It's possible to be walled garden without being iron fisted.
The main complaint here isn't that an app needs to progress through the approval process before it's released to Apple's users. It's that Apple has a requirement that they get a 30% cut of any revenue generated through iTunes. Then they're using the app store approval process to reject any version of the app that doesn't have the ability to subscribe through iTunes. This prevents Spotify from simply saying "Go to spotify.com in order to purchase a premium membership" (or whatever they call it).
It's dishonest reporting at best. The most likely interpretation for the phrase "get 'full self-driving features'" is that the car will suddenly become fully self-driving.
Only if you don’t actually bother reading the story.
Which is kinda the point the OP is making. The only way to read the story is to click on the misleading headline and give the author the pageview they are gunning for by crafting a misleading headline.
That's kind of my thoughts on it, too. And who is at a disadvantage in this scheme? Is it the person entered in row 13,428? Or anybody who was entered on July 16th? The chances of ending up at an advantage or a disadvantage are themselves probably pretty random.
If only there was a state out there that was full of people that knew how to make cars. Perhaps if such a place existed, it may have been a better place for Tesla to HQ than silicon valley was.
Makes me glad I took the somewhat drastic step of disabling SMBv1 on my network. As an added bonus, this makes it so Windows XP and Server 2003 are useless:).
It just struck me that this is not just about headphones, but also things like the Square reader that plugs into the headphone jack.
That was about the third thought I had when Apple announced the change. Square developed this card reader that attached to the iPhone, but rather than going through the proprietary Apple connector (where Apple would demand a royalty) they used the good old standard headphone jack (where Apple doesn't get paid).
This was my first thought when I read the summary as well. S/MIME is even built into the default mail app in iOS... not sure about Android (or any of its manufacturer variants).
The biggest problem with S/MIME is managing the certificates. People generally won't want to deal with having a different private key on every device they use for their email... especially when you consider that doing so would require the sender to sign with the correct public key for the device the recipient wants to read it from. Not gonna happen. So you need to have a private key that can be securely copied to every device the user checks email on.
And, of course, the second biggest problem is webmail. Though I have no doubt if S/MIME were to really take off there would be an API for decrypting message in a browser window while keeping the private key private. It would make it impossible to read messages on some random computer... but then again, putting your password into a random computer isn't really a good idea anyway:).
Sadly this probably means tons of mixed content security errors are about to start happening. Everybody who linked to an image in their blog with the full URL (http://site.com/image.png) will have images that used to load with no problem start throwing up security errors. I had this problem when I got the Let's Encrypt certificate for my blog. Had to go back and change all the images I had loaded in my previous posts to use my new https URLs. Fortunately, I don't post often so there weren't too many...
I'm pretty sure that my SSL VPN would not be included in this survey as we don't publish it and only give the URL to those that need it... But if it were, it would be in this insecure category because of an untrusted certificate. Except it's not. The certificate is signed using our internal CA which is trusted on all company computers. We don't want people connecting using their personal computers so I'm not at all concerned with putting a globally trusted cert on it. Other than that, it is secure. We don't use SHA1, we do use TLS rather than SSL, and we use FS. So while they would call it a fail, I would not.
The vendor needs to be taken to task. The vendor has security access to the data. Supposedly, the staff of the vendor should have been trained properly. Also, even if the public agency didn't disclose the breach. The vendor should have publicly disclosed the breach. It obviously didn't either.
This
Like many people on this site, I work in IT. I get requests for access to data all the time. Some are obvious that they should be granted (a new manager is hired and they ask for access to the management section of the file server). Some are obvious they shouldn't be granted (an engineer asks for access to our controlled documents, which by company policy are restricted to only 2 people [uncontrolled versions are available to larger groups]). Some are less obvious. In those cases, I typically push the request up to somebody who has the authority to authorize (or reject) the request... though not the ability to grant the access.
A request asking that all employees social security numbers and birth dates be published to the public most definitely would fall in the "obvious they shouldn't be granted" category. Seriously, who thought for one second that was a good idea. If I had a request come in to put that list together for anybody, let alone public consumption, you can bet I wouldn't rush to get it done (article says it was same day turn-around). I'd run it as high up the flag pole as I could and get a top level sign-off on it... even if the message said it had been approved by the company lawyers. Somebody should have figured out that Social Security Numbers and Public Access don't go in the same sentence.
My thoughts exactly. And they also have minute bundles you can purchase. Really? I mean outside of prepay, does anybody even use "minutes" anymore?
There is one feature that appeals to me: the ability to do Remote Start via the app. But it's not available on my model year and definitely not worth $200/yr.
My Fusion is a 2011 with the old 2 line display. No touch screen, so all my sources are physical buttons (well, kinda... there's an "Aux" button that has the USB, 1/8" jack, and Bluetooth Audio in it).
Do you find that Sync Services has any value? It just seems odd to me that they couldn't have found a better way to communicate with the system than using your phone as a modem, thus requiring a subscription service. I'm not really into that side of things, but couldn't they have used Bluetooth to transfer the required information?
My other vehicle is a Ford Fusion. It has the Microsoft Sync system built in, though similar to your Mazda, it also has Sirius radio. I bought this vehicle used, but Sirius/XM was nice enough to include a 3 month free trial for me (like you said, to try to hook me... and to get my contact info). I used the 3 month trial which also happened to be football season. I actually did enjoy the talk stations from time to time and did like being able to tune in a game when I wasn't at home to watch it. But, as you said, nowhere near worth the price they want for it. I still get calls and letters from time to time offering me a "great" introductory rate. I ignore them all.
I recently took a trip to Canada. I had the thought that it would have been nice to start a trial as I was pulling out of the driveway (I wasn't ever going to be more than 50 miles from the US/Canada border... down in the area next to Michigan... so I'm assuming I would still be able to pick up service. I hadn't set it up, though, so I had to think of other solutions. So I just loaded up Pandora on my phone and blue-tooth streamed it until I got to the border. Then played the music that was stored on the phone. Way cheaper, and streaming Pandora avoided the stagnant music issue I would have had just playing music from my phone the whole trip (not to mention International roaming rates).
Unfortunately, my car does have a physical button for Sirius, but it's only one button in the mix of a whole slew of others, so I can ignore it.
My GM vehicle (an Acadia) does also have XM in it, but like your Mazada it's a touch screen so the vast majority of the time, the "XM" isn't even displayed anywhere... just those darned OnStar buttons.
I've gotta believe that this concierge service is mostly GM's OnStar. I think the biggest surprise for me in the statistic that 43% of the people never use it is that 57% have. Though I guess just trying it out one time to see how it works would no longer qualify you for the "never used it" category.
The simple fact is that most people don't want to be hit with a $100 (lowest tier paid annually) to $420 (highest plan paid monthly) per year bill on top of their car payment*. I have a vehicle that has OnStar built into it and I would much rather rip the whole thing out (including the buttons they spread through-out the car) and replace it with a simple BlueTooth connection to the stereo.
My guess would be that I'm still safe... try root at all, instant ban. Try an invalid account, grace one time (even I make a typo sometimes). Try a valid account more than 3 times? Banned. Unless, of course, this attack somehow bypasses the mechanism DenyHosts uses to detect those invalid logins... but I don't know that I saw enough information in the article to answer that question.
$ is just an alias to the jQuery object (so, as I recall, $.bind() is equivalent to jQuery.bind()...) which would mean that $.bind() is not the right answer (without even using the fact that you asked the question as a hint to what the answer is).
The utility generates at wholesale prices, and then they are forced to buy it back at retail prices. In a way it costs the utility twice, once in lost revenue (arguable as conservation, agreed) and twice in paying more for power than they would when generating it alone.
That is some bad math. They are turning around and selling it at the same price they paid for it. That's not a loss, that's break even.
That may sound logical, but it's not. Changing the amount of energy being generated at any given moment is a very difficult thing to do. Because of that, the utility very rarely sells everything that it generates. They make up for the lost electricity by in the difference between wholesale and retail pricing. There are a lot of other things that are also wrapped up in that cost difference (salaries for all of their employees from the CEO down to the meter reader, maintenance costs for the lines, substations, the transformer on the pole outside your house, future and/or past CAPEX projects, etc). Even if you ignore all those other costs and pretend like they don't exist, the difference between what is generated and what can be sold results in a loss when they have to buy it for the same price they're selling it.
I'm all for saying that the utility should be forced to buy excess power generated by the solar panels. But it does seem that purchasing that power at wholesale would be more fair.
And, while we are at it, have you checked the rates for commercial customers versus residential? Commercial gets a significant discount in price over residential. Fix that outright subsidy before coming after subsidies that pay for the development of cleaner forms of energy.
Have you checked the price of toilet paper at Sam's club vs the local grocery store? Any time you buy in bulk you get a discount.
Pretty much. Did passenger cars in trains need windows? Do airplanes need windows? Do houses need windows?
Obviously the windows in today's cars need to provide a LOT of visibility so the driver can see as much as possible. But taking away a driver's need to see doesn't take a way the need for windows.
After the deal, Comcast's franchises in those areas would be transferred to GreatLand.
And it looks like Comcast is writing checks they don't even have to cash. They'll provide the "free" cable until the merger goes through, then it becomes the burdon of GreatLand Connections.
Wrong. Most MTAs (for a long time now) will attempt TLS if available.
Not really wrong... more like right. Heck, you even validated what he said when you qualified your statement with if available... if it's not available, it will simply send it in plain text. It won't notify you. It won't notify the next person down the line, etc. Neither you nor your recipient will have any way to know if the message was transmitted at some point in plain text. And it's a guarantee that it sat on every mail server it touched unencrypted.
Therefore, the safe option is to assume it will not be encrypted at any point unless you use some kind of end-to-end encryption (X509, PGP, etc).
No, what it is doing (to borrow the analogy from an eralier posting) is opening every letter in an evelope, putting the contents in a see-through bag and adding a new addres label.
Except that's not what it's doing. You're handing the letter to them and asking them to put it in an envelope, preferably one of those fancy ones that make it harder to see the contents, and send it. They're pretending like they don't have any of those fancy envelopes and instead putting it in a clear plastic bag. If you want it in a fancy envelope, make sure you specify that it has to be rather than that's what you'd like it to be.
Or, better yet, mask the contents yourself at the application layer rather than relying on the transport layer. X.509 and PGP are both pains, but they do work and would make this a total non-issue.
Slashdot Mirror
It's possible to be walled garden without being iron fisted.
The main complaint here isn't that an app needs to progress through the approval process before it's released to Apple's users. It's that Apple has a requirement that they get a 30% cut of any revenue generated through iTunes. Then they're using the app store approval process to reject any version of the app that doesn't have the ability to subscribe through iTunes. This prevents Spotify from simply saying "Go to spotify.com in order to purchase a premium membership" (or whatever they call it).
It's dishonest reporting at best. The most likely interpretation for the phrase "get 'full self-driving features'" is that the car will suddenly become fully self-driving.
Only if you don’t actually bother reading the story.
Which is kinda the point the OP is making. The only way to read the story is to click on the misleading headline and give the author the pageview they are gunning for by crafting a misleading headline.
That's kind of my thoughts on it, too. And who is at a disadvantage in this scheme? Is it the person entered in row 13,428? Or anybody who was entered on July 16th? The chances of ending up at an advantage or a disadvantage are themselves probably pretty random.
If only there was a state out there that was full of people that knew how to make cars. Perhaps if such a place existed, it may have been a better place for Tesla to HQ than silicon valley was.
Makes me glad I took the somewhat drastic step of disabling SMBv1 on my network. As an added bonus, this makes it so Windows XP and Server 2003 are useless :).
It just struck me that this is not just about headphones, but also things like the Square reader that plugs into the headphone jack.
That was about the third thought I had when Apple announced the change. Square developed this card reader that attached to the iPhone, but rather than going through the proprietary Apple connector (where Apple would demand a royalty) they used the good old standard headphone jack (where Apple doesn't get paid).
Obviously I can't prove that...
This was my first thought when I read the summary as well. S/MIME is even built into the default mail app in iOS... not sure about Android (or any of its manufacturer variants).
The biggest problem with S/MIME is managing the certificates. People generally won't want to deal with having a different private key on every device they use for their email... especially when you consider that doing so would require the sender to sign with the correct public key for the device the recipient wants to read it from. Not gonna happen. So you need to have a private key that can be securely copied to every device the user checks email on.
And, of course, the second biggest problem is webmail. Though I have no doubt if S/MIME were to really take off there would be an API for decrypting message in a browser window while keeping the private key private. It would make it impossible to read messages on some random computer... but then again, putting your password into a random computer isn't really a good idea anyway :).
Sadly this probably means tons of mixed content security errors are about to start happening. Everybody who linked to an image in their blog with the full URL (http://site.com/image.png) will have images that used to load with no problem start throwing up security errors. I had this problem when I got the Let's Encrypt certificate for my blog. Had to go back and change all the images I had loaded in my previous posts to use my new https URLs. Fortunately, I don't post often so there weren't too many...
I'm pretty sure that my SSL VPN would not be included in this survey as we don't publish it and only give the URL to those that need it... But if it were, it would be in this insecure category because of an untrusted certificate. Except it's not. The certificate is signed using our internal CA which is trusted on all company computers. We don't want people connecting using their personal computers so I'm not at all concerned with putting a globally trusted cert on it. Other than that, it is secure. We don't use SHA1, we do use TLS rather than SSL, and we use FS. So while they would call it a fail, I would not.
The vendor needs to be taken to task. The vendor has security access to the data. Supposedly, the staff of the vendor should have been trained properly. Also, even if the public agency didn't disclose the breach. The vendor should have publicly disclosed the breach. It obviously didn't either.
This
Like many people on this site, I work in IT. I get requests for access to data all the time. Some are obvious that they should be granted (a new manager is hired and they ask for access to the management section of the file server). Some are obvious they shouldn't be granted (an engineer asks for access to our controlled documents, which by company policy are restricted to only 2 people [uncontrolled versions are available to larger groups]). Some are less obvious. In those cases, I typically push the request up to somebody who has the authority to authorize (or reject) the request... though not the ability to grant the access.
A request asking that all employees social security numbers and birth dates be published to the public most definitely would fall in the "obvious they shouldn't be granted" category. Seriously, who thought for one second that was a good idea. If I had a request come in to put that list together for anybody, let alone public consumption, you can bet I wouldn't rush to get it done (article says it was same day turn-around). I'd run it as high up the flag pole as I could and get a top level sign-off on it... even if the message said it had been approved by the company lawyers. Somebody should have figured out that Social Security Numbers and Public Access don't go in the same sentence.
My thoughts exactly. And they also have minute bundles you can purchase. Really? I mean outside of prepay, does anybody even use "minutes" anymore?
There is one feature that appeals to me: the ability to do Remote Start via the app. But it's not available on my model year and definitely not worth $200/yr.
My Fusion is a 2011 with the old 2 line display. No touch screen, so all my sources are physical buttons (well, kinda... there's an "Aux" button that has the USB, 1/8" jack, and Bluetooth Audio in it).
Do you find that Sync Services has any value? It just seems odd to me that they couldn't have found a better way to communicate with the system than using your phone as a modem, thus requiring a subscription service. I'm not really into that side of things, but couldn't they have used Bluetooth to transfer the required information?
My other vehicle is a Ford Fusion. It has the Microsoft Sync system built in, though similar to your Mazda, it also has Sirius radio. I bought this vehicle used, but Sirius/XM was nice enough to include a 3 month free trial for me (like you said, to try to hook me... and to get my contact info). I used the 3 month trial which also happened to be football season. I actually did enjoy the talk stations from time to time and did like being able to tune in a game when I wasn't at home to watch it. But, as you said, nowhere near worth the price they want for it. I still get calls and letters from time to time offering me a "great" introductory rate. I ignore them all.
I recently took a trip to Canada. I had the thought that it would have been nice to start a trial as I was pulling out of the driveway (I wasn't ever going to be more than 50 miles from the US/Canada border ... down in the area next to Michigan ... so I'm assuming I would still be able to pick up service. I hadn't set it up, though, so I had to think of other solutions. So I just loaded up Pandora on my phone and blue-tooth streamed it until I got to the border. Then played the music that was stored on the phone. Way cheaper, and streaming Pandora avoided the stagnant music issue I would have had just playing music from my phone the whole trip (not to mention International roaming rates).
Unfortunately, my car does have a physical button for Sirius, but it's only one button in the mix of a whole slew of others, so I can ignore it.
My GM vehicle (an Acadia) does also have XM in it, but like your Mazada it's a touch screen so the vast majority of the time, the "XM" isn't even displayed anywhere... just those darned OnStar buttons.
And in general "concierge services" fail.
I've gotta believe that this concierge service is mostly GM's OnStar. I think the biggest surprise for me in the statistic that 43% of the people never use it is that 57% have. Though I guess just trying it out one time to see how it works would no longer qualify you for the "never used it" category.
The simple fact is that most people don't want to be hit with a $100 (lowest tier paid annually) to $420 (highest plan paid monthly) per year bill on top of their car payment*. I have a vehicle that has OnStar built into it and I would much rather rip the whole thing out (including the buttons they spread through-out the car) and replace it with a simple BlueTooth connection to the stereo.
* https://www.onstar.com/us/en/p...
My question is, how does this apply to DenyHosts?
My guess would be that I'm still safe... try root at all, instant ban. Try an invalid account, grace one time (even I make a typo sometimes). Try a valid account more than 3 times? Banned. Unless, of course, this attack somehow bypasses the mechanism DenyHosts uses to detect those invalid logins... but I don't know that I saw enough information in the article to answer that question.
So what does it do?
$ is just an alias to the jQuery object (so, as I recall, $.bind() is equivalent to jQuery.bind()...) which would mean that $.bind() is not the right answer (without even using the fact that you asked the question as a hint to what the answer is).
The utility generates at wholesale prices, and then they are forced to buy it back at retail prices. In a way it costs the utility twice, once in lost revenue (arguable as conservation, agreed) and twice in paying more for power than they would when generating it alone.
That is some bad math. They are turning around and selling it at the same price they paid for it. That's not a loss, that's break even.
That may sound logical, but it's not. Changing the amount of energy being generated at any given moment is a very difficult thing to do. Because of that, the utility very rarely sells everything that it generates. They make up for the lost electricity by in the difference between wholesale and retail pricing. There are a lot of other things that are also wrapped up in that cost difference (salaries for all of their employees from the CEO down to the meter reader, maintenance costs for the lines, substations, the transformer on the pole outside your house, future and/or past CAPEX projects, etc). Even if you ignore all those other costs and pretend like they don't exist, the difference between what is generated and what can be sold results in a loss when they have to buy it for the same price they're selling it.
I'm all for saying that the utility should be forced to buy excess power generated by the solar panels. But it does seem that purchasing that power at wholesale would be more fair.
And, while we are at it, have you checked the rates for commercial customers versus residential? Commercial gets a significant discount in price over residential. Fix that outright subsidy before coming after subsidies that pay for the development of cleaner forms of energy.
Have you checked the price of toilet paper at Sam's club vs the local grocery store? Any time you buy in bulk you get a discount.
People who get car sick need windows. Nuff said.
Pretty much. Did passenger cars in trains need windows? Do airplanes need windows? Do houses need windows?
Obviously the windows in today's cars need to provide a LOT of visibility so the driver can see as much as possible. But taking away a driver's need to see doesn't take a way the need for windows.
I honestly can't believe this is even a question.
He specifically said no fines, that they have to provide the service as the fine.
And if they don't?
OK, fine... add a fine. Set a deadline. If they don't comply after that deadline it's a $10k/day fine :).
This was my thought exactly. Sadly, Google has proven themselves to be very unreliable.
Couple that with this statement:
After the deal, Comcast's franchises in those areas would be transferred to GreatLand.
And it looks like Comcast is writing checks they don't even have to cash. They'll provide the "free" cable until the merger goes through, then it becomes the burdon of GreatLand Connections.
I'm not nostalgic for Windows 7.... I still run it! On all of our networked computers.
Wrong. Most MTAs (for a long time now) will attempt TLS if available.
Not really wrong... more like right. Heck, you even validated what he said when you qualified your statement with if available... if it's not available, it will simply send it in plain text. It won't notify you. It won't notify the next person down the line, etc. Neither you nor your recipient will have any way to know if the message was transmitted at some point in plain text. And it's a guarantee that it sat on every mail server it touched unencrypted.
Therefore, the safe option is to assume it will not be encrypted at any point unless you use some kind of end-to-end encryption (X509, PGP, etc).
No, what it is doing (to borrow the analogy from an eralier posting) is opening every letter in an evelope, putting the contents in a see-through bag and adding a new addres label.
Except that's not what it's doing. You're handing the letter to them and asking them to put it in an envelope, preferably one of those fancy ones that make it harder to see the contents, and send it. They're pretending like they don't have any of those fancy envelopes and instead putting it in a clear plastic bag. If you want it in a fancy envelope, make sure you specify that it has to be rather than that's what you'd like it to be.
Or, better yet, mask the contents yourself at the application layer rather than relying on the transport layer. X.509 and PGP are both pains, but they do work and would make this a total non-issue.
In fairness, I was able to watch Amazon instant video just fine last night but Netflix wasn't working at all.