I assume that the author quoted in the summary refers to Internet Explorer, which was bundled and forced down the user's throats, as you could not even uninstall it or the Operating System would stop working.
How can this be compared to Android, which is just an open source project? CHOICE remains, as far as I know.
Note how NOTHING is said about sales, only that piracy has decreased. Less piracy does not equal more sales, in fact it could have been less piracy AND less sales (or just average sales).
1. How much this will cost the ISP, especially considering the growing number of sites that provide links to warez. If you only block a few, other will pop up and it will be ineffective. Block many and it will probably have an impact on required infrastructure.
2. If they can block sites that link to material, how will they handle services that get you to sites that link to materials? For example, VPN services and proxies.
3. Will this make warez software improve so no link sites are even needed? Maybe decentralized technologies similar to freenet will become popular for sharing those links.
How easy is it to say "and consider an alternative" without even giving one?
One of the problems with paypal is that it has no rival at all. Even if you do not take into account the fact that paypal is a de-facto standard payment method, there are very few alternatives. I'm sure lots of people would ditch paypal for lots of reasons. I would. I use google checkout whenever I can, because I particularly have more trust in Google than in paypal, even if checkout is in some ways worse than paypal. But very few people offer checkout support.
I hope this guy knows that (almost) nobody will close their accounts because of his statements, but that this adds more weight on the "trend" that people are more and more dissatisfied with paypal and is seen as something "bad but necessary" and maybe "just good enough" in the eyes of many.
>It's not. it made me aware how losing my device can be very dangerous, even if I am using a password. So I will take some precautions in case I lose it. This is just my personal "why". There may be a 100 others very valid reasons.
Agreed, the article makes the point that your device is not secure. But it specifically criticizes the fact that its plaintext, which is not that different from storing it in encrypted form if you are not going to ask for the user's password, because both ways would be insecure for the same reason: storing passwords offline that are not protected by strong passwords (that in turn are not saved offline)
> There is. If things are more complicated, you reduce the risk of massive, automated password grabbers. Suppose it's becomes easy to access data specific to an app, but not easy to impersonate the app (signed binaries, checking sizes, etc), then having the data encypted with some other data (like your PIN) can reduce the threat significantly, they will have access to anything not encrypted by the app itself. eg. It can also help in other cases, eg. you lose your SD but the data there is worthless to someone that finds (or steals it).
Yes, you can complicate things a bit so attackers must do a bit of reverse-engineering. Sure, that's more difficult than recovering it in plaintext, I agree on that. But it does NOT prevent the risk of massive, automated password grabbers, at all. Please take in mind that it takes only one device to get hacked by one skilled hacker for every device to fall under the click of a button. If things are more complicated, like you suggest, its only security through obscurity, which doesn't work. Yes, it might take a bit more time initially, but after that delta of timespan, security is broken either way.
I am not sure why you suggest signing binaries and checking whether system data has been manipulated. Were are not talking about remote/runtime attacks at all. Signing stuff and preserving data and binary consistency does not protect against the attacks I'm talking about at all, because they are done offline, and not in runtime.
> having the data encypted with some other data (like your PIN) can reduce the threat significantly, > This assumes brute force would always works. That's why banks look for number of failed attempts. If they don't have access to that encryption key (they only got to the app data) and they need to guess, something can happen when they guess too much. Also, if it's on an SD, then the PIN is still worthy. If plaintext (eg. user data for a bank account), in SD you can just grabb it. But if it's encrypted with a PIN, they need to test against the bank server. And after 5 failed attempts, it will lock the account. Some people also have notifications of all logins, or all failed logins.
Again, I think you are referring to a remote attack or a rogue applications. That is not the case. I am referring to offline attacks here with physical and/or root access as I said (remote attacks should be dwarfed because apps are sandboxed from each other and plaintext passwords are not available unless you gain root access, in which case you have already broken security through other means). Thus, protecting data with your PIN does certainly not "reduce the threat significantly". A 4-digit code will fall in less than seconds to offline attacks: its the attack under the circumstances you were describing yourself: when losing a device, for example.
> So not, there are better things even if not perfect, that can save hundreds of millions of people thousands of dollar. I have an Android, and the mentality of the Android fanbase (here) is making me reconsider Apple.
Why do people constantly assume this is Android vs iOS? I have both iOS and Android devices at home and my head did not explode, nor did any of my devices with different OSs when getting near each other, even when in contact;) I really think it is a fanboy mentality to try and bring up this Android vs iOS every damn time one of both is mentioned, not unlike pointing out flaws if the article's/story's purpose, or however you want to call it.
Every time you want to access your encrypted data, you need to supply a secret key/password.
The whole point of Android to store the password is NOT to ask you every time for it. Any full-disk encryption solution, Truecrypt or any other, is totally useless if you skip the step of the user entering the password for unlocking the data, because you would then be storing the password - you guessed it - in plain text!
You don't. Everything relevant is in the cloud. In Android no such scenario even exists.
While there are ways of syncing stuff, no user usually connects their Android phone to their computer, especially not for doing full system backups (thats only possible for rooted users, if I'm not mistaken, so go figure)
But anyways, thats comparing iOS and Android again... even if Android did, that would still be something people could be criticizing of iOS (and Android, but thats not the case).
Yes, I know that the point is to remove user interaction, that was also my point:)
If its insecure, then I would rather have no password at all be stored in the device, and instead have a token like you suggested, and like most modern authentication systems work.
However, many standard services don't have the notion of tokens and still work with passwords.
At first glance, it would seem like for those password-based systems you either store the password in the device or forget about removing user interaction. However, I was suggesting a third option: You trust someone (google in this case) to act as a man in the middle and store your passwords so you don't have to store them in your own device. This middleware would then provide the password to the password-based system the user wishes to access, like POP3 mail for example. The communication between the user's device and this middleware would be done with a more modern (token-based, for example) authentication mechanism. This way, you would still be able to access a password-based service (like POP3), remove user interaction (no asking for password every time you want to check mail), *and* you would not need to store this password in your device, since its using a different, more secure auth mechanism (token-based for example).
You should not generalize because many of those that are saying that this is a non-issue were not necessarily criticizing that same thing about iOS. See this other reply next to me, you are just accusing people of being hypocrites without any "evidence" and its making you look like a fanboy.
Also, AFAIK Android *does* store those passwords in a restricted place where no other app has access to; certainly not a globally accessible location like the users' home directory like you suggested. The fact that this is stored in plaintext or using encryption (which would have been pointless anyway) is irrelevant. What *is* relevant is the fact that no other app can access this information, and you would need to have physical access and/or root access level to the device in order to recover this information.
Looks like there IS room for discussion and it was you who was - at least in part - wrong.
Who is the fanboy, the one who points out how this is a non-issue or the one who somehow manages to mix iOS into the subject and criticizes those who point facts out, comparing it to a remotely related iOS issue? It doesn't matter if iOS did or did not the same, its not about who's platform is better until fanboys come and force it down to a iOS vs Android thing.
1. Lack of encryption was a complaint due to the fact that backups to the laptop happen automatically and is not encrypted by default 2. Most complaints are worthless because they either overlooked that apple's EULA stated they were allowed to gather location, or they overlooked that this data was not sent back to apple, at least not in a way that could identify (and thus track) anyone. 3. This iOS vs Android comparison is pointless IMHO.
4. The article itself is pointless: There is no way around password-based authentication systems' passwords being recoverable from the device; plaintext or encrypted does not matter because as soon as you are not asking the user for the password every time email is going to be checked by using a password, an attacker can easily recover it. Even locking the data with the PIN is worthless because pins are just 4-digit numeric passwords 99.999% of the time.
I would not blame this on Android's fault for the same reason many others have noted.
However, if this system is so insecure, why not use something else? I agree that standard mail-based servers have no choice, but maybe other services would be able to use other authentication systems such as token-based (OAuth style) or some sort of host verification procedures (using public-key cryptography, just like with SSH) instead of using the insecure password-based authentication mechanism.
Again, I understand that this is not possible for a service that only supports passwod-based authentication, but maybe Google could have provided a way of trusting them with your password (as in storing your passwords in their servers) and using a more secure authentication scheme on the smartphone--goog servers link.
Yes, you heard well. The catpcha is not an image, but HTML text with CSS to distort the text style! That is how things must be done in Sony, that explains SO MUCH!
Could someone more knowledgeable clarify the following to me?
Was this particle made "by chance" (i.e. collisioning two particles and hoping something "new" will be made) or is was this made on purpose (i.e. We are trying to create the Xi_sub_b by colliding this stuff this and this way.. success! And this process would be repeatable)
Pardon my ignorance, but what would be the big deal about discovering that particles that could exist in theory have been artificially created, maybe for a very short amount of time?
Yeah of course, that's the business point of view. The user's point of view, however, is that it now costs a lot more "for no reason at all". That's usually frowned upon by users - they don't care about or want to put themselves into the business' point of view.
Yeah, although I was referring more to the more expensive plan, so you can choose the DVD or streaming, for any movie. (I think streaming is cheaper for them than sending the DVDs).
I don't think netflix is expensive, just that people frown upon price increases when there is nothing of value being added (usually at least, in my experience)
Most people are probably not really angry because of the money increase, as there are few good rivals (not for long, I hope), but because nothing of value was added to the service to justify the increase.
I bet most people would be happy if the price increase would have arrived with a 100% streaming coverage so people can stop relying on DVDs, or maybe some new cool feature. Instead, the UI has been somewhat degraded for some, and now the service is almost twice the price. It's not just "some people", I'm sure _most_ people are not happy with the "update".
Plus, stuff like this is what motivates hackers to break security and remove unpopular restrictions, which in turn enables piracy. It suffices for one hacker to triumph so that anyone can be a pirate.
Yes, and its funny that they will remove Transroid - which does NOT download anything, its just a remote control - but they keep the YouTube app and the Google Music app, which surely enables one to view pirated content, especially music.
It is very clear through actions like these that Google prefers to please companies like MPAA and RIAA rather than the user. Just like with the instant search that got disabled when searching for certain keywords related to warez. Subtle censorship against users, trying to benefit big cos.
Me too, I am another "hardcore" google services user and I had NEVER EVER heard of anything like health, less even power meter.
Maybe that has something to do with why so few people were using it? It does not sound like the type of service that appeals to everyone, just to a few. If those few don't know of its existance, then very, very, very, very few people are going to use it. Its amazing that the blogpost does not mention how they should have done a better job at showing users that those services even existed.
It really amazes me how well they managed to hide Power Meter. Amazing.
Exactly. For downloading and managing software, any user will have a far better experience by using Software Center. Synaptic probably features some more things (I don't know what, but regular user's won't care).
More romantic/nostalgic users that really need advanced(?) features and don't want command line tools but still want a very badly designed UI, can still apt-get synaptic. I don't think this is a big deal.
I think its a good decision. The public for which Ubuntu is intended has no use whatsoever for Synaptic. Other users are an apt-get away from it, and I think thats just fine.
Disclaimer: I never liked synaptic, mainly because for me its interface rendered it totally unuseful because it was hideous and not really well designed, plus it was easier for me to just apt-get. I still use apt-get because its faster, but I think anyone can just pick up the software center and use it, unlike synaptic which I think is very confusing for noobs or even newcomers which are familiar with apt tools.
It's not about the walled garden at all. It's more like "there's an app for that". Maybe Safari won't do it, but I'm sure there are a couple browsers out there that can.
While circumventing something as simple as an User-Agent string protection can be, I'm sure it "works" for the majority of people since only the geeks will know or care about how to get around it.
And yet, the Nexus S gets much much more battery life than the iphone 4, android having "full" multitasking.
And yet, people don't understand the difference between Android's multitasking and the iPhone's multitasking. Steve jobs told a fairy tale about how they "got multitasking right" while not really multitasking, because apps do quit when you quit them, and yet they can start a reduced number of background jobs like playing back music. People don't realice that Android does pretty much the same! In Android, when you switch from one app to the other, the other app doesn't run anymore. Its almost the same as with the iphone. You can go back to it, and if its still in memory, it will instantly show up. In a similar way to what happens in Android, iOS apps can save state for when you switch from and to apps and want to guarantee an apps preserves the same state even when its no longer loaded in RAM.
The big difference is: in Android you can explicitly launch a background service (usually for playing back music, downloading something, etc..), which is usually done in combination with notifications. Sure, there are some buggy apps that might start a service and never quit, or leave the GPS on, and that happens less frequently in iOS. But its very unusual, and has a lot of added benefit (see how tweetdeck app works when you tweet an image, wonderful example of mobile multitasking), and you can easily watch which application caused that (you get a "see which apps consumed more battery" dialog when your battery is drained). In this aspect, I think overall iOS and Android are equally the same, it depends on what you want. However, one thing I think iOS did not get right at all is that they introduced the concept of killing apps. Yep, the task manager for switching and closing apps. Even if you don't really "close" them, because they are already "closed", its a very inconvenient way of managing multitasking. Performance issues and battery drain related to leaving "unclosed apps" is not unusual. (http://lifehacker.com/5806346/extend-your-iphones-battery-life-by-quitting-apps-in-the-multitasking-queue) Android's "last 9 apps" (managed with LRU) is much better, because users don't have to worry about which apps are "closed" or not (the multitasking menu).
I bet they went with a proprietary optical disk format in order to prevent piracy. If no one can burn the disks, then piracy will (hopefully for them) be less rampant.
That is, of course, until someone figures out how to run disks from whatever disk or flash drives they support, which is much more convenient anyways;)
Slashdot Mirror
I assume that the author quoted in the summary refers to Internet Explorer, which was bundled and forced down the user's throats, as you could not even uninstall it or the Operating System would stop working.
How can this be compared to Android, which is just an open source project? CHOICE remains, as far as I know.
Note how NOTHING is said about sales, only that piracy has decreased. Less piracy does not equal more sales, in fact it could have been less piracy AND less sales (or just average sales).
The most important data was missing :P
I wonder:
1. How much this will cost the ISP, especially considering the growing number of sites that provide links to warez. If you only block a few, other will pop up and it will be ineffective. Block many and it will probably have an impact on required infrastructure.
2. If they can block sites that link to material, how will they handle services that get you to sites that link to materials? For example, VPN services and proxies.
3. Will this make warez software improve so no link sites are even needed? Maybe decentralized technologies similar to freenet will become popular for sharing those links.
How easy is it to say "and consider an alternative" without even giving one?
One of the problems with paypal is that it has no rival at all. Even if you do not take into account the fact that paypal is a de-facto standard payment method, there are very few alternatives.
I'm sure lots of people would ditch paypal for lots of reasons. I would. I use google checkout whenever I can, because I particularly have more trust in Google than in paypal, even if checkout is in some ways worse than paypal. But very few people offer checkout support.
I hope this guy knows that (almost) nobody will close their accounts because of his statements, but that this adds more weight on the "trend" that people are more and more dissatisfied with paypal and is seen as something "bad but necessary" and maybe "just good enough" in the eyes of many.
>It's not. it made me aware how losing my device can be very dangerous, even if I am using a password. So I will take some precautions in case I lose it. This is just my personal "why". There may be a 100 others very valid reasons.
Agreed, the article makes the point that your device is not secure. But it specifically criticizes the fact that its plaintext, which is not that different from storing it in encrypted form if you are not going to ask for the user's password, because both ways would be insecure for the same reason: storing passwords offline that are not protected by strong passwords (that in turn are not saved offline)
> There is. If things are more complicated, you reduce the risk of massive, automated password grabbers. Suppose it's becomes easy to access data specific to an app, but not easy to impersonate the app (signed binaries, checking sizes, etc), then having the data encypted with some other data (like your PIN) can reduce the threat significantly, they will have access to anything not encrypted by the app itself. eg. It can also help in other cases, eg. you lose your SD but the data there is worthless to someone that finds (or steals it).
Yes, you can complicate things a bit so attackers must do a bit of reverse-engineering. Sure, that's more difficult than recovering it in plaintext, I agree on that.
But it does NOT prevent the risk of massive, automated password grabbers, at all. Please take in mind that it takes only one device to get hacked by one skilled hacker for every device to fall under the click of a button. If things are more complicated, like you suggest, its only security through obscurity, which doesn't work. Yes, it might take a bit more time initially, but after that delta of timespan, security is broken either way.
I am not sure why you suggest signing binaries and checking whether system data has been manipulated. Were are not talking about remote/runtime attacks at all. Signing stuff and preserving data and binary consistency does not protect against the attacks I'm talking about at all, because they are done offline, and not in runtime.
> having the data encypted with some other data (like your PIN) can reduce the threat significantly,
> This assumes brute force would always works. That's why banks look for number of failed attempts. If they don't have access to that encryption key (they only got to the app data) and they need to guess, something can happen when they guess too much. Also, if it's on an SD, then the PIN is still worthy. If plaintext (eg. user data for a bank account), in SD you can just grabb it. But if it's encrypted with a PIN, they need to test against the bank server. And after 5 failed attempts, it will lock the account. Some people also have notifications of all logins, or all failed logins.
Again, I think you are referring to a remote attack or a rogue applications. That is not the case. I am referring to offline attacks here with physical and/or root access as I said (remote attacks should be dwarfed because apps are sandboxed from each other and plaintext passwords are not available unless you gain root access, in which case you have already broken security through other means).
Thus, protecting data with your PIN does certainly not "reduce the threat significantly". A 4-digit code will fall in less than seconds to offline attacks: its the attack under the circumstances you were describing yourself: when losing a device, for example.
> So not, there are better things even if not perfect, that can save hundreds of millions of people thousands of dollar. I have an Android, and the mentality of the Android fanbase (here) is making me reconsider Apple.
Why do people constantly assume this is Android vs iOS? I have both iOS and Android devices at home and my head did not explode, nor did any of my devices with different OSs when getting near each other, even when in contact ;)
I really think it is a fanboy mentality to try and bring up this Android vs iOS every damn time one of both is mentioned, not unlike pointing out flaws if the article's/story's purpose, or however you want to call it.
Every time you want to access your encrypted data, you need to supply a secret key/password.
The whole point of Android to store the password is NOT to ask you every time for it. Any full-disk encryption solution, Truecrypt or any other, is totally useless if you skip the step of the user entering the password for unlocking the data, because you would then be storing the password - you guessed it - in plain text!
You don't. Everything relevant is in the cloud. In Android no such scenario even exists.
While there are ways of syncing stuff, no user usually connects their Android phone to their computer, especially not for doing full system backups (thats only possible for rooted users, if I'm not mistaken, so go figure)
But anyways, thats comparing iOS and Android again... even if Android did, that would still be something people could be criticizing of iOS (and Android, but thats not the case).
Yes, I know that the point is to remove user interaction, that was also my point :)
If its insecure, then I would rather have no password at all be stored in the device, and instead have a token like you suggested, and like most modern authentication systems work.
However, many standard services don't have the notion of tokens and still work with passwords.
At first glance, it would seem like for those password-based systems you either store the password in the device or forget about removing user interaction. However, I was suggesting a third option: You trust someone (google in this case) to act as a man in the middle and store your passwords so you don't have to store them in your own device. This middleware would then provide the password to the password-based system the user wishes to access, like POP3 mail for example. The communication between the user's device and this middleware would be done with a more modern (token-based, for example) authentication mechanism. This way, you would still be able to access a password-based service (like POP3), remove user interaction (no asking for password every time you want to check mail), *and* you would not need to store this password in your device, since its using a different, more secure auth mechanism (token-based for example).
You should not generalize because many of those that are saying that this is a non-issue were not necessarily criticizing that same thing about iOS. See this other reply next to me, you are just accusing people of being hypocrites without any "evidence" and its making you look like a fanboy.
Also, AFAIK Android *does* store those passwords in a restricted place where no other app has access to; certainly not a globally accessible location like the users' home directory like you suggested. The fact that this is stored in plaintext or using encryption (which would have been pointless anyway) is irrelevant. What *is* relevant is the fact that no other app can access this information, and you would need to have physical access and/or root access level to the device in order to recover this information.
Looks like there IS room for discussion and it was you who was - at least in part - wrong.
Who is the fanboy, the one who points out how this is a non-issue or the one who somehow manages to mix iOS into the subject and criticizes those who point facts out, comparing it to a remotely related iOS issue? It doesn't matter if iOS did or did not the same, its not about who's platform is better until fanboys come and force it down to a iOS vs Android thing.
1. Lack of encryption was a complaint due to the fact that backups to the laptop happen automatically and is not encrypted by default
2. Most complaints are worthless because they either overlooked that apple's EULA stated they were allowed to gather location, or they overlooked that this data was not sent back to apple, at least not in a way that could identify (and thus track) anyone.
3. This iOS vs Android comparison is pointless IMHO.
4. The article itself is pointless: There is no way around password-based authentication systems' passwords being recoverable from the device; plaintext or encrypted does not matter because as soon as you are not asking the user for the password every time email is going to be checked by using a password, an attacker can easily recover it.
Even locking the data with the PIN is worthless because pins are just 4-digit numeric passwords 99.999% of the time.
I would not blame this on Android's fault for the same reason many others have noted.
However, if this system is so insecure, why not use something else? I agree that standard mail-based servers have no choice, but maybe other services would be able to use other authentication systems such as token-based (OAuth style) or some sort of host verification procedures (using public-key cryptography, just like with SSH) instead of using the insecure password-based authentication mechanism.
Again, I understand that this is not possible for a service that only supports passwod-based authentication, but maybe Google could have provided a way of trusting them with your password (as in storing your passwords in their servers) and using a more secure authentication scheme on the smartphone--goog servers link.
... the worst ever handled online security breach, here comes the plain-text captcha: http://pro.sony.com/bbsc/jsp/forms/generateCaptcha.jsp
Yes, you heard well. The catpcha is not an image, but HTML text with CSS to distort the text style! That is how things must be done in Sony, that explains SO MUCH!
The headline is not surprising at all, IMHO.
Could someone more knowledgeable clarify the following to me?
Was this particle made "by chance" (i.e. collisioning two particles and hoping something "new" will be made) or is was this made on purpose (i.e. We are trying to create the Xi_sub_b by colliding this stuff this and this way.. success! And this process would be repeatable)
Pardon my ignorance, but what would be the big deal about discovering that particles that could exist in theory have been artificially created, maybe for a very short amount of time?
Yeah of course, that's the business point of view. The user's point of view, however, is that it now costs a lot more "for no reason at all". That's usually frowned upon by users - they don't care about or want to put themselves into the business' point of view.
Yeah, although I was referring more to the more expensive plan, so you can choose the DVD or streaming, for any movie. (I think streaming is cheaper for them than sending the DVDs).
I don't think netflix is expensive, just that people frown upon price increases when there is nothing of value being added (usually at least, in my experience)
Most people are probably not really angry because of the money increase, as there are few good rivals (not for long, I hope), but because nothing of value was added to the service to justify the increase.
I bet most people would be happy if the price increase would have arrived with a 100% streaming coverage so people can stop relying on DVDs, or maybe some new cool feature.
Instead, the UI has been somewhat degraded for some, and now the service is almost twice the price. It's not just "some people", I'm sure _most_ people are not happy with the "update".
Plus, stuff like this is what motivates hackers to break security and remove unpopular restrictions, which in turn enables piracy.
It suffices for one hacker to triumph so that anyone can be a pirate.
Well played, Capcom.
Yes, and its funny that they will remove Transroid - which does NOT download anything, its just a remote control - but they keep the YouTube app and the Google Music app, which surely enables one to view pirated content, especially music.
It is very clear through actions like these that Google prefers to please companies like MPAA and RIAA rather than the user. Just like with the instant search that got disabled when searching for certain keywords related to warez. Subtle censorship against users, trying to benefit big cos.
Me too, I am another "hardcore" google services user and I had NEVER EVER heard of anything like health, less even power meter.
Maybe that has something to do with why so few people were using it? It does not sound like the type of service that appeals to everyone, just to a few. If those few don't know of its existance, then very, very, very, very few people are going to use it. Its amazing that the blogpost does not mention how they should have done a better job at showing users that those services even existed.
It really amazes me how well they managed to hide Power Meter. Amazing.
Exactly. For downloading and managing software, any user will have a far better experience by using Software Center. Synaptic probably features some more things (I don't know what, but regular user's won't care).
More romantic/nostalgic users that really need advanced(?) features and don't want command line tools but still want a very badly designed UI, can still apt-get synaptic. I don't think this is a big deal.
I think its a good decision. The public for which Ubuntu is intended has no use whatsoever for Synaptic. Other users are an apt-get away from it, and I think thats just fine.
Disclaimer: I never liked synaptic, mainly because for me its interface rendered it totally unuseful because it was hideous and not really well designed, plus it was easier for me to just apt-get.
I still use apt-get because its faster, but I think anyone can just pick up the software center and use it, unlike synaptic which I think is very confusing for noobs or even newcomers which are familiar with apt tools.
It's not about the walled garden at all. It's more like "there's an app for that". Maybe Safari won't do it, but I'm sure there are a couple browsers out there that can.
While circumventing something as simple as an User-Agent string protection can be, I'm sure it "works" for the majority of people since only the geeks will know or care about how to get around it.
And yet, the Nexus S gets much much more battery life than the iphone 4, android having "full" multitasking.
And yet, people don't understand the difference between Android's multitasking and the iPhone's multitasking. Steve jobs told a fairy tale about how they "got multitasking right" while not really multitasking, because apps do quit when you quit them, and yet they can start a reduced number of background jobs like playing back music.
People don't realice that Android does pretty much the same! In Android, when you switch from one app to the other, the other app doesn't run anymore. Its almost the same as with the iphone. You can go back to it, and if its still in memory, it will instantly show up. In a similar way to what happens in Android, iOS apps can save state for when you switch from and to apps and want to guarantee an apps preserves the same state even when its no longer loaded in RAM.
The big difference is: in Android you can explicitly launch a background service (usually for playing back music, downloading something, etc..), which is usually done in combination with notifications. Sure, there are some buggy apps that might start a service and never quit, or leave the GPS on, and that happens less frequently in iOS. But its very unusual, and has a lot of added benefit (see how tweetdeck app works when you tweet an image, wonderful example of mobile multitasking), and you can easily watch which application caused that (you get a "see which apps consumed more battery" dialog when your battery is drained).
In this aspect, I think overall iOS and Android are equally the same, it depends on what you want.
However, one thing I think iOS did not get right at all is that they introduced the concept of killing apps. Yep, the task manager for switching and closing apps. Even if you don't really "close" them, because they are already "closed", its a very inconvenient way of managing multitasking. Performance issues and battery drain related to leaving "unclosed apps" is not unusual. (http://lifehacker.com/5806346/extend-your-iphones-battery-life-by-quitting-apps-in-the-multitasking-queue)
Android's "last 9 apps" (managed with LRU) is much better, because users don't have to worry about which apps are "closed" or not (the multitasking menu).
they were DVDs but did not adhere to the standard data frame format (more info here: http://hitmen.c02.at/files/docs/gc/Ingenieria-Inversa-Understanding_WII_Gamecube_Optical_Disks.html - awesome reverse engineering done by hacker xt5). However, modchips enabled standard DVD functionality back.
I bet they went with a proprietary optical disk format in order to prevent piracy. If no one can burn the disks, then piracy will (hopefully for them) be less rampant.
That is, of course, until someone figures out how to run disks from whatever disk or flash drives they support, which is much more convenient anyways ;)
The Kinect hack for trying on clothes with Augmented Reality seems more useful fur such a scenario IMHO: http://www.youtube.com/watch?v=L_cYKFdP1_0