I feel sorry for all of you south of the border. Verizon was, without exception, the worst telco I ever dealt with as far as internet goes. When Canada was rolling out DSL and cable like crazy, Verizon in Delaware was offering up 28.8 dial-up. No options. No choices. That's all you could get. You couldn't even use a 56K modem because they used the high compression voice codecs on their lines, and you couldn't get a data line. You couldn't even get ISDN if you were willing to pay for it. :(

Read The Fine Article. Serial ports on storage systems aren't connected to the Internet either. (sigh)

A car might roll off the line every 60 seconds, but each individual car takes ~20 hours to make. And that only works because they are all the same with only superficial differences.

No, because 3D printers weren't developed until the 80s. :)
=Smidge=

You could do interesting things to my car via the OBD-2 port, but I don't lose any sleep over that either. Rapid7 is a security products vendor. EVERYTHING they do is to further their interest in SELLING PRODUCTS. (Nothing wrong with that.) But I am damn tired of security product vendors telling me the sky is falling.

Your bigger problem isn't going to be lighting which could be rewired without tearing up the whole house but that any receptacles up there are probably on shared circuits with the rooms below, so when someone trips a breaker below the fucking AV setup goes dark too.

Your easiest solution is to just add a subpanel up there and power the room off the subpanel.

And that's the problem I think I mentioned earlier. If MVNOs rank carriers economically where more than one is available, you're sure to be connected to the shittiest one with the slower and less reliable network.

So is DEATH the only level of harm you can think of that should be avoided? Is that really the threshold below which you don't care anymore?

Going back to the food service employee analogy: It probably won't kill anyone if an employee doesn't wash their hands or use gloves...
=Smidge=

Not all vaccinations last your whole life.

=Smidge=

"We're dumping RT"

Any disease that they could reasonably be expected to come into contact with and communicate to others.

So yes, that includes flu shots. That also includes MMR, Diphtheria, shingles (if you're over 60), pertussis, and pneumo/meningococcal vaccines.

Again, it's not about risk to YOU, but risk to others. Taking steps to protect others is what "personal responsibility" is all about.
=Smidge=

Sorry, nobody has the right to endanger other people through irresponsibility.

You're free to do what you wish with your body, but if your job is interacting with thousands of people every day - especially children - then you should get vaccinated so you do not become a vector of disease. It doesn't matter one bit if YOU get sick or not. This isn't about you. It's about protecting the people you come into contact with.

It's basically the same level of common sense as employees washing hands and wearing gloves when handling food. It's not about keeping the employee's hands clean.
=Smidge=

Fear one may just be outright industrial espionage.

I'm guessing that security in Apple products goes above and beyond whatever (likely modified) FOSS libraries they use, but would also include stuff like their whole-disk encryption system, the touch ID sensor and its encodings, etc. So there's a fair amount of proprietary tech in these devices.

Fear two might be obtaining what amount to currently unknown zero-day exploits that could conceivably open all iDevices to security risks exploitable by Chinese intelligence.

AFAIK, recent models and OS levels have a generally accepted level of security that makes them difficult to break or exploit and I think this has come to be seen as a competitive advantage. Even if the security is beatable by the NSA in a lab situation, the marketing value is to businesses worried about lost devices or devices used in vertical markets with security compliance regulations.

Which is why I wondered how much Apple can control the terms of a security audit. Do the the Chinese just get handed a memory stick with ios-82-iphone6-source.tgz they can take back to their office or do they sit in a plain white room with locked down desktops that do a one-way remote console to a machine with source code? Or worse, a plain white room with a bunch of binders of printed source code?

Do MVNOs automatically get roaming on compatible carriers other than those they get wholesale agreements with? I have no idea how roaming works on the back end, but I would think that it would be something that AT&T could block if it wanted to (at least technically).

Even if it "just worked" from a handset usage perspective, there's still the question of the billing side of a roaming agreement. I think inside the US nobody thinks about roaming anymore because all the carriers have roaming agreements. To be competitive with carriers with a larger footprint, smaller carriers eat the roaming imbalance fees without upcharging their uses for roaming.

But would smaller carriers cover this imbalance for MVNOs or pass them on at cost or with some kind of added surcharge?

I still don't see how the economics of this works for Google or Apple. Both would have to be at least competitive on monthly subscriber rates compared to a direct consumer to carrier agreement, which at best would be break-even or a tiny loss. I can see Google eating a larger loss by monetizing the data analytics.

This was my first thought -- it's a search not for security of the devices, but a search for exploits of these devices and/or some form of industrial espionage.

But I wonder -- can Apple set the terms of the audit? Ie, you get to examine whatever it is you examine in our office using our provided systems which aren't connected to the Internet. You may not bring any electronic devices into the audit facility. You may not reproduce any code you review in our facility by any means, including notes, pseudocode, block diagrams, etc.

I suppose there's still some risk -- ie, deliberate subterfuge involving copying in some way or the use of a memory savant or some error so obvious they know how to attack it without any information exfiltrated.

I don't know, but I also assume that a truly thorough security audit of a large, novel (ie, you didn't write it) code base is hard and may be dependent on 2nd order effects, like the actual generated object code. Which may make it extremely time-consuming -- didn't the funded audit of TrueCrypt take an extremely long time just to do the initial audit?