There is a huge caveat here:

You can only do this if you have the keys from a computer you have sync'd with previously. That only happens if you enter your passcode then see the "Trust this Computer" prompt on a computer that has iTunes installed and you click "Trust" at the prompt. That creates a set of sync keys that the iOS device will then accept to access the various services.

Some of the stuff he complains about is only enabled for devices used for development or if the device is enrolled in enterprise provisioning. As far as I'm aware, Apple requires that the company purchase the device on the company account to support over the air enrollment in this system so it wouldn't affect personal devices. Even for USB connected devices, you must enter the password/passcode to allow the device to be visible to MDM tools in the first place. Even enabling development mode requires entering the password/passcode.

The one main point he brings up (which I agree with) is Apple needs to provide a way to see the list of computers on your device and remove them.

There are some other more theoretical issues here that Apple should address, but no your iPhone is not running a packet sniffer and will not hand over files to anyone who connects. If your device isn't provisioned for enterprise and has never connected to a PC to sync (the vast majority of iOS devices these days) then as far as I can tell, none of the issues he found are of any use whatsoever.

That's certainly a nerd sort of pedantically correct, but the scope and scale matter a lot. Apple is far, far better about updating old devices. Anyone who tries to argue that they are equivalent to Google on this front is just being an asshole.

Yes, there are a few models that did not get more than two years of OS updates due to hardware limitations (or business reasons if you want to think that) and the iPad you mention is one of those.

If we compare to Android, the majority of all Android devices have *never* seen a software update. A supermajority (if not 90%+) don't get updates a year past their original introduction (meaning people buy them brand new and *never* get a single update).

By contrast, when Apple's famous "goto fail" bug was discovered, they issued a patch for my test device, a four year old iPod Touch 4th generation running the end-of-life iOS 6. The patch was released immediately, at the same time as the patch for the latest hardware.

Tell me... what 4 year old Android devices are getting any OS updates whatsoever?

Honestly... how is this even slightly controversial?

Apple controls their own hardware and software, and they release a limited number of models. Their support burden to release updates for older devices is minimal. They also have the benefit of requiring complete open access from the carriers and have stuck to their guns, forcing carriers to cave in. (I remember the days before Apple, when carriers struck features from devices at their whim, and the only "app" store was the horrible carrier's app store). That's also part of the reason you will never see this on Android - having let the cat out of the bag, they absolutely will not allow anyone else to usurp their control again.

By contrast, Android is developed by one company, has firmware developed by an SoC company, then gets modified for hardware by another, then certified by thousands of individual carriers. If anyone in that chain decides it's too much work, doesn't care, or just drags their feet then you don't get updates.

P.S. Expect carriers (at least in the US) to start injecting boot loader verification into the baseband ROM, then refuse to let your device on the network if it has been rooted. They are fighting tooth and nail to not be a commodity dumb pipe and will try anything. Many of their most profitable customers are iOS users, so they basically can't avoid doing as Apple says (ask NTT DoCoMo or Verizon how resisting Apple's demands worked out). Samsung has no such leverage - one Android phone is, to a rough order of magnitude, as good as another, so when the carriers demand locking and verification you can bet Samsung will comply.

People were happy to install ActiveX controls to "Punch the Monkey" in 1998. Nothing has changed since then.

It's also why the Android security model is a complete joke and always has been.

Any security model that requires users to make perfect security decisions is an automatic failure because there is no "undo", so one mistake after 10 years of perfect vigilence owns your entire machine.

Many end users have IPv6 support. Many servers are capable of it. The issue is mostly the US ISPs and middle-tier transit providers dragging their feet. My systems all support IPv6, my m0n0wall box supports it, but neither of the two ISPs I can buy service from support it. In fact they won't sell it to me even if I offer to pay extra money for it!

My pet theory is that Verizon et al wants to convert IPv4 address space into a "resource" they can buy/sell/trade. A bunch of lawyers and MBAs are rubbing their greedy fingers together, hoping we stay in a "resource shortage" for as long as possible.

We could switch over, probably within a year or two, but it would take a government-imposed mandate to force people to stop screwing around and make the change.

I'm afraid it is you who is clueless. Up until ZFS started gaining traction, we all had the luxury of assuming the storage chain was reliable (RAM, SATA controller, cables, drive firmware, read/write heads, oxide layers, etc). Or at least we would know something went wrong.

But it was found that in the actual real world, these systems all silently corrupt data from time to time. The problem is much worse as the volume of data grows because the error rates are basically unchanged, meaning what was once expected to be a random bit flip that would strike one user out of a million once per year is now something that strikes every single user multiple times per year.

I'm not talking theory or what *should* happen. I'm talking about actual real world experience with check summing filesystems that demonstrate, beyond any doubt, that bit rot happens and happens far more frequently than most people believe. Actual experience with ZFS proves that disks can and **will** read back out different bits than what was written silently with no block read errors.

Further, you're increadibly ignorant of now ZFS or BTRFS deal with redundancy. You can setup to mirror blocks, in some cases on a per-file or directory basis, providing protection against corrupting. A background scrubber scans the disk when idle cycles are available and detects and repair corrupting from the available good blocks, or log an error if there are no good mirrors or parity blocks available.

With our new knowledge and experience it is no longer sufficient to cross our fingers and hope for the best. We cannot trust filesystems or the underlying hardware, we must verify.

It's actually a false dichotomy...

The vast majority of software is poorly written, hacked-together junk written by dicks and idiots.

Open Source *can* be slightly less terrible, but it's all still terrible.

This is wildly inaccurate.

Full disclosure: I'm a Sprint shareholder (at $2.70, back when people were predicting bankruptcy). I've been following them for some time.

Actually Sprint has engaged in a nationwide replacement of all their radios and base stations, including installing fiber to almost all of their towers and using gigabit microwave to connect the towers that can't get fiber to ones that can.

Sprint's major problem with 3G was the outdated backhaul. They were still using T1 lines everywhere, as they first got distracted with Nextel, then sunk money into WiMax hoping it would take off as the next-gen standard **.

I have LTE now in the DFW area and it's fast and works well.

The Nextel 800mhz spectrum is a very small slice; it only has enough space for one 5x5 LTE channel and 1 CDMA voice channel, no more. If they had started making the switch, they would have cut off their existing Nextel customers overnight. Not to mention the fact that LTE wasn't even a standard at the time and no vendors offered LTE tower equipment and no handsets supported it. If they had tried to squeeze a CDMA data channel into that space it would have been painfully slow (far less than the 3MB theoretical max).

FYI: They have been turning on 800mhz and I get noticably improved performance inside elevators and building interiors. The goal is 2.5Ghz for crowded urban areas (where you don't want towers to cover much distance), 1900Mhz for general use, and 800Mhz for indoor areas and rural coverage.

Actually they completely rebuilt their network, including all backhaul/routing, all radios, all tower equipment. That project is almost complete now. Compare LTE coverage in 2012 to today and you can see a massive difference. You can't do that overnight.

With Nextel, the actual problem was they waited for Qualcomm to add PTT tech (push to talk) to CDMA so they'd have a replacement for the IDEN handsets. Right as that became available, everyone stopped caring and wanting smartphones with data plans. In hindsight, they should have forced Nextel users to switch immediately and stopped running dual networks for no good reason (doubling tower and backhaul costs). They'd have lost the same number of customers in the end but saved a bunch of money.

** Actually WiMax was a use-it-or-lose-it deal. They had to deploy something to the 2.5Ghz bands or they would lose access, but LTE wasn't ready so they deployed just enough WiMax to preserve their spectrum. They have already started deploying LTE to that band.

The whole purpose behind spinning off Clear was to get other companies to waste capital on Sprint's behalf, greatly lowering the cost of preserving that spectrum while they rebuilt their network, shut down IDEN, and got on track for the future. So in that sense it worked perfectly.

Masayoshi Son's access to unlimited money from the BoJ (for some value of "unlimited") makes acquisition a good move.

Sprint has a modern network and is executing well, it simply takes time to roll out the network, then it takes time for everyone to upgrade to an LTE phone capable of using the new network.

Buying T-Mobile would give them compatible spectrum in many, many markets - they share a lot of 1900Mhz assignments. Sprint could immediately begin switching some of those to Sprint LTE on day one. Many phones would be compatible with both. After the typical two year replacement cycle, Sprint could begin forcing everyone off old phones and finish the conversion. That's the big key - you can't let it linger like Nextel, you have to rip the bandaid off. The only question mark is the AWS spectrum - not one Sprint currently uses. Do you try to keep it and upgrade your towers to support it? Or do you swap/sell it?

This is the most childish post I've seen on this story yet.

Objection your honor, asserts facts not in evidence! No one said there was anything wrong with you or that you should be feared. The whole point is women can't know a-priori who the good guys are and the penalty is being raped or killed. If only 1-2% of the guys are the bad apples (probably a bit low), then in a conference of 5000 men there are 50-100 who would do her harm. Do you honestly even give a second thought to someone punching you in the face or stabbing you at a conference? Didn't think so.

Seriously? You mashed the keyboard and clicked post to share this bit of drivel with the world?

Get the chip off your shoulder man.

Know what all the nice girls are doing? Quietly trying to navigate the hurdles of life and getting by. Same as the real nice guys (not the fakes who pretend not to be interested in a woman so they can ingratiate themselves).

DaveV1.0, you are part of the problem.

From one male nerd to another: not acceptable.

What planet do you live on? This is a very common thing among nerdy guys, though slightly less so with the younger generation thankfully.

Why does every single discussion about women in tech immediately result in a bunch of denials, followed by pats on the back (upvotes) as dudes congratulate other dudes on how much of a not-problem there is?

From one white male nerd to the rest of the community: Come on, you can't be serious? Women are treated equally to men in tech? Really? Really?

The evidence is all over. You can see it on twitter, in forum posts, or just by asking any of the female geeks you may know.

To claim otherwise is to endorse a lie. If you've helped clean up your little corner of the world, excellent and good on you! But please don't pretend geek/nerd culture has no issues with women.

* As to what happens in other communities, who gives a shit? That is irrelevant. I'm concerned about our community. We should have better standards, especially those of us who were bullied as kids before the dotcom boom when being geeky started to be seen as at least not completely aberrant behavior.

Except you are taking this off-topic because right now, at this moment, we are discussing women in geek/nerd circles. Specifically a guy who seemed at least a bit nerdy and blamed women for not seeing what a nice guy he was (translated: faker who pretends not to be interested in them romantically). While the vast majority of nerdy guys certainly wouldn't do anything violent, there are many, many thousands of them who share the same attitude: women just won't see what a nice guy he is and it's all their fault for being bitches and whaaaaaaaaaa.

Every single time someone tries to start a discussion about how women are treated in nerd/geek circles, a bunch of my fellow guys jump in and change the conversation to be about something else. Why? Because geek/nerd culture is dominated by white men so we have the largest number of voices.

Just for once, can we have a discussion about women in tech without trying to change the subject? Please? White male geek asking nicely here.

I came in expecting a bunch of hand-waving denials, cries of "WHAT ABOUT MEN'S RIGHTS?!?!", and other such nonsense and I was not disappointed!

Women in tech/nerd circles generally face a lot more BS than a man would in the identical situation. That continues to go on because some of us seem to think this is an attack or indictment and refuse to acknowledge it.

Here's a pro tip: the guys who grab women's breasts, stand immediately in front of a woman when they're the only two in the elevator (blocking her exit), start asking sexually-charged questions, follow her around after a meeting, or even just the ones who automatically dismiss anything a female developer says.... They don't generally act like jerks in plain view. When they do, those of us who do care sit by silently; when the manager pats a female developer on the head and tells her not to worry about it, a lot of guys just laugh or ignore it.

You may think it doesn't happen but ask the women in your group how many times people have treated them like children, dismissed them, or behaved in a really creepy way even after being asked to stop **. Ask any reasonably well-known geek girl to show you her "death & rape threat" tweet or email folder and you'll see hundreds or thousands of them.

** I've personally seen it many times; once I even witnessed a guy ask a female geek how many guys she had slept with, then get righteously offended and angry when she said that was an inappropriate question. (To my own younger self's shame I did not step in and call him out at the time - something I regret). Women often feel they can't speak up about anything that happens to them because they are loudly shouted down as liars, whores, or met with complete denial. Even asking someone politely to stop being a creep can elicit angry self-righteous replies.

I think the refusal to see the issue and complete denial stems from fear - the fear that this will spiral into some out-of-control political correctness where we can't tell a joke, give a compliment, or even chat up women anymore. As far as I can tell that's just a manufactured fear with no basis in reality. The creepy angle also comes from guys who feel they are unable to approach women, but prominent and famous women are "known" to them, a sort of false relationship we all can tend to feel we have with the public figures in our lives. In that situation they act far more familiar than they otherwise would.

So here's a simple thing you can do: make your tech meetups friendly toward women. If you see another guy acting creepy, call him out on it. If you find yourself objecting to a technical point raised by a female developer, just take a half a second to think "would I object if it were Bob asking instead of Alice?". Stop letting the bad apples spoil the whole bunch, and worse - teach the young men and women in tech that this behavior is acceptable. Most of all, stop denying there's a problem.

I bet if even 5% of the male developers spoke out against the negative behavior and actively supported women in tech, we could completely eliminate this issue almost overnight.

Yeah but if you get mad and start throwing things you can end all of existence. Some say the universe would collapse and reboot but sounds like hocus-pocus to me!

Car makers cried and pitched an absolute shit-fit about seat belts, air bags, and fuel efficiency standards.

In theory, the free market should produce incentives for solving for safety and efficiency. In reality, it just optimizes the local maxima, since no one wants to be the first to "blink" by making these new technologies standard (thus greatly lowering the cost), ensuring they stay high-priced luxuries.

If we leave it to the free market, we'll be stuck on gasoline engines for another century at least, with all the negative impacts that will have on our economy as the increasing cost of oil and various shocks hit. That's not even dealing with the environmental or global climate change issues.

Government regulations can jump-start the industry and so far it appears to be working for electric vehicles. We are still in the early-adopter stages; they'll get better and cheaper as long as we keep at it.

Fun fact: government almost always leads the way into uncharted territory. It wasn't private industry that built trans-continental railroads (which makes Atlas Shrugged hilarious). It was the US government. The government gave the rights of way, passed a series of massive funding bills to give the railroads free money and tax breaks, sent in the army to protect the rails from Native Americans, robbers, etc. Without federal government involvement, the US rail network would not exist in the form it does today.

For that matter, neither would the interstate highway system.

Nor would computing: it was massive US federal government spending that paid Grace Hopper to invent the first compiler! And it was government spending that created the Internet, both TCP/IP via ARPA and the WWW via CERN.

Let me quote from one of the best-tested and most widely used projects out there, SQLite, from http://www.sqlite.org/testing....

The bolded part has been my experience unfortunately. Static analysis is nearly useless.

An appropriate test for something like an SSL stack is a separate test harness that "fuzzes" the stack by exploring large random combinations of values, some with known good certificates and others with randomly generated (and thus broken) ones. These days one can spin up thousands of VMs, run a massive suite of billions of test cases in parallel over a few hours, then spin them down and spend a relatively small sum of money.

And yes, the test harness for something like this is probably going to exceed the # of lines of code of the actual implementation by an order of magnitude. For really important security-critical stuff like cryptography, SSL/TLS, keychain management, etc it is well worth the effort.

IIRC this is actually an issue with the sending devices not being aware that the target contact no longer has iMessage enabled.

It's trickier than it seems because iMessage will route to your Mac, iPad, and iPhone. It doesn't know if you just haven't signed in recently or if you're gone forever. If I read a message on my Mac, it is a successful delivery, even if I tossed my iPhone in a lake and swore off cell phones forever.

Apple should add a portal to manage this on icloud.com so you can see all your devices and enable/disable them from iMessage. Then the iMessage servers should reply when a device certificate is used that is disabled or deleted, causing the sending device to update its records.

Remember - Apple acts as a key exchange system but the actual private keys only exist on individual devices; the sending device re-encrypts the message for each recipient.