1) when a new OS comes out, some apps designed for the old OS have problems. This works out over time as most apps are updated. Some old unsupported apps are left in the dust and no longer work under new OS versions. this has been true since DOS.

That's a weird example given that Microsoft have always been religious about backwards compatibility and app-compat testing, to the point where you can in fact run apps written for DOS in Windows and have them work 20 years later.

Apple, on the other hand, have managed to ship software updates that break Chrome in recent times - that's not exactly some obscure hard to test for app. Yosemite was/is riddled with insanely obvious bugs that show me Apple just doesn't care or make time for OS upgrade testing. It's not some fundamental thing.

For example after the upgrade the IntelliJ UI is flickering and broken for no obvious reason, presumably something related to their new transparency everywhere. If you disabled said transparency in the accessibility prefs window, beyond being incredibly ugly, the corners of rounded popover windows like the volume indicator went black! They weren't even doing transparency blending right! Come on guys, whoever implemented the "no transparency" feature must have realised it was unfinished, but they shipped it anyway (fixed in 10.10.1 I think). Yosemite also trashed support for my USB smart card stick for, like, 4 months. The manufacturers were eventually able to make it work again, but it now comes with a list of stupid glitches that are due to new bugs in Apple's libraries - one of them is literally "if you use app X Y or Z, then apps A and B won't work until you restart your Mac". WTF? Apple didn't even make any upgrades in smartcard support in recent times. How did they manage to break it so much?

Yosemite is full of crap like this. I'm ignoring the subjective things like I think it looks worse. Yet, I cannot identify a single feature or improvement that I've benefited from post-upgrade. I had to do it to test the software I'm writing and keep up with security updates, but if I'd known and had free choice, I'd have stayed on 10.9

But this has been a trend ever since iOS. As was pointed out elsewhere on this thread, it's an open secret that Apple basically have one team of their best people that Jobs kept moving around between the most important projects. OS X has suffered for years because of this.

The point of Bitcoin is you don't need to put your money on deposit with someone else.

Lots of day traders and people who want to hold bitcoin for speculative purposes, but not actually use it, choose not to do this and keep their money at an exchange. But are they really Bitcoin users at that point? Or are they banking users who happen to have a BTC denominated account?

If Bitstamp did get hacked, then what regulation do you have in mind? "Don't get hacked" is not something you really need a regulation for.

Maybe you meant regulations in general that make it hard for new/small companies to handle money. Assuming there's a correlation between bigness and competence is ...... optimistic.

I think the main reason we don't see this happening so much in the banking space is that banks will work together to reverse transactions when possible, and all accounts are ID verified, whereas the Bitcoin community doesn't do that.

Well, it is a "surprise" in the sense that the connection between intelligence agencies sniffing wire traffic and stopping DDoS attacks is tenuous at best and non-existent at worst. I do not recall any intelligence agency stopping a DDoS attack, ever. That's up to the companies and network operators handling the traffic.

Yes there were several exploits, but they were all patched with good success up until the very last round, I think. A lot of them were based on glitching attacks and similar. Quite advanced stuff.

It does not matter. Console security systems are designed to sandbox code written with the SDKs, game developers are seen as adversaries for the purposes of security because otherwise a hacked game makes it too easy to "level up" to full control and then piracy. For example an early Xbox 360 exploit was based on replacing an unsigned shader file in a specific game, which allowed arbitrary shader execution and from that control over the CPU.

The Xbox 360 security system was very impressive and only encountered truly serious problems right at the very end of the consoles much extended lifespan. I've got an interest in computer security so I'm eagerly awaiting talks on how the Xbox One is done, but given the general success of the 360 architecture I suspect the One is very similar, with some tweaks and additional defence in depth.

Anyway at least for germany I support the regulation and uber being forced to obey it.

And I suspect that eventually they will, for things like that, unless they are forced out by explicit bans. As you say, most of those regulations are not particularly bothersome ..... although unfortunately trying to fix problems with laws can go wrong so easily. For example if there's a regulation about a working money counter (meter), and Uber drivers don't use meters because the app is doing the calculations instead, then a detail as trivial as that can easily end up causing the whole thing to collapse.

The problem Uber has is that it's a global brand. When Uber and their drivers do things like ignoring medallion systems in the USA, and get slated for ignoring the law, that impacts their brand in other parts of the world where maybe they aren't ignoring it or are coming into compliance. On the other hand, a global brand gives great economies of scale. I suspect they can't win.

To be fair, either Uber needs to meet the same requirements as traditional taxi companies, or the conditions need to be lifted for all firms wishing to offer cars and drivers for hire.

Well, let's face it, the latter isn't going to happen. Last time Uber came up we were discussing India where the regulations spell out how many phone lines you need going to your (New Delhi based) HQ. The people running taxi licensing there hadn't even heard of Uber before some local media blowup. Taxi licensing is so sclerotic, so fragmented and so beholden to the existing taxi companies that the chances of the system reforming itself appear to be zero.

That leaves option (1), Uber complying with the existing regulations. There are two different issues here.

One is, do Uber customers get the same protections that customers of existing taxi companies do? Although I've never used Uber, from what I can tell the answer seems to be yes ... at least in that Uber polices their drivers for scamming and other poor service. The commercial insurance issue seems still unresolved, but I read conflicting things about this. But I see no evidence that local government regulators can do a better job of policing drivers than Uber, and frequent evidence that they cannot.

Two is, do the regulations Uber ignore even make sense? Frequently the main regulation they're violating is lack of a license, which is not itself any consumer protection at all. In a lot of American cities licensing seems to have become some kind of horribly corrupt and utterly unreformable racket. To get upset about Uber drivers ignoring the New York medallion system for example, you would have to believe that law is the same as morality and that driving without a medallion is ipso facto unethical, as opposed to "just" illegal.

Medium doesn't have ads, so I'm not sure where you're going with that ...

What's wrong with Medium? It's essentially just a blogging platform, right?

It's not quite that easy. You need multiple sources of evidence, you need up to date feeds of VAT changes from every EU authority, and then you need to (unless your local government does it for you) fill out tax returns for every EU country, assuming you have customers all over the place.

I am not yet aware of equivalents to the UK VAT MOSS in other countries, though I'm sure they'll get it together. But bear in mind by registering with the MOSS you forfeit your "too small to matter" VAT registration exemption. And you still have to collect all the evidence. There are other catches too that I don't remember. But mostly it doesn't help anyone not in the UK.

They have fake certificates from trusted authorities for some major sites

I believe at this point I have read all Snowden documents, especially all that are relevant to SSL. Only one of them has even mentioned fake certificates, and that was a GCHQ presentation saying that they spotted the Iran attack using the hacked DigiNotar certs in their metadata databases.

So far there is zero evidence that western IC's are compromising certificate authorities. I know that this was the favourite conspiracy theory of the last ten years, but Snowden happened, and it turned out to be false.

What there is LOTS of, is talk about stealing the private keys through hacking and decrypting TLS intercepts that way.

We know that GCHQ loves doing the latter, so it's a question of working out which certificate authorities have been compromised and deleting them.

You are referring to QUANTUM INSERT. There is no requirement to break SSL for this system to work, because it relies on browser exploit kits. It just waits until you visit a non-SSLd protected website (any will do) and redirects you to an exploitation server.

That said, I anticipate that NSA/GCHQ might be tempted to start using forged certificates in future as strong TLS becomes more widespread and they keep losing visibility into consumer web traffic. There wasn't much incentive until now because most encrypted traffic they cared about is VPN traffic where there are no CAs anyway, it's all pre-shared keys. But this is what certificate transparency is for. It forces CAs to make public logs of all certificates that can then be data mined by anyone.

Speak for yourself. Hating on HTML and web tech because you're bad at it is the lamest of the lame excuses. My users much prefer our HTML GUI over our shitty old desktop apps

Sounds like you're hating on desktop apps because you're bad at them .... though certainly that's a common problem.

Upper management are making these arguments because they're afraid of exactly that - if they can't hire the best people, their competitors will and their company will lose out (i.e. they will lose out).