There would be little point. OS X is just BSD with some pretty eye candy
I've been a sysadmin for both Macs and *BSD machines for over a decade, and consider that statement ignorant and simple-minded.
MacOS X is a Mach derivative with a mixed userland consisting largely of FreeBSD tools but with some tools acting more like POSIX or SysV varieties and some unique tools. There are BSD-like layers for some kernel interfaces (e.g. sockets,) but the Mach/NextStep heritage of the system is dominant. The driver model is different, kernel modules are different, shared libraries are different, executable binary structure is different, boot procedures are different, job scheduling is different, memory management is different, user and group management is different, etc. What autoconf comes up with and many man pages are very similar, but that's about as far as it goes.
- and you don't need pretty eye candy on a server.
Need? Of course not. I'd even go as far as to say that some of Apple's GUI tools for MacOS X Server are completely pointless to the point of being counter-productive. However, those tools are not mostly intended to run on a server, but to run on a Mac used to manage one or more servers. That said, anyone who prefers configuring gvinum on FreeBSD (a very textual experience) to a GUI storage management tool (e.g. VEA for Veritas Storage Foundation or even Apple's RAID Utility) is a masochist. Some areas of system configuration (like storage layout) lend themselves to visualization and are more prone to error when managed via pure text interfaces.
I also think that it is absurd in 2011 to deride the presence of a GUI on a server. A dozen years ago, Oracle started requiring X11 for its installer. I don't mostly manage Linux machines, but I can't precisely remember the last time I encountered a Linux server that didn't have its console configured as an X11 display of some sort, whether that hooked to a dedicated monitor and keyboard, a KVM, or a virtualization host's software console. Some years ago, I had to delay getting my Solaris sysadmin certification[0] because the test included GUI tools (and all of "my" Sun boxes sat in well-firewalled data centers with serial consoles.) I still manage a bunch of FreeBSD machines where X isn't even installed, but they are somewhat unusual. And as much as it hurts me to admit, Windows is here to stay as a server platform and no one sane tries to manage it without a GUI.
[0] not all that meaningful except when someone else is silly enough to pay for it.
A) Which of the founders of Paypal was libertarian? [citation needed]
Peter Thiel at least, see http://en.wikipedia.org/wiki/Peter_Thiel and chase the references as you see fit. Elon Musk IMHO as well, whether he calls himself a libertarian today or not.
Background: Thiel was the concept & money guy at Confinity, the company that originated the PayPal brand and their consumer-facing service. Musk founded X.com, which had a slightly different focus, useful backend tricks, and more product ideas. The two companies merged within months of their foundings, under the X name initially. However, it was the PayPal brand and service which made them viable and attracted eBay to buy the company.
Paul Venezia explains why you should almost never reboot a Unix server,
Of course, that is not quite what the actual article really says. It's really just about breaking the habit that Windows "admins" have of using reboots as a means to clear up mysterious trouble. IMHO that habit marks one as a "operator" at heart rather than a sysadmin, but I digress...
In addition, even what Venezia does say goes a bit too far, stating that anything short of a security problem in the kernel proper shouldn't be an excuse for a reboot. In the real world, many cases of rebooting after non-kernel updates may be technically unnecessary but as a practical matter the reboot is the safest approach. It may be theoretically possible to track down each changed shared library, kernel module, or config file and determine all of the running processes thast are dependent on them all and manually shot down and restart each one in proper order, but attempting that is far more likely to cause extended dysfunction than a straight reboot after making major updates. There are also performance tuning issues that can force a reboot just to change a kernel parameter. Finally, on some platforms (notably Solaris) it is possible for pathological software (notable Oracle) to micro-manage memory in ways that over time cause the kernel's memory map to be an unmanageable jumble of tiny free, allocated, and locked blocks around a few big locked islands such that the performance of an exec or a context switch is degraded significantly. The only ways out are a de facto reboot (take everything using memory down and then restart it all manually) or a real reboot. With a real reboot you can be sure to avoid human error and you get a POST cycle as well.
Actually, there are really only two requirements for a national currency:
- The government accepts is in payment of taxes.
- The military accepts it as wages
Everything else is fluff.
More important then whether the military accepts it as wages are that:
Farmers accept it as payment for food
Police accept it as wages
Lenders accept it as payment for debts
Ultimately, if it buys food then everything else should follow. Lose the acceptance of money for food, and you lose the ability to have anything like a city or a technological culture.
Because I'm hard-science light.. I thought c was considered an boundary of some sort.. would this imply the ability for matter to travel faster then c?
There's not a perfect consensus on how to describe the trap door here...
The DMZ of first-level handwaving is to call an early phase the "inflationary epoch" where the basic structure of space-time expanded at a significant rate and effectively pushed most parts of the universe past the c-limited visibility limit of most other parts. That was a VERY early period that lasted less time than anything we can time. One way of looking at it (heretical) is that the universe came into existence (POOF!) at a size larger than something travelling at c could cross. By the end of the first milli-micro-nano-nanosecond the "inflation" was done.
Not that this matters.
No one reading this can know with anything like certainty what became of the parts of the universe that inflated past the c horizon in the first 10^-32 second of existence. It is out there. It exists. I think. Maybe. Wanna bet?
Not mattering means that this is a great area for people who really want to know to conjecture about what is in an area that can't ever (as far as they can theorize) ever be known. In that context, it might be ~250x as big as we can see. Or it might not be there at all. I believe in Bayesian analysis and hence believe that it is 250x as big as we can possibly imagine it ever being. Therefore, I (you, they, anyone who could matter...) can't really know
WANNA BET, BEEEEAOOOTCHES?!?!?
I should add: I don't have any formal physics or math credentials beyond A+'s in 5xx level courses, and we all know that 5xx means REJECT. I'm a sysadmin who reads. Take it for what it is worth. That would be nothing. Read, you stupid fucks.
Ahead in manufacturing tech, maybe. Architecture? Who made x64?
That's a bit like saying ford is the worlds greatest motor company because of the Model T, and then neglecting to notice the failures of it's recent business practices.
That's a spectacularly ignorant statement.
Ford is the only one of the "Big 3" US-based auto manufacturers that has not been put through a bankruptcy backed by government financing. They took steps well ahead of the financial meltdown to turn as much of their non-performing assets into liquidity (e.g. the blue oval trademark is collateral for a big fat loan, or put more harshly: they hocked the family jewels.) Bill Ford recognized that his name didn't mean he was the best strategic manager for the company and hired Alan Mulally to be CEO. They have jettisoned low-margin operations on their own terms and are making very good cars. They also offer the unchallenged best system offered by any manufacturer anywhere for car/{phone,media player,PDA} integration. I hate to admit that last bit because they are getting a lot of that from MS and I absolutely despise MS, but facts are facts. Ford's product pipeline and management are the envy of the auto industry: not just the resuscitated GM and Chrysler, but everyone. Do you think Ford's recent business practices don't mark them as the gem of US automakers? Do you think their record in the past 5 years isn't a greater feat than the Model T? If so, you're an idiot.
And sure, I'm biased. As of last month, my wife is a Ford employee. She was a contractor for them for longer than the dozen years I've known her and has made it through at least 3 rounds of "headcount reductions" since 2000 as Ford did what it needed to do to survive.
Nobody is accusing net-booting of being new. It would certainly be new, and weird for Apple though if there is any truth to it.
Not really. MacOS X Server has never NOT offered what they call NetBoot, and if one can read docs and type into a shell, one does not need the "Server" distribution/license because all of the server software for NetBoot except for the GUI config tool is part of the regular MacOS X. All "New World" (iMac and later) Macs have an OpenFirmware boot ROM that supports NetBoot, and the MacOS X server can provide clients with images of MacOS as old as v8.5. See the many links given by http://www.google.com/search?q=MacOS+NetBoot for more info.
Just as with its relatives (Sun's Jumpstart and RH's Kickstart) the most common use of NetBoot is for provisioning systems: booting an installer image and installing the OS onto a local disk. However, there are sites (such as educational settings where a roomful of Macs all need to act identically) where clients run on the NetBoot image all the time.
I really doubt that they would agree to something likely to put them out of business unless they were coerced.
I haven't been following things, but my presumptions are:
1) the business is (essentially) innocent
2) there was no warrant
3) The FBI used "main force"
4) They'll get away with it again
Will they find evidence? Maybe. Did they shut down the business? Almost certainly.
That said, these are initial presumptions.
In other words: you didn't even glance at anything besides the/. blurb.
(hint: you are simply and objectively wrong.)
But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.
Working quietly with an ISP and/or DC fails in the primary goal of this sort of raid: being outrageous enough to get media attention.
The major tool of law enforcement in a situation like this is fear. They know that "Operation Payback" isn't like a spamming or commercial extortion bot net, in that it is not controlled by anyone in a technical sense. That makes it essentially impossible to take out by taking a few machines sitting in DC's hosting IRC channels or even by taking over those machines and watching the traffic. Operation Payback is more a human network than it is a computer network, so law enforcement strategy has to be about scaring off the people rather than dismantling the technology.
Your title is a lie. In the article you link, Schmidt says absolutely nothing of the sort.
White House cyber-security coordinator Howard Schmidt: "We've seen over time street protests in cities that shut down traffic, and this is not dissimilar in the online world. There may be a disruption for a short period of time, but the bottom line is we continue to work to make sure that the impact is minimal."
People get arrested, tried, and convicted of criminal offenses committed as part of street protests. That statement means nothing like "DDOS is not a crime" but rather something more like "We will handle these protestors as harshly as we've handled G20 protestors since Seattle."
Besides, if this man can't protect the child, what's the first husband going to be able to do, since she clearly has custody?
Um, perhaps he could take the e-mails to court and try to get custody?!
Which is exactly what Hubby #1 did. It is not hard in Michigan to get the issue of custody re-opened, and this Mom would be an ideal poster girl for that.
As an AC posted above, the likely reason for the felony charge is because that's the only way his bitch ex gets more than half of the community property. This isn't about justice; far from it.
That is not a possible consideration at this point, since Michigan is not a community property state and the divorce is already final. Whatever property they held in common has already been split and that division (which may not have been 50/50) can't be re-done. You are also essentially accusing the prosecutor of rather serious misconduct, since ultimately only a prosecutor can make the decision to prosecute on a criminal charge and that shouldn't ever be done to influence private civil cases.
Wait, are we asking whether reading your spouse's email IS a crime (in Michigan, at least), or whether it OUGHT to be a crime?
Whether it is a crime depends on the way the statute in question was written. I haven't even so much as read it, myself, and I'm quite happy with letting a court figure out whether the statute really covers what happens: that's precisely what we have courts for, after all. Of course, IF it is found that it IS indeed a crime, then we need to ask ourselves whether it OUGHT to be a crime (and the answer is not necessarily an immediate "yes" or "no") and, if necessary, have the law changed.
Based on the quotes in the article, the charge seems to under the MI law that mirrors the catch-all federal law forbidding access which is unauthorized or exceeds authorization to essentially any computer attached to the Internet. AFAICT, neither the federal law nor any of the state laws mimicking it has had problems on basic principles, but there can be specific facts that make a difference. The linked article makes it pretty clear that relevant facts are in dispute, and that he had a sound altruistic concern beyond just snooping on his wife.
Considering that when you are married, in terms of property rights, you are considered a single legal entity,
I have no idea what medieval backwater you live in, but that IS JUST NOT TRUE here in Michigan, where this story comes from and where I have lived as a married man for the past 12 years .
It was not true in Missouri for the 30 years I lived there.
It was not true in Illinois for the 5 years I lived there.
I honestly don't see how this would stand up in court.
Since Michigan has no courts following 19th century law, your lack of comprehension is not particularly relevant.
It is far more likely that this will hinge on more subtle factual issues that were touched on in the linked Freep article, at least in a stenography sense. Both the prosecutor and the defense attorney gave hard-spin quotes that zoomed over the head of the reporter, who apparently wasn't ready to be doing real journalism involving complicated things like the Internet and law. My bet would be that the guy didn't need to use any of his "wonderful skills" to get into his wife's email. If she really did leave all her passwords written down near the computer, the prosecutor had best make sure to get a judge and jury who dont use those newfangled compooter things. If the facts are as he seems to have claimed to the reporter, any half-decent defense lawyer could get him acquitted.
I wonder how much this removal of water from the rocks depends on the earth having a hot mantle?
None of the *removal* depends on a hot mantle...
If the mantle were cooler, then the water would stay there instead of being cooked out as steam and being able to re-condense else where. This is massively speculative of course -
It is also ignorant of the real interaction of water with silicate magmas. Short form: it is not what you think.
but could part of the reason mars no longer has a liquid ocean be that since the planet has cooled now, all it's water is locked up back in the rocks again? Is the fact that we have a hot interior on our planet the main driving factor that allows us to have a liquid ocean?
Not really. Freezing a silicate magma that is saturated with water releases water, so cooling a molten blob that has a makeup roughly like that of Earth or Mars frees up water (initially as water vapor, at least at surface pressures and silicate-freezing temperatures) that had been dissolved in the magma. The problem at that point is holding on to the water vapor. Earth has held it as a result of being heavier and having a large semi-molten iron core whose complex spin creates a strong magnetic field. That field deflects the solar wind, protecting the atmosphere from a constant ionizing blast. On Mars, the solidified core offers no protection and the solidified mantle long ago finished releasing of all of the water it held, so over time the solar wind essentially blasted away the bulk of the atmosphere, including most of the water.
However, a hot mantle is a feature of an Earth/Mars type planet that can have a stable surface hydrosphere. The hot mantle implies a core that can sustain a strong magnetic field and it holds a reserve of water that it will release to the surface as it (inevitably) cools. Looked at another way, it provides an input of water to a surface hydrosphere and will always exist in the presence of the one feature we know of which can slow the loss of water to space.
If you took a few minutes to follow the links and read the actual bill, you'd know that to be the wrong question.
Domain name - I'll change my domain, and out of blacklist/their retardedness
YOU are almost certain not to be subject to the law. Go read it.
IP address - ISP's are going to get hurt here, unable to use one of their ip addresses (or for shared hosting ?....maybe?) just buy a new one
IP address blocks - ISPs and legal sites going to be hit hard.
on another note, I'd like to say how stupid "COICA" sounds. that is all.
Oh, I'm sorry. I see now that my assumption that you were older than 6 seems to have been wrong.
The/. article and its title were clearly written by idiots or worse, because there is no "blacklist" and the last sentence of the article is simply false. The bill makes domain names subject to forfeiture if they are used for sites which are "dedicated to infringing activities" and the definition of that boils down to commercial piracy operations. The target isn't casual sharers or even operations like Pirate Bay, it is operations selling bootleg disks and clothing with unauthorized trademarks on them. That's where the big money is.
If there was no government and no congress, then there would be no COICA. And no COICA would mean no way for the Corporations from stealing our stuff.
No government also would mean no domain name system and ultimately no Internet, so the "stuff" involved here wouldn't even exist. Even ignoring the history of the net, the US government owns the pre-ICANN gTLD's and.us, so anyone with a domain under those TLD's is really just a tenant, not an owner of something that can be stolen. Beyond that, corporations themselves are a creation of the state. They were invented in law so that people with money could pool some of it together as capital to back large risky business ventures from which they could share profits without bearing full responsibility for liabilities. In other words: corporations were invented by the state to spare rich people from responsibility for their errors and/or misbehavior. Whatever one thinks about COICA, it is just a proposed new rule for a game that is almost entirely the creature of the state. Criticizing it narrowly as an overreach of government is not rational. The domain name forfeiture provision only applies to the parasites who depend on the broken "intellectual property" system as much as anyone trying to enforce a patent, trademark, or copyright, but who try to make money by violating the rules of that system. Maybe some people consider being a parasite a right, but I don't.
So what you should be railing against is a powerful government, which is being used to suppress the citizenry. THAT is what Randists are doing.
There are no real "Randists" seriously involved in US Federal electoral politics, and few at any level in the US. The closest imposter would be Alan Greenspan, whose career was a spectacular example of exhibitionist intellectual masochism: a claimed follower of Rand manipulating the global economy for the supposed common good of the USA. That must have stung... Ayn Rand was at best a utopian fool. Perhaps if humanity was dominated by people with varied degrees of Autism and no mental maturity beyond the average college freshman, her blather would be relevant and useful in understanding the world. As it is, it is only useful in understanding a modern strain of political charlatanism that is practiced by people like the Pauls and many others in the modern GOP.
When followers of Rand and other self-identified Libertarians start making serious efforts to dismantle corporatism, I'll be able to take seriously the idea that they aren't disingenous or fools or both.
The easy solution would be a "use it or lose it" rule where the ownership of a domain that is just parked will be revoked when someone else would like to register it.
It is non-trivial to define "parked" in regards to a domain name in a way that is fair. I have 2.com domains registered. One I've used since the price of a.com name was writing a justification memo to the InterNIC. I registered the other one in the late 90's when I thought I might want to migrate off the old one (complicated story) but I've never done so. My old registrar consideredd both of those domains "parked" simply because I didn't use their DNS servers for either of them, but in fact the old domain was and is in constant use while the newer one mostly has just had a stub DNS zone. I have held on to that name because I know that I *MAY* at some point want to have a domain name that is more market-friendly than the one I've used forever. Not all possible names are equal, and for over a decade I've paid to hold a claim on the name I would like to have IF I am in a position where I want to have one that people can remember and spell. Am I using the name? I would argue that I am, because I have a contingency plan that relies on it being available to me. At less than $1 per month, it is a cheap piece of insurance.
I think a much better approach would be to regulate registrar practices more tightly to fully eliminate "tasting" and to keep registrars out of the domain speculation and hostage-taking business. New registrations should cost at least twice as much as renewals. Once a freshly registered name has NS records published, the registration fee should be non-refundable. Expiration of a registration should have a uniform result between all registrars: glue NS and whois records should be *deleted* on the day of expiration and after a short grace period the name should revert to the "virgin" pool available equally to all registrars. A registrar should not be able to sell any name for more than what it charges for a new registration of a name.
I have a real problem with a technically-minded company like Google "accidentally" logging that kind of information. Even if it was an accident, they need to be punished for that through fines or something
Based on what? Your feelings?
There is very little codified legal privacy protection in the US. The FTC can't invent new law out of thin air and your "problem" with Google. In this specific case, it is hard to argue rationally that Google did anything wrong. They captured unencrypted radio signals using an open standard encoding. The idiot "victims" might as well have been posting all of the captured secrets to a foot-high scrolling LED ticker on the front of their homes. The only meaningful difference is the wavelength of the EM radiation...
(as other companies have been punished for their privacy breaches)
Cite, please. What company has been punished by the FTC for a privacy issue? A finger-wagging and agreement to sin no more doesn't count. That's what Google got.
You have to hold companies with this much power and information accountable. Basically, you have to keep them in line and remind them to be on their toes at all times.
I don't disagree, but that's a call for the passage of laws that currently DO NOT EXIST in the US. A corporation can't keep "in line" without a definition of a line. Capturing unencrypted radio signals in inside the line as it stands.
--
You risk your karma if you criticize Google, piracy, or liberalism on Slashdot.
It was probably easier to record the WiFi and store it as it is than try and outfit all 50,000 vehicles with enough computing power to be able to actually analyze the signal and pull out the MACs and SSIDs. More like it was just recorded on a tape and brought back to a computer center where the tape was then analyzed in a central location.
Tape is quaint.
But, Yes. Anyone with a scientific mindset knows that when you are in a position to collect data is NOT the time to refrain from collecting data. Even if you are 99% certain that you will never want 99% of what you can collect: when you are able to collect the data, collect everything you can. If you are Google, you buy disks by the truckload and you have hired a bunch of people who recently spent what should have been the best years of their lives in labs. They know that you store all the data when you can, and analyze it later. They know that a year after the wifi geolocation project is done, someone will wish they had some other information that can be teased out of a couple of seconds of raw wifi capture from a bazillion locations.
GPS would give them the same data, though. It's just a matter of being able to use WiFi instead of or to augment GPS data. In short, they had a solution, thought it'd be cool to use another, now are in hot water.
You are misunderstanding the point of collecting the MAC/SSID info. It isn't for their StreetView vehicles to get a location instead of using GPS, it is to build a database that can be used as the basis of a geolocation service that will work for devices without GPS but with Wifi. They've discussed that as the reason for the data collection and they have that service working. It is a highly useful standard part of Android, referred to as "coarse location" and it works with an Android phone's GPS radio off or in a building where it can't get a GPS fix. They also have a demo site that is usable by a desktop machine with one of the right browsers. Google is the second operator of such a service; the first was SkyHook, which was used by the early iPhones that lacked GPS. I can see 3-6 Wifi signals (all secured) other than my own from my desk in my home, and both Google and SkyHook map my desktop as being about 50' east of where it actually is, as the center of a 30 meter circle of uncertainty.
Google is very unlikely to be in "hot water" in any significant way for this, at least in the US. The FTC has already completed an investigation and cleared them of violating our virtually non-existent privacy laws. Why anyone at the FCC thinks they might have something actionable here is mystifying, since there is settled law protecting even intentional receiving of unencrypted radio transmissions. Google was slurping up everything they could recognize as Wifi signal, and a fair chunk of that turned out to be unencrypted.
don't get me wrong. I'm not saying that Apple shouldn't fix the design issue here, they should. But this is a UI design problem more than it is really a security problem. A wisely designed app that needs this functionality can ask for user authorization, but only after it has been launched and put in the foreground. Apple should generalize the integration they use in their own apps to a system-level feature that asks the user for authorization before switching apps whenever an OpenURL is sent that would switch apps. Let apps request quiet switching in their Info.plist and let users toggle that on a per-scheme basis. In the interim, they should go through the app store and remove every app that registers an URL scheme which it handles to do something risky without user authorization.
So, in your recommended solution, the user would click a "skype://" link and Safari would prompt him with a necessarily generic message such as "You are about to launch Skype, are you sure?" And when the user confirms this, then Skype would launch and prompt the user with a domain-specific message such as "Call: 1-900-xxx-xxxx - This call may incur additional costs. Are you sure?"
Two clicks for the price of one. Yes, that's the kind of Apple human-computer interface we all know and love.
A quarter century of experience with Apple's HIG has taught me that "know and love" is not really a suitable phrase. That implies something like a monogamous spousal relationship, while the reality for Apple customers and developers is more like being regulars at the Moonlight Bunny Ranch...
What I'm suggesting is that currently apps have a responsibility to do their own authz dialogs because nothing else does. Ultimately an app that does potentially risky/costly things depending on the specifics of the passed URL will always have to do that unless Apple creates a means of registering a parser to translate an URL to the text of an authz request. Because apps are written and used by populations large enough to each follow Sturgeon's Law, the right thing for Apple to do given the established architecture is to add a default behavior of asking before switching apps with an API that lets apps suppress that (i.e. if they are going to need to ask anyway) and a UI that lets users tweak behavior to their liking. If Apple had done this right from the start, thinking first about the UI and working back to a more robust API, they could have created a better system. It's too late for that, because the UI now is broken whether apps actually handle their authz issues or ignore them and there are scores of apps written to the existing system.
No, this is not a iOS security vulnerability. Safari, nor the operating system, has any way to know whether the resource offered to the external application is exploitable. Except of course when the external application is provided by the OS itself or by an application included in the built-in suite; such as the example of the "tel://" protocol scheme.
For the confirmation message to be meaningful, it must be presented by the target application--which has intimate domain and context knowledge of the resource.
I would expect Apple to take the easy approach of just asking the user to approve the app switch as you describe, but it really wouldn't be all that hard conceptually for them to provide a better backward-compatible extension of the scheme "registration" mechanism for apps whose scheme isn't intentionally obfuscated. There could be a couple more optional attributes in the Info.plist: a regex that picks out critical attributes from an URL and a format string for turning those attributes into an authz question for the user. If they had thought about this issue earlier, they might have required apps to provide their own free-standing authz functions that could be run before switching apps, but that would probably not be welcomed by developers at this point.
That is false. Most apps do not register URL handlers.
Should the small minority of apps that register URL handlers be trusting that when they get a URL tossed at them, the user knows and approves of the app being opened for that purpose? Of course not. That would be inconsistent with how iOS is documented to operate. Safari or any other app sending an OpenURL message has no way to know whether a particular URL scheme has a potentially risky handler on the other end. An app that receives an HandleOpenURL message knows what its URL scheme does and knows whether handling a particular URL might be risky. Some developers seem to be making use of the opacity of that mechanism.
It's definitely Apple's problem. Skype could have been really awesome fixed the problem on their end, but that would not have solved the problem for the 200,000 other apps that can be launched this way.
Where do you get that number? The biggest list of registered URL schemes I can find seems to have about 140 listed ("seems" = a crapulous website showing ~10 per page, 14 pages.) Most apps would have no need to register an URL scheme.
Skype dropped the ball here. Their app is doing something potentially costly in response to a system message that Skype knows the user might not have knowingly initiated. The app should be asking the user for authorization before initiating the call. Doing that would be more accurately described as "minimally competent" than "really awesome" unless you consider elementary security awareness "really awesome."
I don't get me wrong. I'm not saying that Apple shouldn't fix the design issue here, they should. But this is a UI design problem more than it is really a security problem. A wisely designed app that needs this functionality can ask for user authorization, but only after it has been launched and put in the foreground. Apple should generalize the integration they use in their own apps to a system-level feature that asks the user for authorization before switching apps whenever an OpenURL is sent that would switch apps. Let apps request quiet switching in their Info.plist and let users toggle that on a per-scheme basis. In the interim, they should go through the app store and remove every app that registers an URL scheme which it handles to do something risky without user authorization.
The blind faith many people seem to put in Assange confuses the hell out of me. He pissed off the United States, so any and all allegations against him are automatically baseless?
Automatic? Hardly. Allegations about a type of crime where fact determination is frequently unreliable, disclosed by a prosecutor in a place where such a disclosure is extremely unusual and potentially illegal, and then halfway backed down from. That smells funny. The initial accusation of a violent crime and backing off to a class of offense that may well be unique to Sweden (something like "deception in pursuit of casual sex" ) smears him in a way that can't really be countered. As a PR issue, it doesn't matter what actually happens with the charges now. It is hard to imagine a more perfect political takedown of someone whose political influence is entirely grounded in the careful marketing of political ideas rather than wealth or power.
It is also an overstatement to say that people who are skeptical of how the allegations against Assange have been handled all see them as baseless or are skeptical out of faith in Assange, blind or otherwise. Assange's narcissism was obvious (and noted by people basically on his side) long before this little drama. The nuanced responses to the allegations from him and Wikileaks as an organization seem to effectively admit that he's at least a sportfucker and probably a bit of a cad. Whatever sexual morals one believes in, as a practical matter either of those makes him vulnerable to PR attacks grounded in fact, and he should have recognized that. It is not contradictory to believe both that Assange is a deeply flawed person and that the way the sexual misconduct allegations against him have been handled shows signs of him being targeted for smearing.
By those standards, all anti-US terrorists in US history are automatically innocent.
As an objective matter, the overwhelming majority of people who have been specifically accused of being anti-US terrorists in the past 9 years had those accusations dropped unilaterally without any serious hearing of the accusations and of those eventually tried for anything and convicted, a minority have been convicted of crimes that can reasonably be called terrorism. So based on recent history, being accused of anti-US terrorism correlates to being innocent and even for the not-entirely-innocent it correlates to not being a terrorist.
Once upon a time, there was a country that made the presumption of innocence part of its supreme law. Whether that country still exists is a matter of heated but quite serious debate.
As anyone who actually uses IMAP can tell you, it bogs down quickly on large mailboxes, violating the poster's requirement about b)
Not true. Not absolutely false, either. IMAP is an access protocol, not a storage or indexing mechanism, and there is nothing inherent in IMAP that dooms it to be slow in handling large mailboxes. Different combinations of client and server, configurations, and mailbox content and usage can make huge differences in performance. Tens of thousands of messages in a single IMAP folder on a memory-lean server that uses Maildir storage on a UFS or ext2 filesystem with atimes enabled is going to suck horribly, especially with a client that doesn't cache heavily or maintain its own indices. Make that a mbox, and it will work great until you start trying to change it every couple of seconds.
Slashdot Mirror
There would be little point. OS X is just BSD with some pretty eye candy
I've been a sysadmin for both Macs and *BSD machines for over a decade, and consider that statement ignorant and simple-minded.
MacOS X is a Mach derivative with a mixed userland consisting largely of FreeBSD tools but with some tools acting more like POSIX or SysV varieties and some unique tools. There are BSD-like layers for some kernel interfaces (e.g. sockets,) but the Mach/NextStep heritage of the system is dominant. The driver model is different, kernel modules are different, shared libraries are different, executable binary structure is different, boot procedures are different, job scheduling is different, memory management is different, user and group management is different, etc. What autoconf comes up with and many man pages are very similar, but that's about as far as it goes.
- and you don't need pretty eye candy on a server.
Need? Of course not. I'd even go as far as to say that some of Apple's GUI tools for MacOS X Server are completely pointless to the point of being counter-productive. However, those tools are not mostly intended to run on a server, but to run on a Mac used to manage one or more servers. That said, anyone who prefers configuring gvinum on FreeBSD (a very textual experience) to a GUI storage management tool (e.g. VEA for Veritas Storage Foundation or even Apple's RAID Utility) is a masochist. Some areas of system configuration (like storage layout) lend themselves to visualization and are more prone to error when managed via pure text interfaces.
I also think that it is absurd in 2011 to deride the presence of a GUI on a server. A dozen years ago, Oracle started requiring X11 for its installer. I don't mostly manage Linux machines, but I can't precisely remember the last time I encountered a Linux server that didn't have its console configured as an X11 display of some sort, whether that hooked to a dedicated monitor and keyboard, a KVM, or a virtualization host's software console. Some years ago, I had to delay getting my Solaris sysadmin certification[0] because the test included GUI tools (and all of "my" Sun boxes sat in well-firewalled data centers with serial consoles.) I still manage a bunch of FreeBSD machines where X isn't even installed, but they are somewhat unusual. And as much as it hurts me to admit, Windows is here to stay as a server platform and no one sane tries to manage it without a GUI.
[0] not all that meaningful except when someone else is silly enough to pay for it.
A) Which of the founders of Paypal was libertarian? [citation needed]
Peter Thiel at least, see http://en.wikipedia.org/wiki/Peter_Thiel and chase the references as you see fit. Elon Musk IMHO as well, whether he calls himself a libertarian today or not.
Background: Thiel was the concept & money guy at Confinity, the company that originated the PayPal brand and their consumer-facing service. Musk founded X.com, which had a slightly different focus, useful backend tricks, and more product ideas. The two companies merged within months of their foundings, under the X name initially. However, it was the PayPal brand and service which made them viable and attracted eBay to buy the company.
Paul Venezia explains why you should almost never reboot a Unix server,
Of course, that is not quite what the actual article really says. It's really just about breaking the habit that Windows "admins" have of using reboots as a means to clear up mysterious trouble. IMHO that habit marks one as a "operator" at heart rather than a sysadmin, but I digress...
In addition, even what Venezia does say goes a bit too far, stating that anything short of a security problem in the kernel proper shouldn't be an excuse for a reboot. In the real world, many cases of rebooting after non-kernel updates may be technically unnecessary but as a practical matter the reboot is the safest approach. It may be theoretically possible to track down each changed shared library, kernel module, or config file and determine all of the running processes thast are dependent on them all and manually shot down and restart each one in proper order, but attempting that is far more likely to cause extended dysfunction than a straight reboot after making major updates. There are also performance tuning issues that can force a reboot just to change a kernel parameter. Finally, on some platforms (notably Solaris) it is possible for pathological software (notable Oracle) to micro-manage memory in ways that over time cause the kernel's memory map to be an unmanageable jumble of tiny free, allocated, and locked blocks around a few big locked islands such that the performance of an exec or a context switch is degraded significantly. The only ways out are a de facto reboot (take everything using memory down and then restart it all manually) or a real reboot. With a real reboot you can be sure to avoid human error and you get a POST cycle as well.
Actually, there are really only two requirements for a national currency:
- The government accepts is in payment of taxes. - The military accepts it as wages
Everything else is fluff.
More important then whether the military accepts it as wages are that:
Ultimately, if it buys food then everything else should follow. Lose the acceptance of money for food, and you lose the ability to have anything like a city or a technological culture.
Because I'm hard-science light.. I thought c was considered an boundary of some sort.. would this imply the ability for matter to travel faster then c?
There's not a perfect consensus on how to describe the trap door here...
The DMZ of first-level handwaving is to call an early phase the "inflationary epoch" where the basic structure of space-time expanded at a significant rate and effectively pushed most parts of the universe past the c-limited visibility limit of most other parts. That was a VERY early period that lasted less time than anything we can time. One way of looking at it (heretical) is that the universe came into existence (POOF!) at a size larger than something travelling at c could cross. By the end of the first milli-micro-nano-nanosecond the "inflation" was done.
Not that this matters.
No one reading this can know with anything like certainty what became of the parts of the universe that inflated past the c horizon in the first 10^-32 second of existence. It is out there. It exists. I think. Maybe. Wanna bet?
Not mattering means that this is a great area for people who really want to know to conjecture about what is in an area that can't ever (as far as they can theorize) ever be known. In that context, it might be ~250x as big as we can see. Or it might not be there at all. I believe in Bayesian analysis and hence believe that it is 250x as big as we can possibly imagine it ever being. Therefore, I (you, they, anyone who could matter...) can't really know
WANNA BET, BEEEEAOOOTCHES?!?!?
I should add: I don't have any formal physics or math credentials beyond A+'s in 5xx level courses, and we all know that 5xx means REJECT.
I'm a sysadmin who reads. Take it for what it is worth. That would be nothing. Read, you stupid fucks.
Ahead in manufacturing tech, maybe. Architecture? Who made x64?
That's a bit like saying ford is the worlds greatest motor company because of the Model T, and then neglecting to notice the failures of it's recent business practices.
That's a spectacularly ignorant statement.
Ford is the only one of the "Big 3" US-based auto manufacturers that has not been put through a bankruptcy backed by government financing. They took steps well ahead of the financial meltdown to turn as much of their non-performing assets into liquidity (e.g. the blue oval trademark is collateral for a big fat loan, or put more harshly: they hocked the family jewels.) Bill Ford recognized that his name didn't mean he was the best strategic manager for the company and hired Alan Mulally to be CEO. They have jettisoned low-margin operations on their own terms and are making very good cars. They also offer the unchallenged best system offered by any manufacturer anywhere for car/{phone,media player,PDA} integration. I hate to admit that last bit because they are getting a lot of that from MS and I absolutely despise MS, but facts are facts. Ford's product pipeline and management are the envy of the auto industry: not just the resuscitated GM and Chrysler, but everyone. Do you think Ford's recent business practices don't mark them as the gem of US automakers? Do you think their record in the past 5 years isn't a greater feat than the Model T? If so, you're an idiot.
And sure, I'm biased. As of last month, my wife is a Ford employee. She was a contractor for them for longer than the dozen years I've known her and has made it through at least 3 rounds of "headcount reductions" since 2000 as Ford did what it needed to do to survive.
Nobody is accusing net-booting of being new. It would certainly be new, and weird for Apple though if there is any truth to it.
Not really. MacOS X Server has never NOT offered what they call NetBoot, and if one can read docs and type into a shell, one does not need the "Server" distribution/license because all of the server software for NetBoot except for the GUI config tool is part of the regular MacOS X. All "New World" (iMac and later) Macs have an OpenFirmware boot ROM that supports NetBoot, and the MacOS X server can provide clients with images of MacOS as old as v8.5. See the many links given by http://www.google.com/search?q=MacOS+NetBoot for more info.
Just as with its relatives (Sun's Jumpstart and RH's Kickstart) the most common use of NetBoot is for provisioning systems: booting an installer image and installing the OS onto a local disk. However, there are sites (such as educational settings where a roomful of Macs all need to act identically) where clients run on the NetBoot image all the time.
I really doubt that they would agree to something likely to put them out of business unless they were coerced.
I haven't been following things, but my presumptions are:
1) the business is (essentially) innocent
2) there was no warrant
3) The FBI used "main force"
4) They'll get away with it again
Will they find evidence? Maybe. Did they shut down the business? Almost certainly.
That said, these are initial presumptions.
In other words: you didn't even glance at anything besides the /. blurb.
(hint: you are simply and objectively wrong.)
But more than that, why raid a datacenter? Why not work with the datacenter to get what they need and minimize an outage for any other custemers. It is like the FBI treats datacenters and ISP's as bad actors and doesn't trust that they aren't in on the crime which I think is rather outrageous.
Working quietly with an ISP and/or DC fails in the primary goal of this sort of raid: being outrageous enough to get media attention. The major tool of law enforcement in a situation like this is fear. They know that "Operation Payback" isn't like a spamming or commercial extortion bot net, in that it is not controlled by anyone in a technical sense. That makes it essentially impossible to take out by taking a few machines sitting in DC's hosting IRC channels or even by taking over those machines and watching the traffic. Operation Payback is more a human network than it is a computer network, so law enforcement strategy has to be about scaring off the people rather than dismantling the technology.
White House cyber-security coordinator Howard Schmidt:
"We've seen over time street protests in cities that shut down traffic, and this is not dissimilar in the online world. There may be a disruption for a short period of time, but the bottom line is we continue to work to make sure that the impact is minimal."
People get arrested, tried, and convicted of criminal offenses committed as part of street protests. That statement means nothing like "DDOS is not a crime" but rather something more like "We will handle these protestors as harshly as we've handled G20 protestors since Seattle."
Besides, if this man can't protect the child, what's the first husband going to be able to do, since she clearly has custody?
Um, perhaps he could take the e-mails to court and try to get custody?!
Which is exactly what Hubby #1 did. It is not hard in Michigan to get the issue of custody re-opened, and this Mom would be an ideal poster girl for that.
As an AC posted above, the likely reason for the felony charge is because that's the only way his bitch ex gets more than half of the community property. This isn't about justice; far from it.
That is not a possible consideration at this point, since Michigan is not a community property state and the divorce is already final. Whatever property they held in common has already been split and that division (which may not have been 50/50) can't be re-done. You are also essentially accusing the prosecutor of rather serious misconduct, since ultimately only a prosecutor can make the decision to prosecute on a criminal charge and that shouldn't ever be done to influence private civil cases.
Wait, are we asking whether reading your spouse's email IS a crime (in Michigan, at least), or whether it OUGHT to be a crime?
Whether it is a crime depends on the way the statute in question was written. I haven't even so much as read it, myself, and I'm quite happy with letting a court figure out whether the statute really covers what happens: that's precisely what we have courts for, after all. Of course, IF it is found that it IS indeed a crime, then we need to ask ourselves whether it OUGHT to be a crime (and the answer is not necessarily an immediate "yes" or "no") and, if necessary, have the law changed.
Based on the quotes in the article, the charge seems to under the MI law that mirrors the catch-all federal law forbidding access which is unauthorized or exceeds authorization to essentially any computer attached to the Internet. AFAICT, neither the federal law nor any of the state laws mimicking it has had problems on basic principles, but there can be specific facts that make a difference. The linked article makes it pretty clear that relevant facts are in dispute, and that he had a sound altruistic concern beyond just snooping on his wife.
Considering that when you are married, in terms of property rights, you are considered a single legal entity,
I have no idea what medieval backwater you live in, but that IS JUST NOT TRUE here in Michigan, where this story comes from and where I have lived as a married man for the past 12 years .
It was not true in Missouri for the 30 years I lived there.
It was not true in Illinois for the 5 years I lived there.
I honestly don't see how this would stand up in court.
Since Michigan has no courts following 19th century law, your lack of comprehension is not particularly relevant.
It is far more likely that this will hinge on more subtle factual issues that were touched on in the linked Freep article, at least in a stenography sense. Both the prosecutor and the defense attorney gave hard-spin quotes that zoomed over the head of the reporter, who apparently wasn't ready to be doing real journalism involving complicated things like the Internet and law. My bet would be that the guy didn't need to use any of his "wonderful skills" to get into his wife's email. If she really did leave all her passwords written down near the computer, the prosecutor had best make sure to get a judge and jury who dont use those newfangled compooter things. If the facts are as he seems to have claimed to the reporter, any half-decent defense lawyer could get him acquitted.
I wonder how much this removal of water from the rocks depends on the earth having a hot mantle?
None of the *removal* depends on a hot mantle...
If the mantle were cooler, then the water would stay there instead of being cooked out as steam and being able to re-condense else where. This is massively speculative of course -
It is also ignorant of the real interaction of water with silicate magmas. Short form: it is not what you think.
but could part of the reason mars no longer has a liquid ocean be that since the planet has cooled now, all it's water is locked up back in the rocks again? Is the fact that we have a hot interior on our planet the main driving factor that allows us to have a liquid ocean?
Not really. Freezing a silicate magma that is saturated with water releases water , so cooling a molten blob that has a makeup roughly like that of Earth or Mars frees up water (initially as water vapor, at least at surface pressures and silicate-freezing temperatures) that had been dissolved in the magma. The problem at that point is holding on to the water vapor. Earth has held it as a result of being heavier and having a large semi-molten iron core whose complex spin creates a strong magnetic field. That field deflects the solar wind, protecting the atmosphere from a constant ionizing blast. On Mars, the solidified core offers no protection and the solidified mantle long ago finished releasing of all of the water it held, so over time the solar wind essentially blasted away the bulk of the atmosphere, including most of the water.
However, a hot mantle is a feature of an Earth/Mars type planet that can have a stable surface hydrosphere. The hot mantle implies a core that can sustain a strong magnetic field and it holds a reserve of water that it will release to the surface as it (inevitably) cools. Looked at another way, it provides an input of water to a surface hydrosphere and will always exist in the presence of the one feature we know of which can slow the loss of water to space.
so wait, HOW exactly are they filtering?
If you took a few minutes to follow the links and read the actual bill, you'd know that to be the wrong question.
Domain name - I'll change my domain, and out of blacklist/their retardedness
YOU are almost certain not to be subject to the law. Go read it.
IP address - ISP's are going to get hurt here, unable to use one of their ip addresses (or for shared hosting ?....maybe?) just buy a new one IP address blocks - ISPs and legal sites going to be hit hard.
on another note, I'd like to say how stupid "COICA" sounds. that is all.
Oh, I'm sorry. I see now that my assumption that you were older than 6 seems to have been wrong.
The /. article and its title were clearly written by idiots or worse, because there is no "blacklist" and the last sentence of the article is simply false. The bill makes domain names subject to forfeiture if they are used for sites which are "dedicated to infringing activities" and the definition of that boils down to commercial piracy operations. The target isn't casual sharers or even operations like Pirate Bay, it is operations selling bootleg disks and clothing with unauthorized trademarks on them. That's where the big money is.
If there was no government and no congress, then there would be no COICA. And no COICA would mean no way for the Corporations from stealing our stuff.
No government also would mean no domain name system and ultimately no Internet, so the "stuff" involved here wouldn't even exist. Even ignoring the history of the net, the US government owns the pre-ICANN gTLD's and .us, so anyone with a domain under those TLD's is really just a tenant, not an owner of something that can be stolen. Beyond that, corporations themselves are a creation of the state. They were invented in law so that people with money could pool some of it together as capital to back large risky business ventures from which they could share profits without bearing full responsibility for liabilities. In other words: corporations were invented by the state to spare rich people from responsibility for their errors and/or misbehavior. Whatever one thinks about COICA, it is just a proposed new rule for a game that is almost entirely the creature of the state. Criticizing it narrowly as an overreach of government is not rational. The domain name forfeiture provision only applies to the parasites who depend on the broken "intellectual property" system as much as anyone trying to enforce a patent, trademark, or copyright, but who try to make money by violating the rules of that system. Maybe some people consider being a parasite a right, but I don't.
So what you should be railing against is a powerful government, which is being used to suppress the citizenry. THAT is what Randists are doing.
There are no real "Randists" seriously involved in US Federal electoral politics, and few at any level in the US. The closest imposter would be Alan Greenspan, whose career was a spectacular example of exhibitionist intellectual masochism: a claimed follower of Rand manipulating the global economy for the supposed common good of the USA. That must have stung... Ayn Rand was at best a utopian fool. Perhaps if humanity was dominated by people with varied degrees of Autism and no mental maturity beyond the average college freshman, her blather would be relevant and useful in understanding the world. As it is, it is only useful in understanding a modern strain of political charlatanism that is practiced by people like the Pauls and many others in the modern GOP.
When followers of Rand and other self-identified Libertarians start making serious efforts to dismantle corporatism, I'll be able to take seriously the idea that they aren't disingenous or fools or both.
The easy solution would be a "use it or lose it" rule where the ownership of a domain that is just parked will be revoked when someone else would like to register it.
It is non-trivial to define "parked" in regards to a domain name in a way that is fair. I have 2 .com domains registered. One I've used since the price of a .com name was writing a justification memo to the InterNIC. I registered the other one in the late 90's when I thought I might want to migrate off the old one (complicated story) but I've never done so. My old registrar consideredd both of those domains "parked" simply because I didn't use their DNS servers for either of them, but in fact the old domain was and is in constant use while the newer one mostly has just had a stub DNS zone. I have held on to that name because I know that I *MAY* at some point want to have a domain name that is more market-friendly than the one I've used forever. Not all possible names are equal, and for over a decade I've paid to hold a claim on the name I would like to have IF I am in a position where I want to have one that people can remember and spell. Am I using the name? I would argue that I am, because I have a contingency plan that relies on it being available to me. At less than $1 per month, it is a cheap piece of insurance.
I think a much better approach would be to regulate registrar practices more tightly to fully eliminate "tasting" and to keep registrars out of the domain speculation and hostage-taking business. New registrations should cost at least twice as much as renewals. Once a freshly registered name has NS records published, the registration fee should be non-refundable. Expiration of a registration should have a uniform result between all registrars: glue NS and whois records should be *deleted* on the day of expiration and after a short grace period the name should revert to the "virgin" pool available equally to all registrars. A registrar should not be able to sell any name for more than what it charges for a new registration of a name.
Oh, and world peace would be good too. And pie.
I have a real problem with a technically-minded company like Google "accidentally" logging that kind of information. Even if it was an accident, they need to be punished for that through fines or something
Based on what? Your feelings?
There is very little codified legal privacy protection in the US. The FTC can't invent new law out of thin air and your "problem" with Google. In this specific case, it is hard to argue rationally that Google did anything wrong. They captured unencrypted radio signals using an open standard encoding. The idiot "victims" might as well have been posting all of the captured secrets to a foot-high scrolling LED ticker on the front of their homes. The only meaningful difference is the wavelength of the EM radiation...
(as other companies have been punished for their privacy breaches)
Cite, please. What company has been punished by the FTC for a privacy issue? A finger-wagging and agreement to sin no more doesn't count. That's what Google got.
You have to hold companies with this much power and information accountable. Basically, you have to keep them in line and remind them to be on their toes at all times.
I don't disagree, but that's a call for the passage of laws that currently DO NOT EXIST in the US. A corporation can't keep "in line" without a definition of a line. Capturing unencrypted radio signals in inside the line as it stands.
-- You risk your karma if you criticize Google, piracy, or liberalism on Slashdot.
The irony is hilarious.
It was probably easier to record the WiFi and store it as it is than try and outfit all 50,000 vehicles with enough computing power to be able to actually analyze the signal and pull out the MACs and SSIDs. More like it was just recorded on a tape and brought back to a computer center where the tape was then analyzed in a central location.
Tape is quaint.
But, Yes. Anyone with a scientific mindset knows that when you are in a position to collect data is NOT the time to refrain from collecting data. Even if you are 99% certain that you will never want 99% of what you can collect: when you are able to collect the data, collect everything you can. If you are Google, you buy disks by the truckload and you have hired a bunch of people who recently spent what should have been the best years of their lives in labs. They know that you store all the data when you can, and analyze it later. They know that a year after the wifi geolocation project is done, someone will wish they had some other information that can be teased out of a couple of seconds of raw wifi capture from a bazillion locations.
GPS would give them the same data, though. It's just a matter of being able to use WiFi instead of or to augment GPS data. In short, they had a solution, thought it'd be cool to use another, now are in hot water.
You are misunderstanding the point of collecting the MAC/SSID info. It isn't for their StreetView vehicles to get a location instead of using GPS, it is to build a database that can be used as the basis of a geolocation service that will work for devices without GPS but with Wifi. They've discussed that as the reason for the data collection and they have that service working. It is a highly useful standard part of Android, referred to as "coarse location" and it works with an Android phone's GPS radio off or in a building where it can't get a GPS fix. They also have a demo site that is usable by a desktop machine with one of the right browsers. Google is the second operator of such a service; the first was SkyHook, which was used by the early iPhones that lacked GPS. I can see 3-6 Wifi signals (all secured) other than my own from my desk in my home, and both Google and SkyHook map my desktop as being about 50' east of where it actually is, as the center of a 30 meter circle of uncertainty.
Google is very unlikely to be in "hot water" in any significant way for this, at least in the US. The FTC has already completed an investigation and cleared them of violating our virtually non-existent privacy laws. Why anyone at the FCC thinks they might have something actionable here is mystifying, since there is settled law protecting even intentional receiving of unencrypted radio transmissions. Google was slurping up everything they could recognize as Wifi signal, and a fair chunk of that turned out to be unencrypted.
So, in your recommended solution, the user would click a "skype://" link and Safari would prompt him with a necessarily generic message such as "You are about to launch Skype, are you sure?" And when the user confirms this, then Skype would launch and prompt the user with a domain-specific message such as "Call: 1-900-xxx-xxxx - This call may incur additional costs. Are you sure?"
Two clicks for the price of one. Yes, that's the kind of Apple human-computer interface we all know and love.
A quarter century of experience with Apple's HIG has taught me that "know and love" is not really a suitable phrase. That implies something like a monogamous spousal relationship, while the reality for Apple customers and developers is more like being regulars at the Moonlight Bunny Ranch...
What I'm suggesting is that currently apps have a responsibility to do their own authz dialogs because nothing else does. Ultimately an app that does potentially risky/costly things depending on the specifics of the passed URL will always have to do that unless Apple creates a means of registering a parser to translate an URL to the text of an authz request. Because apps are written and used by populations large enough to each follow Sturgeon's Law, the right thing for Apple to do given the established architecture is to add a default behavior of asking before switching apps with an API that lets apps suppress that (i.e. if they are going to need to ask anyway) and a UI that lets users tweak behavior to their liking. If Apple had done this right from the start, thinking first about the UI and working back to a more robust API, they could have created a better system. It's too late for that, because the UI now is broken whether apps actually handle their authz issues or ignore them and there are scores of apps written to the existing system.
No, this is not a iOS security vulnerability. Safari, nor the operating system, has any way to know whether the resource offered to the external application is exploitable. Except of course when the external application is provided by the OS itself or by an application included in the built-in suite; such as the example of the "tel://" protocol scheme.
For the confirmation message to be meaningful, it must be presented by the target application--which has intimate domain and context knowledge of the resource.
I would expect Apple to take the easy approach of just asking the user to approve the app switch as you describe, but it really wouldn't be all that hard conceptually for them to provide a better backward-compatible extension of the scheme "registration" mechanism for apps whose scheme isn't intentionally obfuscated. There could be a couple more optional attributes in the Info.plist: a regex that picks out critical attributes from an URL and a format string for turning those attributes into an authz question for the user. If they had thought about this issue earlier, they might have required apps to provide their own free-standing authz functions that could be run before switching apps, but that would probably not be welcomed by developers at this point.
It's not just Skype, that was just an example.
ANY app can be opened this way.
That is false. Most apps do not register URL handlers.
Should the small minority of apps that register URL handlers be trusting that when they get a URL tossed at them, the user knows and approves of the app being opened for that purpose? Of course not. That would be inconsistent with how iOS is documented to operate. Safari or any other app sending an OpenURL message has no way to know whether a particular URL scheme has a potentially risky handler on the other end. An app that receives an HandleOpenURL message knows what its URL scheme does and knows whether handling a particular URL might be risky. Some developers seem to be making use of the opacity of that mechanism.
It's definitely Apple's problem. Skype could have been really awesome fixed the problem on their end, but that would not have solved the problem for the 200,000 other apps that can be launched this way.
Where do you get that number? The biggest list of registered URL schemes I can find seems to have about 140 listed ("seems" = a crapulous website showing ~10 per page, 14 pages.) Most apps would have no need to register an URL scheme.
Skype dropped the ball here. Their app is doing something potentially costly in response to a system message that Skype knows the user might not have knowingly initiated. The app should be asking the user for authorization before initiating the call. Doing that would be more accurately described as "minimally competent" than "really awesome" unless you consider elementary security awareness "really awesome."
I don't get me wrong. I'm not saying that Apple shouldn't fix the design issue here, they should. But this is a UI design problem more than it is really a security problem. A wisely designed app that needs this functionality can ask for user authorization, but only after it has been launched and put in the foreground. Apple should generalize the integration they use in their own apps to a system-level feature that asks the user for authorization before switching apps whenever an OpenURL is sent that would switch apps. Let apps request quiet switching in their Info.plist and let users toggle that on a per-scheme basis. In the interim, they should go through the app store and remove every app that registers an URL scheme which it handles to do something risky without user authorization.
The blind faith many people seem to put in Assange confuses the hell out of me. He pissed off the United States, so any and all allegations against him are automatically baseless?
Automatic? Hardly. Allegations about a type of crime where fact determination is frequently unreliable, disclosed by a prosecutor in a place where such a disclosure is extremely unusual and potentially illegal, and then halfway backed down from. That smells funny. The initial accusation of a violent crime and backing off to a class of offense that may well be unique to Sweden (something like "deception in pursuit of casual sex" ) smears him in a way that can't really be countered. As a PR issue, it doesn't matter what actually happens with the charges now. It is hard to imagine a more perfect political takedown of someone whose political influence is entirely grounded in the careful marketing of political ideas rather than wealth or power.
It is also an overstatement to say that people who are skeptical of how the allegations against Assange have been handled all see them as baseless or are skeptical out of faith in Assange, blind or otherwise. Assange's narcissism was obvious (and noted by people basically on his side) long before this little drama. The nuanced responses to the allegations from him and Wikileaks as an organization seem to effectively admit that he's at least a sportfucker and probably a bit of a cad. Whatever sexual morals one believes in, as a practical matter either of those makes him vulnerable to PR attacks grounded in fact, and he should have recognized that. It is not contradictory to believe both that Assange is a deeply flawed person and that the way the sexual misconduct allegations against him have been handled shows signs of him being targeted for smearing.
By those standards, all anti-US terrorists in US history are automatically innocent.
As an objective matter, the overwhelming majority of people who have been specifically accused of being anti-US terrorists in the past 9 years had those accusations dropped unilaterally without any serious hearing of the accusations and of those eventually tried for anything and convicted, a minority have been convicted of crimes that can reasonably be called terrorism. So based on recent history, being accused of anti-US terrorism correlates to being innocent and even for the not-entirely-innocent it correlates to not being a terrorist.
Once upon a time, there was a country that made the presumption of innocence part of its supreme law. Whether that country still exists is a matter of heated but quite serious debate.
As anyone who actually uses IMAP can tell you, it bogs down quickly on large mailboxes, violating the poster's requirement about b)
Not true. Not absolutely false, either. IMAP is an access protocol, not a storage or indexing mechanism, and there is nothing inherent in IMAP that dooms it to be slow in handling large mailboxes. Different combinations of client and server, configurations, and mailbox content and usage can make huge differences in performance. Tens of thousands of messages in a single IMAP folder on a memory-lean server that uses Maildir storage on a UFS or ext2 filesystem with atimes enabled is going to suck horribly, especially with a client that doesn't cache heavily or maintain its own indices. Make that a mbox, and it will work great until you start trying to change it every couple of seconds.