I don't think that tablets or smartphones will "kill" the PC (desktop or laptop), but I do think things are lining up to allow the computing world to become more diverse and less of a monoculture (Windows running on Intel).
- Robust and fairly standardized HTML5 support allowing complex applications - Webkit and Firefox allowing good standards support for the web for many different platforms and players - Increased use and familiarity with smart phones and other non-PC devices (iPads, Kindles, etc....) - Increasing market share for Mac, iOS, and Android - Microsoft's Vista black eye
And most importantly: - The non-geek public is coming to realize their devices only need a good standards-based browser and maybe a place to get apps for that platform (As long as the device does the web fairly well, it can be useful.) - They do not NEED to have Windows to survive and be productive; it is just one option among many
What I think and hope we are approaching is a tech world where standards provide a basis for minimum (yet still useful) functionality and the different platforms compete on style and added value BEYOND the basic necessities. This will give us a thriving and competitive market where things continue to improve. I hope.
I'd be willing to bet the reason they removed the ExpressCard slot is that the iPhone OS 3.0 supports tethering, and 3G access is by far the main reason to add a card. Most people who were likely to need the slot needed it for cell access, and now there's another (better for Apple) option. It is not perfect for every situation, but that is how Apple tends to operate.
Why not consider a compromise? Let the ISP's run QoS (not blocks, and only when qualifying traffic was present like weighted fair queuing), but only on a certain percentage (say 50%) of available bandwidth on each link AND in aggregate. This would allow them to come up with creative business deals to protect certain traffic including their own, but leave half the bandwidth as "net neutral" allowing good throughput for other stuff too.
In effect, it would be like having two pipes, one of which was pure net neutral and could "borrow" from the other when qualifying traffic was not taking up its portion. Most of the time there wouldn't be that much qualifying protected traffic, so the actual available bandwidth would be better than the assigned percentage.
Aside from that, bandwidth caps and monopolies are different problems requiring different solutions.
If was only a little smaller, had a great interface to play music and movies, and you could run VNC, access the device with WebDAV, and you could install inexpensive apps on it (say $0.99 and up) from an online store. Yeah, if only there was device like that.
Well until then, I guess I'll keep using my iPod Touch.
(from http://gp.darkproductions.com/2007/11/leopard-1051-is-out-with-security-fixes.html ) I think the important fixes are: 1. Apple has cleared up the mislabeling and confusion regarding "Block ALL connections". 2. They fixed the firewall so changes go into effect immediately (as they should) and root processes can be blocked, if desired.
They may have fixed the problem with signing applications that do their own checksums or integrity checks. This wasn't as clear in the release notes, so we'll have to wait and see.
But still remaining: 1. ALL root processes are still allowed incoming traffic, unless specifically denied. I'd prefer they be blocked, unless specifically allowed or allowed via a GUI where you could select basic groups of functionality. 2. ipfw is still sitting around doing nothing. I'd like to see a built-in interface to ipfw to close off traffic or do "Little Snitch" monitoring of outgoing traffic.
I personally don't like relying on only one layer of protection, especially when it is brand new. With ipfw installed and available, I wish they'd use it for another layer of protection (at least until the new firewall has some realworld testing done).
Also, as some other folks have mentioned: Apple has a well-deserved reputation for security in Mac OS X. But a times, they have also had a reputation for stubbornly sticking to an idea, even if it is disliked. In this case, I think were seeing more of the former than the latter.
Most people are using "software" firewall to refer to a service or package running as software on the same (and only) client machine that is being protected. "Hardware" firewall is generally being used to refer to a device external to the client or clients capable of protecting multiple clients while not using any resources on the client.
I think it is correct to think of a software firewall as a layer on top of the TCP stack acting on packets that have already arrived at the client. A hardware client can prevent packets from ever reaching the clients behind it.
I believe in a layered approach to security. Each layer should provide protection making it more difficult and less likely that an automated or manual attack will break all the intervening layers and reach the protected client. So, I would always want to have a "hardware" firewall in the mix.
But I like the functionality a software firewall can provide by having data about the services and running state of the client itself. A hardware firewall will generally not have and not care about the configuration of the client, but a software firewall will have access to this information. It can make things easier to administer by opening the correct ports when a service is enabled or warning the user that an accessible executable has changed.
But no matter what you do, don't convince yourself you are protected from everything. A little paranoia goes a long way.
In my opinion, it looks like this is a fairly straightforward case of the security folks assuming a certain "traditional" firewall behavior is the goal and Apple using poor (technically inaccurate) language in the UI. Hasn't Apple touted their new "application-based" firewall enough for these folks to see what they were doing with Leopard's firewall?
Slashdot Mirror
I don't think that tablets or smartphones will "kill" the PC (desktop or laptop), but I do think things are lining up to allow the computing world to become more diverse and less of a monoculture (Windows running on Intel).
- Robust and fairly standardized HTML5 support allowing complex applications ...)
- Webkit and Firefox allowing good standards support for the web for many different platforms and players
- Increased use and familiarity with smart phones and other non-PC devices (iPads, Kindles, etc.
- Increasing market share for Mac, iOS, and Android
- Microsoft's Vista black eye
And most importantly:
- The non-geek public is coming to realize their devices only need a good standards-based browser and maybe a place to get apps for that platform (As long as the device does the web fairly well, it can be useful.)
- They do not NEED to have Windows to survive and be productive; it is just one option among many
What I think and hope we are approaching is a tech world where standards provide a basis for minimum (yet still useful) functionality and the different platforms compete on style and added value BEYOND the basic necessities. This will give us a thriving and competitive market where things continue to improve. I hope.
http://john.osbornecentral.com/
I'd be willing to bet the reason they removed the ExpressCard slot is that the iPhone OS 3.0 supports tethering, and 3G access is by far the main reason to add a card. Most people who were likely to need the slot needed it for cell access, and now there's another (better for Apple) option. It is not perfect for every situation, but that is how Apple tends to operate.
Why not consider a compromise? Let the ISP's run QoS (not blocks, and only when qualifying traffic was present like weighted fair queuing), but only on a certain percentage (say 50%) of available bandwidth on each link AND in aggregate. This would allow them to come up with creative business deals to protect certain traffic including their own, but leave half the bandwidth as "net neutral" allowing good throughput for other stuff too.
In effect, it would be like having two pipes, one of which was pure net neutral and could "borrow" from the other when qualifying traffic was not taking up its portion. Most of the time there wouldn't be that much qualifying protected traffic, so the actual available bandwidth would be better than the assigned percentage.
Aside from that, bandwidth caps and monopolies are different problems requiring different solutions.
If was only a little smaller, had a great interface to play music and movies, and you could run VNC, access the device with WebDAV, and you could install inexpensive apps on it (say $0.99 and up) from an online store. Yeah, if only there was device like that.
Well until then, I guess I'll keep using my iPod Touch.
The parent is a great post. More like an article.
(from http://gp.darkproductions.com/2007/11/leopard-1051-is-out-with-security-fixes.html )
I think the important fixes are:
1. Apple has cleared up the mislabeling and confusion regarding "Block ALL connections".
2. They fixed the firewall so changes go into effect immediately (as they should) and root processes can be blocked, if desired.
They may have fixed the problem with signing applications that do their own checksums or integrity checks. This wasn't as clear in the release notes, so we'll have to wait and see.
But still remaining:
1. ALL root processes are still allowed incoming traffic, unless specifically denied. I'd prefer they be blocked, unless specifically allowed or allowed via a GUI where you could select basic groups of functionality.
2. ipfw is still sitting around doing nothing. I'd like to see a built-in interface to ipfw to close off traffic or do "Little Snitch" monitoring of outgoing traffic.
I personally don't like relying on only one layer of protection, especially when it is brand new. With ipfw installed and available, I wish they'd use it for another layer of protection (at least until the new firewall has some realworld testing done).
Also, as some other folks have mentioned: Apple has a well-deserved reputation for security in Mac OS X. But a times, they have also had a reputation for stubbornly sticking to an idea, even if it is disliked. In this case, I think were seeing more of the former than the latter.
Most people are using "software" firewall to refer to a service or package running as software on the same (and only) client machine that is being protected. "Hardware" firewall is generally being used to refer to a device external to the client or clients capable of protecting multiple clients while not using any resources on the client.
I think it is correct to think of a software firewall as a layer on top of the TCP stack acting on packets that have already arrived at the client. A hardware client can prevent packets from ever reaching the clients behind it.
I believe in a layered approach to security. Each layer should provide protection making it more difficult and less likely that an automated or manual attack will break all the intervening layers and reach the protected client. So, I would always want to have a "hardware" firewall in the mix.
But I like the functionality a software firewall can provide by having data about the services and running state of the client itself. A hardware firewall will generally not have and not care about the configuration of the client, but a software firewall will have access to this information. It can make things easier to administer by opening the correct ports when a service is enabled or warning the user that an accessible executable has changed.
But no matter what you do, don't convince yourself you are protected from everything. A little paranoia goes a long way.
In my opinion, it looks like this is a fairly straightforward case of the security folks assuming a certain "traditional" firewall behavior is the goal and Apple using poor (technically inaccurate) language in the UI. Hasn't Apple touted their new "application-based" firewall enough for these folks to see what they were doing with Leopard's firewall?
-d