Same as on the iTMS. I guess they're trying to avoid people using them as a download server, and I suspect traffic may be a significant part of their real per-song costs.
If you're going to get music from someone who doesn't pay for the rights to distribute them, get them for free instead of paying the Russian Mafia for them.
If they split the iPhone CPU so the apps couldn't step into and screw with the software radio, and released a dev kit, then the iPhone/iTouch would actually be a PDA/smartphone (being a PDA as well as a phone is what MAKES a phone a smartphone). Then you could talk about it being a "Newton II". Except you wouldn't, any more than you'd call a laptop an "Osborne II". The name's a jinx.
The development kit would be another profile for XCode, and you'd be able to create 3-way universal applications just by using the NIB editor to lay out a NIB for the iPhone to use... they already have all the rest of the technology in place.
If they do that, then it becomes something I might be interested in buying. Anything less, particularly anything with an API that's anything less than this, no matter what they call it... meh.
The only real difference between Type I and the new type iI is the lack of apps, which will be overcome using the web SDKs that are supported.
Safari is NOT the Newton scroll, and web apps are no replacement for local apps and local databases.
I've had a Newton, Palm, Pocket PC (phone even), and Palm again, and while Pocket IE was a killer app (and could do everything that Safari on the iPhone can do, even if you didn't want to lick the screen) I went back to two devices because having a lot of reliable applications on my Palm completely trumped the web. I've got way better battery life, too... my phone has to be plugged in nightly and NOT having a second charge kit for the office is foolish... while my Visor Deluxe could get 24 hours *use time* out of a pair of AAs, or getting on for a month standby, and even my Clie can be used pretty much continuously for a couple of days without charging it.
The Newton would have had to get that kind of battery life too, if it had survived, for me to stick to it.
And that kind of size.
Give me a device as small as my Clie that's got enough battery to use as a notepad and reference all day without charging it and without being tethered to a charger, with or without a phone in it... THEN tell me it's the new Newton.
It seems no-one is really interested or cares about Vista.
That's the bottom line. People don't upgrade their operating system unless they have to. Upgrading is, for most people, traumatic and expensive... unless you get a huge win (like you got going from Windows 9x/Me to Windows 2000/XP) who's going to bother?
This is, I suspect, one reason Apple doesn't want to be making their money from selling the OS. They get their profits from hardware, they don't lose much if someone doesn't bother to upgrade from Jaguar to Panther to Tiger until they finally replace their aging iMac with a new Aluminum one running Leopard.
(you really like those translucent title bars in Vista? I hated the equivalent on Jaguar, and used the Milk theme to make the UI less 'glossy')
Municipal wifi should be about access to the internet in public places, not private places. That's not the last mile that's missing... we don't need free wifi in your home, we need free wifi in parks, plazas, malls, airports, bus stops, train stations, bus stations, post offices, restaurants, libraries, waiting areas in municipal offices and hospitals and so on... anywhere that is a public place. The last furlong, if you like.
This is what T-Mobile and Sprint and the rest are cherrypicking, setting up expensive ($10 a day for casual use) wifi hotspots in Starbucks and airports and other high profile public areas. This is what Municipal wifi should be going after, and if they don't then they won't get to do it... the established commercial services will be entrenched.
The RIAA isn't there to make money. If it loses money it will just get more money from the labels and the millions of dollars thrown at the RIAA is peanuts compared to what they spend on promotion. So long as the labels believe that the RIAA is providing a useful service for them... by deterring unauthorized copying... they have no incentive to pull the plug.
Like I said, I Am Not A Lawyer, and I didn't claim anything one way or another about the validity of the case. I was just pointing out that IF (important word) the arguments being presented were correct, THEN the analogy with an automobile engine computer didn't apply, SO just presenting it without dealing with the arguments wasn't useful.
Because cellphone *unlocking* is specifically allowed without violating the warranty, they are different from other consumer devices. IANAL, but I do think that if this argument holds then analogies with car computers aren't very useful.
There is still a question in my mind as to whether this applies to some of the other modifications, like installing an SSH server or third-party GUI apps.
Not all data on government systems belongs to the government. Some of it is proprietary information owned by private individuals and institutions and licensed or otherwise made available to the DHS (for a rather obvious example to prove my point, Windows is licensed from Microsoft, you can't get a copy of Windows for the price of a FOIA request).
11-13-91 Scores of newspapers and commentators denounce a Doonesbury series about Dan Quayle's DEA file and Brett Kimberlin, a federal prisoner put in solitary confinement to keep him from repeating his claim that he sold marijuana to the vice president. "Who cares what a comic strip may or may not say about me or anyone else," said Quayle. Trudeau is denounced on the floor of the U.S. Senate, as numerous papers withhold the series and some drop the strip. -- Doonesbury timeline, 1990
As I recall (can't find a copy of the actual strip, it's in the collection "What is it, Tink, is Pan in trouble?") the real punchline for the whole series went something like this:
Rick Redfern: "That's it! That's the story! The coverup!" Source: "That's what I thought. Should I just toss the file?"
If there's a story here at all (after all, 'someone got trolled through IE' isn't a story at all... or if it is it's Microsoft who should be investigated), it's the coverup.
What? Look... things like credit card numbers and passwords to online accounts aren't "classified data", but they certainly *can* be stolen. Plans for as yet unreleased products can still be stolen, even if they're plans for devices with no military application at all.
On the other hand, classified data can include material that people CAN find out from their own observation if they happen to be in the right place at the right time. Like whether a particular vessel is in a particular location... individual observations that aren't correlated aren't something that has been "stolen"... they just happen... but in bulk they become valuable and justify protection.
So whether something is a military or state secret is orthogonal to whether it's valuable or can be "stolen".
Um, go back up a couple of messages, I already pointed out that Outlook 2007 wasn't using the standard HTML control. The GP claimed that Outlook 2003 had similar control over the standard HTML control that 2007 gets from the Word control. That was obviously not true, since 2003 was subject to vulnerabilities that wouldn't have happened if it had that control.
Unfortunately, that control isn't an option for third party programs, because it's part of Office, which may not be installed. Third party applications should not be using the standard control (NOBODY should be using it, including Microsoft), but they are, and so that insecure API is still part of Windows, and widely used.
For the record, I too despise the control, but then like I said if you don't like it, don't use it.
You don't have the option of "not using it" if you're running Windows. It's the standard HTML control and it's used by almost all programs that render HTML. The fact that you can do something else
Either way, it appears to just be sloppy programming if what you say is true.
It's inherent in the design. Every time you force another entity (application, shell, interpreter) to perform parsing and evaluation of something that has to remain secure, you create a new class of security holes. If there is no mechanism to specify correct quoting, then you create an inherently unfixable security hole. It doesn't matter if you're calling the helper application from.NET*, or if the helper application is written in.NET, the API is inherently insecure and it's how helper applications are called.
There is a similar API in UNIX, the 'system' call. Secure applications don't use it, they use the underlying exec() call that avoids the extra layer of interpretation. In Windows, the command line IS the API... the called application doesn't receive an argument vector, it receives a command line and (if needed) recreates the argument vector from it. So, again, this insecure API is part of Windows, and widely used.
That just enables and disables the whole service. It doesn't allow you to have your computer listen to file and print connections from (for example) an internal virtual machine while not listening to those connections from the outside world, WITHOUT using a firewall. The equivalent services on UNIX can *all* be bound to a particular network interface (usually because the network connections are handled by a superserver like inetd, xinetd, or tcpserver), so you can get the same level of security in a mixed network environment... and *then* add a firewall.
Window may have mechanisms to allow a superserver model to be used, I would be surprised if they didn't, but they haven't implemented one (unless you count LAN Manager (whatever it's called this week... 'file and print') itself). Instead every service application opens its own listening socket and few if any have a mechanism to request them to listen only for connections to specific interfaces (in particular, LMGR doesn't). So the API actually used is still inherently insecure.
Microsoft can't fix this in the current platform without pain. Too many applications are using inherently insecure APIs like these. They have to deprecate those APIs and declare a flag day after which they will no longer be provided. This will be highly disruptive... even more so than Vista has been. But there really isn't an alternative if they want to transition to a system that is secure by design rather than just create more leaky sandboxes.
* As a side issue, the.NET security model is pretty clear
But Outlook 2003 uses the aforementioned control, with the same effect I mentioned.
Not according to these vulnerability reports. If it was possible to call the standard Microsoft HTML control securely these problems could not have occurred, because there would be no mechanism in the embedded control to elevate privileges:
Source? I'm still waiting for the "Microsoft admits command-line parsing is terrible" document you mentioned.
It was in the recent IE versus Firefox row. Microsoft claimed that it was up to Firefox to handle anything IE threw at it, because it wasn't possible in principle for IE to sanitize what it sent to programs to ensure that they would never misinterpret malicious embedded quotes. They were right, in that Firefox should handle anything that IE threw at it, but they don't provide a general way to allow a program to both handle arbitrarily complex file names AND handle malicious input containing embedded quotes. The general solution seems to be to have the programs special-case internet explorer, so that if the first argument looks like a URL they treat embedded quotes as either literal or an error, and don't allow multiple arguments. The problem is that while this solves that special case it doesn't provide a way for them to be called securely from any other application.
There are a couple of solutions for this. One is to provide a separate EXE to be used for untrusted sources, and register that... but then that limits what can be passed to the program in a URI from the command line, Windows Explorer, internally, or from other trusted programs (such as scripts or applications using your program for display). Microsoft could resolve that by providing a separate set of bindings for
I expect that's more ports than Linux has open by default, but still, it's not terrible.
I consider file and print sharing a terrible thing to leave open.
(and, yes, four is more than zero - which is what any UNIX variant with pretensions to security has open)
on public networks, Vista will close off all ports on that interface.
Correct me if I'm wrong here, but I believe it does it using a firewall, not by having the services bound only to internal ports or not running at all. My point is that this makes the firewall a part of the normal operation of the system, not an extra layer of security.
At one point you were saying, "When our customers demand it, that's when we'll consider interoperability."
Nobody's ever demanded it. People know up front that when they buy music from the iTunes music store it plays on iPods, and so we're not trying to hide anything there.
That's because you gave them interoperability, and as much quality as they were willing to spend memory on, by burning to CDs.
But he lets people figure that out, because it wouldn't sound good to the labels if he said "it's only honor system DRM".
And of course since then, he's apparently convinced EMI (at least) that the honor system is better for business than trying to pretend you've got magic copy protection skills.
It seems to me that if the many worlds theory is correct that at the beginning (big bang or what not) that each quantum state of a universe subdivision would end up with very different universes (galaxies in different locations, different states of matter, even different physical laws if the changes were enough).
Well, yes, that's kind of a direct outcome of the model. The universe is a superposition of all possible states of the universe, and we only "observe" a little tiny selection of those states because we're measuring the universe using tools that are inside the universe.
It's weird, but if you think about it a while it makes sense.
Strange that none of the wackos who advocate this, and I use the term very loosely, "theory", bother to expain where all of the mass and energy is coming from for all of these extra universes.
The mass and energy isn't coming from anywhere, because there's no new particles being created. The particles are the same ones, in all universes, their state is just getting more complex, and each "parallel universe" is just a description of one consistent state of all the particles of the universe over all histories. We only observe the particles as as having measurable (subject to Heisenberg) positions and velocities because we're using other particles to measure what those positions are.
A better question might be "where is the information needed to describe the state of the particle stored". Or to put it another way "how many bits does God's Computer have, and can we hack it?"
Same as on the iTMS. I guess they're trying to avoid people using them as a download server, and I suspect traffic may be a significant part of their real per-song costs.
If you're going to get music from someone who doesn't pay for the rights to distribute them, get them for free instead of paying the Russian Mafia for them.
If they split the iPhone CPU so the apps couldn't step into and screw with the software radio, and released a dev kit, then the iPhone/iTouch would actually be a PDA/smartphone (being a PDA as well as a phone is what MAKES a phone a smartphone). Then you could talk about it being a "Newton II". Except you wouldn't, any more than you'd call a laptop an "Osborne II". The name's a jinx.
The development kit would be another profile for XCode, and you'd be able to create 3-way universal applications just by using the NIB editor to lay out a NIB for the iPhone to use... they already have all the rest of the technology in place.
If they do that, then it becomes something I might be interested in buying. Anything less, particularly anything with an API that's anything less than this, no matter what they call it... meh.
The only real difference between Type I and the new type iI is the lack of apps, which will be overcome using the web SDKs that are supported.
Safari is NOT the Newton scroll, and web apps are no replacement for local apps and local databases.
I've had a Newton, Palm, Pocket PC (phone even), and Palm again, and while Pocket IE was a killer app (and could do everything that Safari on the iPhone can do, even if you didn't want to lick the screen) I went back to two devices because having a lot of reliable applications on my Palm completely trumped the web. I've got way better battery life, too... my phone has to be plugged in nightly and NOT having a second charge kit for the office is foolish... while my Visor Deluxe could get 24 hours *use time* out of a pair of AAs, or getting on for a month standby, and even my Clie can be used pretty much continuously for a couple of days without charging it.
The Newton would have had to get that kind of battery life too, if it had survived, for me to stick to it.
And that kind of size.
Give me a device as small as my Clie that's got enough battery to use as a notepad and reference all day without charging it and without being tethered to a charger, with or without a phone in it... THEN tell me it's the new Newton.
Everyone I know who used to have a PDA has switched to a smartphone.
A smartphone *IS* a PDA. The "PDA market" and the "smartphone market" are the same bloody market.
And, no, not everyone has switched to a PDA-phone. Phones are fragile, have no battery life to speak of, and in the US they're tied to a carrier.
Apple already has a very good competitor on that market, the iPhone.
The iPhone isn't a smartphone, because it's not programmable. No, web apps don't bloody count.
It seems no-one is really interested or cares about Vista.
That's the bottom line. People don't upgrade their operating system unless they have to. Upgrading is, for most people, traumatic and expensive... unless you get a huge win (like you got going from Windows 9x/Me to Windows 2000/XP) who's going to bother?
This is, I suspect, one reason Apple doesn't want to be making their money from selling the OS. They get their profits from hardware, they don't lose much if someone doesn't bother to upgrade from Jaguar to Panther to Tiger until they finally replace their aging iMac with a new Aluminum one running Leopard.
(you really like those translucent title bars in Vista? I hated the equivalent on Jaguar, and used the Milk theme to make the UI less 'glossy')
You're not thinking like a marketing guy. Take off the engineer hat and try again.
Give me voice transcription that actually works, then start worrying about translating the jabberwocky to another language.
Please keep tapes in a proper ambient, and not to make dust or wrinkle.
Municipal wifi should be about access to the internet in public places, not private places. That's not the last mile that's missing... we don't need free wifi in your home, we need free wifi in parks, plazas, malls, airports, bus stops, train stations, bus stations, post offices, restaurants, libraries, waiting areas in municipal offices and hospitals and so on... anywhere that is a public place. The last furlong, if you like.
This is what T-Mobile and Sprint and the rest are cherrypicking, setting up expensive ($10 a day for casual use) wifi hotspots in Starbucks and airports and other high profile public areas. This is what Municipal wifi should be going after, and if they don't then they won't get to do it... the established commercial services will be entrenched.
The RIAA isn't there to make money. If it loses money it will just get more money from the labels and the millions of dollars thrown at the RIAA is peanuts compared to what they spend on promotion. So long as the labels believe that the RIAA is providing a useful service for them... by deterring unauthorized copying... they have no incentive to pull the plug.
Buy the product by *hovering your mouse* over the "buy" button!
If you think we are possessed of a well-lubricated military machine, then you haven't been paying attention.
Didn't you watch "M.A.S.H."?
Those guys were totally lubricated.
Second Life is the Metaverse in Snow Crash and the Other Plane in True Names.
This is more like Inscape in Ventus and Persistence. Another view of reality, rather than a virtual reality.
Like I said, I Am Not A Lawyer, and I didn't claim anything one way or another about the validity of the case. I was just pointing out that IF (important word) the arguments being presented were correct, THEN the analogy with an automobile engine computer didn't apply, SO just presenting it without dealing with the arguments wasn't useful.
Thank you for the clarification.
Because cellphone *unlocking* is specifically allowed without violating the warranty, they are different from other consumer devices. IANAL, but I do think that if this argument holds then analogies with car computers aren't very useful.
There is still a question in my mind as to whether this applies to some of the other modifications, like installing an SSH server or third-party GUI apps.
The courts will have fun with this one.
We are talking about DHS data, right?
I don't know. You don't know, either.
Not all data on government systems belongs to the government. Some of it is proprietary information owned by private individuals and institutions and licensed or otherwise made available to the DHS (for a rather obvious example to prove my point, Windows is licensed from Microsoft, you can't get a copy of Windows for the price of a FOIA request).
How many other apps do you know that replace half of the system libraries?
Internet Explorer.
Windows Media Player.
Microsoft Office.
What do all these things have in common?
Besides being from Microsoft?
As I recall (can't find a copy of the actual strip, it's in the collection "What is it, Tink, is Pan in trouble?") the real punchline for the whole series went something like this:
Rick Redfern: "That's it! That's the story! The coverup!"
Source: "That's what I thought. Should I just toss the file?"
If there's a story here at all (after all, 'someone got trolled through IE' isn't a story at all... or if it is it's Microsoft who should be investigated), it's the coverup.
What? Look... things like credit card numbers and passwords to online accounts aren't "classified data", but they certainly *can* be stolen. Plans for as yet unreleased products can still be stolen, even if they're plans for devices with no military application at all.
On the other hand, classified data can include material that people CAN find out from their own observation if they happen to be in the right place at the right time. Like whether a particular vessel is in a particular location... individual observations that aren't correlated aren't something that has been "stolen"... they just happen... but in bulk they become valuable and justify protection.
So whether something is a military or state secret is orthogonal to whether it's valuable or can be "stolen".
Firstly, take a look at this - http://en.wikipedia.org/wiki/Microsoft_Outlook#HTML_rendering
.NET*, or if the helper application is written in .NET, the API is inherently insecure and it's how helper applications are called.
.NET security model is pretty clear
Um, go back up a couple of messages, I already pointed out that Outlook 2007 wasn't using the standard HTML control. The GP claimed that Outlook 2003 had similar control over the standard HTML control that 2007 gets from the Word control. That was obviously not true, since 2003 was subject to vulnerabilities that wouldn't have happened if it had that control.
Unfortunately, that control isn't an option for third party programs, because it's part of Office, which may not be installed. Third party applications should not be using the standard control (NOBODY should be using it, including Microsoft), but they are, and so that insecure API is still part of Windows, and widely used.
For the record, I too despise the control, but then like I said if you don't like it, don't use it.
You don't have the option of "not using it" if you're running Windows. It's the standard HTML control and it's used by almost all programs that render HTML. The fact that you can do something else
Either way, it appears to just be sloppy programming if what you say is true.
It's inherent in the design. Every time you force another entity (application, shell, interpreter) to perform parsing and evaluation of something that has to remain secure, you create a new class of security holes. If there is no mechanism to specify correct quoting, then you create an inherently unfixable security hole. It doesn't matter if you're calling the helper application from
There is a similar API in UNIX, the 'system' call. Secure applications don't use it, they use the underlying exec() call that avoids the extra layer of interpretation. In Windows, the command line IS the API... the called application doesn't receive an argument vector, it receives a command line and (if needed) recreates the argument vector from it. So, again, this insecure API is part of Windows, and widely used.
It's actually rather clever really, take a look - http://www.microsoft.com/technet/community/columns/cableguy/cg0906.mspx
That just enables and disables the whole service. It doesn't allow you to have your computer listen to file and print connections from (for example) an internal virtual machine while not listening to those connections from the outside world, WITHOUT using a firewall. The equivalent services on UNIX can *all* be bound to a particular network interface (usually because the network connections are handled by a superserver like inetd, xinetd, or tcpserver), so you can get the same level of security in a mixed network environment... and *then* add a firewall.
Window may have mechanisms to allow a superserver model to be used, I would be surprised if they didn't, but they haven't implemented one (unless you count LAN Manager (whatever it's called this week... 'file and print') itself). Instead every service application opens its own listening socket and few if any have a mechanism to request them to listen only for connections to specific interfaces (in particular, LMGR doesn't). So the API actually used is still inherently insecure.
Microsoft can't fix this in the current platform without pain. Too many applications are using inherently insecure APIs like these. They have to deprecate those APIs and declare a flag day after which they will no longer be provided. This will be highly disruptive... even more so than Vista has been. But there really isn't an alternative if they want to transition to a system that is secure by design rather than just create more leaky sandboxes.
* As a side issue, the
But Outlook 2003 uses the aforementioned control, with the same effect I mentioned.
Not according to these vulnerability reports. If it was possible to call the standard Microsoft HTML control securely these problems could not have occurred, because there would be no mechanism in the embedded control to elevate privileges:
http://secunia.com/advisories/11572/
http://secunia.com/advisories/11067/
In addition, this appears to be a similar flaw in the Word HTML control they switched to:
http://secunia.com/advisories/12041/
Source? I'm still waiting for the "Microsoft admits command-line parsing is terrible" document you mentioned.
It was in the recent IE versus Firefox row. Microsoft claimed that it was up to Firefox to handle anything IE threw at it, because it wasn't possible in principle for IE to sanitize what it sent to programs to ensure that they would never misinterpret malicious embedded quotes. They were right, in that Firefox should handle anything that IE threw at it, but they don't provide a general way to allow a program to both handle arbitrarily complex file names AND handle malicious input containing embedded quotes. The general solution seems to be to have the programs special-case internet explorer, so that if the first argument looks like a URL they treat embedded quotes as either literal or an error, and don't allow multiple arguments. The problem is that while this solves that special case it doesn't provide a way for them to be called securely from any other application.
There are a couple of solutions for this. One is to provide a separate EXE to be used for untrusted sources, and register that... but then that limits what can be passed to the program in a URI from the command line, Windows Explorer, internally, or from other trusted programs (such as scripts or applications using your program for display). Microsoft could resolve that by providing a separate set of bindings for
I expect that's more ports than Linux has open by default, but still, it's not terrible.
I consider file and print sharing a terrible thing to leave open.
(and, yes, four is more than zero - which is what any UNIX variant with pretensions to security has open)
on public networks, Vista will close off all ports on that interface.
Correct me if I'm wrong here, but I believe it does it using a firewall, not by having the services bound only to internal ports or not running at all. My point is that this makes the firewall a part of the normal operation of the system, not an extra layer of security.
At one point you were saying, "When our customers demand it, that's when we'll consider interoperability."
Nobody's ever demanded it. People know up front that when they buy music from the iTunes music store it plays on iPods, and so we're not trying to hide anything there.
That's because you gave them interoperability, and as much quality as they were willing to spend memory on, by burning to CDs.
But he lets people figure that out, because it wouldn't sound good to the labels if he said "it's only honor system DRM".
And of course since then, he's apparently convinced EMI (at least) that the honor system is better for business than trying to pretend you've got magic copy protection skills.
It seems to me that if the many worlds theory is correct that at the beginning (big bang or what not) that each quantum state of a universe subdivision would end up with very different universes (galaxies in different locations, different states of matter, even different physical laws if the changes were enough).
Well, yes, that's kind of a direct outcome of the model. The universe is a superposition of all possible states of the universe, and we only "observe" a little tiny selection of those states because we're measuring the universe using tools that are inside the universe.
It's weird, but if you think about it a while it makes sense.
Strange that none of the wackos who advocate this, and I use the term very loosely, "theory", bother to expain where all of the mass and energy is coming from for all of these extra universes.
The mass and energy isn't coming from anywhere, because there's no new particles being created. The particles are the same ones, in all universes, their state is just getting more complex, and each "parallel universe" is just a description of one consistent state of all the particles of the universe over all histories. We only observe the particles as as having measurable (subject to Heisenberg) positions and velocities because we're using other particles to measure what those positions are.
A better question might be "where is the information needed to describe the state of the particle stored". Or to put it another way "how many bits does God's Computer have, and can we hack it?"