Isn't Apple's whole marketing strategy to make a platform that "just works" - as soon as you start talking about having people code their own drivers you might as well go with either windows (where EVERYTHING has a driver from the vendor), or linux (which is FOSS). Especially if you couple it with the software missing features you need in the first place.
Wouldn't relying on GPS in a nuclear war be a bit crazy unless you were planning a first strike? That is, unless you expect your GPS satellites to survive the first strike?
I would think that LEO would be EMP city not long into WWIII.
Of course, if the submarine updates its position periodically then it would have a moderately accurate fix to start with, but I can't imagine that INS is that reliable with the accuracy of modern ICBMs. Then again, don't ICBMs have star-finders or such built into them once they get outside the atmosphere? So, you really should only need a pretty general idea of your location to launch one...
Uh, how do you get the stuff you mine back down to earth?
It isn't like you can just take a ton of iron ore and put it on an intercept orbit for your warehouse on the ground, unless you are looking to upgrade it with a REALLY big basement.f
Maybe for really exotic stuff it could make sense. However, if it were economical somebody would already be doing it.
If I recall, most people's complaints were along the complaints that there were only about three or four unique building types. Hell, they could have just added a bunch more buildings and locations for variety and I would have been happy.
Well, that and driving around the tank on the terrain they put on the maps was like driving a shopping cart with a bad wheel. I love the little rocket thrusters that let you jump all of about 3 feet in the air. The tank can apparently drop from near-orbit, and somehow get back to the ship, but it can't get past a mountain range without slogging it up some hill at a creeping speed because I'm too lazy to drive halfway around the planet after tumbling down the side of the hill or something.
The tank was nice, but often pretty annoying. Not nearly as annoying as planet-scanning, however.
Or if the soldier isn't part of a US or NATO unit, there's the distinct possibility that the ground terminal will get "lost". "Lost" crypto gear with valid keys upsets people. And you can't have a frequent key rotation because you can't count on reliable communications with the ground units to send the new keys.
Put a unique key in each piece of communications equipment. You only send broadcasts encrypted with keys that the targeted receivers can decode. The main risk I'd see is if somebody clones the device undetected, so that it doesn't get revoked. However, that cloned key is only of use receiving signals specifically addressed to that receiver, and only until the key is rotated. Also, if the encryption is asymmetric and two-way and the right algorithm is used to negotiate the session key then you can't even do that unless you can actively participate in the communications (which is very risky against somebody like the USA with extensive DF capability). Illustrative example - the base generates half a session key and sends it to the remote station using its key (the enemy can steal this), the remote station generates half a session key and sends it to the base (the enemy can't steal this), and every packet after that uses both keys and is unreadable by anybody without both the base and remote keys.
And, you can still do key rotation - just do it opportunistically.
If the army could manage key distribution in WWII they certainly can do it in the modern age. It just requires not being lazy about it.
Well, if nothing else the drone could be given the field unit's public key and instructed to encrypt the session key using it by the base. Clearly the base can talk to the drone since that is where it is piloted from. And, if the drone can talk to the base and talk to the troops, it can also function as a repeater - we're talking about sending a couple of bytes on a channel that is otherwise sending a video feed, so it isn't like this is creating bandwidth constraints or otherwise increasing the RF profile of the drone.
Oh, and the drone is a lot stealthier from an RF perspective if it only sends its transmissions towards the satellite, which is up in the sky, instead of omnidirectionally towards the ground.
It smells more like someone who wanted to FUD the RSA product, quite frankly.
I'm not sure if FUD is really the right term here. FUD is Fear, Uncertainty, and Doubt.
Right now you can be CERTAIN that people who aren't supposed to have the ability to impersonate any RSA SecureID tokens you own. There is no DOUBT that people can use this to do you harm. So, you should be VERY AFRAID unless you've replaced them with some other solution that isn't completely owned.
FUD is making vague insinuations to get people to not use a product. There is nothing vague about this - a security vendor essentially designed a system that relied on their ability to keep a certain set of data secret, and that data is in hands unknown. They then let that compromise go unreported for months, so that those with vulnerabilities had no way to know they were vulnerable.
Never buy into a system that allows people to bypass your security if they have some token that your vendor has a copy of. If you want to be secure, generate the keys yourself.
Yeah, but you'd think that a company named "RSA" would think to maybe employ RSA...
And I can't see how this would impact battery life much - how often does one of these things really need to generate a key. Just put a clock in it, and then a button which generates a key on demand. That uses as much power as a digital watch, plus a hair bit more twice a day or whatever. There is no need to have it continuously generating keys when it is sitting in a briefcase...
Perhaps a bit of mental clouding is to be expected among individuals who run a weapon system "allowing U.S. forces to attack targets and spy on its foes without risking American lives"—apparently by killing them. Doublethink and duckspeak aren't conducive to organizational efficiency...but that's the price you have to pay to keep the terrorists from winning.
Uh, anybody who joins the military should know that their primary function is killing people, or making other people more effective at killing people, or otherwise helping to kill people. I'm not sure how that results in mental clouding - pretty smart people have been killing each other since the dawn of time.
And inefficient organizations are hardly something unique to the military. When people find a mistake in their records how many people drop what they're doing and call the corporate auditing group to tell them about it, versus just fixing it and hoping it never gets noticed? The only thing unique to the military is that organizational foul-ups can result in the wrong people getting killed.
Unless the latency is THAT big of a deal, the RVTs shouldn't know how to decrypt UAV video. They should just know how to decrypt a stream of video sent to them from the base, and the base needs to know how to decrypt the UAV's video.
If you capture an RVT then it can play whatever videos it was already authorized to play, until the base figures out is is missing and stops broadcasting the session keys encrypted with that particular RVT's key.
This stuff was solved ages ago by the likes of DirecTV/etc. Your tuner box can't decrypt the video feeds from the football stadium to the broadcaster's office, and they don't need to for you to watch the game. The cost of this is a few seconds of latency, which I doubt matters much for most purposes.
I'm not convinced this is an issue - it just requires a MITM.
Drone talks to satellite. Satellite talks to base.
Handheld PC talks to satellite. Satellite talks to base.
Base can send whatever to whoever.
You don't need to have point-to-point shared keys between every drone and every PC in the world. You can change the keys for any device at any time and nobody needs to know that it happened except for the base's computer, and the device's computer.
If the drone gets captured ideally the keys are hardened, but worst case you only get to decrypt the drone's recent transmissions since the key was last rotated.
I don't think the point was so much that the Intel strategy didn't make sense, but rather that it was confusing and that simply benchmarking performance doesn't make as much sense, unless you make one of the performance benchmarks "how many VMs can you run the following program on before completion time takes longer than foo."
I'd say his point was made in the 47 replies where everybody is going back and forth on what features various CPUs have and whether it matters. Clearly the situation is confusing.
If a CPU manufacturer is going to vary the instruction set/etc by chip then that should be part of the evaluation, or should be targeted in benchmarks. Running a 1999 video benchmark on the latest GPUs would be pointless as it wouldn't really differentiate between one chip that supports some crazy hardware antialiasing optimization and another that doesn't. In the same way if there are specific features that differentiate CPUs and have different prices then just running nbench or whatever won't really illustrate the differences.
I've personally gone with AMDs for a while. I tend to spend $100 give or take on a CPU and when you look at the whole picture AMD tends to be the better value for me, and I don't like to switch back and forth for every CPU. Plus AMD has a lot more motherboard variety.
Yup, the libertarian approach isn't to call the police, but to BE the police.
I don't know that they'd argue that home owners need to necessarily do the law enforcement themselves, but rather that they'd hire the cops. So, your apartment building gets together and hires a bunch of armed guys to respond to crime reports. Basically like how an office building might hire security guards. If somebody starts damaging company property at your office I bet the security guards won't take 10 hours to respond, because they know who is paying them.
I'm not sure I'm all for whole-hog police privatization, but the issue here is that cops are essentially completely unaccountable to the general public, since their jobs are basically secure regardless of performance. They aim to keep their bosses happy, and they're so many steps removed from a taxpayer that nobody cares. If somehow police responsiveness becomes an election issue then perhaps things might change a little, for a little while.
Yup - just learned that Xen now supports virtualization without guest support, but only with hardware virtualization support.
And I was running VMs on systems without hardware virtualization only a few months ago. Something like an Athlon64 is perfectly capable of running virtualbox with 32-bit hosts without any issues, and they're only a few years old.
Sure, it is nicer to have newer hardware, but if you don't and you don't want to be doing qemu software virtualization then you're going to be using vmware or virtualbox.
Sure, if you make a device that supports docking and a properly optimized UI for each interface it could take off. Nobody has really done that yet.
I'm still not convinced the Apple option is going to end up being cheaper than the competition in the end, and Apple is going to have to be more willing to bend if corporate IT is going to fully embrace it. Right now it is considered fine since it is only used to access email and attachments/etc. However, is a company going to be able to install the customized off-the-shelf ERP solution client software on the device without paying Apple some kind of fee that is going to become prohibitive? How about the control software for the CNC mill down the hall? There are a lot of things that desktops do in the enterprise and I think it will be a while before all of it works through a web-browser without plugins.
Well, I can sue you because I don't like your hair color. It doesn't mean that it will get anywhere, but I bet I can cost you a pretty penny defending yourself.
KVM is pretty comparable (well, if you have virtualization hardware extensions - on older CPUs it doesn't work unlike Virtualbox). I wouldn't call Xen comparable - it doesn't run unmodified guests. For running linux on linux it works fine, but if you don't have the OS source or a Xen-compatible guest OS you're not going to be able to use it.
Of course, if you are running linux on linux and don't mind messing around with it something like linux containers probably would be more efficient.
Well, there are a couple of options for handling modern consumer hardware like iPads and Android phones (I'm generalizing and not intending to poke at either in particular):
1. Make it the employee's problem. If employee gets a virus or leaks important info, fire them and say you've solved the problem. This is the cheapest solution if everybody lets you get away with it (which is surprisingly often).
2. Make it the vendor's problem. Look at the feature list and see that it has no viruses advertised and it says that data is secure and it can be remote-wiped and it always gets its security updates automatically. If that ever doesn't work out blame the vendor and say that you'll yell at them or switch vendors and that has solved the problem. This is the next cheapest solution if everybody lets you get away with it (which is even more often).
3. You're stuck - it is your problem. Now you need to put software on the device to make sure that the security patches are installed, scan for viruses, implement full-disk encryption, and so on. Of course for most of that you are just depending on a different vendor (but you likely have more choices). The device is now super-slow and has all the headaches associated with modern PCs.
Chances are the first manager in charge will do #1, then after he loses his job the next next one will do #2. Eventually enough managers will lose their jobs that we'll all be stuck with #3 again. It isn't like corporate PCs always had antivirus and encryption software slowing them down...
The iPad/phone deployments at most corporations are somewhere around #1-2 still, which is why it looks easy.
Depends on what your definition of competent management. They were very competent, but at maximizing their short-term share price.
Choosing to not properly build your infrastructure and then crushing under the weight of 8M devices is a MUCH better decision than building the proper infrastructure and then watching your competitor get crushed under the weight of 8M devices while you go bankrupt because they beat you to market by two months.
The managers who made the decision to skimp sold their stock ages ago and are all millionaires. They get to sit back and let somebody else clean up their mess. The people who bought their devices didn't properly evaluate their long-term potential - they were too consumed with "ooh, shiny!" That's what people always do and if you build anything accordingly you'll do just fine.
The PC and the handheld really are very different platforms, and what works well for one does not always work well for another. On the handheld you want big fat buttons you can hit with your thumbs. On a PC you want lots of info readily visible, and the precision of a mouse.
The corporate world is still on Windows, and that is a vicious cycle. People make apps for Windows since that is what people run, and people run Windows since that is where the apps are.
Sure, you can find consumer-oriented software for Macs. You can find industry-oriented software for the arts since that industry has always leaned mac, but most of that stuff sells for less than $1k/license.
The issue in the enterprise is the expensive software. That system that costs $5M and monitors the HVAC systems in every building on your plant site, or the $200M ERP system that manages every budget in your 50k employee operation. That stuff has barely been ported from mainframes to Windows, let alone to macs. When it runs in a browser it probably uses ActiveX, or still requires IE6.
Then there are the corporate beancounters - if the Apple laptop costs $1200, and the PC that runs the standard software costs $600, then they will buy the PC.
Oh, and that Macbook air probably won't run circles around the windows laptop once corporate IT finishes installing McAffee Antivirus, Full-disk Encryption, and setting it to re-scan the entire drive every 20 minutes, and then pushes out software updates every 45 minutes. Oh, and corporate IT will be sure to get just a little less than the necessary amount of RAM for the thing... Right now the odd unit owned by the CEO flies under the radar, but that will change once it becomes a standard.
Few companies can maintain their vision for long once the founder (and maybe their hand-groomed successors) leaves. Once the institutional investors take over, if you can't fit it on a spreadsheet then it doesn't count. As long as the numbers say you'll do good for the next 4-8 quarters then you get bonuses - whether you're destroying the company or not.
Occasionally you'll get a strong CEO that bucks that trend, but they're very few and far between.
Whether you like Apple or not, its days are numbered. If the new guy was well-mentored by Jobs and feels some kind of debt to the corporate identity then it could easily go another 10-20 years. If the new guy is more interested in making wall street happy and milking his bonuses then in 10-20 quarters we'll start seeing real problems.
ChromeOS isn't really intended to replace iOS or OSX. It is intended to not have long-term local storage - the whole point is to be a platform for accessing cloud services.
The idea is that if you drop your laptop on the way to work you go into the supply closet and grab a new one and log in. You wouldn't go to a service desk to have your stapler or telephone repaired, and the ChromeOS concept is extending that to a PC.
Once your local apps start having local storage that is more than a cache, then you need to protect that storage (backups). Once the local apps start getting sophisticated and can interact with that local storage and other apps, now you have viruses/etc. The simplicity of the model breaks down quickly.
I have no idea if ChromeOS will ever take off, but it isn't really intended to replace platforms where you're running apps that don't fit well in a browser.
I like to think I build quality PCs, and I usually spend around $300. Granted, I'm usually not buying cases or power supplies with that money so it goes a bit further, but you can get decent ones for less than $150.
Much of this depends on what you want to do with your PC, however. If you're looking for some gaming rig with dual video cards then yes that money doesn't go far. If you're looking for something that runs Excel you'll do fine with a very modest investment.
Sure, at some level their devices do the same sorts of things, but if somebody buys a PC there is a 99% chance they want to run Windows on it. I don't know anybody who buys Apple products to install Windows on them.
The PC makers do compete with each other, which is what keeps their prices down. Collectively they have WAY more market share than Apple. Googling around the only figures I could find were from a few years back, but back then Dell sold 4X as many desktops/laptops as Apple, and that is only one company. Now, Apple likely makes more money than Dell on those sales, but again that is because they're different markets. If you want an OSX PC you have to buy it from Apple, but if you want a Windows PC you have lots of choices.
On other platforms Apple does better, but it isn't a slam dunk for all of them. They're ahead on mp3 players and tablets, and that's about it. They do well as a single vendor on phones, but they have just over half the market share of the leader (which is a combination of many vendors).
None of this is to knock Apple - they do well for themselves. They're just in a different market. Lots of companies try to be in that market, but few manage to pull it off. However, there is a lot of money to be made selling the devices that the other 90% of consumers use.
Isn't Apple's whole marketing strategy to make a platform that "just works" - as soon as you start talking about having people code their own drivers you might as well go with either windows (where EVERYTHING has a driver from the vendor), or linux (which is FOSS). Especially if you couple it with the software missing features you need in the first place.
Wouldn't relying on GPS in a nuclear war be a bit crazy unless you were planning a first strike? That is, unless you expect your GPS satellites to survive the first strike?
I would think that LEO would be EMP city not long into WWIII.
Of course, if the submarine updates its position periodically then it would have a moderately accurate fix to start with, but I can't imagine that INS is that reliable with the accuracy of modern ICBMs. Then again, don't ICBMs have star-finders or such built into them once they get outside the atmosphere? So, you really should only need a pretty general idea of your location to launch one...
Uh, how do you get the stuff you mine back down to earth?
It isn't like you can just take a ton of iron ore and put it on an intercept orbit for your warehouse on the ground, unless you are looking to upgrade it with a REALLY big basement.f
Maybe for really exotic stuff it could make sense. However, if it were economical somebody would already be doing it.
If I recall, most people's complaints were along the complaints that there were only about three or four unique building types. Hell, they could have just added a bunch more buildings and locations for variety and I would have been happy.
Well, that and driving around the tank on the terrain they put on the maps was like driving a shopping cart with a bad wheel. I love the little rocket thrusters that let you jump all of about 3 feet in the air. The tank can apparently drop from near-orbit, and somehow get back to the ship, but it can't get past a mountain range without slogging it up some hill at a creeping speed because I'm too lazy to drive halfway around the planet after tumbling down the side of the hill or something.
The tank was nice, but often pretty annoying. Not nearly as annoying as planet-scanning, however.
Or if the soldier isn't part of a US or NATO unit, there's the distinct possibility that the ground terminal will get "lost". "Lost" crypto gear with valid keys upsets people. And you can't have a frequent key rotation because you can't count on reliable communications with the ground units to send the new keys.
Put a unique key in each piece of communications equipment. You only send broadcasts encrypted with keys that the targeted receivers can decode. The main risk I'd see is if somebody clones the device undetected, so that it doesn't get revoked. However, that cloned key is only of use receiving signals specifically addressed to that receiver, and only until the key is rotated. Also, if the encryption is asymmetric and two-way and the right algorithm is used to negotiate the session key then you can't even do that unless you can actively participate in the communications (which is very risky against somebody like the USA with extensive DF capability). Illustrative example - the base generates half a session key and sends it to the remote station using its key (the enemy can steal this), the remote station generates half a session key and sends it to the base (the enemy can't steal this), and every packet after that uses both keys and is unreadable by anybody without both the base and remote keys.
And, you can still do key rotation - just do it opportunistically.
If the army could manage key distribution in WWII they certainly can do it in the modern age. It just requires not being lazy about it.
Well, if nothing else the drone could be given the field unit's public key and instructed to encrypt the session key using it by the base. Clearly the base can talk to the drone since that is where it is piloted from. And, if the drone can talk to the base and talk to the troops, it can also function as a repeater - we're talking about sending a couple of bytes on a channel that is otherwise sending a video feed, so it isn't like this is creating bandwidth constraints or otherwise increasing the RF profile of the drone.
Oh, and the drone is a lot stealthier from an RF perspective if it only sends its transmissions towards the satellite, which is up in the sky, instead of omnidirectionally towards the ground.
It smells more like someone who wanted to FUD the RSA product, quite frankly.
I'm not sure if FUD is really the right term here. FUD is Fear, Uncertainty, and Doubt.
Right now you can be CERTAIN that people who aren't supposed to have the ability to impersonate any RSA SecureID tokens you own. There is no DOUBT that people can use this to do you harm. So, you should be VERY AFRAID unless you've replaced them with some other solution that isn't completely owned.
FUD is making vague insinuations to get people to not use a product. There is nothing vague about this - a security vendor essentially designed a system that relied on their ability to keep a certain set of data secret, and that data is in hands unknown. They then let that compromise go unreported for months, so that those with vulnerabilities had no way to know they were vulnerable.
Never buy into a system that allows people to bypass your security if they have some token that your vendor has a copy of. If you want to be secure, generate the keys yourself.
Yeah, but you'd think that a company named "RSA" would think to maybe employ RSA...
And I can't see how this would impact battery life much - how often does one of these things really need to generate a key. Just put a clock in it, and then a button which generates a key on demand. That uses as much power as a digital watch, plus a hair bit more twice a day or whatever. There is no need to have it continuously generating keys when it is sitting in a briefcase...
Perhaps a bit of mental clouding is to be expected among individuals who run a weapon system "allowing U.S. forces to attack targets and spy on its foes without risking American lives"—apparently by killing them. Doublethink and duckspeak aren't conducive to organizational efficiency...but that's the price you have to pay to keep the terrorists from winning.
Uh, anybody who joins the military should know that their primary function is killing people, or making other people more effective at killing people, or otherwise helping to kill people. I'm not sure how that results in mental clouding - pretty smart people have been killing each other since the dawn of time.
And inefficient organizations are hardly something unique to the military. When people find a mistake in their records how many people drop what they're doing and call the corporate auditing group to tell them about it, versus just fixing it and hoping it never gets noticed? The only thing unique to the military is that organizational foul-ups can result in the wrong people getting killed.
Unless the latency is THAT big of a deal, the RVTs shouldn't know how to decrypt UAV video. They should just know how to decrypt a stream of video sent to them from the base, and the base needs to know how to decrypt the UAV's video.
If you capture an RVT then it can play whatever videos it was already authorized to play, until the base figures out is is missing and stops broadcasting the session keys encrypted with that particular RVT's key.
This stuff was solved ages ago by the likes of DirecTV/etc. Your tuner box can't decrypt the video feeds from the football stadium to the broadcaster's office, and they don't need to for you to watch the game. The cost of this is a few seconds of latency, which I doubt matters much for most purposes.
I'm not convinced this is an issue - it just requires a MITM.
Drone talks to satellite. Satellite talks to base.
Handheld PC talks to satellite. Satellite talks to base.
Base can send whatever to whoever.
You don't need to have point-to-point shared keys between every drone and every PC in the world. You can change the keys for any device at any time and nobody needs to know that it happened except for the base's computer, and the device's computer.
If the drone gets captured ideally the keys are hardened, but worst case you only get to decrypt the drone's recent transmissions since the key was last rotated.
I don't think the point was so much that the Intel strategy didn't make sense, but rather that it was confusing and that simply benchmarking performance doesn't make as much sense, unless you make one of the performance benchmarks "how many VMs can you run the following program on before completion time takes longer than foo."
I'd say his point was made in the 47 replies where everybody is going back and forth on what features various CPUs have and whether it matters. Clearly the situation is confusing.
If a CPU manufacturer is going to vary the instruction set/etc by chip then that should be part of the evaluation, or should be targeted in benchmarks. Running a 1999 video benchmark on the latest GPUs would be pointless as it wouldn't really differentiate between one chip that supports some crazy hardware antialiasing optimization and another that doesn't. In the same way if there are specific features that differentiate CPUs and have different prices then just running nbench or whatever won't really illustrate the differences.
I've personally gone with AMDs for a while. I tend to spend $100 give or take on a CPU and when you look at the whole picture AMD tends to be the better value for me, and I don't like to switch back and forth for every CPU. Plus AMD has a lot more motherboard variety.
Yup, the libertarian approach isn't to call the police, but to BE the police.
I don't know that they'd argue that home owners need to necessarily do the law enforcement themselves, but rather that they'd hire the cops. So, your apartment building gets together and hires a bunch of armed guys to respond to crime reports. Basically like how an office building might hire security guards. If somebody starts damaging company property at your office I bet the security guards won't take 10 hours to respond, because they know who is paying them.
I'm not sure I'm all for whole-hog police privatization, but the issue here is that cops are essentially completely unaccountable to the general public, since their jobs are basically secure regardless of performance. They aim to keep their bosses happy, and they're so many steps removed from a taxpayer that nobody cares. If somehow police responsiveness becomes an election issue then perhaps things might change a little, for a little while.
Yup - just learned that Xen now supports virtualization without guest support, but only with hardware virtualization support.
And I was running VMs on systems without hardware virtualization only a few months ago. Something like an Athlon64 is perfectly capable of running virtualbox with 32-bit hosts without any issues, and they're only a few years old.
Sure, it is nicer to have newer hardware, but if you don't and you don't want to be doing qemu software virtualization then you're going to be using vmware or virtualbox.
Sure, if you make a device that supports docking and a properly optimized UI for each interface it could take off. Nobody has really done that yet.
I'm still not convinced the Apple option is going to end up being cheaper than the competition in the end, and Apple is going to have to be more willing to bend if corporate IT is going to fully embrace it. Right now it is considered fine since it is only used to access email and attachments/etc. However, is a company going to be able to install the customized off-the-shelf ERP solution client software on the device without paying Apple some kind of fee that is going to become prohibitive? How about the control software for the CNC mill down the hall? There are a lot of things that desktops do in the enterprise and I think it will be a while before all of it works through a web-browser without plugins.
Well, I can sue you because I don't like your hair color. It doesn't mean that it will get anywhere, but I bet I can cost you a pretty penny defending yourself.
KVM is pretty comparable (well, if you have virtualization hardware extensions - on older CPUs it doesn't work unlike Virtualbox). I wouldn't call Xen comparable - it doesn't run unmodified guests. For running linux on linux it works fine, but if you don't have the OS source or a Xen-compatible guest OS you're not going to be able to use it.
Of course, if you are running linux on linux and don't mind messing around with it something like linux containers probably would be more efficient.
Yup, seems like we need mixmaster and encrypted chained remailer routes back.... :)
Well, there are a couple of options for handling modern consumer hardware like iPads and Android phones (I'm generalizing and not intending to poke at either in particular):
1. Make it the employee's problem. If employee gets a virus or leaks important info, fire them and say you've solved the problem. This is the cheapest solution if everybody lets you get away with it (which is surprisingly often).
2. Make it the vendor's problem. Look at the feature list and see that it has no viruses advertised and it says that data is secure and it can be remote-wiped and it always gets its security updates automatically. If that ever doesn't work out blame the vendor and say that you'll yell at them or switch vendors and that has solved the problem. This is the next cheapest solution if everybody lets you get away with it (which is even more often).
3. You're stuck - it is your problem. Now you need to put software on the device to make sure that the security patches are installed, scan for viruses, implement full-disk encryption, and so on. Of course for most of that you are just depending on a different vendor (but you likely have more choices). The device is now super-slow and has all the headaches associated with modern PCs.
Chances are the first manager in charge will do #1, then after he loses his job the next next one will do #2. Eventually enough managers will lose their jobs that we'll all be stuck with #3 again. It isn't like corporate PCs always had antivirus and encryption software slowing them down...
The iPad/phone deployments at most corporations are somewhere around #1-2 still, which is why it looks easy.
Depends on what your definition of competent management. They were very competent, but at maximizing their short-term share price.
Choosing to not properly build your infrastructure and then crushing under the weight of 8M devices is a MUCH better decision than building the proper infrastructure and then watching your competitor get crushed under the weight of 8M devices while you go bankrupt because they beat you to market by two months.
The managers who made the decision to skimp sold their stock ages ago and are all millionaires. They get to sit back and let somebody else clean up their mess. The people who bought their devices didn't properly evaluate their long-term potential - they were too consumed with "ooh, shiny!" That's what people always do and if you build anything accordingly you'll do just fine.
And that is why society is the mess that it is...
I'm not convinced of this.
The PC and the handheld really are very different platforms, and what works well for one does not always work well for another. On the handheld you want big fat buttons you can hit with your thumbs. On a PC you want lots of info readily visible, and the precision of a mouse.
The corporate world is still on Windows, and that is a vicious cycle. People make apps for Windows since that is what people run, and people run Windows since that is where the apps are.
Sure, you can find consumer-oriented software for Macs. You can find industry-oriented software for the arts since that industry has always leaned mac, but most of that stuff sells for less than $1k/license.
The issue in the enterprise is the expensive software. That system that costs $5M and monitors the HVAC systems in every building on your plant site, or the $200M ERP system that manages every budget in your 50k employee operation. That stuff has barely been ported from mainframes to Windows, let alone to macs. When it runs in a browser it probably uses ActiveX, or still requires IE6.
Then there are the corporate beancounters - if the Apple laptop costs $1200, and the PC that runs the standard software costs $600, then they will buy the PC.
Oh, and that Macbook air probably won't run circles around the windows laptop once corporate IT finishes installing McAffee Antivirus, Full-disk Encryption, and setting it to re-scan the entire drive every 20 minutes, and then pushes out software updates every 45 minutes. Oh, and corporate IT will be sure to get just a little less than the necessary amount of RAM for the thing... Right now the odd unit owned by the CEO flies under the radar, but that will change once it becomes a standard.
I think the problem is founder loss.
Few companies can maintain their vision for long once the founder (and maybe their hand-groomed successors) leaves. Once the institutional investors take over, if you can't fit it on a spreadsheet then it doesn't count. As long as the numbers say you'll do good for the next 4-8 quarters then you get bonuses - whether you're destroying the company or not.
Occasionally you'll get a strong CEO that bucks that trend, but they're very few and far between.
Whether you like Apple or not, its days are numbered. If the new guy was well-mentored by Jobs and feels some kind of debt to the corporate identity then it could easily go another 10-20 years. If the new guy is more interested in making wall street happy and milking his bonuses then in 10-20 quarters we'll start seeing real problems.
ChromeOS isn't really intended to replace iOS or OSX. It is intended to not have long-term local storage - the whole point is to be a platform for accessing cloud services.
The idea is that if you drop your laptop on the way to work you go into the supply closet and grab a new one and log in. You wouldn't go to a service desk to have your stapler or telephone repaired, and the ChromeOS concept is extending that to a PC.
Once your local apps start having local storage that is more than a cache, then you need to protect that storage (backups). Once the local apps start getting sophisticated and can interact with that local storage and other apps, now you have viruses/etc. The simplicity of the model breaks down quickly.
I have no idea if ChromeOS will ever take off, but it isn't really intended to replace platforms where you're running apps that don't fit well in a browser.
I like to think I build quality PCs, and I usually spend around $300. Granted, I'm usually not buying cases or power supplies with that money so it goes a bit further, but you can get decent ones for less than $150.
Much of this depends on what you want to do with your PC, however. If you're looking for some gaming rig with dual video cards then yes that money doesn't go far. If you're looking for something that runs Excel you'll do fine with a very modest investment.
Apple only loosely competes with PC makers.
Sure, at some level their devices do the same sorts of things, but if somebody buys a PC there is a 99% chance they want to run Windows on it. I don't know anybody who buys Apple products to install Windows on them.
The PC makers do compete with each other, which is what keeps their prices down. Collectively they have WAY more market share than Apple. Googling around the only figures I could find were from a few years back, but back then Dell sold 4X as many desktops/laptops as Apple, and that is only one company. Now, Apple likely makes more money than Dell on those sales, but again that is because they're different markets. If you want an OSX PC you have to buy it from Apple, but if you want a Windows PC you have lots of choices.
On other platforms Apple does better, but it isn't a slam dunk for all of them. They're ahead on mp3 players and tablets, and that's about it. They do well as a single vendor on phones, but they have just over half the market share of the leader (which is a combination of many vendors).
None of this is to knock Apple - they do well for themselves. They're just in a different market. Lots of companies try to be in that market, but few manage to pull it off. However, there is a lot of money to be made selling the devices that the other 90% of consumers use.