Moreover, Apple is one of the few companies where you can actually talk to one of their tech support people face-to-face. This as opposed to Dell or HP, where you typically wait on hold for two hours while your call is transferred to Bangladesh.
Apple "Genuis Bar" is the sort of support system we should be ENCOURAGING.
"And if it was so secure why did it take less than a week to break it?"
Because it didn't? Developers have had access to the 2.0 firmware for months through iPhone development program and the SDK.
"How exactly is my identity going to be stolen off of my phone...."
Depends on what you keep on your phone. Names and addresses and phone numbers and email addresses and DOBs through Address B ook. Personal information in Notes. Apple store or.Mac or gmail account information. Put a logger on there and it could potentially grab web site user names and passwords and even credit card information via Safari and zip it out the next time it's near a wifi hotspot.
The fact of the matter is that "jailbreak" and "unlocking" software could quite literally install anything it wanted onto your phone. And you wouldn't even know.
They say that they're doing it to promote OSS and to break the "tyranny" of Apple locking the device to AT&T. But who really knows if that's in fact their real motivation?
One could just as easily point out the costs for developing for a Symbian-based smart phone, including buying a PC that runs Windows (fuck that!), buying the phone, getting a contract, registering with Symbian, paying for the tools, and so on.
Now, you could point out that you already HAVE a PC, but then again, I already have a Mac. As has anyone likely to be doing iPhone/Mac XCode/Cocoa development.
Finally, one could also point out that when you're done you'd also have a commercial outlet for your software in the App Store... but that would be looking past the relatively miniscule startup costs to the actual opportunity, now wouldn't it?
And how many businesses can you get into with just $2,350 in startup costs?
Jailbreaking an iPhone for application access and UNLOCKING an iPhone for carrier access are two entirely different things.
Also, as Apple is now requiring in-store activation and a contract for a subsidized phone, jailbreaking the 3G is much LESS relevant than it used to be. (If and when that ever occurs.)
"... my [lack of] understanding is that they can also DELETE stuff from MY phone (not sure the mechanism)."
Obviously. Companies can wipe data off company phones in the event they're lost, stolen, the employee quits, or whatever. This was a stumbling block to getting the iPhone accepted by IT.
"Or if I write an application for personal use I get to install it for $99 (each year) IF Apple says OK."
This assumes you know Objective C and Cocoa and could write a worthwhile iPhone application in the first place. As I doubt that's the case, I don't think it's the major issue you make it out to be.
As is, I suspect you're better off developing for the Google Android platform.... when and if it ever appears, of course.
"I'm having strange traffic from my DHCP server during non-use periods."
Yeah, if you want to be obvious about it, but why assume that anyone intent on doing some kind of mischief is stupid?
What if I add a special signature or byte to a standard DHCP request, which in turn replies with some extra, or altered data? It's now just another DHCP request hidden among millions of others.
And that assumes that I'm spying, and not simply embedding a time bomb to go off on demand. As I illustrated above in a different post, I could do something like that with three harmless looking lines of code squirreled away in the source.
And nothing for a user to trace or see until it detonates and brings down the house...
You forgot the "or a nation-state" part. In fact, didn't I just recently read about the Pentagon worrying about code or instructions slipped into devices and chips from countries like China? And China, in turn, worrying about using software created in the US?
Infrastructure attacks are primary targets, and it's pretty widely acknowledged that cyber-warfare is the next major battleground. And worse, it's one in which nearly anyone can play.
Some people get paid to worry about such things. And all so that other people can "live life" with their heads comfortably buried in their... ah, in the sand.
So I should have said "seemingly innocuous", sue me.
That aside, let's take something like a simple and relatively straightforward check on the length of some parameter. If over, it performs what looks to be a jump to a error handling subroutine using an existing function reference... that's uninitialized. That's three scattered lines of code embedded within thousands or millions, and each, on its own, looks perfectly safe.
Now, wait a few years and flood the net with your oversized parameter and watch servers, routers, or whatever jump to nowhere's ville and crash and burn.
And that's not even TRYING to be devious about it.
The above is not a troll, but a legitimate point. There could just as easily be malicious code hidden somewhere in an open-source distribution as it could be in a proprietary nVidia driver. Not likely in either case, but still possible. And in either case, how would you know?
In fact, if I were a terrorist or a nation-state, I'd consider building a team that becomes a major and prolific contributor to a few high profile OSS projects like, say, Apache or Sendmail.
A few innocuous, well-placed lines of code and suddenly you'd be in a position to shut down half the internet.
This goes back to the original argument, but I'd say that "most" people actually want to be able to use their computers to do what needs to be done.
I'm not too sure what good it does to insist on being "pure" if the result is effectively a non-functional machine that can't talk to video cards, printers, drives, cameras, and who knows what else. In short, a machine that can't do any real work.
Me, I'd rather have a computer than a paperweight...
"Non free software can have backdoors, spyware and other malicious features..."
And you've gone through all of the millions, if not billions of lines of code that make up a typical Linux distribution and you know for a fact that there are no backdoors, spyware or other malicious features hidden away in the OPEN source?
Right.
Most people just pop in the CD or download the installer and let it do its thing. There could be ANYTHING in there, and no one would know it...
You can encrypt anything you want, but in the case of encrypting P2P traffic there's a simple solution: charge per use.
Encrypted or not, an effective P2P torrent system MUST transmit and receive gigabytes worth of data. Encrypted or not, it HAS to move a lot of bytes. It's simply the nature of the beast.
So let ISPs charge for upstream traffic on a per kilo/mega/gigabyte basis, and the whole thing falls apart. More and more users leach instead of seed. And the number of seeds decrease as no one wants to pay the piper for the OTHER person's free copy of Iron Man.
Besides, the government can simply declare the use of encryption for illegitimate traffic illegal in and as of itself. Start broadcasting gigabytes of encrypted data to a myriad of sources (another P2P trait), and HS starts knocking on the door. Or, for that matter, just ban non-commercial use where the endpoint isn't using a registered certificate.
You KNOW the government isn't going to jut sit still and what gigabytes of encrypted traffic flow by. Think of the children...
So true. And I'm not so sure that the OP's original statement about Starship Troopers being "political" is on the money either. Or rather, it is, but getting kids to think about those kinds of things is important. As is introducing them to concepts like duty and honor and responsibility.
Add a firm dash of irreverence and the importance of questioning authority, and they'll be good to go.
I doubt you're doing simultaneous video conferencing to hundreds, if not thousands, of other internet users. Besides, a steady VC or VIOP stream to a couple of people is a completely different pattern than random requests sent to and from from hundreds or thousands of torrents (the "multiple destinations" I mentioned earlier).
So no, I'm NOT talking about blocking your "legitimate" traffic. But you already knew that...
If you want to pay more money to send random encrypted data upstream, feel free. I suspect that we'll soon see US ISPs picking up on an idea coming from Japan's ISPs, and charging more money (and placing caps) on UPSTREAM traffic.
Are you really going to want to pay money out of your own pocket so that everyone ELSE can get free music?
"... fixed prices or tacit collusion to set a certain price-level..."
Got proof? One could just as easily claim that over the years research has shown than consumers will tend pay X for a CD from a band whose popularity is Y. Raise the price to X+1, and sales drop dramatically. Reduce it to X-1, and sales don't increase enough to compensate. And since I can go into a store and buy music at anywhere from $5 to $35, I fail to see proof of "collusion" or a single fixed price level, and in fact do see market forces at work.
Besides, companies always seek to maximize the amount of money they make for X amount of work, just like workers want the best salary and the most benefits that THEY can get for a week's amount of work.
When was the last time that you told your boss that you'd be happy to do the same amount of work for half the money your coworkers are making? And if you're all making the same amount of money for the same amount (and type) of work, then is that collusion? Or simply the free-market evaluation of what your skills are worth?
So get there early, and you're screwed. Get there too late, and you're screwed. And no matter when you get there, the airline is going to charge you $15 for each bag, which means you're screwed anyway.
And with all of the budget cuts, they're not even going to buy you a drink first...
Slashdot Mirror
I have a 2.8 GHz 24" iMac with 4GB/500GB (plus 4TB) and think it's a great machine. Nothing "inferior" about it.
"At least this might raze awareness."
Raze awareness? Raze? As in raze (v): completely destroy?
"And maybe then somebody would care to be educated."
Couldn't resist when this came immediately after the prior sentence.
But here's hoping you raise your own awareness and, at some point in the future, care enough to be educated...
Moreover, Apple is one of the few companies where you can actually talk to one of their tech support people face-to-face. This as opposed to Dell or HP, where you typically wait on hold for two hours while your call is transferred to Bangladesh.
Apple "Genuis Bar" is the sort of support system we should be ENCOURAGING.
"And if it was so secure why did it take less than a week to break it?"
Because it didn't? Developers have had access to the 2.0 firmware for months through iPhone development program and the SDK.
"How exactly is my identity going to be stolen off of my phone...."
Depends on what you keep on your phone. Names and addresses and phone numbers and email addresses and DOBs through Address B ook. Personal information in Notes. Apple store or .Mac or gmail account information. Put a logger on there and it could potentially grab web site user names and passwords and even credit card information via Safari and zip it out the next time it's near a wifi hotspot.
The fact of the matter is that "jailbreak" and "unlocking" software could quite literally install anything it wanted onto your phone. And you wouldn't even know.
They say that they're doing it to promote OSS and to break the "tyranny" of Apple locking the device to AT&T. But who really knows if that's in fact their real motivation?
"... the bright white, unnatural light gives me a headache..."
Yeah, because heating tungsten to over 2000 degrees K is so "natural" in and as of itself....
What iPhone? The OP mentioned AT&T and 3G. And mentioned data and text plans. But she (Kristl) didn't mention the iPhone.
As you say, those could be for ANY smartphone sold by AT&T. Or anyone else, for that matter.
One could just as easily point out the costs for developing for a Symbian-based smart phone, including buying a PC that runs Windows (fuck that!), buying the phone, getting a contract, registering with Symbian, paying for the tools, and so on.
Now, you could point out that you already HAVE a PC, but then again, I already have a Mac. As has anyone likely to be doing iPhone/Mac XCode/Cocoa development.
Finally, one could also point out that when you're done you'd also have a commercial outlet for your software in the App Store... but that would be looking past the relatively miniscule startup costs to the actual opportunity, now wouldn't it?
And how many businesses can you get into with just $2,350 in startup costs?
Jailbreaking an iPhone for application access and UNLOCKING an iPhone for carrier access are two entirely different things.
Also, as Apple is now requiring in-store activation and a contract for a subsidized phone, jailbreaking the 3G is much LESS relevant than it used to be. (If and when that ever occurs.)
"... my [lack of] understanding is that they can also DELETE stuff from MY phone (not sure the mechanism)."
Obviously. Companies can wipe data off company phones in the event they're lost, stolen, the employee quits, or whatever. This was a stumbling block to getting the iPhone accepted by IT.
"Or if I write an application for personal use I get to install it for $99 (each year) IF Apple says OK."
This assumes you know Objective C and Cocoa and could write a worthwhile iPhone application in the first place. As I doubt that's the case, I don't think it's the major issue you make it out to be.
As is, I suspect you're better off developing for the Google Android platform.... when and if it ever appears, of course.
"Not being able to reap insane revenues by billing per-minute for phone calls?"
By that logic they'd never institute free night and weekend minutes, or rollover minutes, or half the other schemes they're doing today.
"I'm having strange traffic from my DHCP server during non-use periods."
Yeah, if you want to be obvious about it, but why assume that anyone intent on doing some kind of mischief is stupid?
What if I add a special signature or byte to a standard DHCP request, which in turn replies with some extra, or altered data? It's now just another DHCP request hidden among millions of others.
And that assumes that I'm spying, and not simply embedding a time bomb to go off on demand. As I illustrated above in a different post, I could do something like that with three harmless looking lines of code squirreled away in the source.
And nothing for a user to trace or see until it detonates and brings down the house...
You forgot the "or a nation-state" part. In fact, didn't I just recently read about the Pentagon worrying about code or instructions slipped into devices and chips from countries like China? And China, in turn, worrying about using software created in the US?
Infrastructure attacks are primary targets, and it's pretty widely acknowledged that cyber-warfare is the next major battleground. And worse, it's one in which nearly anyone can play.
Some people get paid to worry about such things. And all so that other people can "live life" with their heads comfortably buried in their... ah, in the sand.
So I should have said "seemingly innocuous", sue me.
That aside, let's take something like a simple and relatively straightforward check on the length of some parameter. If over, it performs what looks to be a jump to a error handling subroutine using an existing function reference... that's uninitialized. That's three scattered lines of code embedded within thousands or millions, and each, on its own, looks perfectly safe.
Now, wait a few years and flood the net with your oversized parameter and watch servers, routers, or whatever jump to nowhere's ville and crash and burn.
And that's not even TRYING to be devious about it.
"I use Debian, so a team of people have done that for me."
Item 1: You're trusting that team. All it takes is one person to slip in a modified binary or batch of code.
Item 2: The Debian team gathers and bundles hundreds, if not thousands, of other OSS projects.
Item 3: All of those projects have their own teams which are also subject to item number 1.
Like I said earlier. You're engaged in trust, but there's no way the average user is going to EVER know for sure...
The above is not a troll, but a legitimate point. There could just as easily be malicious code hidden somewhere in an open-source distribution as it could be in a proprietary nVidia driver. Not likely in either case, but still possible. And in either case, how would you know?
In fact, if I were a terrorist or a nation-state, I'd consider building a team that becomes a major and prolific contributor to a few high profile OSS projects like, say, Apache or Sendmail.
A few innocuous, well-placed lines of code and suddenly you'd be in a position to shut down half the internet.
"To say GNU has failed would be ridiculous."
Let me know when it's market penetration reaches 1% of all desktops and servers and notebooks.
This goes back to the original argument, but I'd say that "most" people actually want to be able to use their computers to do what needs to be done.
I'm not too sure what good it does to insist on being "pure" if the result is effectively a non-functional machine that can't talk to video cards, printers, drives, cameras, and who knows what else. In short, a machine that can't do any real work.
Me, I'd rather have a computer than a paperweight...
"Non free software can have backdoors, spyware and other malicious features ..."
And you've gone through all of the millions, if not billions of lines of code that make up a typical Linux distribution and you know for a fact that there are no backdoors, spyware or other malicious features hidden away in the OPEN source?
Right.
Most people just pop in the CD or download the installer and let it do its thing. There could be ANYTHING in there, and no one would know it...
Padding the data just means you're paying to send even more bytes....
You can encrypt anything you want, but in the case of encrypting P2P traffic there's a simple solution: charge per use.
Encrypted or not, an effective P2P torrent system MUST transmit and receive gigabytes worth of data. Encrypted or not, it HAS to move a lot of bytes. It's simply the nature of the beast.
So let ISPs charge for upstream traffic on a per kilo/mega/gigabyte basis, and the whole thing falls apart. More and more users leach instead of seed. And the number of seeds decrease as no one wants to pay the piper for the OTHER person's free copy of Iron Man.
Besides, the government can simply declare the use of encryption for illegitimate traffic illegal in and as of itself. Start broadcasting gigabytes of encrypted data to a myriad of sources (another P2P trait), and HS starts knocking on the door. Or, for that matter, just ban non-commercial use where the endpoint isn't using a registered certificate.
You KNOW the government isn't going to jut sit still and what gigabytes of encrypted traffic flow by. Think of the children...
"Though I would argue that dark isn't bad."
So true. And I'm not so sure that the OP's original statement about Starship Troopers being "political" is on the money either. Or rather, it is, but getting kids to think about those kinds of things is important. As is introducing them to concepts like duty and honor and responsibility.
Add a firm dash of irreverence and the importance of questioning authority, and they'll be good to go.
I doubt you're doing simultaneous video conferencing to hundreds, if not thousands, of other internet users. Besides, a steady VC or VIOP stream to a couple of people is a completely different pattern than random requests sent to and from from hundreds or thousands of torrents (the "multiple destinations" I mentioned earlier).
So no, I'm NOT talking about blocking your "legitimate" traffic. But you already knew that...
If you want to pay more money to send random encrypted data upstream, feel free. I suspect that we'll soon see US ISPs picking up on an idea coming from Japan's ISPs, and charging more money (and placing caps) on UPSTREAM traffic.
Are you really going to want to pay money out of your own pocket so that everyone ELSE can get free music?
"... fixed prices or tacit collusion to set a certain price-level..."
Got proof? One could just as easily claim that over the years research has shown than consumers will tend pay X for a CD from a band whose popularity is Y. Raise the price to X+1, and sales drop dramatically. Reduce it to X-1, and sales don't increase enough to compensate. And since I can go into a store and buy music at anywhere from $5 to $35, I fail to see proof of "collusion" or a single fixed price level, and in fact do see market forces at work.
Besides, companies always seek to maximize the amount of money they make for X amount of work, just like workers want the best salary and the most benefits that THEY can get for a week's amount of work.
When was the last time that you told your boss that you'd be happy to do the same amount of work for half the money your coworkers are making? And if you're all making the same amount of money for the same amount (and type) of work, then is that collusion? Or simply the free-market evaluation of what your skills are worth?
"The fact that you checked them early..."
So get there early, and you're screwed. Get there too late, and you're screwed. And no matter when you get there, the airline is going to charge you $15 for each bag, which means you're screwed anyway.
And with all of the budget cuts, they're not even going to buy you a drink first...