The 2G phones were designed at a time when the manufacturers still thought people gave a shit about coverage or battery life.
Apple has shown us all that they don't..
I think history disagrees with you. The first iPhone was 2G despite 3G radios existing and working in the wild. They didn't put a 3G radio into the phone until they were small enough and efficient enough. The tradeoff was low-bandwidth vs battery life, and Apple decided battery life was more important. There is nothing particularly cutting edge about any of the iPhone's hardware at all. They use solid parts with good specs, but they are never "the best" that is available at the time. They do this specifically to improve battery life and ensure basic functionality.
You can complain about the UI and App Store all you like, but I don't think Apple has ever made a phone that sacrifices coverage and battery life for the sake of wowing customers.
How can the platforms and trains of a public transport system (that is tax supported and even run by a state agency) not be public areas? This is explicitly not about interfering with the trains, it is about "expressive activity" i.e. exercise of everybody's constitutional freedom of speech. If you have a valid ticket you are not "de facto trespassing" either. Freedom of speech cannot be limited to "certain areas", it is either a universal, fundamental right or it makes no sense at all. If to exercise your freedom of speech you are required to go into a "Free Speech" cage, what kind of freedom is that?
They are not public areas in the sense that the area behind the counter of the DMV is not a public area. In order for it to function, there must be rules. You and 50 of your friends cannot just walk into a DMV and hang out in the back office simply because it is run by the government. Have you been to a BART station in San Francisco? They are tiny and completely packed. There is no conceivable way to hold a protest on one of the platforms below Market Street without shutting it down. It's like insisting on holding a parade on the only 1-lane road that is used by 100,000 people an hour. It's not going to be allowed. Set up shop on the side of the road, or set up shop in the BART station, but not on the platform. These are all fine.
Paragraph 2: "No First Amendment activities in the trains, boarding areas, or any other part of our property." (I love the "expressive activities" buzzphrase in this one)
No, the statement is that the platforms and trains are not public spaces, and if you interfere with the trains, you are de facto trespassing and they will have you arrested. I support PETA doing their thing on the sidewalks and in the parks, but I would take action if they ended up in my living room or if they disabled my vehicle.
Since crime must be prevented, everything should be shut down to prevent all sorts of crime. Never mind about protests. What about real crimes like bank robbery and murder? Phone shouldn't work, guns shouldn't fire, TVs should turn off, and cell phones, FaceBook, Twitter, should all be silenced. Then there's that whole internet thing... Everyone please just stay home and be safe! Think of the children.
Look, protesting is not a crime in any degree and should not be lumped next to them even when trying to make an example.
BART was pretty clear that they would have accommodated a protest. BART was attempting to prevent a shutdown of the system, which would be a major hassle for hundreds of thousands of people. This happened a couple weeks ago, it was chaos and there is no alternative to BART for the majority of its riders. I don't know whether shutting down some of their own equipment was effective, or outrageous, or appropriate, or what, but I am glad for everyone who was able to pick up their kids at camp or make other crucial appointments on that day.
Here's my take on it. Apple's greed is amazing to behold.
It's not clear that it's about greed. Far more likely is that it's about control, control over the experience of their users. Apple has a direct motive to fully support the Kindle app on iOS, because the users of their devices want it there. iBooks just exists for users who can't be bothered to dive into the Kindle ecosystem. But also, Apple has a direct motive to prevent sketchy financial transactions from originating from within iOS apps. A couple of errant games that redirect users to a Russian mafia site to steal credit cards can very quickly remove any trust that people have in the App Store. Apple is mitigating this, at the very public cost to a handful of apps (Kindle, Google Books (or whatever), Netflix, etc.) But the bottom line is that in this capacity, Amazon, Google, and Netflix are all middlemen. Middlemen are going the way of the dodo in general, although today these three behemoths obviously provide a great deal of value to the end-user.
I don't use Kindle or Google Books or Netflix on my phone, so I'm not certain what the big deal is. If you have a Kindle account, is it really that hard to buy books at amazon.com rather than from within the Kindle app? Maybe it is, but the only effect this policy has had on me is to elevate the amount of trust I have with in-app purchases -- Only Apple will ever get the transaction details, and Apple has a pretty good track record with processing purchases.
I have a hard time finding fault with Apple's policy on this.
I wonder what the context of the question was. I find it surprising that 34% is an accurate number. After all, the word "3G" is on the screen pretty much 100% of the time. More likely, people who don't have a 4G phone aren't sure what "4G" means, and the previous question biased the response to this question.
Q: Do you know what "4G" means?
A: Yes, it is technology that certain phones use for wireless communication.
Q: Do you plan on getting a 4G phone?
A: I already have an iPhone 4.
vs:
Q: Have you ever had a 3G phone?
A: Yes, I had the iPhone 3G.
Q: Do you plan on getting a 4G phone?
A: I already have an iPhone 4.
Too bad that Apple is admitting how they can't compete with their design and technology, so they will compete with lawyers instead.
IANAL, but aren't they saying the exact opposite? Aren't they saying, "We have invented a superior technology and design because of these specific patents, which HTC illegally stole/copied/whatever"? I am not validating the patent system here, just trying to clarify the tactical stance.
And you also think Google should face antitrust trial for blocking Facebook from getting Gmail contacts, right?
I don't think people realize how annoying this feature was (is? does it work today?). When facebook was pushing it, I would routinely get emails from people I knew. I had no interest in facebook at all, but they would correlate the sender's network and tell me about all of the other people I know who are using facebook, whether they invited me or not.
Really, google cutting this off has more to do with the *members* of the contact list rather than the person sending the invite.
I don't think Facebook did a good job at letting people know what the planned implications were for providing access to an address book. As a member of many people's address books but not a facebook user, I am glad that Google made this difficult for them.
As opposed to now where they just slash your tyres and set fire to the car, "just for the lulz"...
I suspect that mischief that does not result in permanent damage would be far more tempting than something like slashing tires. Unplugging a car that is in the middle of charging would be such mischief. It reminds me of those parking meters that just internally tracked which spot had what time remaining. Someone would enter their parking spot number, pay for an hour, go shopping, then someone comes along and pays for 5 minutes for that spot in order to cause a ticket to be issued 6 minutes later.
The way to fix these problems is to require access to the car. Parking meters should emit a printout that the driver can put on his dashboard. Perhaps plugins would have some way to "lock" the cord to the car with access tied to the car keys. People could still cut the wire, but I suspect that would happen far less frequently than walking down a block unplugging every car.
"Digital" has come to mean "lacking media". For example, some of the movies you can buy on dvd or blu ray come with a "digital copy", which is a (usually) DRMed file that is playable on a computer or tablet. Of course the "dvd" part of the disk is also digital. But outside of some niches, 100% of all entertainment/art people consume is digital. Using the word "digital" to characterize something as a stream of 1s and 0s is now a meaningless distinction.
For people who have a technical understanding of what a dvd or cd is compared to a netflix stream or mp3, using the word "digital" in this way is indeed a bit strange. But what would you suggest as the word to describe "lacking media"? "media-less" doesn't work because the music and movies are generally casually referred to as "media" (let's go to my media room and watch a movie). "disk-less" is awkward to say.
After seeing "digital" used in this way a couple times, I was able to get over it just fine.
If IT locks out the app store, it won't be successful.
Define "success"? Users won't like it or companies won't buy it? There's a difference, and the latter wins. It's the same reason companies don't buy office workers Alienware PCs.
...
Until the fired boss from Sony or Groupon or the Social Security Administration replaces our boss, and tells us to unencrypt everything, because nobody would ever, EVER, leave an iPad or iPhone just laying in a bar.
Sounds like you are railing on iOS, but do you realize that iOS has nearly ever feature you are touting in this not-yet-existent Cisco tablet? Even the example of leaving a phone in a bar is a stretch -- the thing was immediately wiped remotely.
Make a substantive criticism, and I'll consider it, as I have for my other responder. Otherwise you're just a source of noise.
I'm sorry if the humor didn't come across. It was not meant as any kind of substantive criticism, it was meant to make light of the fact that you are talking over the heads of probably 98% of the people who read what you wrote. I have no way of knowing if what you said was accurate or not, and that wasn't even part of what I was trying to communicate. If anything, I was teasing you for using such dense language with such little context. Really, though, what happened is that I read what you wrote, thought to myself, "this is what engineers experience when they hear management using highly specific language to describe business models", and I thought of that funny buzzword generator. It's funny, right?!
No offense, and I'm sorry that my terse comment was misunderstood.
The reaction is
1H + 11B -> 12C -> 4He + 8Be -> 4He + 4He + 4He
so there are more output nuclei than input.
However, I suppose it is true that all of the energy is coming from fusion, as 12C -> 4He + 4He + 4He is exothermic. (The reverse reaction is an energy source for stars under some circumstances.)
12C is normally stable, so for this reaction to go as stated the nucleus must be created in some suitable excited state.
I've found Windows to be the most keyboard friendly GUI OS. Which I think is kind of odd...
I have heard it said that at some point the military would not buy software that required a mouse, so MS made an OS that didn't require one. I don't know how true this is, but MS has obviously put an enormous amount of effort into allowing their GUI to be run without a mouse. There are probably dozens of people who work on this aspect of Windows/Explorer exclusively.
Port the encryption and infrastructure, along with the marvelous keyboards they make to Android and I'm sure they'll survive. Or even grow.
I had a company-issued blackberry for about a decade. Each year or 18 months or so they would get refreshed, and I'd get the latest model. The early models were solid and great in almost every way, but each subsequent model was worse than the one it replaced. They haven't made a decent keyboard in at least 5 years. Their screens got more pixels and more colors each year, but the overall quality of the screens got slowly worse. My employer supports iOS now, and I'm happy to never have to touch a blackberry again.
I also did some app development for blackberry devices, and I can tell you without a doubt they have the worst platform, the worst tools, and it's obvious they never cared about making development workable. I only ever saw one third-party non-game app that was decent, and I estimate it took 15 people 6 months to build that. Compare this to some of the iOS and Android apps that a single person can put out with a couple weeks worth of effort.
Going with Android seems like it would be akin to starting over. I don't see what assets they have that HTC or Samsung don't have. They have their Enterprise Server thing, but I don't understand what advantage that has over Exchange + ActiveSync which every other platform seems to support. I would be happy to be enlightened about what advantages Rim might have left.
I am certainly not trying to say that the operating system had no api prior to the release of the sdk, and I am certainly not trying to indicate that my opinion is rooted in facts.
I have done very limited os x development, but it is enough for me to see the overlap, as well as the mysterious divergences, in the two apis. You are right that there is no direct evidence that a public api and app store were in the pipeline. I just don't think it is possible to turn an internal api into a public api with all the supporting infrastructure and tools in such a short period of time. In casual conversations with other developers, this is a widely held belief.
Except they initially only wanted developers to make HTML+Javascript apps and only released a native SDK after developers demanded they do so.
There is no way that the SDK was released as a capitulation to developers. The iOS SDK was released 8 months after the iPhone. If you have done any iOS development or otherwise taken a look at it, you would know that it is impossible to build such an SDK and supporting materials in such a short period of time. The SDK and App Store were clearly in the works when they initially released the iPhone. Perhaps they were behind schedule, or perhaps there was another reason for staggering their releases.
Wow. Yes, I can see how making accounts accessible via an unhashed URL is really something no one would have guessed would be a problem.
Is there any concrete information that the problem was that the url was/AccountDetails?AccountNumber=123? I haven't seen any.
There are a ton of understandable (but still inexcusable) reasons for an organization to subvert it's own security measures. Perhaps this online banking site had a requirement to display account information from two different backends that are otherwise unaware of each other. Perhaps this was implemented using javascript or flash "drm" or "cryptography". Perhaps a vulnerability those libraries allowed the attackers to compute some hash 2 billion times which yielded 200k valid account numbers.
This obviously reeks of a hacky shortcut of something that should have been implemented properly, but I haven't read any credible facts that it was as simple as you put it.
Again, I'm not trying to excuse anyone. Just saying it's probably more complicated than you are making it out to be. And this guy was probably quoted out of context and probably was not being understood by the reporter.
One expert, who is part of the investigation and wants to remain anonymous because the inquiry is at an early stage, told The New York Times he wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser.
He said: 'It would have been hard to prepare for this type of vulnerability.
IF the article is correct about the nature of the vulnerability this quote is the single stupidest and most frightening things I have ever read on the internet.
Give some benefit of the doubt. Keep in mind this is a New York Times article -- it is written in way that they feel should be understandable to any 8th grader in the country. Add onto that, that the reporter is almost certainly not understanding anything this guy has to say. Add onto that, this guy is actively working on the investigation, and he might not be willing or able to divulge any actual information. Add onto that that the New York Times readers (staff included) are generally outraged at the banking industry, so there is no doubt a bias to roast a big player in that industry.
Some questions: Is this guy the original source? What does "security expert" mean? CISSP? Manager of the "security department" that is running the investigation? Outside consultant? Who knows, if the article contained this information it did a bad job of conveying it.
The way I read it, it seems to me that this guy is probably referring to the criminals. When I first read it, he was conveying to me, "The last place criminals will look for an entry point is the front door. When they found it, they seemed prepared with a sophisticated and fast way to drain as much info as they could prior to detection." It's almost as if he is suggesting that it was an inside job without coming out and saying it. Correct me if I'm wrong, but there is nothing that suggests that the account numbers were in the url in plaintext. Perhaps they were ROT13ed or similar, or perhaps the key was in a script on the client, or perhaps the key was the remote ip address or something equally dumb. This would still be unforgivable from an architecture point of view, but it easy to see how something like this could escape notice during day-to-day code reviews. "What's that string for?" "Oh, that's our session id."
There are a million contexts and situations where what this guy said could make good sense. Why the New York Times is publishing truncated sound bites of opinion from anonymous sources is the baffling thing here. The New York Times might be able to corroborate facts from an insider, or otherwise trust the information, but in my mind they should not be printing opinion or speculation from an unnamed source with an obvious interest in the outcome.
The use case is this: iPhone 4 comes out, iOS dev team needs to test the app on that device. No team member has an iPhone 4. The only way for the team to acquire an iPhone 4 is to get a 2 year contract with AT&T. It's technically possible to do this, but most IT procurement teams are not set up to do this, so you need exceptions all over the place, it takes forever, etc etc. It's also far more expensive than it should be. It ends up costing $1000s for a ~$600 chunk of hardware.
Again, the locked phone/contract never blocked work getting done, it was just a giant pain to deal with.
I am kind of amazed that Apple's U.S. enterprise/corporate customers have put up with locked phones for so long. I remember some previous models were available unlocked (or at least contractless -- I forget the details). But the majority of the iPhone timeline these phones have required a contract and a phone number. I have worked for two different iOS dev shops, and in each case it was either a complete PITA to get devices, or the devs/qa just used their personal devices because there was no other effective way of getting hardware from a corporate procurement point of view. The provisioning has improved over the years, but getting an actual device has been probably the biggest pain in doing corporate iOS work. Hopefully this will make that situation better.
'best and most comprehensive production web page profiler out there for any web platform.'
That's a little bit misleading. This project is basically instrumentation that you add to an asp.net 4.0 webapp. It does not seem to be usable by any other kind of webapp. It doesn't even look like it would be easy to port to the other major platforms.
Slashdot Mirror
The 2G phones were designed at a time when the manufacturers still thought people gave a shit about coverage or battery life.
Apple has shown us all that they don't..
I think history disagrees with you. The first iPhone was 2G despite 3G radios existing and working in the wild. They didn't put a 3G radio into the phone until they were small enough and efficient enough. The tradeoff was low-bandwidth vs battery life, and Apple decided battery life was more important. There is nothing particularly cutting edge about any of the iPhone's hardware at all. They use solid parts with good specs, but they are never "the best" that is available at the time. They do this specifically to improve battery life and ensure basic functionality.
You can complain about the UI and App Store all you like, but I don't think Apple has ever made a phone that sacrifices coverage and battery life for the sake of wowing customers.
How can the platforms and trains of a public transport system (that is tax supported and even run by a state agency) not be public areas? This is explicitly not about interfering with the trains, it is about "expressive activity" i.e. exercise of everybody's constitutional freedom of speech. If you have a valid ticket you are not "de facto trespassing" either. Freedom of speech cannot be limited to "certain areas", it is either a universal, fundamental right or it makes no sense at all. If to exercise your freedom of speech you are required to go into a "Free Speech" cage, what kind of freedom is that?
They are not public areas in the sense that the area behind the counter of the DMV is not a public area. In order for it to function, there must be rules. You and 50 of your friends cannot just walk into a DMV and hang out in the back office simply because it is run by the government. Have you been to a BART station in San Francisco? They are tiny and completely packed. There is no conceivable way to hold a protest on one of the platforms below Market Street without shutting it down. It's like insisting on holding a parade on the only 1-lane road that is used by 100,000 people an hour. It's not going to be allowed. Set up shop on the side of the road, or set up shop in the BART station, but not on the platform. These are all fine.
Paragraph 2: "No First Amendment activities in the trains, boarding areas, or any other part of our property." (I love the "expressive activities" buzzphrase in this one)
No, the statement is that the platforms and trains are not public spaces, and if you interfere with the trains, you are de facto trespassing and they will have you arrested. I support PETA doing their thing on the sidewalks and in the parks, but I would take action if they ended up in my living room or if they disabled my vehicle.
Since crime must be prevented, everything should be shut down to prevent all sorts of crime. Never mind about protests. What about real crimes like bank robbery and murder? Phone shouldn't work, guns shouldn't fire, TVs should turn off, and cell phones, FaceBook, Twitter, should all be silenced. Then there's that whole internet thing... Everyone please just stay home and be safe! Think of the children.
Look, protesting is not a crime in any degree and should not be lumped next to them even when trying to make an example.
BART was pretty clear that they would have accommodated a protest. BART was attempting to prevent a shutdown of the system, which would be a major hassle for hundreds of thousands of people. This happened a couple weeks ago, it was chaos and there is no alternative to BART for the majority of its riders. I don't know whether shutting down some of their own equipment was effective, or outrageous, or appropriate, or what, but I am glad for everyone who was able to pick up their kids at camp or make other crucial appointments on that day.
Here's my take on it. Apple's greed is amazing to behold.
It's not clear that it's about greed. Far more likely is that it's about control, control over the experience of their users. Apple has a direct motive to fully support the Kindle app on iOS, because the users of their devices want it there. iBooks just exists for users who can't be bothered to dive into the Kindle ecosystem. But also, Apple has a direct motive to prevent sketchy financial transactions from originating from within iOS apps. A couple of errant games that redirect users to a Russian mafia site to steal credit cards can very quickly remove any trust that people have in the App Store. Apple is mitigating this, at the very public cost to a handful of apps (Kindle, Google Books (or whatever), Netflix, etc.) But the bottom line is that in this capacity, Amazon, Google, and Netflix are all middlemen. Middlemen are going the way of the dodo in general, although today these three behemoths obviously provide a great deal of value to the end-user.
I don't use Kindle or Google Books or Netflix on my phone, so I'm not certain what the big deal is. If you have a Kindle account, is it really that hard to buy books at amazon.com rather than from within the Kindle app? Maybe it is, but the only effect this policy has had on me is to elevate the amount of trust I have with in-app purchases -- Only Apple will ever get the transaction details, and Apple has a pretty good track record with processing purchases.
I have a hard time finding fault with Apple's policy on this.
maybe now you will see the dark side of outsourcing to a country like China.
What does the place of manufacture have anything to do with fake retail stores? Wouldn't this be just as news-worthy if this was happening in Latvia?
Q: Do you know what "4G" means?
A: Yes, it is technology that certain phones use for wireless communication.
Q: Do you plan on getting a 4G phone?
A: I already have an iPhone 4.
vs:
Q: Have you ever had a 3G phone?
A: Yes, I had the iPhone 3G.
Q: Do you plan on getting a 4G phone?
A: I already have an iPhone 4.
Too bad that Apple is admitting how they can't compete with their design and technology, so they will compete with lawyers instead.
IANAL, but aren't they saying the exact opposite? Aren't they saying, "We have invented a superior technology and design because of these specific patents, which HTC illegally stole/copied/whatever"? I am not validating the patent system here, just trying to clarify the tactical stance.
And you also think Google should face antitrust trial for blocking Facebook from getting Gmail contacts, right?
I don't think people realize how annoying this feature was (is? does it work today?). When facebook was pushing it, I would routinely get emails from people I knew. I had no interest in facebook at all, but they would correlate the sender's network and tell me about all of the other people I know who are using facebook, whether they invited me or not.
Really, google cutting this off has more to do with the *members* of the contact list rather than the person sending the invite.
I don't think Facebook did a good job at letting people know what the planned implications were for providing access to an address book. As a member of many people's address books but not a facebook user, I am glad that Google made this difficult for them.
I can see serious vandalism, just for the lulz.
As opposed to now where they just slash your tyres and set fire to the car, "just for the lulz"...
I suspect that mischief that does not result in permanent damage would be far more tempting than something like slashing tires. Unplugging a car that is in the middle of charging would be such mischief. It reminds me of those parking meters that just internally tracked which spot had what time remaining. Someone would enter their parking spot number, pay for an hour, go shopping, then someone comes along and pays for 5 minutes for that spot in order to cause a ticket to be issued 6 minutes later.
The way to fix these problems is to require access to the car. Parking meters should emit a printout that the driver can put on his dashboard. Perhaps plugins would have some way to "lock" the cord to the car with access tied to the car keys. People could still cut the wire, but I suspect that would happen far less frequently than walking down a block unplugging every car.
Yes I don't understand it either.
"Digital" has come to mean "lacking media". For example, some of the movies you can buy on dvd or blu ray come with a "digital copy", which is a (usually) DRMed file that is playable on a computer or tablet. Of course the "dvd" part of the disk is also digital. But outside of some niches, 100% of all entertainment/art people consume is digital. Using the word "digital" to characterize something as a stream of 1s and 0s is now a meaningless distinction.
For people who have a technical understanding of what a dvd or cd is compared to a netflix stream or mp3, using the word "digital" in this way is indeed a bit strange. But what would you suggest as the word to describe "lacking media"? "media-less" doesn't work because the music and movies are generally casually referred to as "media" (let's go to my media room and watch a movie). "disk-less" is awkward to say.
After seeing "digital" used in this way a couple times, I was able to get over it just fine.
If IT locks out the app store, it won't be successful.
Define "success"? Users won't like it or companies won't buy it? There's a difference, and the latter wins. It's the same reason companies don't buy office workers Alienware PCs.
...
Until the fired boss from Sony or Groupon or the Social Security Administration replaces our boss, and tells us to unencrypt everything, because nobody would ever, EVER, leave an iPad or iPhone just laying in a bar.
Sounds like you are railing on iOS, but do you realize that iOS has nearly ever feature you are touting in this not-yet-existent Cisco tablet? Even the example of leaving a phone in a bar is a stretch -- the thing was immediately wiped remotely.
Make a substantive criticism, and I'll consider it, as I have for my other responder. Otherwise you're just a source of noise.
I'm sorry if the humor didn't come across. It was not meant as any kind of substantive criticism, it was meant to make light of the fact that you are talking over the heads of probably 98% of the people who read what you wrote. I have no way of knowing if what you said was accurate or not, and that wasn't even part of what I was trying to communicate. If anything, I was teasing you for using such dense language with such little context. Really, though, what happened is that I read what you wrote, thought to myself, "this is what engineers experience when they hear management using highly specific language to describe business models", and I thought of that funny buzzword generator. It's funny, right?!
No offense, and I'm sorry that my terse comment was misunderstood.
The reaction is 1H + 11B -> 12C -> 4He + 8Be -> 4He + 4He + 4He so there are more output nuclei than input.
However, I suppose it is true that all of the energy is coming from fusion, as 12C -> 4He + 4He + 4He is exothermic. (The reverse reaction is an energy source for stars under some circumstances.)
12C is normally stable, so for this reaction to go as stated the nucleus must be created in some suitable excited state.
Is there some physics version of the Web Bullshit Generator?
I've found Windows to be the most keyboard friendly GUI OS. Which I think is kind of odd ...
I have heard it said that at some point the military would not buy software that required a mouse, so MS made an OS that didn't require one. I don't know how true this is, but MS has obviously put an enormous amount of effort into allowing their GUI to be run without a mouse. There are probably dozens of people who work on this aspect of Windows/Explorer exclusively.
Port the encryption and infrastructure, along with the marvelous keyboards they make to Android and I'm sure they'll survive. Or even grow.
I had a company-issued blackberry for about a decade. Each year or 18 months or so they would get refreshed, and I'd get the latest model. The early models were solid and great in almost every way, but each subsequent model was worse than the one it replaced. They haven't made a decent keyboard in at least 5 years. Their screens got more pixels and more colors each year, but the overall quality of the screens got slowly worse. My employer supports iOS now, and I'm happy to never have to touch a blackberry again.
I also did some app development for blackberry devices, and I can tell you without a doubt they have the worst platform, the worst tools, and it's obvious they never cared about making development workable. I only ever saw one third-party non-game app that was decent, and I estimate it took 15 people 6 months to build that. Compare this to some of the iOS and Android apps that a single person can put out with a couple weeks worth of effort.
Going with Android seems like it would be akin to starting over. I don't see what assets they have that HTC or Samsung don't have. They have their Enterprise Server thing, but I don't understand what advantage that has over Exchange + ActiveSync which every other platform seems to support. I would be happy to be enlightened about what advantages Rim might have left.
I have done very limited os x development, but it is enough for me to see the overlap, as well as the mysterious divergences, in the two apis. You are right that there is no direct evidence that a public api and app store were in the pipeline. I just don't think it is possible to turn an internal api into a public api with all the supporting infrastructure and tools in such a short period of time. In casual conversations with other developers, this is a widely held belief.
Except they initially only wanted developers to make HTML+Javascript apps and only released a native SDK after developers demanded they do so.
There is no way that the SDK was released as a capitulation to developers. The iOS SDK was released 8 months after the iPhone. If you have done any iOS development or otherwise taken a look at it, you would know that it is impossible to build such an SDK and supporting materials in such a short period of time. The SDK and App Store were clearly in the works when they initially released the iPhone. Perhaps they were behind schedule, or perhaps there was another reason for staggering their releases.
Affected software versions
Wow. Yes, I can see how making accounts accessible via an unhashed URL is really something no one would have guessed would be a problem.
Is there any concrete information that the problem was that the url was /AccountDetails?AccountNumber=123? I haven't seen any.
There are a ton of understandable (but still inexcusable) reasons for an organization to subvert it's own security measures. Perhaps this online banking site had a requirement to display account information from two different backends that are otherwise unaware of each other. Perhaps this was implemented using javascript or flash "drm" or "cryptography". Perhaps a vulnerability those libraries allowed the attackers to compute some hash 2 billion times which yielded 200k valid account numbers.
This obviously reeks of a hacky shortcut of something that should have been implemented properly, but I haven't read any credible facts that it was as simple as you put it.
Again, I'm not trying to excuse anyone. Just saying it's probably more complicated than you are making it out to be. And this guy was probably quoted out of context and probably was not being understood by the reporter.
IF the article is correct about the nature of the vulnerability this quote is the single stupidest and most frightening things I have ever read on the internet.
Give some benefit of the doubt. Keep in mind this is a New York Times article -- it is written in way that they feel should be understandable to any 8th grader in the country. Add onto that, that the reporter is almost certainly not understanding anything this guy has to say. Add onto that, this guy is actively working on the investigation, and he might not be willing or able to divulge any actual information. Add onto that that the New York Times readers (staff included) are generally outraged at the banking industry, so there is no doubt a bias to roast a big player in that industry.
Some questions: Is this guy the original source? What does "security expert" mean? CISSP? Manager of the "security department" that is running the investigation? Outside consultant? Who knows, if the article contained this information it did a bad job of conveying it.
The way I read it, it seems to me that this guy is probably referring to the criminals. When I first read it, he was conveying to me, "The last place criminals will look for an entry point is the front door. When they found it, they seemed prepared with a sophisticated and fast way to drain as much info as they could prior to detection." It's almost as if he is suggesting that it was an inside job without coming out and saying it. Correct me if I'm wrong, but there is nothing that suggests that the account numbers were in the url in plaintext. Perhaps they were ROT13ed or similar, or perhaps the key was in a script on the client, or perhaps the key was the remote ip address or something equally dumb. This would still be unforgivable from an architecture point of view, but it easy to see how something like this could escape notice during day-to-day code reviews. "What's that string for?" "Oh, that's our session id."
There are a million contexts and situations where what this guy said could make good sense. Why the New York Times is publishing truncated sound bites of opinion from anonymous sources is the baffling thing here. The New York Times might be able to corroborate facts from an insider, or otherwise trust the information, but in my mind they should not be printing opinion or speculation from an unnamed source with an obvious interest in the outcome.
What would be hard about it?
The use case is this: iPhone 4 comes out, iOS dev team needs to test the app on that device. No team member has an iPhone 4. The only way for the team to acquire an iPhone 4 is to get a 2 year contract with AT&T. It's technically possible to do this, but most IT procurement teams are not set up to do this, so you need exceptions all over the place, it takes forever, etc etc. It's also far more expensive than it should be. It ends up costing $1000s for a ~$600 chunk of hardware.
Again, the locked phone/contract never blocked work getting done, it was just a giant pain to deal with.
I am kind of amazed that Apple's U.S. enterprise/corporate customers have put up with locked phones for so long. I remember some previous models were available unlocked (or at least contractless -- I forget the details). But the majority of the iPhone timeline these phones have required a contract and a phone number. I have worked for two different iOS dev shops, and in each case it was either a complete PITA to get devices, or the devs/qa just used their personal devices because there was no other effective way of getting hardware from a corporate procurement point of view. The provisioning has improved over the years, but getting an actual device has been probably the biggest pain in doing corporate iOS work. Hopefully this will make that situation better.
Is your sig a quote from something or original? I kinda like it.
It's a line from Raising Arizona.
'best and most comprehensive production web page profiler out there for any web platform.'
That's a little bit misleading. This project is basically instrumentation that you add to an asp.net 4.0 webapp. It does not seem to be usable by any other kind of webapp. It doesn't even look like it would be easy to port to the other major platforms.