And they absolutely don't make up for it when someone pays their Prime membership and only orders 4 things a year.

In addition to EC2, there are lots of other services that are encompassed under AWS that compliment EC2 nicely - RDS is their service for standing up easy database instances that take care of most of the configuration headache associated with the big relational databases out there (pgsql, mysql, mssql, oracle). Route53 is a scriptable DNS service. CloudFormation gives you tools to automate standing up entire application stacks including DNS records, load balancers, application servers spread across availability zones for redundancy, etc. OpsWorks gives you a Chef-esque service for managing software deployments. IAM roles allow you to grant servers access to other AWS services without having to deal with certificates / passwords / keys in an atomic fashion. There are numerous other services that I'm not even using right now, but exist as replacements for things we've already wired up in EC2 previously to Amazon announcing them.

It's a hell of a package that makes things like Microsoft Azure look like a joke in comparison, and is cost competitive with building out your own datacenter as long as you use it properly, and think about what you're doing a little - make sure you back your shit up out of AWS so that you always have an "off-site" copy, for example. And if you use something like Chef / OpsWorks, you can recover from a disaster practically anywhere if you have your cookbooks, source code, and data backed up.

Who gives a shit?

How about "Civilization." It's hard to think of other modern projects that have advanced the knowledge base of humankind as far as the Hubble Space Telescope. Not bad for being a "multi-billion dollar flop" when launched.

Of all the things NASA has accomplished, this is one of the big ones.

Following your "logic", Best Buy is responsible for the millions of computers that get infected with shit from running copies of Windows that were purchased at Best Buy and not patched / maintained? Because Best Buy just "pays for the brains of these app developers and then they resell it" ?

Brilliant.

In no way does what the guy is describing magically allow code to take control of the full OS. If an application is executing, and then executes a maliciously crafted dylib, that dylib is still running as the user who executed the parent application - a.k.a. not root unless you've bent over backwards to re-enable the root user and log in as root because you completely hate security and best practices. If it wants to do something outside the permissions envelope of that user, it will still have to ask permission just like anything else on the OS; even if you are running as admin - all that gets you is the ability to put in your password to allow it, rather than have to click cancel. The only way around that is to also combine a privilege elevation exploit - and now we're getting into the incredibly improbable that you could find a signed app that would do both without a user seeing anything odd.

At the end of the day, GateKeeper wasn't designed to prevent that anyway, and this guy is presenting a massive straw man. GateKeeper was designed to give you a decision point between clicking on the random thing that appeared in your downloads folder, and getting owned. That's it.

If it works for them, and they are happy with it, what the fuck do you care?

I really don't understand this attitude that everyone must use the same tool for all jobs, ever.

Back in the day I was doing some crappy Visual Basic stuff using VirtualPC on Mac System 7.5 for school. There were x86 emulators for Moto 68K and PowerPC, and for 1995 they worked pretty damn good.

Damn, I guess I better stop playing any game I want to on my Mac Pro, because you say that I can't.

Hint: Macs can boot Windows now, and have been able to for like 9 years.

There were times in the past when you didn't need Intel x86 to run Windows - there were PowerPC and Alpha versions of Windows NT Workstation.

1. If you are using OS X Profile Manager (or any MDM provider you probably already have to deal with iOS and Android), you don't need to maintain an "enterprise image" because you can just enroll a Mac and have it automatically become the enterprise image far quicker than you can reimage it, or pay Dell to image it by defining OS X profiles and assigning them to machine groups a la AD Group Policy.

2. You don't buy direct from Apple - even in enterprise sales they do the legwork and hand you off to a value-added reseller with the bid price in hand, and any VAR worth doing business with can give you the serial numbers and MAC addresses. Or, use the built-in Apple Remote Desktop agent to query the serial number and MAC addresses en masse from the machines when you do #1.

Macs can play nice in the enterprise, as long as you spend half an hour learning how.

Also, Dell has been on a buying spree of enterprise solutions lately - they'll crowbar their way into your enterprise one way or another; be it with data-at-rest encryption software, firewalls and routers, switching, thin clients, storage, etc.

Yeah, because there's clearly no room between trailer park denizens and the 1%.

What an idiot.

Yeah, so we know that the sun will burn out in ~5 billion years. Get cracking.

Be sure to save game first - you may need to re-load if you don't get it quite right.

I still don't see how this is any different from just exploiting an app vulnerability, regardless of the presence of GateKeeper. What you describe is no different than the hundreds of arbitrary code execution vulnerabilities found in Flash, Java, etc. since the dawn of these frameworks.

GateKeeper was never meant to keep all malicious code from executing, ever. It was meant to give you an "are you really sure you want to run this thing that appeared in your downloads folder" chance to not screw yourself over because some git with a website thought it would be cool to force-download some garbage to your computer.