I could, and perhaps should, have qualified the part about "chronically short on money". The short version is that they will always plead poverty when it comes to raises, maintenance, etc., though if it is the pet project of the chancellor, beneficiary of generous donation, or paid for by a researcher there is usually enough money.
While I don't disagree that they spend too much money on sports and I don't have the budget of any university in front of me, I believe that the biggest problem is on administrative overhead (or graft, some universities have serious problems with that*). A university budget is very complicated and I don't think it is even possible to do what most people would consider a complete accounting. By that I mean saying that this particular dollar of funds was spent on a particular line item.
Money comes in from tuition, grants, donations, and (for state schools at least) public funding. Money is partitioned off into different areas depending on the source. A researcher will only keep from 30% to 60% of his research money (depends a lot on the university) with the rest being taken by administration. A department that reliably supplies big money grants is not only wealthy, but also gets consideration from the university for doing so. A researcher that pulls in millions of dollars are year not only pays himself from the research dollars, but will likely be one of the highest paid faculty as thanks for the money administration gets from their cut of the research dollars.
What happens then is that a university can have a lot of money, some faculty may be very rich, but the "wrong" departments and "wrong" faculty will be woefully poor, stuck in condemned buildings and the like. If the university decides to splurge on sports, the rest will suffer. But an influential faculty can cause a lot of waste (in some cases simply to demonstrate that he or she is important).
* an excellent example was the university once known as Southwest Missouri State University (since renamed). They had to pay off a (chancellor, I think) because it was cheaper than allowing him to stay and continue to drain the university of funds. Naturally, being a university higher up there was no question of doing something like taking him to court for his malfeasance.
In principle anyone can get a clearance. Yes, drug questions are involved. But it is a discovery, not an inquisition. Saying you did drugs does not preclude obtaining a clearance. Omitting drug use from the PSQ will almost certainly result in denial.
Wrong. But of course I actually know something about the subject instead of imagining it or basing it on movies and TV shows.
Getting a clearance is largely an exercise in paperwork, and everything has to line up. The problems occur when things don't line up or certain facts emerge. If you are a native American (born here, not naturalized), have done no international travel or had any concerning contact without a felony conviction it is a matter of filling out the forms and the background investigation matching what you put down. That can (and often does) include drug use. But if it is declared it is generally not a problem. When I was doing initial interviews I worked to make them comfortable declare anything that they had omitted. Which means reviewing what was submitted: not all omissions are intentional.
The principle behind the process is, in part, to know anything that could be used to blackmail because -- if the government already knows it -- then it cannot be used for blackmail. The government has no need of blackmail material on people who voluntarily seek a job requiring a clearance because threat of losing the clearance -- and thus ending a career -- is all they need for control.
But don't declare at your own risk. Smoking a joint without declaration can result in denial. Being an (ex) drug dealer will not necessarily preclude obtaining a clearance. Overseas travel doesn't preclude it, but it requires more paperwork, takes longer, and may not be resolvable (without having anything derogatory emerge). Same with overseas relatives, etc.
For anyone seeking a clearance the rule is simple: declare everything and fill out the forms honestly. If you think its something "they could never find out" fine, but remember you are gambling with a job and career. Declare and practically anything can be forgiven. Omission will nearly always result in denial or revocation.
What? Are you ignorant of the use of the polygraph? GP even specifically referred to the counterintelligence version of it. Which is kinder than the CIA's lifestyle polygraph. For example, you run into the CI-scope poly for anyone working for the NSA. But the poly gets invoked quite a bit. Have an inconsistency in your background? Some details that make the agency wibbly?
Most of the people I know hit the CI-scope poly, but I also knew an ex-drug dealer who was given the poly so they could feel better about giving him a TS clearance. The poly is just a security blanket the government likes to clutch. And it is definitely used in clearances. Not all of them, true, but it is definitely employed.
Follow the money. A university makes the most money on out of state students and graduate students. Foreign students nearly always got their undergraduate degree locally before coming to the US and have a harder time switching universities. So a captive graduate student population paying the highest fees is what is focused on. Who cares about undergraduate studies, that isn't as profitable and your highest profit students already have that from a different country.
Its simple, really. The university couldn't care less about producing American graduates or supplying the US job market. State universities are chronically short of funding and the lucrative foreign graduate student is what they want.
Now, this doesn't mean that they cannot use the funds to build out and keep educating Americans, even undergraduates, but the incentive is simply not there. In principle you can load the undergraduate faculty with more students than the graduate -- but the reality is that graduate students do the faculty member's research. Sometimes they lose it or even outright steal it, but that is a loss for the faculty, not the university.
In short, its all about the money and exploiting foreign graduate students. The short-sightedness of this is revealed by the increasing number of graduate students who are here for a PhD to setup a graduate program in their home country. I met a foreign faculty who brought all of this students here for that express reason: they were establishing a graduate department back home. So in the long term we will no longer be able charge exorbitant rates for educating foreigners, but who cares because the money is here now.
ever heard of solipsism? It can't be disproven either. It is also just as pointless, other than acknowledging its existence. I could make up shit all day that can't be disproven, all with serious consequences, but why should anyone waste time or energy caring? Extraordinary claims require extraordinary proof. That is to say: don't be surprised when your paranoid statements don't get the desired response.
It looks like you don't know how encryption works or what the FBI was requesting. Naturally, I have not read the article, but the phrase "real time" implies they want it pulled off of the wire, probably at Apple's servers. The thing is, Apple's servers (at least in any sane encryption scheme) are not going to have the decrypted data and in fact there is no reason for them to have a decryption key. All they are doing is storing and routing encrypted blobs.
There is no reason to think the encryption has *anything* to do with the user's password. Most likely each message is encrypted per recipient based on an ephemeral key. Assuming the key is not predictable, there are no cryptographic blunders, and asymmetric encryption is used this means that only the sender and receiver can know the contents of a message. With such a system Apple could provide the "messages" because they know the routing, but they would be small encrypted blobs with a key very large compared to the size of the message. Even though message contents are relatively predictable this is going to come quite close to using an OTP in terms of protection.
Enter the FBI request for a "real time" interception. Even if Apple wants to comply they *cannot* without suborning the sender, receiver, or both. Having control over the servers they can misdirect or not deliver, but they have no ability to decrypt. In order to do so they would have to ruin the encryption scheme. If a secret court orders Apple to rewrite iMessage so that it generates ephemeral keys in a predictable way (say, by using the sender's and receiver's Apple ID's plus time so that having the routing information would be enough to recreate the key) then the only way people would ever know is if Apple leaked it, a government leak occurred, or a security researcher digging at Apple's cryptographic implementation noticed.
Actually, the equivalent would be to use protons, electrons and neutrons. Or the various quarks. The "elements" of a periodic table are not equivalent to the classical element.
But the elements describe quality as much as substance. If you read classical literature you will find there is a big difference between ancient and modern notions about what the elements are or mean (much less what they mean in a fantasy RPG sense). So, really, it makes little sense to "translate" them. Our world view is much more refined than that of the ancients and looks at it in fundamentally different ways. Which gives our models much greater predictability (though perhaps no greater ability to describe -- saying water is made up of H2O does nothing to describe the quality of "wet" even though it is more useful in the context of atomic theory in understanding of how water interacts with its environment).
While I do not disagree with your sentiment, the problem with your notion here is that *actually* the user *did* distribute a copy. They used bit torrent, and that protocol is *designed* around downloaders being uploaders. Using bit torrent is the very nature of distribution. And the penalties apply because the *reason* why the bootleggers are fined is because they cost the copyright owner sale opportunity.
Now, the nature of bit torrent means that the distribution is diffuse and it is not as clear that the copyright holder lost a sale (if someone is willing to buy from a bootlegger/counterfeiter that implies some willingness to pay for the actual product whereas a file sharer may have no intention of ever paying for anything).
However, they still lost the sales opportunity and the argument is really about how much that opportunity is worth. Naturally, it is hard to prove how many sales a bootlegger/counterfeiter cost the copyright holder so the number of units seized stands as a proxy. That seems fair enough: the greater the volume the more items the criminal will most likely have at hand when caught.
Using the number of claimed connections with bit torrent might seem like a fair proxy at first blush, but is really meaningless given the nature of the protocol. Instead, a better proxy might be to use the market value of the item with some factor for popularity to factor in how much the individual pirate was aiding other pirates. Even better would be detailed network logs that showed the amount of outbound traffic for a title, but it is unlikely anyone other than the NSA could really run that down so using box office receipts of a movie (for example) seems like a reasonable proxy.
This is a case where technology *does* call for a change to existing laws. While the old methods still apply for traditional bootlegger/counterfeiter outfits, addressing the community nature of bit torrent where a "customer" is also a distributer without any ready stocks in hand (copies) to evaluate the scope or scale of the operation is an issue that could not have existed without technology.
For many people, especially smokers who know such an individual personally, the answer is yes, it does disprove that cigarettes cause cancer. After all, if it doesn't happen with 100% replicability then it isn't real. Right?
The same is true for most everything else. If someone doesn't habitually consume toxins (tobacco, alcohol, whatever), eats well (lots of leafy greens and fruit in addition to meat and some grains), and exercises moderately and regularly -- but still gets sick and doesn't live to be 120 -- then you have proof that a healthy life style doesn't make you live longer. And lets not even consider the odd cases where someone like that dies young from inexplicable causes.
In short, if something does against what a person *wants* to be true, it had better be 100% or it stands a snowball's chance of convincing them.
earth, air (or wind), water and fire... fair enough. But "positive" and "negative" as elements? What about wood and metal instead to round out the six, then spirit for a total of seven? Each of those can reasonably be described as an element, unlike positive or negative which are intellectual concepts.
Of course, if you really want to have fun with elements start looking at traditional chinese and realize that there are some very different ways of looking at it (Mountain, Lake, etc.)
yeah... it isn't a browser, its a skin for the HTML/CSS renderer and JS engine. I'm not sure what they are trying to prove: Mozilla's gecko hasn't exactly taken the application world by storm... and *it* is actually crossplatform.
they vet, but they problem is they don't serve. I assume due to bandwidth issues (why pay for it when the advertiser will). In any case, malvertising is very sophisticated and the ads are often *not* malicious. But an approved ad is swapped out with the malicious (even if only 0.1% of the time) so the brokers are not aware.
The system is broken and advertisers are floundering. It used to be a small minority group who blocked ads (I still have a custom stylesheet in place that marks ads as being "unimportant" based on some simple pattern matching of where it is served from so they are not displayed. (The problem with that old system is that they are still *fetched* and likely *parsed* by the browser so they offer no security advantage.)
adware (which has been around a long time) focuses on advertising although it displays malicious characteristics.
malvertising focuses on infecting a system in a persistent fashion that makes it part of a "network". Infected systems are used to steal passwords, send spam, display advertisements, participate in ddos, and in general anything that can be monetized.
A pretty good list, IMO, although perhaps a bit drastic or unrealistic as rasmusbr points out. Instead of removing all crap applications (your #1), move them to the "Junk" category then have a default hide for the category. That allows the teenagers to have their stupid apps -- and they can feel even cooler by having to go in and enable the category -- while not bothering the rest of the user base.
I suppose one way of addressing #2 (duplicating stock apps) would be to have another (hidden by default) category. That way someone who wanted a replacement music player could get one without forcing everyone to slog through garbage apps.
And while #4 (eliminating in app purchases) is important as it cuts to the core of some problems, it simply isn't realistic. Originally, Apple did not have them. They were added to appease large developers. Not going to happen, but it would help if it did.
Even though rasmusbr is correct about what will happen with #6 (time limited 100% refund policy), without in-app purchases the model would not be particularly successful.
well, maybe not *this* anonymous coward, but just look at this thread and you'll read plenty of comments saying "well, anyone who lost money was an idiot because." So, either you aren't reading slashdot or...
Pre-Snowden there was a huge BGP attack that re-routed lots of traffic, so much so that it was hard to tell who was targeted (instead of small things like this, think more like "all western Chinese traffic routed through US"). At the time there was lots of useless conjecture as to what it was about and whether or not it was really an attack or just a seriously stupid misconfiguration. Of course, nowadays we know that TLAs use this as one of their tools to grab target traffic that would otherwise be out of reach so that they can inspect it and record it.
BGP is a seriously large, gaping security vulnerability in how the Internet works due to the inherent trust of the system. The only plus side is the wider you cast the net the more obvious it becomes that it has been cast. The attack I refer to was glaringly obvious due to the huge distortion to routing. So for someone to use it for evil they need to keep it small and focused which means they need to get close to the target network. The point being that there *is* a measure of tamper evidence that gets stronger the farther the attacker has to reach. At least its something.
not to mention "...creates a disk image of everything that’s on the phone..." is misleading, even with the following caveat. It would be far more accurate to say something like "...creates a copy of file access times of everything that's on the phone, and other metadata such as file size and other timestamps." But that wouldn't be bait for journalists and misquotation. (And if the dumped iOS file system metadata includes other things, perhaps mention those -- but timestamps and file size are the main things.)
I think it is worthwhile to just discard the point about abuse of power because I don't think it is necessary to even bring up.
While at first blush the "running a red light" bit might sound silly the reality is that it *isn't* always safe to just pull over and stop. Sometimes it has to do with predictable things (like not having a shoulder to pull onto) and sometimes it isn't (dynamics of traffic, which may not have previously been obeying the traffic laws). The point is that once you get past the easy things (pre-identifying pull over spots so that the vehicle knows where to redirect to) you get into hard things. Like the tractor trailor that is on fire. Or that stopping would obstruct another vehicle that is *not* stopping (and resulting collision would block emergency vehicle).
In the end, there is a need for judgement calls, *especially* when emergencies are involved. A simple "pull over and stop" is too simple.
you made a real jump from tracking to remote control, but it is unlikely a car stolen by criminals who were planting a bomb could be recalled. Unless they were nut jobs who just happened to have access to explosives or made them, but killing a recall mode would be high on the list for a number of people (not all of them necessarily evil). Presumably, safeguards against tampering would be put in place, but I wouldn't hold my breath on them holding up.
Lets put it another way: lojack works fairly well and is on a number of computers. But can it be subverted? Are systems with lojack installed and enabled still stolen and sold for money? And all you really need for the case you mention is a temporary work around.
Slashdot Mirror
I could, and perhaps should, have qualified the part about "chronically short on money". The short version is that they will always plead poverty when it comes to raises, maintenance, etc., though if it is the pet project of the chancellor, beneficiary of generous donation, or paid for by a researcher there is usually enough money.
While I don't disagree that they spend too much money on sports and I don't have the budget of any university in front of me, I believe that the biggest problem is on administrative overhead (or graft, some universities have serious problems with that*). A university budget is very complicated and I don't think it is even possible to do what most people would consider a complete accounting. By that I mean saying that this particular dollar of funds was spent on a particular line item.
Money comes in from tuition, grants, donations, and (for state schools at least) public funding. Money is partitioned off into different areas depending on the source. A researcher will only keep from 30% to 60% of his research money (depends a lot on the university) with the rest being taken by administration. A department that reliably supplies big money grants is not only wealthy, but also gets consideration from the university for doing so. A researcher that pulls in millions of dollars are year not only pays himself from the research dollars, but will likely be one of the highest paid faculty as thanks for the money administration gets from their cut of the research dollars.
What happens then is that a university can have a lot of money, some faculty may be very rich, but the "wrong" departments and "wrong" faculty will be woefully poor, stuck in condemned buildings and the like. If the university decides to splurge on sports, the rest will suffer. But an influential faculty can cause a lot of waste (in some cases simply to demonstrate that he or she is important).
* an excellent example was the university once known as Southwest Missouri State University (since renamed). They had to pay off a (chancellor, I think) because it was cheaper than allowing him to stay and continue to drain the university of funds. Naturally, being a university higher up there was no question of doing something like taking him to court for his malfeasance.
In principle anyone can get a clearance. Yes, drug questions are involved. But it is a discovery, not an inquisition. Saying you did drugs does not preclude obtaining a clearance. Omitting drug use from the PSQ will almost certainly result in denial.
Wrong. But of course I actually know something about the subject instead of imagining it or basing it on movies and TV shows.
Getting a clearance is largely an exercise in paperwork, and everything has to line up. The problems occur when things don't line up or certain facts emerge. If you are a native American (born here, not naturalized), have done no international travel or had any concerning contact without a felony conviction it is a matter of filling out the forms and the background investigation matching what you put down. That can (and often does) include drug use. But if it is declared it is generally not a problem. When I was doing initial interviews I worked to make them comfortable declare anything that they had omitted. Which means reviewing what was submitted: not all omissions are intentional.
The principle behind the process is, in part, to know anything that could be used to blackmail because -- if the government already knows it -- then it cannot be used for blackmail. The government has no need of blackmail material on people who voluntarily seek a job requiring a clearance because threat of losing the clearance -- and thus ending a career -- is all they need for control.
But don't declare at your own risk. Smoking a joint without declaration can result in denial. Being an (ex) drug dealer will not necessarily preclude obtaining a clearance. Overseas travel doesn't preclude it, but it requires more paperwork, takes longer, and may not be resolvable (without having anything derogatory emerge). Same with overseas relatives, etc.
For anyone seeking a clearance the rule is simple: declare everything and fill out the forms honestly. If you think its something "they could never find out" fine, but remember you are gambling with a job and career. Declare and practically anything can be forgiven. Omission will nearly always result in denial or revocation.
What? Are you ignorant of the use of the polygraph? GP even specifically referred to the counterintelligence version of it. Which is kinder than the CIA's lifestyle polygraph. For example, you run into the CI-scope poly for anyone working for the NSA. But the poly gets invoked quite a bit. Have an inconsistency in your background? Some details that make the agency wibbly?
Most of the people I know hit the CI-scope poly, but I also knew an ex-drug dealer who was given the poly so they could feel better about giving him a TS clearance. The poly is just a security blanket the government likes to clutch. And it is definitely used in clearances. Not all of them, true, but it is definitely employed.
Follow the money. A university makes the most money on out of state students and graduate students. Foreign students nearly always got their undergraduate degree locally before coming to the US and have a harder time switching universities. So a captive graduate student population paying the highest fees is what is focused on. Who cares about undergraduate studies, that isn't as profitable and your highest profit students already have that from a different country.
Its simple, really. The university couldn't care less about producing American graduates or supplying the US job market. State universities are chronically short of funding and the lucrative foreign graduate student is what they want.
Now, this doesn't mean that they cannot use the funds to build out and keep educating Americans, even undergraduates, but the incentive is simply not there. In principle you can load the undergraduate faculty with more students than the graduate -- but the reality is that graduate students do the faculty member's research. Sometimes they lose it or even outright steal it, but that is a loss for the faculty, not the university.
In short, its all about the money and exploiting foreign graduate students. The short-sightedness of this is revealed by the increasing number of graduate students who are here for a PhD to setup a graduate program in their home country. I met a foreign faculty who brought all of this students here for that express reason: they were establishing a graduate department back home. So in the long term we will no longer be able charge exorbitant rates for educating foreigners, but who cares because the money is here now.
Blind greed is hurtful.
ever heard of solipsism? It can't be disproven either. It is also just as pointless, other than acknowledging its existence. I could make up shit all day that can't be disproven, all with serious consequences, but why should anyone waste time or energy caring? Extraordinary claims require extraordinary proof. That is to say: don't be surprised when your paranoid statements don't get the desired response.
It looks like you don't know how encryption works or what the FBI was requesting. Naturally, I have not read the article, but the phrase "real time" implies they want it pulled off of the wire, probably at Apple's servers. The thing is, Apple's servers (at least in any sane encryption scheme) are not going to have the decrypted data and in fact there is no reason for them to have a decryption key. All they are doing is storing and routing encrypted blobs.
There is no reason to think the encryption has *anything* to do with the user's password. Most likely each message is encrypted per recipient based on an ephemeral key. Assuming the key is not predictable, there are no cryptographic blunders, and asymmetric encryption is used this means that only the sender and receiver can know the contents of a message. With such a system Apple could provide the "messages" because they know the routing, but they would be small encrypted blobs with a key very large compared to the size of the message. Even though message contents are relatively predictable this is going to come quite close to using an OTP in terms of protection.
Enter the FBI request for a "real time" interception. Even if Apple wants to comply they *cannot* without suborning the sender, receiver, or both. Having control over the servers they can misdirect or not deliver, but they have no ability to decrypt. In order to do so they would have to ruin the encryption scheme. If a secret court orders Apple to rewrite iMessage so that it generates ephemeral keys in a predictable way (say, by using the sender's and receiver's Apple ID's plus time so that having the routing information would be enough to recreate the key) then the only way people would ever know is if Apple leaked it, a government leak occurred, or a security researcher digging at Apple's cryptographic implementation noticed.
just paste, hit a key, then delete so that keystrokes are registered.
but Money = Power so Money = Work/Money, or Money = (Work)^(1/2) so you have to work four times as hard to make twice as much money... ;)
yep, that's me.
Just one question: "who is dr. wily"?
:)
Actually, the equivalent would be to use protons, electrons and neutrons. Or the various quarks. The "elements" of a periodic table are not equivalent to the classical element.
But the elements describe quality as much as substance. If you read classical literature you will find there is a big difference between ancient and modern notions about what the elements are or mean (much less what they mean in a fantasy RPG sense). So, really, it makes little sense to "translate" them. Our world view is much more refined than that of the ancients and looks at it in fundamentally different ways. Which gives our models much greater predictability (though perhaps no greater ability to describe -- saying water is made up of H2O does nothing to describe the quality of "wet" even though it is more useful in the context of atomic theory in understanding of how water interacts with its environment).
While I do not disagree with your sentiment, the problem with your notion here is that *actually* the user *did* distribute a copy. They used bit torrent, and that protocol is *designed* around downloaders being uploaders. Using bit torrent is the very nature of distribution. And the penalties apply because the *reason* why the bootleggers are fined is because they cost the copyright owner sale opportunity.
Now, the nature of bit torrent means that the distribution is diffuse and it is not as clear that the copyright holder lost a sale (if someone is willing to buy from a bootlegger/counterfeiter that implies some willingness to pay for the actual product whereas a file sharer may have no intention of ever paying for anything).
However, they still lost the sales opportunity and the argument is really about how much that opportunity is worth. Naturally, it is hard to prove how many sales a bootlegger/counterfeiter cost the copyright holder so the number of units seized stands as a proxy. That seems fair enough: the greater the volume the more items the criminal will most likely have at hand when caught.
Using the number of claimed connections with bit torrent might seem like a fair proxy at first blush, but is really meaningless given the nature of the protocol. Instead, a better proxy might be to use the market value of the item with some factor for popularity to factor in how much the individual pirate was aiding other pirates. Even better would be detailed network logs that showed the amount of outbound traffic for a title, but it is unlikely anyone other than the NSA could really run that down so using box office receipts of a movie (for example) seems like a reasonable proxy.
This is a case where technology *does* call for a change to existing laws. While the old methods still apply for traditional bootlegger/counterfeiter outfits, addressing the community nature of bit torrent where a "customer" is also a distributer without any ready stocks in hand (copies) to evaluate the scope or scale of the operation is an issue that could not have existed without technology.
For many people, especially smokers who know such an individual personally, the answer is yes, it does disprove that cigarettes cause cancer. After all, if it doesn't happen with 100% replicability then it isn't real. Right?
The same is true for most everything else. If someone doesn't habitually consume toxins (tobacco, alcohol, whatever), eats well (lots of leafy greens and fruit in addition to meat and some grains), and exercises moderately and regularly -- but still gets sick and doesn't live to be 120 -- then you have proof that a healthy life style doesn't make you live longer. And lets not even consider the odd cases where someone like that dies young from inexplicable causes.
In short, if something does against what a person *wants* to be true, it had better be 100% or it stands a snowball's chance of convincing them.
but it will be an improvement over the open standard!
earth, air (or wind), water and fire... fair enough. But "positive" and "negative" as elements? What about wood and metal instead to round out the six, then spirit for a total of seven? Each of those can reasonably be described as an element, unlike positive or negative which are intellectual concepts.
Of course, if you really want to have fun with elements start looking at traditional chinese and realize that there are some very different ways of looking at it (Mountain, Lake, etc.)
or you are working undercover :)
yeah... it isn't a browser, its a skin for the HTML/CSS renderer and JS engine. I'm not sure what they are trying to prove: Mozilla's gecko hasn't exactly taken the application world by storm... and *it* is actually crossplatform.
they vet, but they problem is they don't serve. I assume due to bandwidth issues (why pay for it when the advertiser will). In any case, malvertising is very sophisticated and the ads are often *not* malicious. But an approved ad is swapped out with the malicious (even if only 0.1% of the time) so the brokers are not aware.
The system is broken and advertisers are floundering. It used to be a small minority group who blocked ads (I still have a custom stylesheet in place that marks ads as being "unimportant" based on some simple pattern matching of where it is served from so they are not displayed. (The problem with that old system is that they are still *fetched* and likely *parsed* by the browser so they offer no security advantage.)
hmmm... how about:
adware (which has been around a long time) focuses on advertising although it displays malicious characteristics.
malvertising focuses on infecting a system in a persistent fashion that makes it part of a "network". Infected systems are used to steal passwords, send spam, display advertisements, participate in ddos, and in general anything that can be monetized.
A pretty good list, IMO, although perhaps a bit drastic or unrealistic as rasmusbr points out. Instead of removing all crap applications (your #1), move them to the "Junk" category then have a default hide for the category. That allows the teenagers to have their stupid apps -- and they can feel even cooler by having to go in and enable the category -- while not bothering the rest of the user base.
I suppose one way of addressing #2 (duplicating stock apps) would be to have another (hidden by default) category. That way someone who wanted a replacement music player could get one without forcing everyone to slog through garbage apps.
And while #4 (eliminating in app purchases) is important as it cuts to the core of some problems, it simply isn't realistic. Originally, Apple did not have them. They were added to appease large developers. Not going to happen, but it would help if it did.
Even though rasmusbr is correct about what will happen with #6 (time limited 100% refund policy), without in-app purchases the model would not be particularly successful.
well, maybe not *this* anonymous coward, but just look at this thread and you'll read plenty of comments saying "well, anyone who lost money was an idiot because ." So, either you aren't reading slashdot or...
dang, I just replied to an AC
Pre-Snowden there was a huge BGP attack that re-routed lots of traffic, so much so that it was hard to tell who was targeted (instead of small things like this, think more like "all western Chinese traffic routed through US"). At the time there was lots of useless conjecture as to what it was about and whether or not it was really an attack or just a seriously stupid misconfiguration. Of course, nowadays we know that TLAs use this as one of their tools to grab target traffic that would otherwise be out of reach so that they can inspect it and record it.
BGP is a seriously large, gaping security vulnerability in how the Internet works due to the inherent trust of the system. The only plus side is the wider you cast the net the more obvious it becomes that it has been cast. The attack I refer to was glaringly obvious due to the huge distortion to routing. So for someone to use it for evil they need to keep it small and focused which means they need to get close to the target network. The point being that there *is* a measure of tamper evidence that gets stronger the farther the attacker has to reach. At least its something.
not to mention "...creates a disk image of everything that’s on the phone..." is misleading, even with the following caveat. It would be far more accurate to say something like "...creates a copy of file access times of everything that's on the phone, and other metadata such as file size and other timestamps." But that wouldn't be bait for journalists and misquotation. (And if the dumped iOS file system metadata includes other things, perhaps mention those -- but timestamps and file size are the main things.)
I think it is worthwhile to just discard the point about abuse of power because I don't think it is necessary to even bring up.
While at first blush the "running a red light" bit might sound silly the reality is that it *isn't* always safe to just pull over and stop. Sometimes it has to do with predictable things (like not having a shoulder to pull onto) and sometimes it isn't (dynamics of traffic, which may not have previously been obeying the traffic laws). The point is that once you get past the easy things (pre-identifying pull over spots so that the vehicle knows where to redirect to) you get into hard things. Like the tractor trailor that is on fire. Or that stopping would obstruct another vehicle that is *not* stopping (and resulting collision would block emergency vehicle).
In the end, there is a need for judgement calls, *especially* when emergencies are involved. A simple "pull over and stop" is too simple.
you made a real jump from tracking to remote control, but it is unlikely a car stolen by criminals who were planting a bomb could be recalled. Unless they were nut jobs who just happened to have access to explosives or made them, but killing a recall mode would be high on the list for a number of people (not all of them necessarily evil). Presumably, safeguards against tampering would be put in place, but I wouldn't hold my breath on them holding up.
Lets put it another way: lojack works fairly well and is on a number of computers. But can it be subverted? Are systems with lojack installed and enabled still stolen and sold for money? And all you really need for the case you mention is a temporary work around.