> You can quite easily turn off iCloud and use whatever service you want

I'm afraid I must say "good luck with that". The bar to replace services that are built into Iphones or Ipads by Apple, as a supported service and built directly into their operating systems, is quite high.

Good for you, then, that you are doing real work in the field. I'll applaud your technical work in discovering and publishing this vulnerability, and I hope you'll feel able to publish more details ASAP{.

As you are actually doing security work I'll urge that you be aware of why and how people might use your practice of genuinely responsible disclosure against their own customers or clients. There often comes a time when you have to make choices about whistle-blowing: exposing the flaws more widely to force change, or to protect potential victims. It can cost you business to do so, as well, which is a real financial incentive not to publish even if no one actually pays you for your silence. I'm afraid that I'm often bound by contracts and NDA's from disclosing security problems even to other departments of the same company: they're not part of the group I'm contractually working with, so I can't notify them directly of the problem.

There are often legal, ethical, business and technical issues that I face regularly that can distort 'responsible disclosure', so I do hope you're more aware of them in the future for your own work.

>> We call this responsible disclosure.

> are you accusing me of being a liar

I'd not done so. I don't discount responsible disclosure as existing: I'd certainly want to see a zero-day exploit reported to the authors, first, so that they can get a chance to publish a patch before the flaw spreads in the wild, and I _report_ flaws directly to vendors and authors when I encounter them.

I've explained other, more selfish reasons that a vendor or a security researcher might decline to publish full details, reasons that could be and often are hidden behind the explanation of "responsible disclosure". Ignoring such motives would be naive. Vendors can, and do, hide behind rubrics of "responsible disclosure" to avoid the effort, especially significant redesign efforts, to actually fix the problem. Microsoft and CERT are the classic example of this. Microsoft product flaws are reported to CERT and remain undisclosed, for years, under "responsible disclosure" policies that provide little incentive to actually fix the dangerous, longstanding flaws..

I've certainly seen the problem personally when reporting or trying to fix security flaws. Given the length of my career, I've even seen architectural security flaws that have never been fixed because they would force a change in workflow, and that was unacceptable to the vendor or to the users. And I've had numerous business partners I've worked with get upset when I disclosed their security vulnerabilities to their own engineering staff, who'd not reviewed the consequences of their choices or had been deliberately kept out of the loop by their own supervisors.

Your immediate response of "are you accusing me of being a liar" is.... well, it seems based on my thinking that you actually work in security. I'm afraid that based on your apparent naivete, I can't conclude that. The idea that claimed "responsible disclosure" is always just that would be frankly naive.

Like racial, national, religious, and age discrimination, gender discrimination can often be hidden behind other practices. The old Youtube video about hiring only H1B candidates is an excellent guideline on how to hire only members of your preferred social groups. ( https://www.youtube.com/watch?... ) Simply fillin your preferred gender, age, skin color, religioon, or nationality for the word "H1B" in the presentation.

One of the most powerful forms of gender discrimination in the technology world is the inevitable discrimination against mothers who need maternal leave, or women who may become pregnant. Illegal or not, it colors every hiring review of younger women, for logical even if illegal reasons.

It can also protect profits to make sure that the announcement of the vulnerability smears all vendors and thus includes your competitors tools, not merely your own company's flawed products. This is called "sponsoring more research before publication". I'm afraid that it's a noticeable source of funding for security researchers, and can also buy valuable time to sell off as much of the flawed inventory as possible while or until the fix is provided for newer products.

I'm afraid that there are people who think this way, putting their short term corporate sales well before customer safety or product quality. And their ability to preserve profits, and to _hide their failures_, can often lead them to positions of great corporate power.

> Let there be no doubt that Microsoft's actions in this controversial case are customer-centric.

Nonsense. It is protecting their millions, even billions of dollars of international business, especially for their hosted email services, to make a public display of fighting this court order. It also helps protect their US business: publicly refusing a US order helps provide a history of customer privacy awareness when they try to resist a Chinese or Russian or EU court order for US held data.

And this is not an NSA "Patriot Act" order, which don't require judges and can be far, far broader than a typical search warrant or subpoena.

For the packaging, make a deal with whoever cleans up at an assembly line for desktops. Plenty of PC vendors wind up with pallets of packaging to dispose of.

Verizon, in mot cities I've visited lately.

I've no objection to getting a better tool for that specific job. They're still electrical heating elements, so they're still using roughly 100 Watt for a typical car or truck engine.

Their main disadvantage is that they tend to have an electrical plug you have to fish out and connect at night, and put back safely in the morning. People tend to forget them and drive off with them connected, then rip the cord off. So what I've personally recommended to a few people is this.

                    http://www.amazon.com/US-Wire-...

The cord is bright orange, obvious sticking out from the hood, and 25 feet long, The hook on top is also very handy for storing it away safely when you take it out from under the hoood. it's very useful for seeing what you're doing from _under_ the car when working, as well, and if you have to you can still put a compact flourescent bulb in it. That didn't used to work well, but some of the flourescent bulbs are small enough now.

It's not a perfect solution, but it still works quite well.

> This allows wine to run on exotic hardware. (Well, at least ARMv7)

Except that it doesn't. Do check the compatibility ratings at https://appdb.winehq.org/, and select for the word "garbage". Sadly enough, even the compatibility site itself is quite horrible. Like maintaining Wine itself, it requires manual drilling down into individual components to get any useful information about them.

And they do have uses. There are places where the energy output is the _point_, such as putting a shoplight under the hood of your car, to keep the engine from freezing solid, in very cold winters. There are also electronic measurement environments where the high frequency signals of the flourescent electronics get into the power lines and the local ground lines, and _cannot_ be effectively filtered out. So you use 60 Hz incandescents for lighting, or even tun incandescent lights off a battery power supply.

> it's not that hard to find a loyal customer

Then please, do name one. Please don't say "it's easy to do". If it's that easy, feel free.

> But there's a fair number of people who said they really liked their Zunes just for playing MP3s (back when they used them), they just didn't like the crappy sharing feature or the MS music store or the way MS screwed up "PlaysForSure".

I'm afraid that you've just reinforced my point.

> It would appear that the only place he failed is in your mind.

I'm afraid that Mr. Ballmer was considered a liability by various stock analysts and stock holders by the end of his tenure. The failures of the smartphone, Zune media player, Surface tablet and Windows 8 to make their sales goals or to generate loyal user bases were demonstrable failures of his leadership. I'll challenge you to find _one_ loyal customer of any of those products, one who actually prefers it to an Iphone, Ipod, cheap notebook, or Windows 7.

Compounded by the failure to complete the migrations from Windows XP for thousands of businesses worldwide, he created grand visions for a series of failed projects. So yes, he became a failure in many stockholders' minds, as well.

Blanket bricking of cell phones, or selective bricking of those of "ringleaders", is an inevitable problem for the most peaceful and well behaved political rally with this kind of technology in government hands. Remember the "Arab Sping", and Tianenmen Square, and even the more recent and quite peaceful "Occupy Wall Street" protests.in the US, and understand exactly why and how law enforcement want this kind of power.

> Fixing this mess won't be easy.

Fixing the mess is at least straightforward. Discard software patents. Their legality has always been questionable, for sound technical and legal reasons, and they're one of the greatest drains on the patent office. They also have profound, demonstrable adverse effects on industry and on innovation in practice.

Implementing that legal and policy change will not be easy, I agree.