Last I heard, it still supports unencrypted, but only if both the client and server ask for it. If either one asks for encryption, then the connection is encrypted, even if there's no authentication (i.e. certificate). With no certificate, it's still possible to pull an active(MitM) attack, which is much harder to pull off at a large scale without anyone noticing (i.e. you can just collect all data you see).
A server cannot ask for encryption.
Unless the client establishes a secure connection in the first place, the server has no way of knowing if the client is actually who they claim to be. If the client attempts to establish a secure connection and the server responds with "I can't give you a secure connection" then the client needs to assume there is a man in the middle attack going on and refuse to communicate with the server.
There is no way around it, security needs to be initiated on the client and the server cannot be allowed to refuse a secure connection.
HSTS is a partial solution for this problem (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
I don't think HTTP has any problems with security. All the real world problems with HTTP security are caused by:
* dismally slow roll out of dnssec. It should have been finished years ago, but it has barely even started.
* the high price of acquiring an SSL certificate (it's just bits!).
* slow rollout of IPv6 (SSL certificates generally require a unique IP and we don't have enough to give every domain name a unique IP).
* arguments in the industry about how to revoke a compromised SSL certificate, which has lead to revocation being almost useless.
* SSL doesn't really work when there are thousands of certificate authorities, so some changes are needed to cope with the current situation (eg: dsnssec could be used to prevent two certificate authorities from signing the same domain name)
You sir, have obviously never encountered the problem. The message does one of two things: 1) Gets marked as delivered but is never delivered because the person has no iDevice or 2) Gets marked as undeliverable and is not resent as a text. I have a friend who has been trying to fix this for months and at first her messages disappeared into the abyss. Now they just fail to deliver and I have to manually resend it.
I have encountered the problem, and solved it for friends/family.
Since I'm an iOS developer, anybody who has any problem with their iPhone asks me how to fix it. And since I'm a tin-foil-hat-toting privacy advocate, I have studied various articles that reverse engineer how iMessage works. I know exactly what "delivered" means —it means some device somewhere decrypted the message. Apple's server cannot decrypt the message as they do not have the private key, so therefore they cannot possibly send a delivery confirmation.
Go ahead and try it out. Disable wifi and cellular data on an iPhone but leave the non-data cellular connection active, then send an iMessage to it.
The message will not change to "delivered" unless some other device is registered (and connected to the internet) to receive messages at that phone number. After some minutes, the blue message box on the sending device will change colour to green, signifying an SMS has been sent. Depending how good your cell carrier is, the SMS will be delivered instantly or after a few days (SMS is not a reliable messaging protocol...). This assumes you have not disabled SMS fallback on the sending device, which is the default.
I just did the test, and it proved my theory. Disconnecting my phone/ipad/mac caused a sending device to fail to show "delivered", and several minutes later my phone received an SMS message.
The system is overly complicated, mostly as a byproduct of Apple's end-to-end encryption system, which leads to a lot of customer confusion and miss-information when they try to diagnose one of the many things that can go wrong. But I know what I'm talking about, delivered means it was delivered to a device registered receive iMessages at that phone number.
Apparently Apple knows less about their own products than I do as an Apple developer.
Wrong. Your understanding of iMessage is incorrect, see below.
If the phone does not decrypt the message and send an acknowledgment within a few minutes, it will be sent as an SMS instead.
Incorrect. Fallback to SMS works in the case where the message fails to send not if it fails to receive which is why it will not fall back to SMS if the receiver's phone/ipad/laptop is simply switched off.
According to the article, the iMessage is sent and status immediately changes to "delivered". That means he has at least one device registered to receive iMessages at that phone number and it is turned on and received the message.
Incorrect again. It means that it has been delivered to the email account associated with the iMessage account.
His claim to have logged out of iMessage on all his devices is bullshit. He forgot one.
Incorrect yet again. Even if he turns of iMessage the receiver needs to have done the same thing or else his messages to her will be delivered to the email account associated with her iMessage account.
You're wrong, I know from experience that sending an iMessage to someone outside cell network range causes it to fall back to sending an SMS.
Also, I had a friend who would constantly receive double messages, because she had poor cell network coverage in her home, phone/sms worked fine but data had huge packet loss. iMesasge couldn't reach her and would fallback to SMS 50% of the time. When she reads the SMS the phone would connect to wifi and she'd receive the iMessage while reading the SMS, hens the regular complaints about double messages.
Hm. Failed to enable. Is this a new feature? Indeed, you can have iMessage send as SMS -- I didn't have that set up. It's in Settings->Messages->Send_as_SMS
The fallback to SMS is enabled by default. You must have turned it off.
So if they can't enforce a fine, then what happens if you don't pay the straffavgift? It sounds like they don't have any authority to actually run things. While I appreciate the enforcement of privacy, does that also apply to businesses? Are they not allowed to keep track of who shop-lifted or passed bad forms of payment or otherwise caused problems and they don't want to let into their business again?
I don't know about Sweden but in most countries any business can refuse to server any customer for whatever reason they want, so long as it isn't race or gender or something discriminatory.
Here in Australia shoplifting will probably just get you kicked out of the store and told never to come back. The reason is the person doing the shoplifting (often a kid) might simply tell the cops that they're innocent. From then on the store will have to either drop their accusation or take it to court, which involves sending many thousands of dollars to your legal team, for no gain at all. You already recovered the stolen merchandise, so are not eligible for any compensation.
Unless they're a repeat offender, a judge will probably let them off with a slap on the wrist. Sending some poor kid who doesn't no better into the prison system over a stolen CD is a bad idea —inevitably that will lead them to commit more serious crimes later in life.
Since $15 per month is apparently enough to cover a $180 fine, they must be going on the assumption fare dodgers will be caught less than once per year.
What an idiotic statement. There's a very easy solution. If user has not been available on iMessage for more than reasonable amount of time, no more than a day, fall back to SMS.
Stupidly easy solution.
That's how it works. The "reasonable amount of time" is 5 minutes. And any message sent within those 5 minutes will automatically be re-sent as an SMS (which unfortunately means the recipient will receive the message twice... once the iMessage finally arrives).
And there can't be any bugs, because in order to acknowledge receipt of a message you have to decrypt the message, and the decryption keys cannot be copied off the device the message is being sent to. Part of it is stored in a dedicated corner of silicone, which cannot be read by software.
Apparently Apple knows less about their own products than I do as an Apple developer. You can't trust a random support employee to know how iMessage works, it's a complicated system.
It's very simple. If you send an SMS to a number registered as being an iPhone, it will be encrypted for that phone and sent over the internet. If the phone does not decrypt the message and send an acknowledgment within a few minutes, it will be sent as an SMS instead. Repeated delivery failures (2 or 3?) will automatically disable iMessage.
According to the article, the iMessage is sent and status immediately changes to "delivered". That means he has at least one device registered to receive iMessages at that phone number and it is turned on and received the message. His claim to have logged out of iMessage on all his devices is bullshit. He forgot one.
You're making the assumption that all the bad stuff is outside the firewall and nothing evil ever gets in.
An example of how I use my firewall, is I block my email program from making any network connection other than imap/smtp. If it tries to make any other network connection (eg: downloading images from a web server), the firewall blocks it.
So if they re-fueled OR if they loaded extra fuel, they could be anywhere, and the Indian Ocean flight corridor that is speculated on would lead to waypoints to the middle east. I'm guessing Iran, but it could just as easily be in Sudan or Pakistan.
They could be anywhere that doesn't have a strong military radar system.
I'm pretty sure anybody who flies into Iran without authorisation will be told to turn back or be shot down.
"no you cannot do anything in PHP that you can do in Python or Perl!"
that statement in itself is true, but PHP is a web language and as for things to do ON THE WEB yes I would argue it is more feature rich.
Even if you disagree with the Python comparison it certainly beats the current state of Perl all the hell.
Source: I've developed in all three for work.
I've only ever developed in PHP (well, I tried ruby for a few months then ran away screaming in frustration), but I know of things in python/perl that PHP is missing.
For example PHP doesn't begin executing your code until after the browser has sent _all_ of the post data. This makes it impossible to create a file upload progress bar in PHP. You can do it in modern browsers with javascript now, but previously it had to be done server side and only languages like perl can handle that - because they begin executing the code before the browser has finished sending all the post data, allowing the perl script to communicate progress updates back to the browser.
Re:Not sure what you're talking about
on
The New PHP
·
· Score: 1
PHP works, it's fast as heck, and I can do anything you can do in python/perl just as well and way faster.
I don't know about python/perl but there are operations in PHP that need 200MB of memory which I could achieve in C with only 20KB of memory.
That's a 10,000x increase in memory consumption for PHP. If this has improved in version 5.5 I can't wait to give it a try.
And it's not just memory consumption, there are times when I run a xhprof on some slow PHP code and find out it's spending 90% of it's time allocating and/or freeing memory. If it used less memory, it would spend less time managing it.
PHP is a great language, but it's definitely not perfect. Memory and performance are "good enough" in most cases, but it's far from great.
Also, I have had to do my own manual garbage collection at times. There are no manual malloc/free API calls but I definitely do need to make use of unset() at times or otherwise refactor my code to reduce memory consumption.
I've not done much/any c/c++/java stuff other than compile source written by other folks in the past 14 years or so, so maybe the current crop of IDEs do this.
iOS/Mac/NeXT programming has worked that way for about 25 years. You build and configure a series of objects with a GUI and when the application launches all of those objects will be loaded into RAM, then a "loaded" event is fired on each of them. From there your code will typically create more objects and setup stuff that can't be done in the GUI.
Objects created in the GUI are tightly linked to your code, the GUI for building the objects understands how to parse and partially compile code (even half written/broken code) and you can connect things up, for example if a button should only be enabled if a particular method returns true, then you can hook that up by dragging a line from the button's "enabled" state onto the method in the source code.
You can also drag a line from the button's "action" onto the an empty line of code in the source code, and it will write a blank method that in your code doesn't do anything, with the button linked up to it. Or you can write the method yourself and drag the line onto the method name.
Right now I wish/. was sensors, because I want everyone who has commented on the beta in a non-beta related article to be permanently banned from ever commenting on the site.
It's fucking annoying, I came here to read comments and have discussions, the beta works well enough. Go talk about it in places like this article or just fuck off and never visit/. again, I don't care.
Please/. management, do not let a bunch of prissy idiots who think they own the site ruin it. Ban them, or at least give me the option of hiding all comments that mention "beta".
It's not just a different clock speed, it has different memory architecture and so on. It has dual high-end workstation GPUs (which normally cost around $6,000) with some of the more expensive parts of the GPU replaced with cheaper consumer grade gear (bringing the price down to around $1,000 or thereabouts). For example, non-ECC memory. And if you boot the mac pro into windows you can't even use the cards properly, because AMD's drivers are not compatible at all and Apple's drivers for bootcamp only do a half assed job of supporting them. Enough to boot and run windows perfectly but not enough to actually use the GPUs to their full potential.
The only non standard part Apple use is the motherboard, everything else is pretty much standard parts, memory, HDD, CPU's, GPU's etc are all stock standard parts available in whatever flavour machine you want Apple or not.
That's not true. They usually use modified versions of standard components. The current MacBook Pro has the RAM and SSD soldered onto the motherboard, and while the CPU is standard it has a custom connector and cooling system that has forced enough physical differences in the chip that it cannot be replaced. Most macs these days don't even have a GPU, they rely on intel's latest integrated ones which are finally pretty decent.
The Mac Pro is the only model Apple sells with fully standard CPU... but the GPU is non-standard, it's made by AMD but is a weird hybrid of two different GPUs that AMD sells, and Apple is the only company who can use it... one of the two GPUs in the mac pro even has a socket on it so you can plug in a bloody PCIe SSD card. On the GPU! They ran out of PCIe lanes on the processor, so the SSD has to share the lane of the second GPU which is actually a sensible choice since it's highly unlikely you will be maxing out the PCIe card (1.5GB/second) at the same time as doing serious computations on the GPU. That definitely is not a standard part.
On iOS apple builds everything themselves, they are famously known to have over 1,000 engineers working on just the CPU for the iPhone. They haven't gone that far with the mac but it's standard procedure to take components from other companies like AMD and Intel and Qualcomm but then modify to suit their own needs.
Patents are supposed to drive people to come up with ideas that would be cost prohibitive if they were not given some kind of incentive like a temporary government enforced monopoly.
Patents *were* supposed to do that. There have been a bunch of amendments since, and now their sole purpose is to make a lot of money for big companies. Which is arguably good for the economy of countries that have a lot of big entrenched companies, and bad for the economy of the rest of the world.
Giving out these monopolies in exchange for for such obvious ideas (i,.e. they would be invented regardless) is a shitty deal for society.
Slashdot Mirror
Last I heard, it still supports unencrypted, but only if both the client and server ask for it. If either one asks for encryption, then the connection is encrypted, even if there's no authentication (i.e. certificate). With no certificate, it's still possible to pull an active(MitM) attack, which is much harder to pull off at a large scale without anyone noticing (i.e. you can just collect all data you see).
A server cannot ask for encryption.
Unless the client establishes a secure connection in the first place, the server has no way of knowing if the client is actually who they claim to be. If the client attempts to establish a secure connection and the server responds with "I can't give you a secure connection" then the client needs to assume there is a man in the middle attack going on and refuse to communicate with the server.
There is no way around it, security needs to be initiated on the client and the server cannot be allowed to refuse a secure connection.
HSTS is a partial solution for this problem (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
I don't think HTTP has any problems with security. All the real world problems with HTTP security are caused by:
* dismally slow roll out of dnssec. It should have been finished years ago, but it has barely even started.
* the high price of acquiring an SSL certificate (it's just bits!).
* slow rollout of IPv6 (SSL certificates generally require a unique IP and we don't have enough to give every domain name a unique IP).
* arguments in the industry about how to revoke a compromised SSL certificate, which has lead to revocation being almost useless.
* SSL doesn't really work when there are thousands of certificate authorities, so some changes are needed to cope with the current situation (eg: dsnssec could be used to prevent two certificate authorities from signing the same domain name)
You sir, have obviously never encountered the problem. The message does one of two things: 1) Gets marked as delivered but is never delivered because the person has no iDevice or 2) Gets marked as undeliverable and is not resent as a text. I have a friend who has been trying to fix this for months and at first her messages disappeared into the abyss. Now they just fail to deliver and I have to manually resend it.
I have encountered the problem, and solved it for friends/family.
Since I'm an iOS developer, anybody who has any problem with their iPhone asks me how to fix it. And since I'm a tin-foil-hat-toting privacy advocate, I have studied various articles that reverse engineer how iMessage works. I know exactly what "delivered" means —it means some device somewhere decrypted the message. Apple's server cannot decrypt the message as they do not have the private key, so therefore they cannot possibly send a delivery confirmation.
Go ahead and try it out. Disable wifi and cellular data on an iPhone but leave the non-data cellular connection active, then send an iMessage to it.
The message will not change to "delivered" unless some other device is registered (and connected to the internet) to receive messages at that phone number. After some minutes, the blue message box on the sending device will change colour to green, signifying an SMS has been sent. Depending how good your cell carrier is, the SMS will be delivered instantly or after a few days (SMS is not a reliable messaging protocol...). This assumes you have not disabled SMS fallback on the sending device, which is the default.
I just did the test, and it proved my theory. Disconnecting my phone/ipad/mac caused a sending device to fail to show "delivered", and several minutes later my phone received an SMS message.
The system is overly complicated, mostly as a byproduct of Apple's end-to-end encryption system, which leads to a lot of customer confusion and miss-information when they try to diagnose one of the many things that can go wrong. But I know what I'm talking about, delivered means it was delivered to a device registered receive iMessages at that phone number.
Apparently Apple knows less about their own products than I do as an Apple developer.
Wrong. Your understanding of iMessage is incorrect, see below.
If the phone does not decrypt the message and send an acknowledgment within a few minutes, it will be sent as an SMS instead.
Incorrect. Fallback to SMS works in the case where the message fails to send not if it fails to receive which is why it will not fall back to SMS if the receiver's phone/ipad/laptop is simply switched off.
According to the article, the iMessage is sent and status immediately changes to "delivered". That means he has at least one device registered to receive iMessages at that phone number and it is turned on and received the message.
Incorrect again. It means that it has been delivered to the email account associated with the iMessage account.
His claim to have logged out of iMessage on all his devices is bullshit. He forgot one.
Incorrect yet again. Even if he turns of iMessage the receiver needs to have done the same thing or else his messages to her will be delivered to the email account associated with her iMessage account.
You're wrong, I know from experience that sending an iMessage to someone outside cell network range causes it to fall back to sending an SMS.
Also, I had a friend who would constantly receive double messages, because she had poor cell network coverage in her home, phone/sms worked fine but data had huge packet loss. iMesasge couldn't reach her and would fallback to SMS 50% of the time. When she reads the SMS the phone would connect to wifi and she'd receive the iMessage while reading the SMS, hens the regular complaints about double messages.
Hm. Failed to enable. Is this a new feature? Indeed, you can have iMessage send as SMS -- I didn't have that set up. It's in Settings->Messages->Send_as_SMS
The fallback to SMS is enabled by default. You must have turned it off.
You can pay directly to get rid of ads here. You can't say that for most other sites.
Or just have high enough Karma that they'll let you turn the ads off for free.
So if they can't enforce a fine, then what happens if you don't pay the straffavgift? It sounds like they don't have any authority to actually run things. While I appreciate the enforcement of privacy, does that also apply to businesses? Are they not allowed to keep track of who shop-lifted or passed bad forms of payment or otherwise caused problems and they don't want to let into their business again?
I don't know about Sweden but in most countries any business can refuse to server any customer for whatever reason they want, so long as it isn't race or gender or something discriminatory.
Here in Australia shoplifting will probably just get you kicked out of the store and told never to come back. The reason is the person doing the shoplifting (often a kid) might simply tell the cops that they're innocent. From then on the store will have to either drop their accusation or take it to court, which involves sending many thousands of dollars to your legal team, for no gain at all. You already recovered the stolen merchandise, so are not eligible for any compensation.
Unless they're a repeat offender, a judge will probably let them off with a slap on the wrist. Sending some poor kid who doesn't no better into the prison system over a stolen CD is a bad idea —inevitably that will lead them to commit more serious crimes later in life.
Since $15 per month is apparently enough to cover a $180 fine, they must be going on the assumption fare dodgers will be caught less than once per year.
What an idiotic statement. There's a very easy solution. If user has not been available on iMessage for more than reasonable amount of time, no more than a day, fall back to SMS.
Stupidly easy solution.
That's how it works. The "reasonable amount of time" is 5 minutes. And any message sent within those 5 minutes will automatically be re-sent as an SMS (which unfortunately means the recipient will receive the message twice... once the iMessage finally arrives).
And there can't be any bugs, because in order to acknowledge receipt of a message you have to decrypt the message, and the decryption keys cannot be copied off the device the message is being sent to. Part of it is stored in a dedicated corner of silicone, which cannot be read by software.
Apparently Apple knows less about their own products than I do as an Apple developer. You can't trust a random support employee to know how iMessage works, it's a complicated system.
It's very simple. If you send an SMS to a number registered as being an iPhone, it will be encrypted for that phone and sent over the internet. If the phone does not decrypt the message and send an acknowledgment within a few minutes, it will be sent as an SMS instead. Repeated delivery failures (2 or 3?) will automatically disable iMessage.
According to the article, the iMessage is sent and status immediately changes to "delivered". That means he has at least one device registered to receive iMessages at that phone number and it is turned on and received the message. His claim to have logged out of iMessage on all his devices is bullshit. He forgot one.
Pure meth is white/clear. But you could explain the blue color as the result of some additive they put into it, as a "trademark" of sorts.
Yes but a key part of the show was nobody else could cook blue meth. Walt had power over the drug dealers because he could give them something unique.
If all it took was an additive, the story would not have worked.
If you wanted to be really nasty you could just drop a bunch of Irukandji in the tank.
"I didn't think it was possible for anyone to endure that level of pain without turning into a vegetable." -- http://en.wikipedia.org/wiki/I...
Homeopaths I know charge $8 per vial. And $4 of that is just for medically certified empty bottle.
If it's $30 per vial where you are, I suspect more than half of that is going to the retail outlet.
You're making the assumption that all the bad stuff is outside the firewall and nothing evil ever gets in.
An example of how I use my firewall, is I block my email program from making any network connection other than imap/smtp. If it tries to make any other network connection (eg: downloading images from a web server), the firewall blocks it.
The total heat produced by radioactivity in Earth is 44.2 TW (Wikipedia).
Which means if we can capture 5% of it, that would be enough energy to power the entire world's energy needs.
Since this was clearly a well organised operation, it's likely the passengers had their electronic devices confiscated immediately.
So if they re-fueled OR if they loaded extra fuel, they could be anywhere, and the Indian Ocean flight corridor that is speculated on would lead to waypoints to the middle east. I'm guessing Iran, but it could just as easily be in Sudan or Pakistan.
They could be anywhere that doesn't have a strong military radar system.
I'm pretty sure anybody who flies into Iran without authorisation will be told to turn back or be shot down.
"no you cannot do anything in PHP that you can do in Python or Perl!"
that statement in itself is true, but PHP is a web language and as for things to do ON THE WEB yes I would argue it is more feature rich.
Even if you disagree with the Python comparison it certainly beats the current state of Perl all the hell.
Source: I've developed in all three for work.
I've only ever developed in PHP (well, I tried ruby for a few months then ran away screaming in frustration), but I know of things in python/perl that PHP is missing.
For example PHP doesn't begin executing your code until after the browser has sent _all_ of the post data. This makes it impossible to create a file upload progress bar in PHP. You can do it in modern browsers with javascript now, but previously it had to be done server side and only languages like perl can handle that - because they begin executing the code before the browser has finished sending all the post data, allowing the perl script to communicate progress updates back to the browser.
I've never done my own garbage collection, and PHP just updated it in 5.3.
PHP works, it's fast as heck, and I can do anything you can do in python/perl just as well and way faster.
I don't know about python/perl but there are operations in PHP that need 200MB of memory which I could achieve in C with only 20KB of memory.
That's a 10,000x increase in memory consumption for PHP. If this has improved in version 5.5 I can't wait to give it a try.
And it's not just memory consumption, there are times when I run a xhprof on some slow PHP code and find out it's spending 90% of it's time allocating and/or freeing memory. If it used less memory, it would spend less time managing it.
PHP is a great language, but it's definitely not perfect. Memory and performance are "good enough" in most cases, but it's far from great.
Also, I have had to do my own manual garbage collection at times. There are no manual malloc/free API calls but I definitely do need to make use of unset() at times or otherwise refactor my code to reduce memory consumption.
A picture is worth a thousand words.
A thousand pictures flipping past at 24 frames per second is worth ten words.
I've not done much/any c/c++/java stuff other than compile source written by other folks in the past 14 years or so, so maybe the current crop of IDEs do this.
iOS/Mac/NeXT programming has worked that way for about 25 years. You build and configure a series of objects with a GUI and when the application launches all of those objects will be loaded into RAM, then a "loaded" event is fired on each of them. From there your code will typically create more objects and setup stuff that can't be done in the GUI.
Objects created in the GUI are tightly linked to your code, the GUI for building the objects understands how to parse and partially compile code (even half written/broken code) and you can connect things up, for example if a button should only be enabled if a particular method returns true, then you can hook that up by dragging a line from the button's "enabled" state onto the method in the source code.
You can also drag a line from the button's "action" onto the an empty line of code in the source code, and it will write a blank method that in your code doesn't do anything, with the button linked up to it. Or you can write the method yourself and drag the line onto the method name.
Right now I wish /. was sensors, because I want everyone who has commented on the beta in a non-beta related article to be permanently banned from ever commenting on the site.
It's fucking annoying, I came here to read comments and have discussions, the beta works well enough. Go talk about it in places like this article or just fuck off and never visit /. again, I don't care.
Please /. management, do not let a bunch of prissy idiots who think they own the site ruin it. Ban them, or at least give me the option of hiding all comments that mention "beta".
It's not just a different clock speed, it has different memory architecture and so on. It has dual high-end workstation GPUs (which normally cost around $6,000) with some of the more expensive parts of the GPU replaced with cheaper consumer grade gear (bringing the price down to around $1,000 or thereabouts). For example, non-ECC memory. And if you boot the mac pro into windows you can't even use the cards properly, because AMD's drivers are not compatible at all and Apple's drivers for bootcamp only do a half assed job of supporting them. Enough to boot and run windows perfectly but not enough to actually use the GPUs to their full potential.
The only non standard part Apple use is the motherboard, everything else is pretty much standard parts, memory, HDD, CPU's, GPU's etc are all stock standard parts available in whatever flavour machine you want Apple or not.
That's not true. They usually use modified versions of standard components. The current MacBook Pro has the RAM and SSD soldered onto the motherboard, and while the CPU is standard it has a custom connector and cooling system that has forced enough physical differences in the chip that it cannot be replaced. Most macs these days don't even have a GPU, they rely on intel's latest integrated ones which are finally pretty decent.
The Mac Pro is the only model Apple sells with fully standard CPU... but the GPU is non-standard, it's made by AMD but is a weird hybrid of two different GPUs that AMD sells, and Apple is the only company who can use it... one of the two GPUs in the mac pro even has a socket on it so you can plug in a bloody PCIe SSD card. On the GPU! They ran out of PCIe lanes on the processor, so the SSD has to share the lane of the second GPU which is actually a sensible choice since it's highly unlikely you will be maxing out the PCIe card (1.5GB/second) at the same time as doing serious computations on the GPU. That definitely is not a standard part.
On iOS apple builds everything themselves, they are famously known to have over 1,000 engineers working on just the CPU for the iPhone. They haven't gone that far with the mac but it's standard procedure to take components from other companies like AMD and Intel and Qualcomm but then modify to suit their own needs.
Patents are supposed to drive people to come up with ideas that would be cost prohibitive if they were not given some kind of incentive like a temporary government enforced monopoly.
Patents *were* supposed to do that. There have been a bunch of amendments since, and now their sole purpose is to make a lot of money for big companies. Which is arguably good for the economy of countries that have a lot of big entrenched companies, and bad for the economy of the rest of the world.
Giving out these monopolies in exchange for for such obvious ideas (i,.e. they would be invented regardless) is a shitty deal for society.
I agree 100%.