For the wide array of hardware support that MS pulls off, it's not doing so bad.
You have your cart and horse backwards. MS has a desktop OS monopoly. Every computer hardware manufacturer knows it. If you build a new ExpressCard standard or any other new type of hardware your product will fail in the market unless MS supports it or it is a niche product that people are willing to use with an alternate OS. Every manufacturer out there not only has to build to specs MS supports, but often has to pay MS to help them code and test the drivers. MS doesn't "support" all the different hardware and OEM laptops. Hardware manufacturers and OEMs do the work for them. MS just has to be careful about backwards compatibility and changing too quickly.
I think that down the road, we'll see a lot more PC games on the Mac because now the effort to port apps will be minimized. No longer will much of a game's codebase need to be rewritten to take advantage of PowerPC architecture.
The main issue with porting games is that so many companies rely upon MS's proprietary DirectX. Developers I know who worked on major games that don't rely upon DirectX have told me the CPU optimization stuff was pretty trivial. So long as developers avoid DirectX, they don't have problems (See Blizzard, ID). When they do rely upon DirectX, ports are a pain.
In reality, I don't see this architecture switch changing much, except making it easy to run Windows apps with minor speed hits.
The only version of Windows that can boot from an EFI bios is Windows XP 64-bit Edition, but the Intel Macs have 32-bit CPUs.
The EFI spec includes BIOS backwards compatible functionality. Assuming Apple implemented that functionality Windows should boot (but install might be a bit annoying). Otherwise, MS has announced EFI support for all versions of XP and Vista.
GRUB already works with EFI, and GRUB can launch Windows... From my experience, WindowsXP has pretty much ignored anything about the hardware that the bios has told it (I've disabled HDs, but windows sees them, etc). Could it be possible that GRUB could be installed on a Mac and used to load Windows?
I haven't seen Apple's EFI implementation, but the EFI spec says it takes over the duties of a bootloader and can be used by itself to boot from different partitions. There are defined codes for all the Windows filesystems. I don't even see why you'd need GRUB at all.
The benefits of a port might be because of cheaper or easier to find hardware capable of running something that it wasn't meant to but is very useful to users. I don't think this is the case in putting Windows on an Intel Mac because Intel Macs are cheaper than what I can piece together in PC x86 form. Don't get me wrong, Macs are nice machines but they're not exactly easy to upgrade or fix on your own.
Windows will run on EFI eventually (some versions do now). EFI supports BIOS compatible partitions. The only issue is you need a clue to install Windows. Imaging an existing Windows install is probably the easiest route. People will do this because they want to be able to dual boot to play games, for testing, or to run some particular rarely needed application. As to the comments about Macs not being easy to upgrade and fix, you're way off. Macs are easier to upgrade and fix, provided you buy the right parts and you're comparing the same kinds of machines. imacs aren't particularly easy, but neither are any all in one machines. Their laptops are about the same as any other. Their towers are easier. I have an older g4 tower that serves as my PVR. When I want to add another drive I take out one screw and the whole drive chassis pulls out. Opening the case is as easy as lifting the latch and the whole side of the housing hinges down, with half the parts mounted on it. It is so much easier to work on than any PC I have ever owned that there is just no comparison.
I think the analogy is accurate, but I think it's highly inappropriate to trivialize the service our men and women in uniform give this country by comparing them with something as innocous as data mining by a computer company.
Hmm, either you are just trying to win an argument using the logical fallacy of an emotive plea, or you truly believe this trivializes the deaths of soldiers. In the first case, you have failed. In the second, perhaps you should consider why you think this trivializes their deaths. What about such an analogy causes you to think less of dead soldiers?
That's exactly what I'm arguing. If a person purchases a commercially licensed piece of software, and is concerned about things like this (which most people aren't), they should thoroughly read the EULA, with a lawyer present, and be sure they understand the ramifications of their purchase.
I see, so you think companies should be able to hide behind legal licenses. If, for example, I buy a video game that has a click through license you think it is ok for that game to scour my hard drive for financial records and send them to the game company? Or perhaps they could turn on your Webcam and sell any nakedness that they manage to catch. Provided, of course, that they have some legalese that says they can do anything they want. Have you read the licenses that come with software? The vast majority of them are filled with unenforceable clauses they put in in the hopes it might be enforceable somewhere. Luckily the courts disagree with you. Licenses need to be read by both parties and there needs to be an understanding of the terms before the license is enforceable. In my state "I didn't read the license" is valid grounds for it to be dismissed.
Companys are going to data mine, a bunch of lawmakers in Washington making a bunch of noise about it isn't going to change that.
Defeatism is not a logical argument. Making it illegal to mine data is a valid way to stop it.
When I bought my TV, I did not check to see if their is a hidden camera in it that records my every move. When I bought my blender, I did not investigate it to see if it transforms into a robot that harvests my blood at night and delivers it to a local research firm. I did not do these things because I do not have a reasonable expectation that they would behave in such a way. Now if I install a music player, I don't expect it to report on my behavior to the company that wrote it, and most other people don't have that expectation either. I'm not too concerned that it does, and I can see that it does when I run the program, but it is not what I was lead to believe the software would do. Previous versions of the same software did not do these things. As a result, I think Apple is ethically in the wrong here. They should have informed users as to what it was doing before doing anything. Just as my blender maker should tell me beforehand if their blender also harvests my blood, rather than waiting for me to wake up and see it doing so.
Isn't that what a rootkit does - allow unauthorized access?
The terminology being used is confusing to many people. In common parlance a rootkit is a general purpose setup to compromise a system and hide all evidence of that compromise. Usually this includes a "kernel" patch that hides the offending files and in some cases network traffic. Symantec is patching the "kernel" to hide files, and doing so is wholly unnecessary. My guess is were not concerned about users so much as malware/worms that would automatically cripple their program. The side affect of this is worms can actually exploit this to hide themselves. It seems like a risky and invasive attempt at security through obscurity.
A big part of the problem is that they are trying to secure an inherently insecure system, without having access to the source code. Windows users are generally admin (since Windows is pretty unusable as a regular user) and local privilege escalations are common and trivial. I don't think MS even tries to fix them anymore. As a result Symantec is basically in an arms race on even footing with malware authors.
While I don't want anyone "hiding" stuff on my system, I know very well there are users out there that can be easily convinced to delete important system files...
That is part of the danger of using Windows. Clueless users have unfettered access to delete vital parts of the system and rightly believe worms and viruses can easily infect their poorly secured machines. Still, Symantec should have known this was unworkable in the long term and would result in a persistent liability.
Sony's rootkit was done entirely under good intentions as well (like it or not DRM is not a bad intention), and look how that turned out.
I'm not sure that your assertion is defensible. Sony wanted to make my computer less functional so that they could have more of my money. I don't consider that to be good intent.
I had a few issues this morning. After each page loaded completely, I reloaded them. It seems to have solved the issue. Perhaps they changed their CSS?
So who decides what constitutes being 'consciously aware' consists of?
That depends upon the context, of course. If this ever were to go to court in a jurisdiction that had anti-spyware laws, the courts would likely be ruling on if a user "knew or had a reasonable expectation" that the software would send information about their listening habits back to Apple.
No, but that's a good example. They opted-in when they signed up with the military. They were expected to be in harms way. Of course those that were drafted did not 'opt-in' either way... Regardless, I think comparing a little data mining about your music habits to military service is a little out of proportion.
You seem to be contradicting yourself. Is it a good analogy or not? Here's my take. The average person joining the military has a reasonable expectation that they might be put in danger. Anyone, soldier or civilian, picking up a basket does not have a reasonable expectation that it will explode. One is intentionally deceitful. One is not. Are you arguing that the average person who buys a mac, or installs iTunes expects that Apple will be listening in on what music they play?
I didn't say Jobs was a jerk or didn't provide a better/different work environment. I said he was ruthless. He didn't get where he is today without being a very competitive businessman.
No, but you used that to support the argument that Apple cannot be trusted any more than Microsoft. Believe it or not, the corporate culture has more to do with a company's actions than the CEO. That culture is usually a reflection of what type of people and what values the CEO promotes over a long period of time.
I was referring (somewhat sarcastically) to the current topic of iTunes spyware. This could be an issue that tarnishes Apples spotless reputation.
...and that has what to do with them being a monopoly? Behaving unethically does not make you a monopoly. Apple is constantly doing things that may tarnish or improve their reputation. No one I can think of would be foolish enough to judge a company by any single action. A pattern of behavior is a useful predictor. A single data point is not.
Algae are not generally classified as plants. Traditionally they are protista, although some are calling for green and red algae to be added to the plant kingdom.
IMHO, iTunes users 'opted-in' when they installed the software. I'm sure there's an EULA with a phrase buried in it that gives Apple perfect right to do what they are doing. If not, I'm sure someone will start a lawsuit.
You aren't opting in unless you are consciously aware of what is going on. GI's in Vietnam did not opt-in to being blown up with a hand grenade when they picked up a basket outside their barracks. That is because they did not know it would trigger a hand grenade. If users don't know or reasonable suspect the software is sending information about them to Apple, then they can't have opted in.
Legally, Apple may or may not be in the clear, depending upon the jurisdiction. Ethically, I think they have trodden on questionable ground, and it depends upon their intent. If they are mining/using/selling individuals data I think they should have warned people of that in advance. I will trust them less.
You must also admit that the opposite is true. Many people trust blindly and then apply arguments to validate their feelings. Why do people 'trust' Apple? Are they a particularly trustworthy company?
Thus far they have not done anything to lose my trust. They have done several things to gain my trust, like donating code to open source projects, and quickly solving any customer support issues I have had, rather than trying to weasel out of paying for fixes.
MS, on the other hand, has sued orphanages, intentionally corrupted standards, violated anti-trust laws, and killed cool technology. They have been caught lying numerous times and they sell inferior, flawed software while constantly claiming how it is not flawed or insecure.
Actually I think their CEO is probably as rutheless as his counterpart at Microsoft.
I disagree, and more importantly I've heard descriptions very different cultures from friends who have worked for both companies. MS has some smart and innovative people, but they are run by businessmen and the tech side is forced to compromise again and again. Apple is more balanced, if anything the tech side wins out. They are focused on making money, but there is a huge drive to make cool new things and actually change things for the better in the computer industry. Occasionally they release products that are more cool than practical for the market.
Jobs is just smart enough not to piss off his customer base, and of course has not had any type of monopoly until now.
Until now? Come on, the new laptop is cool, but I don't think it has sold that well already.
People trust Apple because they produce designer, feel good products, have a good corporate image and have not had many big PR fiascos. That's not a good enough reason for me to trust them.
I trust Apple, to a point. Obviously they are a business and obviously they will work in their own best interests. I trust them, however, because they have earned that trust over many years.
This will be a good test to see if people can trust Apple. I'm guessing this 'feature' will dissappear in the next release of iTunes because Apple, in general, appears to believe that trust and behaving ethically is important to business.
I doubt this feature will disappear, but hopefully a clear privacy policy will be issued along with a statement about how the data is used. They might switch the feature to opt in, and ask users to enable it, but I doubt that.
1) "But you can turn it off!" - Authors can opt-out, but Google is evil since it should be an opt-in system.
What!?! So there is no qualitative difference between employing the fair use clauses of copyright law, and software that calls home? To say one should be opt in and one should be opt out is in no way inconsistent. I think military service should be opt in. I think hot sauce on tacos at the mexican place should be opt-out. So what? They are completely different things.
Slashdot(and people in general) turn arguments around to favor the outcome they desire. Apple and Google are popular, so excuses are made for them when they do something questionable.
Or maybe people form opinions based upon facts and then express those opinions, even when in some cases they think something is appropriate and in others they don't. I think people should be allowed to play loud music in parks. I don't think people should be allowed to play loud music in hospitals. Why is it so hard to understand that these beliefs are not contradictory or hypocritical. I heard no one making excuses for Apple. I did hear a lot of people say they are not worried about Apple will do. This is called trust. It is something people and companies earn by behaving ethically and used to be very important to both businesses and individuals.
Microsoft is unpopular, so the same arguments are used to condemn their questional behavior.
If you read all the comments above, very few people agree Apple should be doing what they are doing. The only difference is that when there is a question as to what is being done, people are more likely to trust Apple. This is because Apple, unlike MS, has not been screwing them over and behaving unethically on a daily basis. To make judgments without looking at the history of the participants is illogical, not the other way around.
It's long been said that people are the greatest security problem. And I believe that applies to Microsoft's security problems as well. As long as the education of Microsoft's user base is neglected (or actively refused by some), MS's efforts (feeble as they may seem at times) will have limited success.
Sorry, this is just not the case. The majority of compromises by number and by bandwidth consumed are automated worms that require no user intervention. I have no doubt, that with proper security policies and good coding MS can one day aspire to make users the weakest link, but until that time, all the education in the world is useless.
Right now Windows users are not given the power they need to keep their machines safe. Unnecessary services run by default. MS software does not run properly as non-admin. Local privilege escalations are trivial. Executables masquerade as data easily and the UI does not inform the users what they are dealing with. New applications are not restricted by default. Error messages and warning are not phrased in plain english. Dialogue boxes appear with alarming frequency and almost always with the same two options: OK/Cancel. This trains users to just click "OK" to make things work, since they don't understand most of the thousands of messages spewed at them regularly. Default applications run with escalated privileges and execute data if it happens to be the right format. Internet applications mingle code with critical parts of the GUI.
I'm afraid I'll have to disagree with you. Users are not given the opportunity to be the weakest link, and focusing on the required, huge amounts of education that would be required to run Windows safely is unfeasible. Fix Windows first, then worry about education.
It would be interesting to re-phrase the question and replace "iTunes" with "Windows Media Player" and see what kinds of responses are generated by the Slashdot crowd.
I think Apple has behaved inappropriately. At the same time, however, I'd be a lot more worried about this in WMP than in an Apple product. This is because, having followed both companies, one has earned some level of trust and the other has not. From Apple I expect that this new feature will not contain obvious flaws that will let someone gain root on my machine. I trust that when turned off, it actually does not send data. I believe it unlikely Apple is mining this data, rather than just sending automated suggestions and forgetting them. I could be wrong on any of these things and time will tell, but I give Apple the benefit of the doubt. There is nothing illogical about this. If Charles Manson walked into the room right now carrying a bloody knife, I'd run the other way. If my boss came in, I'd ask him if he cut himself and if he needed help. Microsoft is Charles Manson.
Can't RTFA, as its slashdotted, but if I buy a song from iTMS, they already know what I've bought from them, I'd expect them to tailor ads to my choices. They shouldn't be transmitting that data anywhere, as they already have it. Now, if I rip a CD in iTunes, and that data is reported back to iTMS, that's bad, even if they strip out personally identifying info. Though I'd call it spyware, not malware.
They can't tailor ads, without calling home because they don't know what music you actually listen to, or even which user is logged in. The idea is that if you are listening to music from a band, and a new album by them just came out, they can let you know. That might be useful to me if it is well implemented. This is a feature, but one with privacy/security implications.
They should have a clear privacy policy addressing this in place. They should have the feature disabled by default, even if they put a big enable button in that pane. I agree that as it it stands it is possibly spyware, but until Apple publicly announces what they are doing with the data, I'm reserving judgement.
You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".
If the crack dealer I see on the corner were to pull a gun out of his pocket, I'd go for cover. If my brother pulled a gun out of his pocket I'd probably say something like, "hey what is that gun you're carrying?" The reason for this is because I know my brother and have some level of trust in him. I might say, "hey put that away" if I felt it was inappropriate. I feel that what Apple has done is inappropriate. They should have issued a privacy policy that explains what they do and don't do with the information they are collecting. They should have had the feature disabled by default (even if they included a big "enable ministore suggestions" button). That said, Sony has a history of doing unethical things, as does MS. Apple has a much better record. Thus, I give them the benefit of the doubt and assume they are probably not data mining. If that proves not to be the case, I'll be more skeptical of them in the future.
I can't believe people are focusing on this, however. I mean sure, this is pseudo-spyware (not malware), but Apple just released machines that implement EFI. I'm much more concerned about the "trusted computing" possibilities of the new firmware than I am about iTunes. One might let them collect data about the songs listened to using freeware they distribute (with an easy option to turn it off). The other might allow them to restrict your actions on the hardware you buy, after the purchase. I'm tentatively giving them the benefit of the doubt there too, but it is certainly a much more pressing concern than iTunes phoning home.
Just curious, what is their marketshare for IM? I tried looking it up w/o success.
I don't have the numbers in front of me, but last time I looked AIM had 50% and Yahoo and MSN split the rest of it. In the US AIM has a bigger lead than overseas.
So I guess which approach you take depends on your goal. If your goal is the glory of a 0-day exploit, then post away. But if your goal is the security of the end user, maybe you should keep it to yourself for the time being.
You've made a number of incorrect assumptions and failed to consider several important concerns. First, is the vulnerability likely being exploited? Is the vulnerability able to be mitigated by users and if so, are there drawbacks to the fix? What systems would be made vulnerable?
For example, suppose I find a trivial exploit in code I know blackhats have already reviewed. That means there is a good possibility that it is being quietly exploited. Or what if I am running a network that needs network access, but is top-secret and would be disastrous if compromised. I find a flaw that has a work-around that requires disabling a service. This will cost hundreds of thousands of dollars a day, but I can't risk exposure. Should I:
quietly disclose it to MS and wait for them to fix it, costing millions of dollars
disclose it publicly thus allowing other admins to disable it and spurring MS to fix it faster and thus saving myself millions of dollars
Here's my general take on things. Windows machines will be compromised in huge numbers until MS gets their act together. Compromises to the average machine are not too important to me. Why do I care if 100,000 idiots turn into spam bots? Compromises to my system do concern me. The best way for me to keep my machine secure (and for other security conscious people who run important systems) is for me to be well informed about vulnerabilities. If there is a vulnerability in a particular service I want to know, so that I can disable it if need be, plan work arounds, migrate to a different service, and set up honey pots and IDSs to look for attacks or strange behavior.
To put it bluntly, in some cases it is best for me to publicly disclose vulnerabilities and in others it is not. To imply, however, that it has something to do with trying to garner fame or a reputation is very mistaken. In some cases the security of end users if better served by full disclosure, while in other cases it is not. It all depends upon the vulnerability.
On the other hand, Windows XP does fairly nasty stuff with any existing MBRs, so unless OS X is designed or patched to cope with the XP installer there would be a problem.
The new macs are using EFI as their firmware, which means no MBRs. (Well there is a legacy MBR, but the firmware ignores it.) You should be able to have as many OS's as you want co-existing, although I don't know anyone who has actually seen Apple's implementation yet. As an aside, EFI should also manage all the functions of the traditional boot-loader.
After the slashdot effect, let see the keynote effect on applestore site: 30 minutes before the keynote adress: not available "for update", ok, I understand...
3 minutes after the end of the show, it was up and running for about 10 minutes now, it is quite dead.
It worked fine for me; still does. I believe Apple uses Akamai, just like everyone else, to mitigate their bandwidth spikes. Thus it is possible Akamai choked at your local node. I don't think it dropped off for most people though.
Now I just have to wait and see if Apple/Mac will finally be validated by the geek community before I can get one... but could this be the news that finally gives it approval with my oh so important "Linux or nothing else" loyalist friends?
You need your friends' approval to buy a laptop? As for geek credibility, I work in an office full of security geeks and most of the office has switched. And wasn't Linus running Linux on a mac for quite a while? Just buy what works for you already.
Making up scenarios (ie, "they could have known this for months") and then implying that it took longer than 10 days is just as useless.
The original poster said that MS only had 10 days to build a patch and test it. I replied saying that we don't have enough information to draw that conclusion since we don't know when MS was informed of the vulnerability or exploit. Then I postulated that they could have known about it for months. This is called an example. It was demonstrating the way in which the previous poster's argument was flawed; since there was no more information to support their assertion than any other, including the example.
Now why don't you tell me just what is your problem with my argument. Or you could take a community college course in logic and rhetoric so that you can comprehend arguments in the future.
For the wide array of hardware support that MS pulls off, it's not doing so bad.
You have your cart and horse backwards. MS has a desktop OS monopoly. Every computer hardware manufacturer knows it. If you build a new ExpressCard standard or any other new type of hardware your product will fail in the market unless MS supports it or it is a niche product that people are willing to use with an alternate OS. Every manufacturer out there not only has to build to specs MS supports, but often has to pay MS to help them code and test the drivers. MS doesn't "support" all the different hardware and OEM laptops. Hardware manufacturers and OEMs do the work for them. MS just has to be careful about backwards compatibility and changing too quickly.
I think that down the road, we'll see a lot more PC games on the Mac because now the effort to port apps will be minimized. No longer will much of a game's codebase need to be rewritten to take advantage of PowerPC architecture.
The main issue with porting games is that so many companies rely upon MS's proprietary DirectX. Developers I know who worked on major games that don't rely upon DirectX have told me the CPU optimization stuff was pretty trivial. So long as developers avoid DirectX, they don't have problems (See Blizzard, ID). When they do rely upon DirectX, ports are a pain.
In reality, I don't see this architecture switch changing much, except making it easy to run Windows apps with minor speed hits.
Maybe Mac could port a version of OS X to the PC platform?
I doubt it. Mac is a good guy, and he can really drink, but he doesn't know anything about programming.
Ok, ... It's maybe a tiny little bit too risky, something like taking the nice big bone out a pigbulls mouth,
What's a pigbull?
The only version of Windows that can boot from an EFI bios is Windows XP 64-bit Edition, but the Intel Macs have 32-bit CPUs.
The EFI spec includes BIOS backwards compatible functionality. Assuming Apple implemented that functionality Windows should boot (but install might be a bit annoying). Otherwise, MS has announced EFI support for all versions of XP and Vista.
GRUB already works with EFI, and GRUB can launch Windows... From my experience, WindowsXP has pretty much ignored anything about the hardware that the bios has told it (I've disabled HDs, but windows sees them, etc). Could it be possible that GRUB could be installed on a Mac and used to load Windows?
I haven't seen Apple's EFI implementation, but the EFI spec says it takes over the duties of a bootloader and can be used by itself to boot from different partitions. There are defined codes for all the Windows filesystems. I don't even see why you'd need GRUB at all.
The benefits of a port might be because of cheaper or easier to find hardware capable of running something that it wasn't meant to but is very useful to users. I don't think this is the case in putting Windows on an Intel Mac because Intel Macs are cheaper than what I can piece together in PC x86 form. Don't get me wrong, Macs are nice machines but they're not exactly easy to upgrade or fix on your own.
Windows will run on EFI eventually (some versions do now). EFI supports BIOS compatible partitions. The only issue is you need a clue to install Windows. Imaging an existing Windows install is probably the easiest route. People will do this because they want to be able to dual boot to play games, for testing, or to run some particular rarely needed application. As to the comments about Macs not being easy to upgrade and fix, you're way off. Macs are easier to upgrade and fix, provided you buy the right parts and you're comparing the same kinds of machines. imacs aren't particularly easy, but neither are any all in one machines. Their laptops are about the same as any other. Their towers are easier. I have an older g4 tower that serves as my PVR. When I want to add another drive I take out one screw and the whole drive chassis pulls out. Opening the case is as easy as lifting the latch and the whole side of the housing hinges down, with half the parts mounted on it. It is so much easier to work on than any PC I have ever owned that there is just no comparison.
I think the analogy is accurate, but I think it's highly inappropriate to trivialize the service our men and women in uniform give this country by comparing them with something as innocous as data mining by a computer company.
Hmm, either you are just trying to win an argument using the logical fallacy of an emotive plea, or you truly believe this trivializes the deaths of soldiers. In the first case, you have failed. In the second, perhaps you should consider why you think this trivializes their deaths. What about such an analogy causes you to think less of dead soldiers?
That's exactly what I'm arguing. If a person purchases a commercially licensed piece of software, and is concerned about things like this (which most people aren't), they should thoroughly read the EULA, with a lawyer present, and be sure they understand the ramifications of their purchase.
I see, so you think companies should be able to hide behind legal licenses. If, for example, I buy a video game that has a click through license you think it is ok for that game to scour my hard drive for financial records and send them to the game company? Or perhaps they could turn on your Webcam and sell any nakedness that they manage to catch. Provided, of course, that they have some legalese that says they can do anything they want. Have you read the licenses that come with software? The vast majority of them are filled with unenforceable clauses they put in in the hopes it might be enforceable somewhere. Luckily the courts disagree with you. Licenses need to be read by both parties and there needs to be an understanding of the terms before the license is enforceable. In my state "I didn't read the license" is valid grounds for it to be dismissed.
Companys are going to data mine, a bunch of lawmakers in Washington making a bunch of noise about it isn't going to change that.
Defeatism is not a logical argument. Making it illegal to mine data is a valid way to stop it.
When I bought my TV, I did not check to see if their is a hidden camera in it that records my every move. When I bought my blender, I did not investigate it to see if it transforms into a robot that harvests my blood at night and delivers it to a local research firm. I did not do these things because I do not have a reasonable expectation that they would behave in such a way. Now if I install a music player, I don't expect it to report on my behavior to the company that wrote it, and most other people don't have that expectation either. I'm not too concerned that it does, and I can see that it does when I run the program, but it is not what I was lead to believe the software would do. Previous versions of the same software did not do these things. As a result, I think Apple is ethically in the wrong here. They should have informed users as to what it was doing before doing anything. Just as my blender maker should tell me beforehand if their blender also harvests my blood, rather than waiting for me to wake up and see it doing so.
Isn't that what a rootkit does - allow unauthorized access?
The terminology being used is confusing to many people. In common parlance a rootkit is a general purpose setup to compromise a system and hide all evidence of that compromise. Usually this includes a "kernel" patch that hides the offending files and in some cases network traffic. Symantec is patching the "kernel" to hide files, and doing so is wholly unnecessary. My guess is were not concerned about users so much as malware/worms that would automatically cripple their program. The side affect of this is worms can actually exploit this to hide themselves. It seems like a risky and invasive attempt at security through obscurity.
A big part of the problem is that they are trying to secure an inherently insecure system, without having access to the source code. Windows users are generally admin (since Windows is pretty unusable as a regular user) and local privilege escalations are common and trivial. I don't think MS even tries to fix them anymore. As a result Symantec is basically in an arms race on even footing with malware authors.
While I don't want anyone "hiding" stuff on my system, I know very well there are users out there that can be easily convinced to delete important system files...
That is part of the danger of using Windows. Clueless users have unfettered access to delete vital parts of the system and rightly believe worms and viruses can easily infect their poorly secured machines. Still, Symantec should have known this was unworkable in the long term and would result in a persistent liability.
Sony's rootkit was done entirely under good intentions as well (like it or not DRM is not a bad intention), and look how that turned out.
I'm not sure that your assertion is defensible. Sony wanted to make my computer less functional so that they could have more of my money. I don't consider that to be good intent.
I had a few issues this morning. After each page loaded completely, I reloaded them. It seems to have solved the issue. Perhaps they changed their CSS?
So who decides what constitutes being 'consciously aware' consists of?
That depends upon the context, of course. If this ever were to go to court in a jurisdiction that had anti-spyware laws, the courts would likely be ruling on if a user "knew or had a reasonable expectation" that the software would send information about their listening habits back to Apple.
No, but that's a good example. They opted-in when they signed up with the military. They were expected to be in harms way. Of course those that were drafted did not 'opt-in' either way... Regardless, I think comparing a little data mining about your music habits to military service is a little out of proportion.
You seem to be contradicting yourself. Is it a good analogy or not? Here's my take. The average person joining the military has a reasonable expectation that they might be put in danger. Anyone, soldier or civilian, picking up a basket does not have a reasonable expectation that it will explode. One is intentionally deceitful. One is not. Are you arguing that the average person who buys a mac, or installs iTunes expects that Apple will be listening in on what music they play?
I didn't say Jobs was a jerk or didn't provide a better/different work environment. I said he was ruthless. He didn't get where he is today without being a very competitive businessman.
No, but you used that to support the argument that Apple cannot be trusted any more than Microsoft. Believe it or not, the corporate culture has more to do with a company's actions than the CEO. That culture is usually a reflection of what type of people and what values the CEO promotes over a long period of time.
I was referring (somewhat sarcastically) to the current topic of iTunes spyware. This could be an issue that tarnishes Apples spotless reputation.
...and that has what to do with them being a monopoly? Behaving unethically does not make you a monopoly. Apple is constantly doing things that may tarnish or improve their reputation. No one I can think of would be foolish enough to judge a company by any single action. A pattern of behavior is a useful predictor. A single data point is not.
MagCap is looking to boost the current power from just under 2 volts to a more useful 12 volts with investor funding."
Can I have some of the investor's money if I tell him to wire six trees in series? I'm going to go patent my new "grove" power concept now.
Algae are not generally classified as plants. Traditionally they are protista, although some are calling for green and red algae to be added to the plant kingdom.
IMHO, iTunes users 'opted-in' when they installed the software. I'm sure there's an EULA with a phrase buried in it that gives Apple perfect right to do what they are doing. If not, I'm sure someone will start a lawsuit.
You aren't opting in unless you are consciously aware of what is going on. GI's in Vietnam did not opt-in to being blown up with a hand grenade when they picked up a basket outside their barracks. That is because they did not know it would trigger a hand grenade. If users don't know or reasonable suspect the software is sending information about them to Apple, then they can't have opted in.
Legally, Apple may or may not be in the clear, depending upon the jurisdiction. Ethically, I think they have trodden on questionable ground, and it depends upon their intent. If they are mining/using/selling individuals data I think they should have warned people of that in advance. I will trust them less.
You must also admit that the opposite is true. Many people trust blindly and then apply arguments to validate their feelings. Why do people 'trust' Apple? Are they a particularly trustworthy company?
Thus far they have not done anything to lose my trust. They have done several things to gain my trust, like donating code to open source projects, and quickly solving any customer support issues I have had, rather than trying to weasel out of paying for fixes.
MS, on the other hand, has sued orphanages, intentionally corrupted standards, violated anti-trust laws, and killed cool technology. They have been caught lying numerous times and they sell inferior, flawed software while constantly claiming how it is not flawed or insecure.
Actually I think their CEO is probably as rutheless as his counterpart at Microsoft.
I disagree, and more importantly I've heard descriptions very different cultures from friends who have worked for both companies. MS has some smart and innovative people, but they are run by businessmen and the tech side is forced to compromise again and again. Apple is more balanced, if anything the tech side wins out. They are focused on making money, but there is a huge drive to make cool new things and actually change things for the better in the computer industry. Occasionally they release products that are more cool than practical for the market.
Jobs is just smart enough not to piss off his customer base, and of course has not had any type of monopoly until now.
Until now? Come on, the new laptop is cool, but I don't think it has sold that well already.
People trust Apple because they produce designer, feel good products, have a good corporate image and have not had many big PR fiascos. That's not a good enough reason for me to trust them.
I trust Apple, to a point. Obviously they are a business and obviously they will work in their own best interests. I trust them, however, because they have earned that trust over many years.
This will be a good test to see if people can trust Apple. I'm guessing this 'feature' will dissappear in the next release of iTunes because Apple, in general, appears to believe that trust and behaving ethically is important to business.
I doubt this feature will disappear, but hopefully a clear privacy policy will be issued along with a statement about how the data is used. They might switch the feature to opt in, and ask users to enable it, but I doubt that.
1) "But you can turn it off!" - Authors can opt-out, but Google is evil since it should be an opt-in system.
What!?! So there is no qualitative difference between employing the fair use clauses of copyright law, and software that calls home? To say one should be opt in and one should be opt out is in no way inconsistent. I think military service should be opt in. I think hot sauce on tacos at the mexican place should be opt-out. So what? They are completely different things.
Slashdot(and people in general) turn arguments around to favor the outcome they desire. Apple and Google are popular, so excuses are made for them when they do something questionable.
Or maybe people form opinions based upon facts and then express those opinions, even when in some cases they think something is appropriate and in others they don't. I think people should be allowed to play loud music in parks. I don't think people should be allowed to play loud music in hospitals. Why is it so hard to understand that these beliefs are not contradictory or hypocritical. I heard no one making excuses for Apple. I did hear a lot of people say they are not worried about Apple will do. This is called trust. It is something people and companies earn by behaving ethically and used to be very important to both businesses and individuals.
Microsoft is unpopular, so the same arguments are used to condemn their questional behavior.
If you read all the comments above, very few people agree Apple should be doing what they are doing. The only difference is that when there is a question as to what is being done, people are more likely to trust Apple. This is because Apple, unlike MS, has not been screwing them over and behaving unethically on a daily basis. To make judgments without looking at the history of the participants is illogical, not the other way around.
It's long been said that people are the greatest security problem. And I believe that applies to Microsoft's security problems as well. As long as the education of Microsoft's user base is neglected (or actively refused by some), MS's efforts (feeble as they may seem at times) will have limited success.
Sorry, this is just not the case. The majority of compromises by number and by bandwidth consumed are automated worms that require no user intervention. I have no doubt, that with proper security policies and good coding MS can one day aspire to make users the weakest link, but until that time, all the education in the world is useless.
Right now Windows users are not given the power they need to keep their machines safe. Unnecessary services run by default. MS software does not run properly as non-admin. Local privilege escalations are trivial. Executables masquerade as data easily and the UI does not inform the users what they are dealing with. New applications are not restricted by default. Error messages and warning are not phrased in plain english. Dialogue boxes appear with alarming frequency and almost always with the same two options: OK/Cancel. This trains users to just click "OK" to make things work, since they don't understand most of the thousands of messages spewed at them regularly. Default applications run with escalated privileges and execute data if it happens to be the right format. Internet applications mingle code with critical parts of the GUI.
I'm afraid I'll have to disagree with you. Users are not given the opportunity to be the weakest link, and focusing on the required, huge amounts of education that would be required to run Windows safely is unfeasible. Fix Windows first, then worry about education.
It would be interesting to re-phrase the question and replace "iTunes" with "Windows Media Player" and see what kinds of responses are generated by the Slashdot crowd.
I think Apple has behaved inappropriately. At the same time, however, I'd be a lot more worried about this in WMP than in an Apple product. This is because, having followed both companies, one has earned some level of trust and the other has not. From Apple I expect that this new feature will not contain obvious flaws that will let someone gain root on my machine. I trust that when turned off, it actually does not send data. I believe it unlikely Apple is mining this data, rather than just sending automated suggestions and forgetting them. I could be wrong on any of these things and time will tell, but I give Apple the benefit of the doubt. There is nothing illogical about this. If Charles Manson walked into the room right now carrying a bloody knife, I'd run the other way. If my boss came in, I'd ask him if he cut himself and if he needed help. Microsoft is Charles Manson.
Can't RTFA, as its slashdotted, but if I buy a song from iTMS, they already know what I've bought from them, I'd expect them to tailor ads to my choices. They shouldn't be transmitting that data anywhere, as they already have it. Now, if I rip a CD in iTunes, and that data is reported back to iTMS, that's bad, even if they strip out personally identifying info. Though I'd call it spyware, not malware.
They can't tailor ads, without calling home because they don't know what music you actually listen to, or even which user is logged in. The idea is that if you are listening to music from a band, and a new album by them just came out, they can let you know. That might be useful to me if it is well implemented. This is a feature, but one with privacy/security implications.
They should have a clear privacy policy addressing this in place. They should have the feature disabled by default, even if they put a big enable button in that pane. I agree that as it it stands it is possibly spyware, but until Apple publicly announces what they are doing with the data, I'm reserving judgement.
You know if this was Sony or Microsoft there would be howls of anger and the pitchforks and torches would already be out. Apple does it and; "hey, they're swell guys but I don't know how comfortable I am about this".
If the crack dealer I see on the corner were to pull a gun out of his pocket, I'd go for cover. If my brother pulled a gun out of his pocket I'd probably say something like, "hey what is that gun you're carrying?" The reason for this is because I know my brother and have some level of trust in him. I might say, "hey put that away" if I felt it was inappropriate. I feel that what Apple has done is inappropriate. They should have issued a privacy policy that explains what they do and don't do with the information they are collecting. They should have had the feature disabled by default (even if they included a big "enable ministore suggestions" button). That said, Sony has a history of doing unethical things, as does MS. Apple has a much better record. Thus, I give them the benefit of the doubt and assume they are probably not data mining. If that proves not to be the case, I'll be more skeptical of them in the future.
I can't believe people are focusing on this, however. I mean sure, this is pseudo-spyware (not malware), but Apple just released machines that implement EFI. I'm much more concerned about the "trusted computing" possibilities of the new firmware than I am about iTunes. One might let them collect data about the songs listened to using freeware they distribute (with an easy option to turn it off). The other might allow them to restrict your actions on the hardware you buy, after the purchase. I'm tentatively giving them the benefit of the doubt there too, but it is certainly a much more pressing concern than iTunes phoning home.
Just curious, what is their marketshare for IM? I tried looking it up w/o success.
I don't have the numbers in front of me, but last time I looked AIM had 50% and Yahoo and MSN split the rest of it. In the US AIM has a bigger lead than overseas.
So I guess which approach you take depends on your goal. If your goal is the glory of a 0-day exploit, then post away. But if your goal is the security of the end user, maybe you should keep it to yourself for the time being.
You've made a number of incorrect assumptions and failed to consider several important concerns. First, is the vulnerability likely being exploited? Is the vulnerability able to be mitigated by users and if so, are there drawbacks to the fix? What systems would be made vulnerable?
For example, suppose I find a trivial exploit in code I know blackhats have already reviewed. That means there is a good possibility that it is being quietly exploited. Or what if I am running a network that needs network access, but is top-secret and would be disastrous if compromised. I find a flaw that has a work-around that requires disabling a service. This will cost hundreds of thousands of dollars a day, but I can't risk exposure. Should I:
Here's my general take on things. Windows machines will be compromised in huge numbers until MS gets their act together. Compromises to the average machine are not too important to me. Why do I care if 100,000 idiots turn into spam bots? Compromises to my system do concern me. The best way for me to keep my machine secure (and for other security conscious people who run important systems) is for me to be well informed about vulnerabilities. If there is a vulnerability in a particular service I want to know, so that I can disable it if need be, plan work arounds, migrate to a different service, and set up honey pots and IDSs to look for attacks or strange behavior.
To put it bluntly, in some cases it is best for me to publicly disclose vulnerabilities and in others it is not. To imply, however, that it has something to do with trying to garner fame or a reputation is very mistaken. In some cases the security of end users if better served by full disclosure, while in other cases it is not. It all depends upon the vulnerability.
On the other hand, Windows XP does fairly nasty stuff with any existing MBRs, so unless OS X is designed or patched to cope with the XP installer there would be a problem.
The new macs are using EFI as their firmware, which means no MBRs. (Well there is a legacy MBR, but the firmware ignores it.) You should be able to have as many OS's as you want co-existing, although I don't know anyone who has actually seen Apple's implementation yet. As an aside, EFI should also manage all the functions of the traditional boot-loader.
After the slashdot effect, let see the keynote effect on applestore site: 30 minutes before the keynote adress: not available "for update", ok, I understand... 3 minutes after the end of the show, it was up and running for about 10 minutes now, it is quite dead.
It worked fine for me; still does. I believe Apple uses Akamai, just like everyone else, to mitigate their bandwidth spikes. Thus it is possible Akamai choked at your local node. I don't think it dropped off for most people though.
Now I just have to wait and see if Apple/Mac will finally be validated by the geek community before I can get one... but could this be the news that finally gives it approval with my oh so important "Linux or nothing else" loyalist friends?
You need your friends' approval to buy a laptop? As for geek credibility, I work in an office full of security geeks and most of the office has switched. And wasn't Linus running Linux on a mac for quite a while? Just buy what works for you already.
Making up scenarios (ie, "they could have known this for months") and then implying that it took longer than 10 days is just as useless.
The original poster said that MS only had 10 days to build a patch and test it. I replied saying that we don't have enough information to draw that conclusion since we don't know when MS was informed of the vulnerability or exploit. Then I postulated that they could have known about it for months. This is called an example. It was demonstrating the way in which the previous poster's argument was flawed; since there was no more information to support their assertion than any other, including the example.
Now why don't you tell me just what is your problem with my argument. Or you could take a community college course in logic and rhetoric so that you can comprehend arguments in the future.