1610 posts • joined Thursday 18th June 2009 14:54 GMT
@Kristian Walsh (and the story generally)
Re: the story's "Apple had stored their iPhones' location data" and your "Apple ... collected this information about the customer without permission; and ... did not take adequate precautions to prevent it being abused."
I think the sort of wording people are using is prone to give a false impression: Apple never had the data in their possession. Their OS collected it and it remained on your handset and in your iTunes backups, potentially exposing it to malicious third parties. Nobody alleges that Apple did this on purpose so far as I can make out, but by the same token if your new-build home fell down then you'd be able to sue the builders even if they didn't do it on purpose.
I'm all for devices being built with sufficient competence not to leak information about me to others so if that's the basis on which the court awarded damages then I'm in favour of it.
@jarjarbinks: made up statistics prove nothing
The most recent survey from IDC of mobile developers - published less than two weeks ago - showed 91% "very interested" in writing iPhone apps versus 87% "very interested" in writing Android phone apps. In both cases, tablets were explicitly counted separately.
From that you conclude that Android is "way ahead" on developers? That strongly suggests a bias that it's impossible to ignore when reading the rest of your comments.
@Robert Long: no it shouldn't
That'd just be one more setting to further complicate the relevant screen and for your less technical friends to change and then claim the device is broken because everything suddenly looks different and that they have no recollection of changing anything.
Being as honest about the device as possible and expecting web site vendors not to drive away their customers sounds like a better idea to me.
I don't buy it
Despite the two competing and contradictory opinion pieces on El Reg today — claiming variously that Apple is finished or that Google wasted their money on irrelevant IP from a loss-making phone manufacturer — I think this is largely a sideshow.
The iPod showed that Apple can hold a direct-to-consumer market against a thousand competitors even when they organise under a common banner. They managed to create an aura of quality while being sufficiently competitive on price.
I think they're having a much harder time in mobile because selling to the consumer through networks is a lot more difficult when they don't want to give the networks any control. In that environment it's not surprising that manufacturers who are more willing to balance consumer experience against network demands have been able to sell in a lot more volume. Those volumes also become a benefit for all Android users, creating more interest in the top tier, unencumbered handsets.
That said, while the article is right that it's disingenuous to say that Apple are really winning the war with Android because they suck up so much of the profit in the handset arena, the fact that Google and others are also reaping significant funds doesn't seem to put Apple in a precarious position from where I'm sitting. Two segmented areas of profit are even less of a zero-sum game than most of the markets that the tech press likes to report as such.
I have to admit to still being uncertain exactly why Google have bought Motorola, given their unwillingness to get engaged in legal proceedings against their licensees to date, but I seriously doubt this spells doom for the iPhone. My expectation remains the same: that Apple will end up in more of a Mac situation than an iPod situation, profitably reaping a high-value niche.
Competing demands, that's all
C++'s complexity is a result of the desire to create a language that can automate everything that more extreme languages supply while making it all optional and without taking one step away from the language having as close as possible to no runtime.
It's a grand unification, even while the world shows a preference for niche languages.
Apple's approach to applications — sandboxed and with very low permissions — should make it easy for suitable tools to spot any malware that comes along and basically prevent any propagation of trojans, which are the predominant threat everywhere nowadays. Apple have also started pushing OS updates on the desktop to eliminate malware where it crops up, suggesting they're at least taking the problem more seriously than they were.
I therefore don't expect serious malware problems on iOS.
I would imagine there may be more problems on Android because Google publish the code, meaning that you can determine what has been fixed from version to version and hence what vulnerabilities did exist previously, but a whole bunch of handset vendors then fail to pass the updates on to users. But if a real problem arises the market should be able to provide a solution because there's no walled garden, so I don't expect it'll have a major impact on Android's continuing fantastic adoption rate.
Look to Amazon would be more appropriate
They are the only potential competitors with the content and the vertical integration to match Apple — they also have an incredible platform from which to launch. If they launch then I expect them to coast into second place almost immediately and then to put up a pretty decent fight.
Not very sound reasoning
Your argument is: if you assume there's nothing wrong with the product then there's something wrong with the consumers.
I'm as surprised that Apple is staying ahead as anybody, but couldn't it just be that the glut of new tablets and the besmirching of Android's name by some very awful no-brand tablets are preventing decent tablets that make 'Android' a big part of the pitch from picking up momentum quickly?
I'll be more surprised than anyone if Apple's share still isn't significantly reduced a year from now.
When's the last time anyone launched an interesting phone?
Nobody in the industry has done anything particularly interesting for such a long time that I'm having difficulty building up any enthusiasm whatsoever. My predictions: things that can be quantified will see an increase, probably with the exception of battery life. That's how everybody does it.
This is pretty good though...
... because it uses the new 'HTML5' database feature, so that all your interaction is entirely within the page itself and handled invisibly by the browser. There's no manual work involved and no need to have access to and an understanding of a traditional file system. You just pin the books you want to be able to read offline and everything is done for you.
I don't actually like reading on the iPad or on any similar light-in-your-face-with-visible-pixels device, but I appreciate what Amazon have done here.
Not so much of an ego trip
Property stolen from Apple (the theft having occurred at the moment the defendant decided not to return the thing) was sold at a profit. That's a crime. Asking the police to investigate a crime isn't an ego trip. The attitude of the defendant also seems sufficient to push the crime from a legal wrong to a moral wrong.
Busting gung-ho through an editor's door once it's become obvious that you're part of a high profile story potentially sounds like a bit of an ego excursion but there's not a shred of evidence to suggest Apple directed the police investigation. Chen was mistreated in my opinion, but you're far too quick to point the finger of blame.
To be fair...
... all of those except The Last One (if you give Smalltalk a pass as the basis of Objective-C) have been used for a bunch of useful, productive applications and are still being used today. The hype is always a bit ridiculous, but useful ideas have emerged.
I think you might be paranoid
There doesn't seem to be any cult connection in this article at all. It's Apple the company pursuing Samsung the company. I don't even see anybody coming out here to defend Apple, which is unsurprising given the circumstances.
Disregarding the "fan boys" did it for them
In 2002 Quark CEO Fred Ebrahimi declared that "publishing is dying" and suggested that those who were unhappy with Quark's then failure to update Xpress to run on OS X "switch to something else".
Meanwhile, Adobe had updated InDesign to OS X and declared that publishing was just breaking out of its print niche, shortly announcing the Creative Suite to tie print and digital tools together into a convincing package (well, compared to the competition).
I can't find a graph of market share for InDesign vs XPress since the launch of OS X, but I'm pretty confident I can guess what it looks like. My assessment would be that Ebrahimi did a Ratner.
Depends on your definition of "taken"
Microsoft "took" from Apple in the sense that they had a contract with Apple that a court found to have given them access to the relevant intellectual property. Apple "took" from Xerox in the sense that they paid millions of dollars worth of shares in order to have access to the research centre.
In both cases, ideas migrated due to business transactions.
@JEDDIDAH: what are you talking about?
OS X doesn't jail apps onto one desktop, and hasn't at any time since it gained virtual desktops. It's trivial to move them from desktop to desktop and there's no requirement for all the windows for a single app to be on the same desktop.
Moving from one desktop to another is achieved through drag and drop.
@Paul: it was more about Office
Microsoft invested a small amount of money but also reinvigorated Office development and promised to continue to support the platform for five years, whatever happens. Prior to the 1997 agreement, Office development for Mac was moribund, which was one of the things making the platform look stagnant at best. In return IE displaced Netscape as the default browser on the Mac, which it continued to be until OS X 10.3 debuted.
So Apple got to look a little more alive and Microsoft got to kick Netscape.
To be fair to them...
... you could ask why did they buy On2 if they think patents are bogus? The answer was: to put those patents under a perpetually free licence.
That said, they'll get no sympathy from me either if they're trying to conjure up images of some sort of industry-wide conspiracy against them. It's nice to see someone from a big, trusted company going on the record about the lunacy of the US patent system though.
Actually a pretty good defence
Google argue they needed the patents independently to allow them to be used as a shield, and the pattern of their bidding in the auction already suggested they didn't seriously think they were going to lose.
That said, if Microsoft are extracting money from companies like HTC then presumably Google are saying that if they'd been able to acquire the tools, they would start wading into those disputes? Just open licensing the patents they acquired wouldn't achieve protection for third parties.
@ChrisC: my experience is the opposite
The number of people "actively, willingly, knowingly choosing to go the way of the 'droid rather than take a bit of the apple" is exactly the same as it always was, and comprised almost entirely of a whole bunch of angry Internet types.
The number of people buying an Android phone has surged because Android phones tend to be the best value proposition by a huge margin for a big majority of the market. You can get a big touch screen, a usable browser and access to apps for free on a cheap contract, often with unlimited data (per the industry's definition of unlimited). Nobody cares that it's an Android.
Sadly I think that's also why this report ends the way it does: the race to the bottom in price terms has squeezed profit, and manufacturers don't seem to have found effective ways to add value. What we've arguably got is a lot of people trying to pretend that phones aren't just commodities.
@James Micallef: I'm not persuaded
I don't think most Nokia cheerleaders actually believe the hardware quality tag, it's just something they can cling to when an argument requires it. Nokia phones tend to contain older processors and GPUs, and the companies with the lowest reported malfunction rates for phones tend to be Motorola and Apple.
Nokia fans probably would have gone Nokia Android though — you're right about that. Unlike Motorola, HTC et al, Nokia did actually have a decent body of brand loyalists at one point.
Other way round, isn't it?
Surely if they overcharge in the UK, it's to allow for the pound becoming worth less compared to the dollar?
That said, it's probably more about cost of doing business, taxation regimes, what they think the market will accept, etc.
I downvoted for (i) the use of 'Crapple' and 'iFad'; (ii) the apparent assertion that if someone manufactures something, obviously they must have the intellectual rights to it; and (iii) the statement that Apple are somehow more culpable than everybody else for the current lawsuit frenzy.
All of the big tech beasts have worked in concert to put us in the stupid intellectual property position we're in now. To pull a single instance out of the many idiotic lawsuits going on and say "oh, well obviously that claimant is to blame" doesn't ring true. The first example of phone manufacturers suing each other on slightly flimsy patent grounds regarding current-or-near-enough phones that I can find is Nokia suing Apple, but I neither think that pins the blame for the whole thing on Nokia nor do I think it justifies Apple's lawyerlust.
Summary: downvote was because the post was wrong on the facts and written in a childish tongue. That I think the case being pursued by Apple shouldn't be actionable is neither here nor there.
@James Hughes 1
It depends what you use your phone for - go on the tube, for example, and you'll spot that quite a few people use them for games. In that case, Nokia's obsession with cheap Broadcom GPUs and its failure to ship anything with an ARM7, even more than two years after the relevant Android and Apple handsets, is a problem.
The standard Symbian touch screen resolution of 640x360 has less than 38% the number of pixels of the iPhone 4, so even static images look significantly less sharp. 256mb of RAM as on the N8 is 50% of that in the iPhone 4 and several Android handsets, limiting third party app producers.
The N9 would address some of these issues but has yet to launch and isn't exactly intended for volume distribution.
This is quite a gaping hole though
Summary of the article: lock down your machine all you want and in as many ways as you can, someone can still stroll along, plug in a dongle and take an image of your RAM. Furthermore, in OS X in particular they can use that image to find your password and thereby have unfettered access to everything else — though just the RAM bit is a major concern.
Future product transitions are more likely
As in "oh dear, phones risk eating away at our iPod money, better make a phone" and "the phone now seems to have some decent competition, better ship a tablet or something". I think the share price is more based on the perception that Apple are very good at churning out new consumer hits, even with the occasional misfire, rather than that they're tied to any market in particular.
Of course, if any shareholders based their purchase on the idea that a third of US consumers are going to buy an iPhone then they're in for a disappointment as this survey is clearly way off the mark. I guess some sort of iPhone Nano could alter the balance but I don't see any reason the Android-for-the-mass-market juggernaut should stop.
Story appears to contradict itself
In Lion, turning FileVault disk encryption on has the effect of disabling automatic login. So if the latter defeats the vulnerability then, contrary to the article, the former isn't vulnerable.
That aside, Firewire was designed when people were still very naive about security and manages to be faster than USB mainly by keeping the CPU out of the loop, so I'm not sure Apple can fix this in software. Hopefully Apple and Intel have been smarter with Thunderbolt, but we'll see.
Obvious comments, mostly:
Re: removing Java, I assume the intention is to remove it just as any other bit of code included in 10.6 but not in 10.7 is removed. I hope there's some logic that tries to preserve it if you've been using it (e.g., if you have Java-utilising apps installed) and that it just didn't work here, but can't claim to be particularly confident. However, there are lots of reasons not to include software in an OS distribution other than politics. Apple's defence that if they make it an OS feature then they become responsible for maintaining it and that nobody else ships it as an OS feature is reasonably convincing, though you're probably right that politics was involved.
Re: Versions, as already pointed out, this not only ensures that what is on disk is kept up-to-date with whatever edits you've made, but also retains all older version for browsing. So there's no "too late!" in your example — just scroll back through the revisions and find the one you like. Though I'm unclear as to what the behaviour is when exporting a file to an OS that can't do revisions, such as when you email a file, copy it to a flash drive, use an external server, etc.
While I agree that it'd be nice to be able to turn off restore permanently and wouldn't be surprised if Apple added it (after all, they gave us the opaque menu bar back eventually), I'd be surprised if Versions becomes an optional feature. If anything I'd expect it to be baked into the filing system proper at a later date, rather than handled via a SQL database that is itself a file.
If you equate real searching with regular expressions then no. However the same (nested) Boolean, wildcard, case and date stuff carries over. So the search is glob-like, which I guess also doesn't do a real search by your criteria.
For documentation, see http://developer.apple.com/library/mac/#documentation/Carbon/Conceptual/SpotlightQuery/Concepts/QueryFormat.html
I stand corrected, but in my defence I was thinking of a careless security mistake in a piece of software that was actually exploited. As the article you link to says "Having the passwords will not do anybody any good for the moment [...] nobody even seems certain that the accounts access the machine at all". However it was my mistake to conflate the two things and to claim that you were wrong.
As to the rest of my original post, I'm still uncertain as to how one would put damaging software onto an Apple battery. I don't deny that there's a potential security problem here (though if the battery firmware could be altered only by a piece of software already running as root on the machine then I might, since then logically the number of attack vectors isn't increased, just the number of attacks) but I'm curious what a prudent person should do in response.
Minor correction: Apple have never hard coded the root password for iOS devices; certain jail break tools used to do that, creating a security flaw for users of those tools only.
I otherwise agree with you mostly, Apple's attitude seemingly being that security updates aren't very urgent.
One thing I'm unsure of from the article: how do you perform the attack? Do you need physical access and/or root permissions? Anything of that nature that comes through Software Update requires an administrator password - does this flaw get around that somehow?
They've a vested interest in upsell, though
As will anybody else that enters the market. And once Windows for ARM is out, somebody else will have exactly the same motivations that they did during the period in which Intel netbooks mysteriously doubled in price.
@ Someone has used "a handle is required"
If your only complaint against Objective-C is the manual memory management (which is reference counted so as to keep all management decisions local, but that's about the only positive thing you can think of to say about it), then you're behind the times. A garbage collector was added in 10.6, albeit that it was a hassle to write suitable code, and automatic reference counting is added in the new compiler and 10.7, which does it all for you at runtime via [a limited form of] static analysis. It's so easy to use and so trusted that it's enabled by default for new projects. You can even enable or disable it file-by-file so as to migrate existing projects and to continue to interface with standard C and C++ code without problems.
Of course, most people's complaints against Objective-C go a lot deeper so you probably have other concerns, but that's the only complaint I've ever agreed with and now seems to be solved.
Adobe are so infuriating
They've gone the same route as Opera and a hundred other under-staffed open source projects previously; their version of supporting OS X is not to use the normal system APIs to achieve normal system integration, but to attempt to mimic it by other means. Adobe's mimicry is a lot better than most, but suffers the same problems: it's built on a series of empirical observations and assumptions, and is prone to sticking out like a sore thumb as soon as extra or changed built-in functionality is provided by the OS.
In the case of Opera/etc you usually end up at the conclusion that the software producer doesn't really care but with Adobe I tend to get the impression that they spend most of their days layering hack upon hack upon hack to try to keep a twenty-year-old code base from falling apart. That may well be the most profitable thing to do, but it's not exactly surprising that they seem to stumble from technical issue to technical issue.
InDesign being the exception to the rule?
The reason InDesign took so much market share from Quark Express, even before the Creative Suite, was that it worked on OS X a lot earlier. It's a shame Adobe didn't seem to learn very much from that early embrace of a new technology.
I think it's the sandboxing that makes the story
The story is quite clear, as you point out, that ASLR and full disk encryption are areas in which OS X has now caught up with Windows and Linux (or Ubuntu as it seems to call it). It then suggests that sand boxing processes and designing the applications (and daemons) that come with the system to isolate different logical parts into different processes within different sandboxes constituted a step in advance of any of the competing operating systems. So that's the leapfrog jump — the fact that the supplied browser, email app, PDF viewer, etc are all now aggressively using sand boxing, for which there is now high level API support.
Whether or not that's a valid assessment is one thing; just repeating what the article already says about areas where Apple have played catch up is quite another.
Re: pre-emptive multitasking, citing Apple's failure to transition to a modern OS until around 2000 feels a bit disingenuous as a comment on the OS they transitioned to.
Re: 64bit, that's been a feature since 2005. The difference in approaches has been that Apple have uncharacteristically gone for a gradual transition, though I think that's because the hardware has made a gradual transition.
iOS is behind on some of the features listed
For example, jailbreakme.com uses a PDF exploit — a buffer overrun or some other flaw that allows a maliciously crafted PDF to perform arbitrary code execution. The cat and mouse with Apple from that specific method of jailbreaking has surrounded finding exploitable flaws in the PDF renderer and fixing them.
In Lion, PDF parsing and rendering is devolved to one or more separate, sand boxed processes that don't have the ability to read or write to files or otherwise communicate very widely with the outside world. So Lion takes a big step forward in trying to secure against that type of exploit.
Of course there are likely to be further flaws and exploits, but Lion is a step up from iOS in terms of overall security. Since iOS and OS X use the same kernel and share many of the system APIs (though the user interface stuff is deliberately very different), the general rule is that whichever was released most recently has Apple's most up-to-date security. I expect the new OS X stuff will migrate to iOS in the near future.
A fluff piece, but too much hyperbole on your part
"OSX was the worst security offender in the world with 1500 vulns as per securnia"
Secunia issue advisories. Each advisory may mention multiple related vulnerabilities.
They lists 1555 vulnerabilities for all versions of Mac OS X between 2003 and 2011 combined. In terms of advisories, they are aware of 8 unpatched advisories from a total of 155 in the full 8 years they've been tracking the OS. The most severe unpatched advisory is rated by them as "Moderately critical".
Compare to Windows, which is broken down by release. Like all versions of OS X added together, Windows Vista has 8 unpatched advisories, from pretty much the same all-time total (157 versus 155, but whatever). The most severe unpatched advisory is rated as "Highly critical".
Windows 7 has only 5 unpatched advisories of 76 to date but the most severe is again "Highly critical".
Linux is broken down by distribution, which makes it hard to compare. But that's not just a statistical tabulation difference, it's a real on-the-ground difference so fair enough. For the record, Ubuntu 10.10 has been the subject of 133 advisories to date but all have been patched. So kudos to the Linux crowd.
But to go from that to "OSX was the worst security offender in the world" feels like overreaching. It requires you to compare eight years of Apple's problems with two years of Microsoft's, to ignore the advice Secunia are actually giving as to the seriousness of the problems and to conflate problems that were solved with ones that remain an issue.
@AC: not quite that simple
OS X's sandboxing is exposed for use of all applications via a high-level API and is implemented across all applications that the OS comes with. So those are both huge steps, but the sand boxing doesn't apply to software that isn't written to use it. So your existing applications aren't sand boxed, at least in the sense that the term is being used here.
Apple have stated that applications must use the sand boxing to be accepted onto the App Store as of some date later in the year, so there is a carrot and stick aspect to it, but you can still download any old application you want from the Internet and it can still do whatever it wants (or, more relevantly, expose exploits that allow malicious agents to use it as an agent to do whatever they want).
Is it usable outside of Windows?
The Steam system requirements list Windows 2000/XP/Vista but also "Sound Cards Supported: AdLib compatible cards, SoundBlaster compatible cards and the Roland LAPC-1". So does it come in a form where I could transfer it to DosBox on another platform?
You're not allowing for the separate educational store
"University and college students or students accepted to university or college" qualify, and educational pricing for the MacBook Air is "from £730" (though I'm not sure exactly what you get for being in the student category, as you can't access the store other than from your campus network).
The original MacBook also lives on for bulk educational purchasers, much as they had exclusive access to the eMac for quite a few years back in the early-to-mid 2000s.
Not quite right on the facts
Small correction: Mini DisplayPort and Thunderbolt have the same physical connector and any Thunderbolt-equipped Mac can use the exact same accessories as a Mini-DisplayPort-equipped Mac for connection to external displays.
Obviously you can also connect any old DVD drive you want, no need to buy an Apple-branded one.
I'm a hawk on eliminating the optical media drive from all computers on the grounds that I barely use mine and don't recall ever having used one away from my home. So investing in a single, external drive and keeping that with the USB floppy drive on my shelf feels like an acceptable way to reduce the cost and size of any future computers I buy. You know, across the whole industry, irrespective of whether specific individual manufacturers pass savings on.
It's not a video port; it is backwards compatible
The new port, codeveloped with Intel, can be used to interface to displays, storage (at better-than-eSata speeds), peripherals, external graphics cards, etc. That's why it has been developed. The objective is to further shrink the number of ports on computers, and a secondary benefit taken advantage of by this monitor is that the monitor can act as a break-out box since it provides USB, Firewire, ethernet and Thunderbolt ports while connecting to the computer via a single cable.
If you have any mini-displayport peripherals, you can plug those directly into your Thunderbolt port instead. It's backwards compatible.
I think some people can be oversensitive, given how often Flash support is used as a proxy by those that determine in advance that they want to say something negative for its own sake and only subsequently pick through the feature list to find something specific to say.
I also don't think the comment deserved any down votes.
Allowing for VAT...
... UK prices are actually cheaper. 69p - VAT = 57.5p. 57.5p converted to USD is 92 cents. The 99 cents doesn't include sales tax because there is no national US tax; if you live in a state that collects tax on digital downloads then it'll be added to the $0.99.
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps