the right people look at the right piece of code, understand it and find the problem, be able to come up with a solution for it and to put in the effort to actually do it. Until you have all of that the code is not any more secure whatsoever.
Or, probably a reading comprehension problem on your part? Just a hunch.
open source is more secure because you can see the code
Did you interpret it as "open source is perfectly secure because you can see the code" ? I earlier didn't think this needs explanation, but from the emphasis you are laying on non-comparison, one would think you interpret "more" as "perfect".
Wrong again. What you actually need is not only to see the code but to have the right people look at the right piece of code, understand it and be able to come up with a solution for it. Code visibility does not make software more secure. Everybody could see OpenSSL's code, the bugs in it were not impossible to fix but the issue was that the people capable of finding and fixing them weren't looking at it to identify and fix the bugs.
Now the ability to see the code is one of the things that enables this, an important part - and if one were to be comparing to closed source, which i am not, this would be an advantage of open source - but it does not make code more secure and it is disingenuous and dishonest to suggest otherwise.
OK, so you are saying no one else can do better than OpenSSL, but OpenSSL is bad.
No and no. Nowhere did I say or imply OpenSSL is bad and nowhere did I say or imply that no one else can do better than OpenSSL. OpenSSL is simply the example that demonstrates the over-inflation of the claims made about open source software, this is pretty clear and the fact that this is the third time I've explained it indicates your reading comprehension problem, I'm afraid this can't be dumbed down to your level.
I was thinking more along the lines of a polarized filter
These have been debunked. It kind of worked for very specific angles against certain kinds of older cameras but in pretty much all practical circumstances is not going to work.
or array of CCD-blinding infrared LEDs.
That's easily overcome with an IR filter.
I see where you're going with this but surveillance is only one part of it, even if you can outlaw surveillance cameras you still need to get redlight/speed cameras removed because governments aren't going to allow devices that circumvent existing legal law enforcement mechanisms. While I'm skeptical that you could get traffic monitoring cameras outlawed I'm even more skeptical that you could get all remote law enforcement mechanisms outlawed, I'm certainly all for it but I don't see it happening. Then of course you also don't get the evidence that you have been stopped by police, if your plate is invisible to cameras it's your word against theirs and one of the reasons cameras have been deployed on police cars is to make sure there is evidence of a stop not just for the officer but for the public.
Of course you can find out. You can test against this vulnerability and see if you can exploit it on Windows, if you can't then obviously it isn't vulnerable to it.
Still, that's not exactly the car's fault in the same way that it is with modern "infotainment"-infected ones (and especially things like Leafs, Teslas, and anything with a Progressive Insurance "snapshot" module plugged into it).
True, but even if you eliminate that it doesn't really matter whos fault the "spying" is, the end result is that it happens and is becoming more widespread as the cost of surviellance plummets.
What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras (and to repeal the laws prohibiting its use). You could say we could prohibit the use of the tracking cameras instead, but we all know that wouldn't actually get rid of them.
I'm not sure the human eye has a spectrum that we can't visualize with a camera, in fact it's actually the other way around. Like you say, prohibiting the use of cameras is unlikely to make it go away, this is also my argument against going to any effort for legislating for network privacy. Even if they say they aren't going to do it do you really trust them? And even if they are caught and then also by some miracle held to account that still doesn't fix the damage.
remember, housing prices have to come down to what renters could afford
If that were to happen then it would be economically viable for me to just pay for my investment properties myself. They would be solid investment for the capital growth alone, I could use them as vacation houses whenever I want and make a bit on the side with AirBnB occasionally. I'd like your model of cheaper housing, but this is exactly why it won't work.
Are you saying if OpenSSL, with the same skill of developers / same amount of funding, were closed source - it would have fewer bugs?
No. Try and understand this is not about open vs closed (hence the reason I didn't mention closed source nor make any comparison to it), it is about practical applicability of the widely espoused advantages of open source.
Now skill of developers does vary, but it is unknown in closed source.
Which is why I'm not making a comparison to or argument for/against closed source because there are a lot of unknowns.
With open source software, you could judge it/fix it by paying for a good review.
Yes you could but even for the most widely used open source software where this advantage could theoretically be exploited we see that in the real world that simply does not happen.
Security review is a highly specialized job, it is not going to happen just by making the source available.
Which is precisely my point, it's a theoretical advantage that is not really practical.
Finding fault with OpenSSL (and its open source brethren) is like saying Usain Bolt can't sprint very fast.
No, refusing to find fault with it is exactly the sort of apologist attitude that propagates these problems. The failures in OpenSSL stand on their own, you don't need to compare them to closed source.
This is vague - "many" and "shallow" are both open to interpretation. But are you saying the fewer the eyes, the shallower the bugs?
No, I am not saying that. What I am saying is that in theory that would work (or perhaps replace "many eyes" with "the right eyes") but in practise it simply does not happen.
The reason I picked OpenSSL is because it is used extremely widely from free software hobbyists to the biggest corporations in the world, as far as open source projects go it should have the best chance of pretty much any project of living up to the espoused advantages. Try and remember this isn't to compare to closed source or say that closed source would be better, just that the pronounced advantages of open source should be realistic rather than the ones that are theoretical but provably not practical.
They're supposed to facilitate communication between parties agreeing to communicate.
Over a public network using other peoples' equipment, just like landline telephones or chatting in a public space. Sure there are ways to mitigate the other users of the area (or network) from listening like speaking in code (encryption) but you can't just expect to be in a public space, speak loud and clear and then complain that other people shouldn't be listening to you. If you want to communicate over a public network using other peoples' equipment in such a way to prevent others from listening then you need to employ tactics to do it, thankfully we have that and it simply means using encryption or Virtual Private Networks, which we have had for a very very long time.
You can't legislate something like this away, it isn't legal to take somebody elses credit card information and use it to make unauthorized purchases but you don't go out and just shout out your credit card number in public or send it unencrypted over the internet. If you want privacy you have to actively enforce it yourself and as I said there are plenty of means with which to do that and have been for a long time.
But if it's registered to you and you drive it on public roads then the opportunities for surveillance and tracking are not that difficult to comprehend. Indeed it happens with a lot of police vehicles, major arterials and certainly on toll roads.
implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.
Which can all be undermined by malicious or compromised hardware, you need to have open hardware and a way of verifying it.
Slashdot Mirror
If it's a subscription they want 30% of the subscription ongoing. All that stuff you listed that they provide they also provide to app developers who charge nothing for their applications and also on a one-off per-purchase basis for applications that charge money. What is it that subscription services providers get over those who charge nothing and those who charge a one-off price? Nothing.
Now most subscription services don't charge for the app itself so a way for Apple to get some revenue without just leeching onto services providers is possibly to take a 30% of the first month of the subscription. That way they get their one-off payment just like any other paid application.
Yes definitely some cameras do but many don't.
Point your television remote at your iPhone camera and press a button. See that little blinking Led?
No. Tried it with 3 remotes on my iPhone 6, nothing. Naturally having a camera that picks up light that you can't see results in less true-to-life photos which is why it is filtered.
I think you're missing the point. A lot of people here don't really understand open source, open source is their way of saying "not microsoft" so when microsoft releases something open source which can be forked, modified, improved, changed, etc such people simply cannot understand it.
Well it is evident the one who doesn't know what "more" means is you. If you "show the code to experts" then not only is the code not "more" secure, it has zero changes whatsoever, but you seem to think it is "more" secure so I suggest you get a dictionary.
You are making the claim that the statement "open source is more secure because you can see the code" is NOT true even if you interpret "you can see" as "you can see and show to experts".
Actually no, I did not say it is not true, I said it is disingenuous because even if you can "show it to experts" the code is no different. It is *only* more secure if you can show it to experts and they can identify a bug and they can come up with a solution and they can implement that solution. Until you complete every single one of those steps the code is not in any way any more secure than it was when you started.
In spite of using the word "more" repeatedly, you were "not comparing it to anything". Reminder : https://slashdot.org/comments.....
That's right, I am not the one making the claim that "open source is more secure because the code is visible", I am not the one making a comparison. I'm saying code visibility does not make a project more secure (that requires actual work beyond just being able to see the code). If you believe "open source is more secure because the code is visible" then what are you comparing it to?
Can we go back to calling it programming yet?
Not in place of "code", no. You can use it in place of "coding" if you like, they are pretty much interchangeable. Why do we have to use one rather than the other?
Unless of course you say "coding" as a verb.
Or indeed "code" as a verb the way it is used in the title and summary.
You teach kids to code with toys and then when they grow up they only know how to code with toys.
Yeah that's why everything in the world is built out of Lego, you teach kids to build things with Lego and when they grow up they only know how to build things with Lego.
And precisely what is open source more secure than? How are you quantifying this?
If you were to look at one of the most critical and highly publicized security vulnerabilities in recent memory, Heartbleed, you see that OpenSSL was vulnerable to this while Microsoft's SSL implementation was not vulnerable to it. Yet you are saying open source is more secure. Now while there may be many other undiscovered vulnerabilities in both projects that is an unknown so you cannot honestly say one is more secure than the other, so why are you saying open source is more secure? What evidence leads you to say this? Or are you just mindlessly parroting what somebody told you?
Ok let's try this a different way and maybe you will understand: I'm saying your claim is disingenuos and if it is true then to prove it, in response you are asking me prove that it isn't. You want me to make your argument for you because you can't back it up yourself.
"More" is a completely vague term, this is the whole point, hence the reason I'm calling out the claims as dishonest and disingenuous.
What exacty do you you think the words I have written mean? You have made several failed attempts that have each inferred a different meaning and you are then putting words in my mouth so that you can argue against. You're arguing with own misinterpretation.
Give me a concrete example where being able to see the code makes a project more secure.
Ok, so what do you think "open source" is not "more secure" than
Are you completely dense? I am not comparing it to anything, I don't know how many times I have to repeat this, I think perhaps you need to write it down or say it out loud or maybe you simply lack the capacity to understand this.
I'm not saying Open Source is bad
I'm not comparing Open Source to Closed Source
I'm not saying OpenSSL is bad
I'm not saying there is an alternative to OpenSSL that is better
As I said, your repeated failures to understand this are just mind-boggling and it really cannot be dumbed down to your level. Go back and read it all again, read it several times if you need to.
Do you know the meaning of "more" ?
Yes, and code visibility does not make software more secure. It is only one part of it, you still need to have the right people look at the right piece of code, understand it and find the problem, be able to come up with a solution for it and to put in the effort to actually do it. Until you have all of that the code is not any more secure whatsoever.
Or, probably a reading comprehension problem on your part? Just a hunch.
open source is more secure because you can see the code
Did you interpret it as "open source is perfectly secure because you can see the code" ? I earlier didn't think this needs explanation, but from the emphasis you are laying on non-comparison, one would think you interpret "more" as "perfect".
Wrong again. What you actually need is not only to see the code but to have the right people look at the right piece of code, understand it and be able to come up with a solution for it. Code visibility does not make software more secure. Everybody could see OpenSSL's code, the bugs in it were not impossible to fix but the issue was that the people capable of finding and fixing them weren't looking at it to identify and fix the bugs.
Now the ability to see the code is one of the things that enables this, an important part - and if one were to be comparing to closed source, which i am not, this would be an advantage of open source - but it does not make code more secure and it is disingenuous and dishonest to suggest otherwise.
OK, if you point out who is better than OpenSSL in amount and variety of usage along with excellence in security track record, we'll get somewhere.
No, your insistence on this is proof that you continue to fail to grasp the concept, it's really not that difficult but you fail time and time again.
OK, so you are saying no one else can do better than OpenSSL, but OpenSSL is bad.
No and no. Nowhere did I say or imply OpenSSL is bad and nowhere did I say or imply that no one else can do better than OpenSSL. OpenSSL is simply the example that demonstrates the over-inflation of the claims made about open source software, this is pretty clear and the fact that this is the third time I've explained it indicates your reading comprehension problem, I'm afraid this can't be dumbed down to your level.
I was thinking more along the lines of a polarized filter
These have been debunked. It kind of worked for very specific angles against certain kinds of older cameras but in pretty much all practical circumstances is not going to work.
or array of CCD-blinding infrared LEDs.
That's easily overcome with an IR filter.
I see where you're going with this but surveillance is only one part of it, even if you can outlaw surveillance cameras you still need to get redlight/speed cameras removed because governments aren't going to allow devices that circumvent existing legal law enforcement mechanisms. While I'm skeptical that you could get traffic monitoring cameras outlawed I'm even more skeptical that you could get all remote law enforcement mechanisms outlawed, I'm certainly all for it but I don't see it happening. Then of course you also don't get the evidence that you have been stopped by police, if your plate is invisible to cameras it's your word against theirs and one of the reasons cameras have been deployed on police cars is to make sure there is evidence of a stop not just for the officer but for the public.
Of course you can find out. You can test against this vulnerability and see if you can exploit it on Windows, if you can't then obviously it isn't vulnerable to it.
Still, that's not exactly the car's fault in the same way that it is with modern "infotainment"-infected ones (and especially things like Leafs, Teslas, and anything with a Progressive Insurance "snapshot" module plugged into it).
True, but even if you eliminate that it doesn't really matter whos fault the "spying" is, the end result is that it happens and is becoming more widespread as the cost of surviellance plummets.
What we need is a license plate cover that allows the plate to be read by humans but masks it against being read by cameras (and to repeal the laws prohibiting its use). You could say we could prohibit the use of the tracking cameras instead, but we all know that wouldn't actually get rid of them.
I'm not sure the human eye has a spectrum that we can't visualize with a camera, in fact it's actually the other way around. Like you say, prohibiting the use of cameras is unlikely to make it go away, this is also my argument against going to any effort for legislating for network privacy. Even if they say they aren't going to do it do you really trust them? And even if they are caught and then also by some miracle held to account that still doesn't fix the damage.
remember, housing prices have to come down to what renters could afford
If that were to happen then it would be economically viable for me to just pay for my investment properties myself. They would be solid investment for the capital growth alone, I could use them as vacation houses whenever I want and make a bit on the side with AirBnB occasionally. I'd like your model of cheaper housing, but this is exactly why it won't work.
Are you saying if OpenSSL, with the same skill of developers / same amount of funding, were closed source - it would have fewer bugs?
No. Try and understand this is not about open vs closed (hence the reason I didn't mention closed source nor make any comparison to it), it is about practical applicability of the widely espoused advantages of open source.
Now skill of developers does vary, but it is unknown in closed source.
Which is why I'm not making a comparison to or argument for/against closed source because there are a lot of unknowns.
With open source software, you could judge it/fix it by paying for a good review.
Yes you could but even for the most widely used open source software where this advantage could theoretically be exploited we see that in the real world that simply does not happen.
Security review is a highly specialized job, it is not going to happen just by making the source available.
Which is precisely my point, it's a theoretical advantage that is not really practical.
Finding fault with OpenSSL (and its open source brethren) is like saying Usain Bolt can't sprint very fast.
No, refusing to find fault with it is exactly the sort of apologist attitude that propagates these problems. The failures in OpenSSL stand on their own, you don't need to compare them to closed source.
This is vague - "many" and "shallow" are both open to interpretation. But are you saying the fewer the eyes, the shallower the bugs?
No, I am not saying that. What I am saying is that in theory that would work (or perhaps replace "many eyes" with "the right eyes") but in practise it simply does not happen.
The reason I picked OpenSSL is because it is used extremely widely from free software hobbyists to the biggest corporations in the world, as far as open source projects go it should have the best chance of pretty much any project of living up to the espoused advantages. Try and remember this isn't to compare to closed source or say that closed source would be better, just that the pronounced advantages of open source should be realistic rather than the ones that are theoretical but provably not practical.
They're supposed to facilitate communication between parties agreeing to communicate.
Over a public network using other peoples' equipment, just like landline telephones or chatting in a public space. Sure there are ways to mitigate the other users of the area (or network) from listening like speaking in code (encryption) but you can't just expect to be in a public space, speak loud and clear and then complain that other people shouldn't be listening to you. If you want to communicate over a public network using other peoples' equipment in such a way to prevent others from listening then you need to employ tactics to do it, thankfully we have that and it simply means using encryption or Virtual Private Networks, which we have had for a very very long time.
You can't legislate something like this away, it isn't legal to take somebody elses credit card information and use it to make unauthorized purchases but you don't go out and just shout out your credit card number in public or send it unencrypted over the internet. If you want privacy you have to actively enforce it yourself and as I said there are plenty of means with which to do that and have been for a long time.
But if it's registered to you and you drive it on public roads then the opportunities for surveillance and tracking are not that difficult to comprehend. Indeed it happens with a lot of police vehicles, major arterials and certainly on toll roads.
implying you know what a phonecall looks like encrypted. TLS from services like signal on android look indistinguishable from any other VPN traffic you might see on the wire. Couple the phone with openvpn's client, and you have a phone that well, doesnt emit phonelike traffic at all.
Which can all be undermined by malicious or compromised hardware, you need to have open hardware and a way of verifying it.