I know there were other post's on the insurance but also don't forget, isn't this an Apple product? Will there be Applecare for it? I know I have purchased it at 20 dollars (I think that was the price) for 2 years for my iPod. Apple has replaced my iPod for free twice already within that contract. No questions asked, even when it was clear that I had damaged it through fault of my own (dropping the blasted thing enough times until it cracked).
Actually I think it does mean what he thinks it means. I didn't know this, I'll admit I had to look it up but:
exponent (k-sp'nnt, k'sp'nnt)
n.
1. One that expounds or interprets.
2. One that speaks for, represents, or advocates: Our senator is an exponent of free trade.
3. Abbr. exp Mathematics A number or symbol, as 3 in (x + y)3, placed to the right of and above another number, symbol, or expression, denoting the power to which that number, symbol, or expression is to be raised. Also called power. --The American Heritage Dictionary
[A]ssuming malware doesn't turn this feature against the user somehow.
[sarcasm] Because features of an application or operating system (not just MS based applications/OSes) have never been used to write malware before. [/sarcasm]
On the plus side, this is a nice smoking gun, when something goes wrong just blame the TCP/IP implementation.
Okay so on to my point. For the home user, CTCP is disabled by default. I don't anticipate many home users will turn this feature on. For the corporate user it is enabled by default. I can see the DISA/NSA/NIST or any other security STIG indicating the first step after installing is to turn off CTCP. It's kind of like any other feature, if you don't need it turn it off! I can't see anyone that uses SMS, WSUS, or any other good patch management program needing this from a security standpoint (no comment on speed issue as I am not an expert in TCP/IP, nor do I know all the details about how CTCP works). Maybe for laptops but that is a stretch. Unless there is something beyond patching that this could benefit.
Any word on what happens for backward compatibility? What if my brand spanking new VISTA box wants to pull down content over TCP that is hosted on a *nix/*BSD box that doesn't implement this CTCP. I'd hope the handshake defaults to something they can both use....
Well for those particular I can't say what is on them... however moving forward everything should be encrpyted as per OMB Memoradum M-06-16 [whitehouse.gov]. But there is no guarantee for the timetable. Simply having the requirement sometimes does not ensure that it is done.
Personal response (warning not affiliated in any way with US Government or policies):
They were probably just password protected as I remember that being on the NBC news story this morning... and we all know that Windows passwords are a joke to break.
Yeah sure they can get a great understanding of crypto... with inexpensive books. Just curious do you know how many crypto courses at top level universities rely on textbooks for teaching crypto? I'd suggest discounting any books where the professor is the author. But even with that, it will probably be very small. There are recommended books but in my crypto classes (granted Johns Hopkins isn't exactly the number one crypto school in the country or world but I'd like to think we are half way decent) we never cracked a textbook. Sure we read a bit of papers but is average Joe developer really going to read through any crypto papers? I know I wouldn't unless I had to.
[Sarcasm captioning*]On a side note, let me know what project you are working on where developers employ crypto after about two weeks of reading some books.[/sarcasm captioning]
*Sarcasm captioning provided for cya purposes only and not for any public benefit.
Re:No, it's much harder than you think.
on
Crypto Snake Oil
·
· Score: 1
I agree entirely. I did quite a bit of crypto study (both the math and the protocol) for my masters. A vast majority of crypto protocols are broken in some form or another. Granted this is usually a minor flaw that gets fixed in version 2, 3 etc. (a la SSL) or something that just gets changed in name to add in the guy that figured it out. Which kind of demonstrates your point,
Even the experts make errors in cryptographic protocol design and implementation... .
I think the best part of a presentation was when one of my classmates at the end of his PowerPoint had one slide. That slide said "Crypto is hard.". We all laughed but it's very true. From a conceptual standpoint it's difficult to grasp why something is insecure. However it is very easy for someone to believe something is secure. So the end result of that is someone not finding a flaw and believing that his/her data is protected.
I also heard a story (not sure if it was true or not) about Bruce Scheiner saying something at a conference or maybe in a book of "I am writing this book to show all of the people who read Applied Cryptography that if they only read that book they don't know anything about Cryptography." And that statement amuses me because it will probably always be true.
I have to say I am shocked that ISS was worth 1.3 billion. I mean I am very familiar with it's vulnerability assessment toolkits but... 1,300 million. Just seems like a lot but I guess it is all for a name and a reputation (funny, my firm stopped recomending ISS all together but that was a while ago and I've heard they cleaned up their act).
Also for this article can we add a filtering setting: "read at no reference to space stations"?
Aside from two bucks PER TRACK being absurd (especially for music I don't happen to like)...Does anyone see that this may utterly stab us in the back? The people that like this genre of music may not understand the significance of DRM-free software and thus not care to spend the extra money on it (which even if I wanted the song two bucks is out of my price range, typically I buy CDs that are 13 dollars or less for 12 to 15 songs). I can see sales of this flopping and the RIAA saying "Hey look, we tried offering DRM-free music but the public didn't buy it. They demand DRM in their music. We now have a mandate from the people to give them the DRM that they want"
I know this may be seen as flame bait but can I ask why we didn't do this before? It seems we have lost the home school battle somewhat. I am NOT a proponent of home school but is seems to be perfectly legal and still done quite frequently. If we are going to allow home schooling why don't we supplement it with every resource we've got? The Internet can be a wonderful tool. It should not be the ONLY tool but is good one. I mean if you are home schooling a kid he or she is only subject to lessons created and taught by one (maybe two) individuals and not getting social interaction. Well if you home schooled a kid AND supplemented that with internet based learning you would be better of than not supplementing it with internet based learning. Perhaps have a chat room (or net meeting or something) where the home school student (SUPERVISED BY THE PARENT) could engage in a lesson somehow. I know I'm light on details but I think that could possibly be worked out and would be better than the current... oh NOTHING. Just some random thoughts. But we do have to be careful not to let technology be everything. Find a happy medium and we will thrive.
Not that I want to "kill a dead horse" (yes I am a techie and do like references to things like Dilbert, Star Trek, Star Wars, etc) but I have some issue with what you say. Yes, the 'nerds' as we call ourselves sometimes DO need to step off our soapboxes, but it IS a two way street. I am bothered by your comment:
I'm going on to so a PhD in socialolgy where I'll be line for tenure
where I have a much more rewarding job then beeing a science freak or
an engineer.[sic]
I got an undergraduate degreee in Ocean Engineering and a Masters in Security Informatics. I LOVED the classes I took in both. Designing and building something (submarines, boats, even shorelines) or analyzing computer security 'stuff' is exciting and rewarding to ME. I chose my career and I love it. I do feel bad for all of those individuals in technical AND non-technical fields that hate what they do and don't find their career rewarding. I can also say that I've taught math to countless middle and high school students and I found that to be very rewarding too. I love the look on a child's face when he or she finally understands something that was a mystery before. I probably will, in a few years, go back to teaching or tutoring, possibly on a volunteer basis.
I will not argue that great things were NOT done in the humanities but the engineering community has brought you innovations you use every day. You typed this message on a computer, where do you think that came from? I'm guessing you use a car or form of public transportation daily other than your feet. Someone had to design and innovate it. Would Willa Cather have built an airplane? No, but I know she DID write some very important works and had some great ideas. You don't HAVE to be a techie to have good ideas, but in the same token you can't dismiss everything technical because you are not.
Anyways, all I have to do to be a engineer wold be to get
my MSCE and how hard couyld that be?[sic]
Have you ever looked into the Society of Professional Engineers? For those that are not in the engineering field, many do not know this but in order to be considered a professional engineer there are not one, but two tests you must pass. Now this applies mostly to civil, mechanical and the like but computer engineering and other related engineering fields have tests and they are hard. I passed the first of these two tests (the second you actually need to work for four years under a professional engineer) before you can even take the test. The first test is an 8 hour long test that covers four years of what we learned in college. It's not for everyone. I found it easier than many would because I LIKE the material. Just as some people find it easier to write a novel than I would because that is not where my interests lie. Okay I'll get off my soapbox now too and let someone else on.
Well seeing how many squids there are in the world (every major restaurant has them) I would say that at least thier avaiablity is doing well (if not confidentiality and integrity also).
Oh and to the OP, also check out the internet storm center (part of sans). http://isc.sans.org/ and maybe some vendor blogs. F-Secure keeps one I like to read every once in a while.
They are just recommendations, and thus have no teeth but think about the following:
A) There is NO encryption or poor encryption in place on data and now there is a 45 day requirement to implement a TOTAL encryption solution. That would be entirely unreasonable.
B) I DO happen to work at a cabinet level agency and while there is no requirement to implement these, turning around to OMB and saying "Well they were recommendations and we don't REALLY feel we need to do them" just doesn't fly. Remember OMB IS the group that is at least partially responsible for government funding (ya know that whole Office of Management and BUDGET). If you piss off OMB you will have a very difficult time in the future. Needless to say, there is a lot of running around like chickens without heads.
Now does OMB necessarily know what they are doing, I will not get into that...
Did anyone look at the deffinition of IPv6 capable for the requirement? As far as I understand it by 2008 an agecny must be able to pass ONE IPv6 packet to their ISP. There is no requirement of the ISP being able to handle it or for their internal network to be running IPv6. Can anyone refute this?
Daateline did an article on the number of health violations found at Supermarkets across the US. I am anticiapting a similar thing to be done with Amazon when/if they pull this off, but if it's just for pre-packaged goods that sit in a warehouse anyway before they get to the shelves of the local grocery store I don't see much of a difference. I do wonder how Amazon would stack up in this kind of test. Many of the categories such as freezer and refrigeration temperatures may not apply so they might actually do quite well.
FTA:
Dateline Supermarket Sweeps
Store Chain Average number of violations per 10 inspections
Safeway 25
Albertsons 24
Publix 22
Kroger 17
Winn-Dixie 14
Sam's Club 12
Costco 12
Wal-Mart 9
Save-A-Lot 9
Food Lion 8
I know you run the risk of being modded down for your subject line but this is a serious issue. Security is everyone's problem and the only way we are ever going to stop this is to a) apply good security practices, regardless of the environment, b) educate users. The second is NOT a lost cause entirely. Many times people simply don't know the risks. I come a cross a lot of users that say "Wow I never knew you could do THAT!" Some of them are listening, we just need to tell them.
But the REAL question is can you encrypt something with only a click-wheel? And in a year will they come out with the i11.208 pico (half the size and 10 times the cipher block size)?
I'll preface this with the statement "I'm not bashing you at all, I am acutally curious". I have programmed in college on OSX and Solaris. All of our projects HAD to compile on Solaris (course requirement). I wrote this C router in Darwin and then tried to take the code and compile it on the Solaris box and some of Darwin's warnings became Solaris's errors. I am not a good programmer. I tend to know "just enough to be dangerous" but have you ever run into that doing all your programming on a Mac rather than on a different Unix box? Or are all of your clients using OSX so something like that doesn't become an issue?
> The penalty for using a cell phone while driving is worse then the cost of a hands free set.
Not a fair statement at all. Dollars (or whatever a country uses to represent their money) are not the only cost. There are other costs. It takes time to put the headset in, there is some loss in quality, and occasionally the damn thing breaks down, etc.
Now I am NOT saying that this is 'worth' the risk of getting a ticket (at least not to me, but I cannot express anyone else's value) but there are opportunity costs associated with using a headset that are not factored in and someone MIGHT claim that these 'convenience costs' are worth the chance of getting a ticket.
I am aware they do contain all of this essentially on the system but I am skeptical that someone much smarter than I am might be able to use this and similar techniques to defeating encrpytion in an embeedded system to defeat it. I'll admit that it is NOT trivial to do but might not be all that difficult.
So if I understand this right they are putting an encryption module in what is effectively an embedded system (or could be an embedded system). Now encryption in embedded systems has some problems. Namely they are trivially defeated because the key has to be stored in clear text, on the system. So they keys are usually easy to find since they have to be stored somewhere in clear text and have a pointer to them, also in clear text. Now this would be a DMCA violation to break it but I don't think that would stop anyone bent on doing something illegal anyway.
Now I might be wrong about this, since these could be networked systems in theory but I see this being applied to things like media center boxes. I know that these often are networked but what happens in a network outage or any disruption in service? I can't access my entire hard drive because it's encrypted? That doesn't make sense to me. I don't know about anyone else but every ISP I've had has had SOME connectivity problem. I see this as another area where legitimate users may feel the need to 'break' DRM just to get something to work right and get the product they paid for.
Slashdot Mirror
I know there were other post's on the insurance but also don't forget, isn't this an Apple product? Will there be Applecare for it? I know I have purchased it at 20 dollars (I think that was the price) for 2 years for my iPod. Apple has replaced my iPod for free twice already within that contract. No questions asked, even when it was clear that I had damaged it through fault of my own (dropping the blasted thing enough times until it cracked).
exponent (k-sp'nnt, k'sp'nnt)
n.
1. One that expounds or interprets.
2. One that speaks for, represents, or advocates: Our senator is an exponent of free trade.
3. Abbr. exp Mathematics A number or symbol, as 3 in (x + y)3, placed to the right of and above another number, symbol, or expression, denoting the power to which that number, symbol, or expression is to be raised. Also called power. --The American Heritage Dictionary
So Microsoft advocates DRM.
[sarcasm] Because features of an application or operating system (not just MS based applications/OSes) have never been used to write malware before. [/sarcasm]
On the plus side, this is a nice smoking gun, when something goes wrong just blame the TCP/IP implementation.
Okay so on to my point. For the home user, CTCP is disabled by default. I don't anticipate many home users will turn this feature on. For the corporate user it is enabled by default. I can see the DISA/NSA/NIST or any other security STIG indicating the first step after installing is to turn off CTCP. It's kind of like any other feature, if you don't need it turn it off! I can't see anyone that uses SMS, WSUS, or any other good patch management program needing this from a security standpoint (no comment on speed issue as I am not an expert in TCP/IP, nor do I know all the details about how CTCP works). Maybe for laptops but that is a stretch. Unless there is something beyond patching that this could benefit.
Any word on what happens for backward compatibility? What if my brand spanking new VISTA box wants to pull down content over TCP that is hosted on a *nix/*BSD box that doesn't implement this CTCP. I'd hope the handshake defaults to something they can both use....
While I don't disagree that this may be a publicity stunt, which "page one" are you looking at. At http://music.yahoo.com I see a link at the bottom to "Relient K's new MP3 single with bonus track!" . I think that qualifies as information on page one.
The egg, chickens aren't the only things that lays eggs.
Professional response:
Well for those particular I can't say what is on them... however moving forward everything should be encrpyted as per OMB Memoradum M-06-16 [whitehouse.gov]. But there is no guarantee for the timetable. Simply having the requirement sometimes does not ensure that it is done.
Personal response (warning not affiliated in any way with US Government or policies):
They were probably just password protected as I remember that being on the NBC news story this morning... and we all know that Windows passwords are a joke to break.
Yeah sure they can get a great understanding of crypto... with inexpensive books. Just curious do you know how many crypto courses at top level universities rely on textbooks for teaching crypto? I'd suggest discounting any books where the professor is the author. But even with that, it will probably be very small. There are recommended books but in my crypto classes (granted Johns Hopkins isn't exactly the number one crypto school in the country or world but I'd like to think we are half way decent) we never cracked a textbook. Sure we read a bit of papers but is average Joe developer really going to read through any crypto papers? I know I wouldn't unless I had to.
[Sarcasm captioning*]On a side note, let me know what project you are working on where developers employ crypto after about two weeks of reading some books.[/sarcasm captioning]
*Sarcasm captioning provided for cya purposes only and not for any public benefit.
I agree entirely. I did quite a bit of crypto study (both the math and the protocol) for my masters. A vast majority of crypto protocols are broken in some form or another. Granted this is usually a minor flaw that gets fixed in version 2, 3 etc. (a la SSL) or something that just gets changed in name to add in the guy that figured it out. Which kind of demonstrates your point,
Even the experts make errors in cryptographic protocol design and implementation... .
I think the best part of a presentation was when one of my classmates at the end of his PowerPoint had one slide. That slide said "Crypto is hard.". We all laughed but it's very true. From a conceptual standpoint it's difficult to grasp why something is insecure. However it is very easy for someone to believe something is secure. So the end result of that is someone not finding a flaw and believing that his/her data is protected.
I also heard a story (not sure if it was true or not) about Bruce Scheiner saying something at a conference or maybe in a book of "I am writing this book to show all of the people who read Applied Cryptography that if they only read that book they don't know anything about Cryptography." And that statement amuses me because it will probably always be true.
I have to say I am shocked that ISS was worth 1.3 billion. I mean I am very familiar with it's vulnerability assessment toolkits but... 1,300 million. Just seems like a lot but I guess it is all for a name and a reputation (funny, my firm stopped recomending ISS all together but that was a while ago and I've heard they cleaned up their act).
Also for this article can we add a filtering setting: "read at no reference to space stations"?
Aside from two bucks PER TRACK being absurd (especially for music I don't happen to like)...Does anyone see that this may utterly stab us in the back? The people that like this genre of music may not understand the significance of DRM-free software and thus not care to spend the extra money on it (which even if I wanted the song two bucks is out of my price range, typically I buy CDs that are 13 dollars or less for 12 to 15 songs). I can see sales of this flopping and the RIAA saying "Hey look, we tried offering DRM-free music but the public didn't buy it. They demand DRM in their music. We now have a mandate from the people to give them the DRM that they want"
I stand corrected that was just what my professor said. Good to know. :)
I know this may be seen as flame bait but can I ask why we didn't do this before? It seems we have lost the home school battle somewhat. I am NOT a proponent of home school but is seems to be perfectly legal and still done quite frequently. If we are going to allow home schooling why don't we supplement it with every resource we've got? The Internet can be a wonderful tool. It should not be the ONLY tool but is good one. I mean if you are home schooling a kid he or she is only subject to lessons created and taught by one (maybe two) individuals and not getting social interaction. Well if you home schooled a kid AND supplemented that with internet based learning you would be better of than not supplementing it with internet based learning. Perhaps have a chat room (or net meeting or something) where the home school student (SUPERVISED BY THE PARENT) could engage in a lesson somehow. I know I'm light on details but I think that could possibly be worked out and would be better than the current... oh NOTHING. Just some random thoughts. But we do have to be careful not to let technology be everything. Find a happy medium and we will thrive.
Not that I want to "kill a dead horse" (yes I am a techie and do like references to things like Dilbert, Star Trek, Star Wars, etc) but I have some issue with what you say. Yes, the 'nerds' as we call ourselves sometimes DO need to step off our soapboxes, but it IS a two way street. I am bothered by your comment :
I'm going on to so a PhD in socialolgy where I'll be line for tenure where I have a much more rewarding job then beeing a science freak or an engineer.[sic]
I got an undergraduate degreee in Ocean Engineering and a Masters in Security Informatics. I LOVED the classes I took in both. Designing and building something (submarines, boats, even shorelines) or analyzing computer security 'stuff' is exciting and rewarding to ME. I chose my career and I love it. I do feel bad for all of those individuals in technical AND non-technical fields that hate what they do and don't find their career rewarding. I can also say that I've taught math to countless middle and high school students and I found that to be very rewarding too. I love the look on a child's face when he or she finally understands something that was a mystery before. I probably will, in a few years, go back to teaching or tutoring, possibly on a volunteer basis.
I will not argue that great things were NOT done in the humanities but the engineering community has brought you innovations you use every day. You typed this message on a computer, where do you think that came from? I'm guessing you use a car or form of public transportation daily other than your feet. Someone had to design and innovate it. Would Willa Cather have built an airplane? No, but I know she DID write some very important works and had some great ideas. You don't HAVE to be a techie to have good ideas, but in the same token you can't dismiss everything technical because you are not.
Anyways, all I have to do to be a engineer wold be to get my MSCE and how hard couyld that be?[sic]
Have you ever looked into the Society of Professional Engineers? For those that are not in the engineering field, many do not know this but in order to be considered a professional engineer there are not one, but two tests you must pass. Now this applies mostly to civil, mechanical and the like but computer engineering and other related engineering fields have tests and they are hard. I passed the first of these two tests (the second you actually need to work for four years under a professional engineer) before you can even take the test. The first test is an 8 hour long test that covers four years of what we learned in college. It's not for everyone. I found it easier than many would because I LIKE the material. Just as some people find it easier to write a novel than I would because that is not where my interests lie. Okay I'll get off my soapbox now too and let someone else on.
Sweet I have this cousin that went to U.C. Boulder... heh, just kidding.
Well seeing how many squids there are in the world (every major restaurant has them) I would say that at least thier avaiablity is doing well (if not confidentiality and integrity also). Oh and to the OP, also check out the internet storm center (part of sans). http://isc.sans.org/ and maybe some vendor blogs. F-Secure keeps one I like to read every once in a while.
They are just recommendations, and thus have no teeth but think about the following: A) There is NO encryption or poor encryption in place on data and now there is a 45 day requirement to implement a TOTAL encryption solution. That would be entirely unreasonable. B) I DO happen to work at a cabinet level agency and while there is no requirement to implement these, turning around to OMB and saying "Well they were recommendations and we don't REALLY feel we need to do them" just doesn't fly. Remember OMB IS the group that is at least partially responsible for government funding (ya know that whole Office of Management and BUDGET). If you piss off OMB you will have a very difficult time in the future. Needless to say, there is a lot of running around like chickens without heads. Now does OMB necessarily know what they are doing, I will not get into that...
Did anyone look at the deffinition of IPv6 capable for the requirement? As far as I understand it by 2008 an agecny must be able to pass ONE IPv6 packet to their ISP. There is no requirement of the ISP being able to handle it or for their internal network to be running IPv6. Can anyone refute this?
I'd recomend not comparing it to Safeway:
http://www.msnbc.msn.com/id/10976595/?page=2 [msnbc.com]
Daateline did an article on the number of health violations found at Supermarkets across the US. I am anticiapting a similar thing to be done with Amazon when/if they pull this off, but if it's just for pre-packaged goods that sit in a warehouse anyway before they get to the shelves of the local grocery store I don't see much of a difference. I do wonder how Amazon would stack up in this kind of test. Many of the categories such as freezer and refrigeration temperatures may not apply so they might actually do quite well.
FTA:
Dateline Supermarket Sweeps
Store Chain Average number of violations per 10 inspections
Safeway 25
Albertsons 24
Publix 22
Kroger 17
Winn-Dixie 14
Sam's Club 12
Costco 12
Wal-Mart 9
Save-A-Lot 9
Food Lion 8
I know you run the risk of being modded down for your subject line but this is a serious issue. Security is everyone's problem and the only way we are ever going to stop this is to a) apply good security practices, regardless of the environment, b) educate users. The second is NOT a lost cause entirely. Many times people simply don't know the risks. I come a cross a lot of users that say "Wow I never knew you could do THAT!" Some of them are listening, we just need to tell them.
But the REAL question is can you encrypt something with only a click-wheel? And in a year will they come out with the i11.208 pico (half the size and 10 times the cipher block size)?
I'll preface this with the statement "I'm not bashing you at all, I am acutally curious". I have programmed in college on OSX and Solaris. All of our projects HAD to compile on Solaris (course requirement). I wrote this C router in Darwin and then tried to take the code and compile it on the Solaris box and some of Darwin's warnings became Solaris's errors. I am not a good programmer. I tend to know "just enough to be dangerous" but have you ever run into that doing all your programming on a Mac rather than on a different Unix box? Or are all of your clients using OSX so something like that doesn't become an issue?
> The penalty for using a cell phone while driving is worse then the cost of a hands free set.
Not a fair statement at all. Dollars (or whatever a country uses to represent their money) are not the only cost. There are other costs. It takes time to put the headset in, there is some loss in quality, and occasionally the damn thing breaks down, etc. Now I am NOT saying that this is 'worth' the risk of getting a ticket (at least not to me, but I cannot express anyone else's value) but there are opportunity costs associated with using a headset that are not factored in and someone MIGHT claim that these 'convenience costs' are worth the chance of getting a ticket.
I am aware they do contain all of this essentially on the system but I am skeptical that someone much smarter than I am might be able to use this and similar techniques to defeating encrpytion in an embeedded system to defeat it. I'll admit that it is NOT trivial to do but might not be all that difficult.
So if I understand this right they are putting an encryption module in what is effectively an embedded system (or could be an embedded system). Now encryption in embedded systems has some problems. Namely they are trivially defeated because the key has to be stored in clear text, on the system. So they keys are usually easy to find since they have to be stored somewhere in clear text and have a pointer to them, also in clear text. Now this would be a DMCA violation to break it but I don't think that would stop anyone bent on doing something illegal anyway. Now I might be wrong about this, since these could be networked systems in theory but I see this being applied to things like media center boxes. I know that these often are networked but what happens in a network outage or any disruption in service? I can't access my entire hard drive because it's encrypted? That doesn't make sense to me. I don't know about anyone else but every ISP I've had has had SOME connectivity problem. I see this as another area where legitimate users may feel the need to 'break' DRM just to get something to work right and get the product they paid for.
I am going to take a wild stab and assume they meant stable non-beta releases.