Liability insurance gets even worse than that. If you believe that your accuser doesn't have a case but the insurance company is willing to settle, then if you go ahead and defend yourself you will have no protection if you lose. If you choose to settle because of this (most do) then your insurer gets to raise your rates because you've had a settlement against you. I know that's the way it is in the medical field and have seen nothing to indicate anything different anywhere else.

I'm actually a permanent resident here in the US. It doesn't bug me that much that I don't get to vote for President and other federal offices, but everywhere from there on down just uses that privilege to define their own. It really makes no sense to me that after living ni a city for over a decade I can't have a voice in who's elected to the truly local position of dogcatcher :)

Well, FAT is basically the defacto standard since almost every random device supports it, so in the most important colloquial sense of the word standard, "Yes."

So if Apple advertises that apps written for OS X will run on Windows, its suddenly Microsoft's fault if they don't? Or are you saying that once someone's found a bug in your system and written an exploit for it that you should be required to never again patch that bug?

There would be a process in which your scenario would have worked by the way - Real could have chosen to license FairPlay, at which point they would have been able to claim exactly that and be backed up by their contract with Apple. They didn't.

Its a crying shame that most software developers don't use computers. Then we'd be able to solve that problem "for free" as they say. Oh, well...

People blame silly decisions on "PCI" all the time as well. I'm not a QSA but I do a lot of work in payments and took my last small company through PA-DSS level 1, so I've got some background there.

Having said that, anyone who touches a credit card should generally be in a PCI scope - even if you're a small mom-n-pop bookstore that takes Stripe. The worst abuse that I've seen though is trying to convince people that they should go all the way to "level one" compliance. The levels are based on your processing volume, with 4 being the lowest and 1 the highest. There's a self-abasement questionnaire, level 4 takes about 15 minutes, 2 takes all of 30 minutes (each with a truly trivial systems scan if you're doing work on the internet). Level 1, on the other hand, is designed for people staggering amounts of money and requires expensive on-site audits.

Like premium gas, there's no reason to level up beyond where you need to be except for silly marketing purposes - yet more and more people who trust their consultant advisors are doing so, because its a relatively easy way for consultants to make bank.

Make the case that your solution is cheaper than the existing solution if it is in fact cheaper.

It may not be. Don't assume that everyone who came before you is an idiot - they may well have ended up where they are now due to a series of compromises to work around issues that you know nothing about. Why not ask someone who's been involved in the security decisions for a few years why things are the way that they are first?

Yup. Random mostly-unsubstantiated rumors that totally happened to a friend of your cousin's roommate are indeed why many people avoid Apple products. Others know that things like this - including such goodies as the "if you hold it the wrong way it dies," issue - are totally overblown if not completely fictional.

An awful lot of people put an awful lot of music on their iPods that wasn't bought from Apple. It all basically worked. The plural of anecdote may not really be data, but in a lot of ways its far more trustworthy than random anti-Apple stories coming out of the woodwork.

Unless they saved the credit card number, either directly or through vaulting at their provider. Both of those are easy and common, and the second one is even safe (since it only allows that particular merchant to charge the card at will, it doesn't appeal to thieves like an actual credit card number would).

Because that's the only way to tell that its a real credit card instead of a bunch of made up numbers that happen to look like a credit card number. The whole reason that pre-authorizations exist is to allow people to show that they're "good for the debt" without actually paying for it (yet).

People fail to do the math properly. Dropping free usage by 99% and increasing paid usage by 10% still increases paid usage by 10% - and at the end of the day, that's what's important to the owners of most commercial ventures.

There you go, bringing facts to a bitchfest :) Especially when you weigh the barely noticeable performance improvements (IRL rather than on a benchmark) vs. the complete and catastrophic consequences of failure.

Yup. Apple thinks that their users are the kind of people who value a machine that doesn't randomly lose all of its data after an SSD upgrade and don't want to spend the time to do the brand research themselves, rather than the kind of people who desperately value a .03% gain in SSD performance after said upgrade.

Apple happens to be pretty much right about that. Even as a developer, one of the reasons that I prefer Apple kit to code on is that I don't have to worry about working on it as well as what I'm supposed to be working on.

And ignoring this silly edict is part of what has made Apple one of the most successful solutions providers of all time.

Yup. Of course, doing that is a little technically challenging - probably intentionally, since people blindly doing so would defeat the entire purpose. Many posts in this thread have information about signing your own certs, for that matter.