Yeah, there would have been shouting, and the fact that you don't see the difference really exposes the lengths to which Apple people will use denial as a weapon.
Here, I'll spell it out for you.
One of the latest Android phones has an antenna problem. What do you do? Get a different Android.
Latest iPhone has an antenna problem. What do you do? Ooooops, your vendor believes in complete lock-in, so you have no equivalent options.
So, despite the fact that the "Android" that doesn't have the problem comes from a vendor that you otherwise hate, you would suggest that as a viable alternative?
(BTW, Android is an adjective, not a noun, or even a "popularized" verb-form, like (to) "Google").
And you don't have "complete lock-in". I'll spell it out for you: People who have purchased iOS devices have already chosen a particular environment. It's not "lock-in" when you are free to ditch iOS at any time and purchase an Android, WP7 or (other?) device. And don't whine about "cancellation fees" and the like. If you purchase a subsidized device of any kind, you should expect that cost if you change your mind, post-contract-execution.
In short, if people feel "locked-in" by their iOS device, then they have only themselves to blame for not exercising pre-sale due diligence. It isn't like it's hard to find someone/somewhere to try out iOS stuff, at least in the U.S., and in many other major cities worldwide. In fact, it's probably far easier to find someone/somewhere that has any given iOS device that any particular non-iOS one. Often, the only way to "test" a non-iOS smartphone or tablet is to purchase it.
Why would there be an "AntennaGate"? With Android phones, pretty much and OS feature can be done in non-OS software, so even OS upgrades aren't critical in most cases. Yes, suppliers should keep up with OS updates for a few years, but some don't. Learn which manufacturers to avoid.
Oh, and when "one of the manufacturer's to avoid" happens to be the "best" non-iOS-based product (like the Galaxy series arguably are), then what?
Hardware issue on Galaxy S. No software fix possible. Using a GPS test app you can only see a small number of satellites in most conditions. Unless you are sitting out in a wide open field on a nice day when there are no sources of interference nearby or high solar activity it will not lock on.
Even the windows in a car will attenuate the GPS signal enough to give you poor performance. Turn it off is the best advice I can give. It will only serve to lower your battery life and frustrate you.
Wow, and yet I don't recall any breathless, hand-wringing articles about this version of "Antennagate". If this had been true of the iPhone, there would have been shouting from the rooftops, with angry mobs with torches and pitchforks.
Boy, you fandroids are a hypocritical bunch. And I also see what appears to be a quite muted response to this revelation that the most popular Android-based tablet will (unsurprisingly) be orphaned for no-good-reason by its creator, Samsung, after what, about a year?
Meanwhile, all iOS devices that have any chance whatsoever of running iOS5 are getting an update... (but watch, some fandroid will bitch about the poor performance of early iOS 4 revisions on the iPhone 3GS (which largely got fixed), as if that justifies these OEMs orphaning their products after zero to one updates.
If Google pulls a "my way or the highway" move on manufacturers, they can just switch to windows phone 7. They can create some other phone system that uses a more recent kernel. They have other options.
So, what you are saying flies in the face of every Fandroid that posts on Slashdot.
Ignoring the fact that a "simple" switch to WP7 would take months of development and testing, you're now insinuating that there is no difference to the CONSUMER which OS their phone is running. Doesn't that negate all the rabid neckbeards that constantly yammer on about how Android is sooooo popular not because it is loaded on every "free" and otherwise cheap-shit phone, but rather, because "consumers want CHOICE AND FREEDOM" in their Phone OS. Now you are essentially claiming it doesn't matter to the consumer WHAT OS is on their phone.
Hmm.. thought i saw someone else comment that it has VT instructions. If not, then too bad.
Still, point remains I guess. Even if its pushed at low end physical servers - CPU these days just isn't required. Even less so if you aren't virtualising multiple servers onto one machine. Just retired a couple of blades last year that were pentium III 1.3ghz single cores. They were still running around 90-99% idle most of the time (web server for internal app + db server to go with it).
Yep. I've never understood what the big need is for massive CPU when most of the heavy lifting in a file-server is handled through DMA transfers. Hell, all a file server does (for the most part) is lookup files in a directory (which I believe is a CPU-saving indexed file architecture in most, if not all, modern filesystems), then setup a DMA controller with source and destination addresses, and then stand back until a "Transfer Complete" interrupt is raised. Even if the DMA controller has to be setup for each block (likely), that means that the next block location and maybe the destination address and block length has to be stuffed. Whoop-de-doo.
My gut says that a file server will run out of I/O (both internal and external) and disk bandwidth LONG before the CPU is maxed-out.
I remember setting up an old 350MHz G3-based iMac with a (paltry) 512MB of RAM up as a streaming video server about 5 years ago. I was amazed to find that serving 10 simultaneous (but different) streams only took about 2% of that slow-ass CPU with a slow-ass bus (100MHz) and moderately-slow HD. I understand we aren't talking about 1000 simultaneous connections; but we're also not talking about 2.7GHz, multi-core, multi-threaded CPUs, with 1GHz frontside busses and 16GB of RAM, either.
It's pretty obvious that the low TDP means it's meant for something fanless/low-noise like MacMini servers. Though the MacMini already runs a laptop i5 chip for the same reason.
Actually, you can BTO a dual-core i7 on the higher-end (server-intended) Mac mini. But yes, they do normally run an i5 in the 'minis.
Worse, it isn't even necessary because the current "Core" line is split into i3, i5 and i7, which is an easily-understood hierarchy, and along with the "Celeron", there's absolutely no need for another damn confusing name.
They're just borrowing a page from the Microsoft marketing play-book: Just keep changing the name of things so that dumb consumers (and lazy OEMs) will think its "something new".
The difference with the Pentium 350 is that it is HT and supports VT-x and ECC. And has a TDP of 15W.
I'm trying to dump the Zacate I bought about a month ago onto someone now, and buy a Pentium 350 instead.... The Zacate gets rather hot(noticed 67 degrees Celsius from on-die sensor) when decoding a movie for example, even with a fan. With the Pentium 350 and a GT 520 for example, I could go completely fanless, and not reach those temperatures.
Except for one thing: Isn't the max die temp for most Pentiums in the 45-50 deg. C world? (I couldn't find the 350 specifically).
I welcome you to my world, where patches are tested in a half-assed way because the customer is demanding that this fix is being made available RIGHT NOW!!!! (only to install it 3 weeks later...)
I'm no birther, but I do find it odd that this information is being kept under wraps. Seriously, why would someone in Hawaii have a SSN from Connecticut or wherever it is supposed to be from? Damn peculiar.
No, it's not. When Obama was born, SSNs weren't yet effectively tatooed on people's foreheads at the hospital upon birth, like they are now. A lot of kids born "back then" didn't even have an SSN until they entered the workplace. I was born in 1956, and I didn't have an SSN until my Mom took me down to the SS office to get one at around 6 years old. So, if Obama was living with a relative in CT at that time, it would be perfectly logical for his SSN to be from there.
As an employer, I believe I had a right to know.
You may BELIEVE that; but the fact is, you don't.
I've heard bad explanations from third parties, but never have I heard a good explanation directly from the White House.
No, what you really mean is, you will be dammed if ANY explanation will "do".
Still, that wasn't the point of my post. The original question is "So if I asked to see your SSN and Birth Certificate you'd be ok with it?" And my response was, in the affirmative, if you were asking for a job with the benefits as good as POTUS.
Newsflash: When you have the education and credentials of B.O., there are a LOT of higher-paying jobs you qualify for. Most successful attorneys make over $200k/yr. And if you trade that in for, say "TV talk show host", or "CEO" you can make MILLIONS per year.
Heck, local Indianapolis RADIO hosts (now syndicated) "Bob & Tom" reportedly made $225k/yr APIECE in the early 1980s, and that was BEFORE they were syndicated worldwide.
When Cheney was V.P., he had his FORTY-TWO MILLION DOLLAR-PER YEAR salary "escrowed" while he was in Office.
POTUS isn't that high-paying of a job; that's why it's so hard to get good talent for it!;-)
He told Apple about the flaw on the 14th of October, please dis-engage reality distortion field.
No RDF here, buddy!
So, he told Apple about it, and in FAR less time than they could research, code, and TEST a fix, he decided to tell the rest of the planet. What's so "noble" about that?
To prove his point, he wrote & submitted an application to the App Store that was approved.
And then LEFT it on the App Store until APPLE pulled it. Again, not "noble".
Why should he tell Apple his app is abusing this flaw?
Depends on what his TRUE motivations are, now doesn't it?
Shouldn't Apple be creating a tool/procedure to block the flaw or detect it during the vetting process (to which all apps will have to retroactively be submitted)?
Assuming they are prescient, and KNOW about the (extremely narrow, according to cmiller) vulnerability before cmiller told them about it, yes. But obviously, they didn't, nor can anyone who writes software know of bugs before they are discovered. Sheesh!
Voluntarily pulling his app from the App Store wouldn't have done any good.
That's just bullshit, and you know it.
The risk exists, and it's not by telling people to not look that it'll go away.
You've got the logic all screwed up. By not telling APPLE it doesn't go away. He NEVER had to tell the rest of the world, and most assuredly didn't have to leave an example IN THE WILD to prove his point. You're an unmitigated idiot.
He wrote InstaStock AFTER the 14th of October, when he had already detailed a proof-of-concept and sent it to Apple.
Wow, a whole couple of weeks. What a nice guy!
Chances are just as good that he wasn't the first person to think of this flaw, and that there are already apps out there that abuse this vulnerability.
Perhaps. But now we KNOW there are, and with his grandstanding before Apple had a fighting chance to address the issue, rest assured that there are dozens or hundreds racing to exploit what was a (by cmiller's own admission) a pretty damned obscure bug. BIG difference!
The onus is on people like Charlie Miller to -prove- the flaws they say exist in IT software or configurations.
You don't really know what the word "onus" means, do you? Dr. Charlie has no "onus" (duty) set upon him. He does this because he LIKES THE NOTORIETY (and the free MacBook Pros and $10k prizes). No "onus" involved, 'tard!
To do that they need to show there is a real risk to customers/users, and share the information with the company that produces the IT solution first, and later if the company does not resolve the issue, with the wider population of users so they can be aware of the risk and take whatever measures they deem necessary to counter the threat.
A couple of weeks is hardly "later" enough for something that will require a fundamental re-thinking of a portion of the OS. We're not talking about a missing "AND" clause here; but rather a possible problem with a redesign of the Javascript (IIRC) handler...
Otherwise, what accountability does a company have to solve flaws that have been disclosed to them? Oh yes, none. Nobody will know, nobody will tell, so it doesn't exist might work in your world, but that's not the real world.
I would agree with you, IF he had brought this to Apple's attention, and they sat on it for six months. But we all know that isn't the timeline that cmiller used here, was it?
How long do YOU think he should have waited? How long would it have taken YOU to fix this (considering that NONE OF US are privvy to the code, (just like in most of Android))?
Apple should have/be scrambling to find a way to identify this vulnerability in apps th
IF he had done the following:
1. Told Apple about the Flaw, AND that he was able to slip something that exploited this flaw through the vetting process; but that he had already pulled the app.
2. VOLUNTARILY pulled his App from the Store INSTANTLY, once it was Approved.
THEN he might be considered a "white hat" who was just trying to make Apple aware of a unknown vulnerability.
The Doctor Pwn's the OSX, he keeps his license. The Doctor Pwn's the iOS via Safari, he keeps his license. The Doctor Pwn's Apple's walled garden, and they take his license.
He was grandstanding. He could have EASILY contacted Apple on the downlow; but Noooooo! He had to grandstand, thus alerting the rest of the planet to the exploit BEFORE Apple had a chance to close the vulnerability.
He got exactly what he deserved (except that Apple should sue him into oblivion, and have him prosecuted for unauthorized access to a computer system, too).
In other words, Miller should thank his lucky stars that a company with a bigger legal department than most U.S. States have, and a nearly infinite cash reserve, ONLY took his Dev. License!
I have always thought that executing code on an iOS device in this way was possible I just never thought Apple would actually miss the fact that the app was downloading external code.
Charlie himself stated that he worked for months finding ONE corner-case that Apple didn't catch. It wasn't like this was right there in the open for all to see.
Except, it gives a false sense of security. With Android (or PC) apps, I know that there's a risk of malware, so I'm cautious. With iOS - well, I don't have one, but I imagine there are lot of people who think "it *can't* have malware, Apple checks everything!" and therefore completley trust anything in the app store.
The purpose of work like this is to demonstrate that Apple has misled those people; you can't simply trust everything. The only thing worse than an obviously untrustworthy app source is an untrustworthy app source that *appears* to be trustworthy.
The security is not false; it's clearly demonstrable by the stark difference between the amount of malware on both platforms.
And Apple hasn't "misled" [sic] anyone. Please show me where Apple has EVER said that No one will ever get malware on our App Store.
The app in question has already been pulled from the App Store. And I'm quite sure the flaw that allows executing code via some hole in Safari will be fixed very soon. iOS 5 supports delta updates now, so Apple can (and will) come with small updates much more often than in the past.
Unless he's figured out how to sign apps such that the OS thinks they are from Apple, and aren't. Then Apple would have to revamp their code signing system.
He clearly stated that he went AROUND the code signing requirement; NOT that he "broke" the signing process itself.
Did or did you not notice that the whole point of what Charlie Miller did was that the sandbox was breached, despite ASLR, and he was able to do it from an app allowed into the walled "solution"?
Please explain how an app store that is unable to detect malware but *claims* to be inherently secure is actually more secure? If anything, I see it as the opposite - it will delude people (like yourself) into thinking it's safe, when it's actually not. Android, by comparison, is acknowledged to have malware - meaning people need to be more cautious about the apps they install.
I think the numbers of actual malware on the two platforms speak for themselves. And in iOS' case, Apple-haters certainly can't claim "security through obscurity" or "lack-of-marketshare" excuses.
And I, for one, would rather have a guard who repels 99.99999999999999% of enemies, than me having to stay up every night with a shotgun in my hand, protecting my home and my loved ones.
Window screens don't stop all insects; but take them away, and pretty soon, all you'll have time to do all day, every day (and every night) is swat flies. Which would you prefer: The occasional gnat in your beer, or having flies crawling all over your dinner, every single day?
Velex: My heart goes out to you; I cannot imagine what a special hell it must be to be trapped in the wrong body; with people on one side (like that 'tard KingAlani, below) calling you a freak, and the other thinking you are mentally ill and need to be "treated" (AND WITH ECT, FOR FUCK SAKES!!!). I thought the days of Trepanning to drain the overheated humors were passed.
Guess not...
I am sure this is an over-generalization; but I have NEVER personally seen even a remotely "normal" person in the Psychology profession. I came to the conclusion long ago (and nothing has shaken it so far) that everyone who gets into the field os Psychology is in reality just trying to figure out what is wrong with THEMSELVES.
As I said, I know it's an over-generalization; but as far as anecdotal evidence goes, in my personal experience, the evidence is insurmountable and nearly irrefutable.
So, it doesn't surprise me one little bit that the DSM-5 continues the de-evolution of science. And you are right: As soon as you are "Mentally Ill", anything you say is treated as further sign of the denial of your illness.
Hang in there and believe in YOURSELF; that's the ONLY person you have to answer to in the end...
It sure looks like Oxford's standards are slipping.
Perhaps the actual thing that is happening is that Autism is this decade's Disease du Jour, and like ADHD before it, is being overdiagnosed at a truly frightening rate.
But just wait until the next DSM comes out. We'll ALL be diagnose-able with SOME sort of mental disorder. So, at that point, maybe nutjobs like BARONESS von Greenfield will eventually be "right" (at least according to the increasingly out-of-their-ever-lovin'-minds psychiatric community).
Well... Chrome is based on WebKit, just like Safari. Google might as well take an extra page from Apple and go "La la la... we can't hear your opinions... we can only hear praise from the sheeple."
Except you're dead wrong.
When Apple changed where the Tabs were on Safari, the userbase spoke up. The Tabs were promptly moved back to where they had been.
Say what you will about Apple; but they actually have a pretty good track record of listening to their userbase.
I think it is Microsoft you're thinking of when it comes to ignoring their users. But this was over-the-top arrogant of Google. Yes, it's their product and all; but when your entire userbase complains as one and you ignore it, that is a sure sign of a company who has seriously lost touch with who it is that put them where they are, and who can just as easily put you down like a dog.
My assumption is that Translate is used by other Apps to do voice recognition. I have Vlingo on my Android phone which is very Siri like (it does dictation, search and other such things, I had a phone off with my IPhone 4S using friend on Friday and other than being a bit faster they seemed pretty similar).
So, you got together with a friend and phoned-off?
Yeah, there would have been shouting, and the fact that you don't see the difference really exposes the lengths to which Apple people will use denial as a weapon.
Here, I'll spell it out for you. One of the latest Android phones has an antenna problem. What do you do? Get a different Android. Latest iPhone has an antenna problem. What do you do? Ooooops, your vendor believes in complete lock-in, so you have no equivalent options.
So, despite the fact that the "Android" that doesn't have the problem comes from a vendor that you otherwise hate, you would suggest that as a viable alternative?
(BTW, Android is an adjective, not a noun, or even a "popularized" verb-form, like (to) "Google").
And you don't have "complete lock-in". I'll spell it out for you: People who have purchased iOS devices have already chosen a particular environment. It's not "lock-in" when you are free to ditch iOS at any time and purchase an Android, WP7 or (other?) device. And don't whine about "cancellation fees" and the like. If you purchase a subsidized device of any kind, you should expect that cost if you change your mind, post-contract-execution.
In short, if people feel "locked-in" by their iOS device, then they have only themselves to blame for not exercising pre-sale due diligence. It isn't like it's hard to find someone/somewhere to try out iOS stuff, at least in the U.S., and in many other major cities worldwide. In fact, it's probably far easier to find someone/somewhere that has any given iOS device that any particular non-iOS one. Often, the only way to "test" a non-iOS smartphone or tablet is to purchase it.
Then what? If the device was subsidized...
Why would there be an "AntennaGate"? With Android phones, pretty much and OS feature can be done in non-OS software, so even OS upgrades aren't critical in most cases. Yes, suppliers should keep up with OS updates for a few years, but some don't. Learn which manufacturers to avoid.
Oh, and when "one of the manufacturer's to avoid" happens to be the "best" non-iOS-based product (like the Galaxy series arguably are), then what?
Hardware issue on Galaxy S. No software fix possible. Using a GPS test app you can only see a small number of satellites in most conditions. Unless you are sitting out in a wide open field on a nice day when there are no sources of interference nearby or high solar activity it will not lock on.
Even the windows in a car will attenuate the GPS signal enough to give you poor performance. Turn it off is the best advice I can give. It will only serve to lower your battery life and frustrate you.
Wow, and yet I don't recall any breathless, hand-wringing articles about this version of "Antennagate". If this had been true of the iPhone, there would have been shouting from the rooftops, with angry mobs with torches and pitchforks.
Boy, you fandroids are a hypocritical bunch. And I also see what appears to be a quite muted response to this revelation that the most popular Android-based tablet will (unsurprisingly) be orphaned for no-good-reason by its creator, Samsung, after what, about a year?
Meanwhile, all iOS devices that have any chance whatsoever of running iOS5 are getting an update... (but watch, some fandroid will bitch about the poor performance of early iOS 4 revisions on the iPhone 3GS (which largely got fixed), as if that justifies these OEMs orphaning their products after zero to one updates.
If Google pulls a "my way or the highway" move on manufacturers, they can just switch to windows phone 7. They can create some other phone system that uses a more recent kernel. They have other options.
So, what you are saying flies in the face of every Fandroid that posts on Slashdot.
Ignoring the fact that a "simple" switch to WP7 would take months of development and testing, you're now insinuating that there is no difference to the CONSUMER which OS their phone is running. Doesn't that negate all the rabid neckbeards that constantly yammer on about how Android is sooooo popular not because it is loaded on every "free" and otherwise cheap-shit phone, but rather, because "consumers want CHOICE AND FREEDOM" in their Phone OS. Now you are essentially claiming it doesn't matter to the consumer WHAT OS is on their phone.
So which is it?
Security wise - yes, most Android installations are pretty terrible. Especially if you are stuck with Froyo or some other outdated version.
There are only two real options: Nexus and Cyanogenmod. Everything else is pretty much unacceptable .
You forgot iOS. So, that's three options.
Hmm.. thought i saw someone else comment that it has VT instructions. If not, then too bad.
Still, point remains I guess. Even if its pushed at low end physical servers - CPU these days just isn't required. Even less so if you aren't virtualising multiple servers onto one machine. Just retired a couple of blades last year that were pentium III 1.3ghz single cores. They were still running around 90-99% idle most of the time (web server for internal app + db server to go with it).
Yep. I've never understood what the big need is for massive CPU when most of the heavy lifting in a file-server is handled through DMA transfers. Hell, all a file server does (for the most part) is lookup files in a directory (which I believe is a CPU-saving indexed file architecture in most, if not all, modern filesystems), then setup a DMA controller with source and destination addresses, and then stand back until a "Transfer Complete" interrupt is raised. Even if the DMA controller has to be setup for each block (likely), that means that the next block location and maybe the destination address and block length has to be stuffed. Whoop-de-doo.
My gut says that a file server will run out of I/O (both internal and external) and disk bandwidth LONG before the CPU is maxed-out.
I remember setting up an old 350MHz G3-based iMac with a (paltry) 512MB of RAM up as a streaming video server about 5 years ago. I was amazed to find that serving 10 simultaneous (but different) streams only took about 2% of that slow-ass CPU with a slow-ass bus (100MHz) and moderately-slow HD. I understand we aren't talking about 1000 simultaneous connections; but we're also not talking about 2.7GHz, multi-core, multi-threaded CPUs, with 1GHz frontside busses and 16GB of RAM, either.
It's pretty obvious that the low TDP means it's meant for something fanless/low-noise like MacMini servers. Though the MacMini already runs a laptop i5 chip for the same reason.
Actually, you can BTO a dual-core i7 on the higher-end (server-intended) Mac mini. But yes, they do normally run an i5 in the 'minis.
Worse, it isn't even necessary because the current "Core" line is split into i3, i5 and i7, which is an easily-understood hierarchy, and along with the "Celeron", there's absolutely no need for another damn confusing name.
They're just borrowing a page from the Microsoft marketing play-book: Just keep changing the name of things so that dumb consumers (and lazy OEMs) will think its "something new".
The difference with the Pentium 350 is that it is HT and supports VT-x and ECC. And has a TDP of 15W.
I'm trying to dump the Zacate I bought about a month ago onto someone now, and buy a Pentium 350 instead.... The Zacate gets rather hot(noticed 67 degrees Celsius from on-die sensor) when decoding a movie for example, even with a fan. With the Pentium 350 and a GT 520 for example, I could go completely fanless, and not reach those temperatures.
Except for one thing: Isn't the max die temp for most Pentiums in the 45-50 deg. C world? (I couldn't find the 350 specifically).
I welcome you to my world, where patches are tested in a half-assed way because the customer is demanding that this fix is being made available RIGHT NOW!!!! (only to install it 3 weeks later...)
My world has similar features...
I'm no birther, but I do find it odd that this information is being kept under wraps. Seriously, why would someone in Hawaii have a SSN from Connecticut or wherever it is supposed to be from? Damn peculiar.
No, it's not. When Obama was born, SSNs weren't yet effectively tatooed on people's foreheads at the hospital upon birth, like they are now. A lot of kids born "back then" didn't even have an SSN until they entered the workplace. I was born in 1956, and I didn't have an SSN until my Mom took me down to the SS office to get one at around 6 years old. So, if Obama was living with a relative in CT at that time, it would be perfectly logical for his SSN to be from there.
As an employer, I believe I had a right to know.
You may BELIEVE that; but the fact is, you don't.
I've heard bad explanations from third parties, but never have I heard a good explanation directly from the White House.
No, what you really mean is, you will be dammed if ANY explanation will "do".
Still, that wasn't the point of my post. The original question is "So if I asked to see your SSN and Birth Certificate you'd be ok with it?" And my response was, in the affirmative, if you were asking for a job with the benefits as good as POTUS.
Newsflash: When you have the education and credentials of B.O., there are a LOT of higher-paying jobs you qualify for. Most successful attorneys make over $200k/yr. And if you trade that in for, say "TV talk show host", or "CEO" you can make MILLIONS per year.
;-)
Heck, local Indianapolis RADIO hosts (now syndicated) "Bob & Tom" reportedly made $225k/yr APIECE in the early 1980s, and that was BEFORE they were syndicated worldwide. When Cheney was V.P., he had his FORTY-TWO MILLION DOLLAR-PER YEAR salary "escrowed" while he was in Office.
POTUS isn't that high-paying of a job; that's why it's so hard to get good talent for it!
He told Apple about the flaw on the 14th of October, please dis-engage reality distortion field.
No RDF here, buddy!
So, he told Apple about it, and in FAR less time than they could research, code, and TEST a fix, he decided to tell the rest of the planet. What's so "noble" about that?
To prove his point, he wrote & submitted an application to the App Store that was approved.
And then LEFT it on the App Store until APPLE pulled it. Again, not "noble".
Why should he tell Apple his app is abusing this flaw?
Depends on what his TRUE motivations are, now doesn't it?
Shouldn't Apple be creating a tool/procedure to block the flaw or detect it during the vetting process (to which all apps will have to retroactively be submitted)?
Assuming they are prescient, and KNOW about the (extremely narrow, according to cmiller) vulnerability before cmiller told them about it, yes. But obviously, they didn't, nor can anyone who writes software know of bugs before they are discovered. Sheesh!
Voluntarily pulling his app from the App Store wouldn't have done any good.
That's just bullshit, and you know it.
The risk exists, and it's not by telling people to not look that it'll go away.
You've got the logic all screwed up. By not telling APPLE it doesn't go away. He NEVER had to tell the rest of the world, and most assuredly didn't have to leave an example IN THE WILD to prove his point. You're an unmitigated idiot.
He wrote InstaStock AFTER the 14th of October, when he had already detailed a proof-of-concept and sent it to Apple.
Wow, a whole couple of weeks. What a nice guy!
Chances are just as good that he wasn't the first person to think of this flaw, and that there are already apps out there that abuse this vulnerability.
Perhaps. But now we KNOW there are, and with his grandstanding before Apple had a fighting chance to address the issue, rest assured that there are dozens or hundreds racing to exploit what was a (by cmiller's own admission) a pretty damned obscure bug. BIG difference!
The onus is on people like Charlie Miller to -prove- the flaws they say exist in IT software or configurations.
You don't really know what the word "onus" means, do you? Dr. Charlie has no "onus" (duty) set upon him. He does this because he LIKES THE NOTORIETY (and the free MacBook Pros and $10k prizes). No "onus" involved, 'tard!
To do that they need to show there is a real risk to customers/users, and share the information with the company that produces the IT solution first, and later if the company does not resolve the issue, with the wider population of users so they can be aware of the risk and take whatever measures they deem necessary to counter the threat.
A couple of weeks is hardly "later" enough for something that will require a fundamental re-thinking of a portion of the OS. We're not talking about a missing "AND" clause here; but rather a possible problem with a redesign of the Javascript (IIRC) handler...
Otherwise, what accountability does a company have to solve flaws that have been disclosed to them? Oh yes, none. Nobody will know, nobody will tell, so it doesn't exist might work in your world, but that's not the real world.
I would agree with you, IF he had brought this to Apple's attention, and they sat on it for six months. But we all know that isn't the timeline that cmiller used here, was it?
How long do YOU think he should have waited? How long would it have taken YOU to fix this (considering that NONE OF US are privvy to the code, (just like in most of Android))?
Apple should have/be scrambling to find a way to identify this vulnerability in apps th
This is why it is so good to have a President who is also a good lawyer, instead of that barely-literate, inbred President Dunsel we had before him.
IF he had done the following: 1. Told Apple about the Flaw, AND that he was able to slip something that exploited this flaw through the vetting process; but that he had already pulled the app.
2. VOLUNTARILY pulled his App from the Store INSTANTLY, once it was Approved.
THEN he might be considered a "white hat" who was just trying to make Apple aware of a unknown vulnerability.
But we all know he didn't do that, did he?
Your turn...
The Doctor Pwn's the OSX, he keeps his license. The Doctor Pwn's the iOS via Safari, he keeps his license. The Doctor Pwn's Apple's walled garden, and they take his license.
He was grandstanding. He could have EASILY contacted Apple on the downlow; but Noooooo! He had to grandstand, thus alerting the rest of the planet to the exploit BEFORE Apple had a chance to close the vulnerability.
He got exactly what he deserved (except that Apple should sue him into oblivion, and have him prosecuted for unauthorized access to a computer system, too).
In other words, Miller should thank his lucky stars that a company with a bigger legal department than most U.S. States have, and a nearly infinite cash reserve, ONLY took his Dev. License!
Talk about "playing with fire"...
There is no such thing as perfect software, only inadequate testing.
All software is imperfect.
All testing is inadequate.
Get over it.
Miller worked for MONTHS on this ONE EXPLOIT. Just how long do you want to hold a piece of software before releasing it?
Quit spreading FUD.
And feel free to come back when Android has 1/10000th of the security record of iOS.
I have always thought that executing code on an iOS device in this way was possible I just never thought Apple would actually miss the fact that the app was downloading external code.
Charlie himself stated that he worked for months finding ONE corner-case that Apple didn't catch. It wasn't like this was right there in the open for all to see.
Except, it gives a false sense of security. With Android (or PC) apps, I know that there's a risk of malware, so I'm cautious. With iOS - well, I don't have one, but I imagine there are lot of people who think "it *can't* have malware, Apple checks everything!" and therefore completley trust anything in the app store.
The purpose of work like this is to demonstrate that Apple has misled those people; you can't simply trust everything. The only thing worse than an obviously untrustworthy app source is an untrustworthy app source that *appears* to be trustworthy.
The security is not false; it's clearly demonstrable by the stark difference between the amount of malware on both platforms.
And Apple hasn't "misled" [sic] anyone. Please show me where Apple has EVER said that No one will ever get malware on our App Store.
[crickets]
Now go spread your FUD somewhere else, Fandroid.
The app in question has already been pulled from the App Store. And I'm quite sure the flaw that allows executing code via some hole in Safari will be fixed very soon. iOS 5 supports delta updates now, so Apple can (and will) come with small updates much more often than in the past.
Unless he's figured out how to sign apps such that the OS thinks they are from Apple, and aren't. Then Apple would have to revamp their code signing system.
He clearly stated that he went AROUND the code signing requirement; NOT that he "broke" the signing process itself.
Did or did you not notice that the whole point of what Charlie Miller did was that the sandbox was breached, despite ASLR, and he was able to do it from an app allowed into the walled "solution"?
Please explain how an app store that is unable to detect malware but *claims* to be inherently secure is actually more secure? If anything, I see it as the opposite - it will delude people (like yourself) into thinking it's safe, when it's actually not. Android, by comparison, is acknowledged to have malware - meaning people need to be more cautious about the apps they install.
I think the numbers of actual malware on the two platforms speak for themselves. And in iOS' case, Apple-haters certainly can't claim "security through obscurity" or "lack-of-marketshare" excuses.
And I, for one, would rather have a guard who repels 99.99999999999999% of enemies, than me having to stay up every night with a shotgun in my hand, protecting my home and my loved ones.
Window screens don't stop all insects; but take them away, and pretty soon, all you'll have time to do all day, every day (and every night) is swat flies. Which would you prefer: The occasional gnat in your beer, or having flies crawling all over your dinner, every single day?
Velex: My heart goes out to you; I cannot imagine what a special hell it must be to be trapped in the wrong body; with people on one side (like that 'tard KingAlani, below) calling you a freak, and the other thinking you are mentally ill and need to be "treated" (AND WITH ECT, FOR FUCK SAKES!!!). I thought the days of Trepanning to drain the overheated humors were passed.
Guess not...
I am sure this is an over-generalization; but I have NEVER personally seen even a remotely "normal" person in the Psychology profession. I came to the conclusion long ago (and nothing has shaken it so far) that everyone who gets into the field os Psychology is in reality just trying to figure out what is wrong with THEMSELVES.
As I said, I know it's an over-generalization; but as far as anecdotal evidence goes, in my personal experience, the evidence is insurmountable and nearly irrefutable.
So, it doesn't surprise me one little bit that the DSM-5 continues the de-evolution of science. And you are right: As soon as you are "Mentally Ill", anything you say is treated as further sign of the denial of your illness.
Hang in there and believe in YOURSELF; that's the ONLY person you have to answer to in the end...
Khaaaaaan!!!!! Khaaaaaaaaaaan!!! KHAAAAAAAAAAAAN!!!!!!
It sure looks like Oxford's standards are slipping.
Perhaps the actual thing that is happening is that Autism is this decade's Disease du Jour, and like ADHD before it, is being overdiagnosed at a truly frightening rate.
But just wait until the next DSM comes out. We'll ALL be diagnose-able with SOME sort of mental disorder. So, at that point, maybe nutjobs like BARONESS von Greenfield will eventually be "right" (at least according to the increasingly out-of-their-ever-lovin'-minds psychiatric community).
Well... Chrome is based on WebKit, just like Safari. Google might as well take an extra page from Apple and go "La la la... we can't hear your opinions... we can only hear praise from the sheeple."
Except you're dead wrong.
When Apple changed where the Tabs were on Safari, the userbase spoke up. The Tabs were promptly moved back to where they had been.
Say what you will about Apple; but they actually have a pretty good track record of listening to their userbase.
I think it is Microsoft you're thinking of when it comes to ignoring their users. But this was over-the-top arrogant of Google. Yes, it's their product and all; but when your entire userbase complains as one and you ignore it, that is a sure sign of a company who has seriously lost touch with who it is that put them where they are, and who can just as easily put you down like a dog.
My assumption is that Translate is used by other Apps to do voice recognition. I have Vlingo on my Android phone which is very Siri like (it does dictation, search and other such things, I had a phone off with my IPhone 4S using friend on Friday and other than being a bit faster they seemed pretty similar).
So, you got together with a friend and phoned-off?