I'm suspicious that it was done intentionally, to prod us into posting links on social media and driving more traffic to the site. And why would I want to link my social media sites to Slashdot? I'd want to link directly to the article anyway.

Here's the thing, though: Apple does not have the right to make that decision for the artists. However, under current law, those artists' record labels may have the right to make that decision for their artists, and if the record labels signed off on the whole thing, it's not Apple's fault that the artists are unhappy and feel blindsided.

I'm not a lawyer and I don't know what the deal here is, but if I were you, I'd review your agreement with Ditto Music, and contact them to find out if there has been any agreement between them and Apple. Either way, whether you'd like your music included or would not like it included, it's most likely that Apple would negotiate their deal with Ditto and not you. I'm sure you made some agreement with Ditto for the distribution of your album, and depending on your agreement, I suppose it's possible that it included the right to negotiate this kind of deal with Apple on your behalf.

That may well be true, but if they brought examples of their work that were far superior to any of the other interviewees, and you use Adobe and they used Adobe, you'd also give them the job. And that's how it works, typically.

I don't know. This is kind of true. Being an expert in Adobe products won't "get you the job" by itself... unless you happen to walk into a job where they're looking for an Adobe expert, in which case, it might.

But also, in all honesty, if you want a job doing design work and you only know how to use Adobe tools, that's probably totally fine. Can't use GIMP? That's fine. Nobody uses GIMP. I mean, yes, some people use it, but go around to professional design firms and ad agencies, and they all are using Adobe. Knowing Adobe isn't enough-- you need to have a work ethic and a design sense and whatever else, but it's not like you really need to know other tools.

I haven't read the entire article, but the beginning (and the summary) seems to imply that the purpose of education is to further your career, and I feel that belief is a bigger mistake than training on industry-standard tools. Ideally, if you go to college, you shouldn't just be learning how to use Adobe, but you shouldn't just be learning how to use graphic design tools (open source or otherwise). You should be learning about things, and not just how to do things. Like, you should learn about history and science and literature and art. There should be trade schools and vocational schools that teach you how to use Photoshop or GIMP, but a real college should teach you about the concepts design and aesthetics.

This reminds me of NYC. For lots of people, "living in New York" means living in Manhattan. But you do that for a few years, you get over it, and an awful lot of people realize that the other boroughs can be far more pleasant. After a while, Manhattan starts to look like a tourist trap filled with douchebags.

Yeah, I think it should really boil down to a question of whether it can be shown that TWC is refusing the peering agreement as a method of throttling, or whether their refusal is justified. Unfortunately, I have doubts about the average person understanding the technology well enough to serve on a jury for this kind of thing.

Ok, so let me ask you two questions: 1) Do you have any information on your computer that you would not like to share with the world? 2) Did you build the entire computer from scratch?

If your answers were "yes" and "no", respectively, then to some extent, you're trusting your hardware vendor to have not included some kind of... well, who knows what they could theoretically include. A chip that serves as a keylogger, but that will send the info out through the NIC without involving the OS. If they designed and manufactured all the hardware, they might have done any number of things.

You might think that "security" is a concept that only applies to some information, and then that information is either "secure" or "not secure". Essentially what I'm arguing (and I think you are too) is that "security" is a concept that applies to all information, and it's a spectrum of "how inaccessible is it to people that I don't want to have this information" vs. "how accessible is it to people that I do what to have access to this information". Nothing falls outside of that.

So even the contents of your post, this post that I'm responding to, falls under a sort of security scheme that you're not really thinking about. The key thing with this post is, there probably isn't anyone who you're particularly averse to them having access, and you want it to be accessible to the public in general, so security is very light. Therefore, the level of security that Slashdot offers (basically none) is an appropriate level of security. As I pointed out, when you log into Slashdot, you type in your username, which has a security level comparable to the contents of your post. For both of those things, you have to trust Slashdot only a very small, almost non-existent amount, but it's still trust.

Now you might be thinking, why is this trusting Slashdot to put in public information? Well, that's where it gets a bit foggy and complicated. You don't know what they're doing with that information, and you probably don't know exactly what you're disclosing to Slashdot. By your word choice, you might be giving them information about your background. Use "lift" instead of "elevator", and it hints that you're not American. Mention that you went sledding when you were a kid, and it tells us something about the region where you grew up. There has actually been research into identifying the author of an anonymous writing sample by word choice and sentence structure alone, potentially allowing someone to identify all of your posts across various sites and usernames as "written by the same person".

Really, who knows what information you give away when you post something online, but the point is, that is information that you're trusting Slashdot (and the rest of us) to have.

But then in addition, you also give Slashdot your password. You can say, "Well I don't care about that password. I don't reuse it anywhere and so it doesn't constitute trust." I bet that you don't want me to have your Slashdot password, though, because you don't trust what I'd do with it. That means, when you're logging into the Slashdot website, you're trusting that the site is valid and not compromised, and that Slashdot will keep the password secret. The level of security you're demanding may not be very high, but it's higher than what you're expecting from the contents of your post.

In addition to that, by visiting the site, you're trusting that Slashdot doesn't have malicious code that will compromise your computer. You're also trusting them with information about what browser you're using, and what your IP address is. Now you might have your browser set up to be super-secure, not to run any javascript or Flash, to route through Tor, to block tracking attempts, to obscure data about the system you're working on, etc. In that case, then you're trusting Tor, the developers of your browser, etc. to do those things competently.

No matter what, you're trusting some people, to some degree, with some information. It may all be information that you don't care that much about, but sharing it still implies some base level of trust.

It's not so much a matter of "you should" as it is a matter of "you do." You already do trust hardware. I assume you're posting on Slashdot using some kind of electronic computing device, and you're typing this by banging rocks together.

Yes, I'm defending the concept of security from those who have a very poor understanding of it.

Well yeah, or they could also backdoor the whole device without doing anything half so subtle or sneaky. So could RIM, Microsoft, or Android phone manufacturers. On some level, with every device you use, every service you use, and every piece of software you use, you are assuming that the manufacturer/provider/developer isn't a malicious evil mastermind.

But in general, their system is designed so that it won't add a public key without approval from an already approved device, or some other authorization. It seems like that's about as good as you're going to get for any system where there's a repository of approved public keys, which is basically what we do for GPG and HTTPS as well. (e.g. if you don't trust certificate authorities, than HTTPS is not secure)

In those cases, it's actually pretty clear whether you're using iMessage or SMS. iMessage users turn blue, and it says "iMessage", while SMS users are grey/green and it says, "Text Message". I have no objection to the idea of them including a setting that says, "Just don't use SMS no matter what, and only allow iMessage," but it doesn't seem fair to criticize that it "silently" switches. I would say that the switch is obvious yet unobtrusive, which is honestly what most people want.

Bullshit. As praxis pointed out, you trust some people, sometimes, with some data. Otherwise you wouldn't post here. At a bare minimum, you've trusted Slashdot with your username and password, and you've trusted us, the Slashdot readership, with the contents of your post. What's more, whatever computer you're working on has at least hardware (with BIOS/firmware), an OS, and a web browser. You've trusted whoever made all of those things. Even if you are using FOSS, unless you've performed a thorough code review of the sort that you would perform on a suspected virus, you've trusted the community to review the code and remove security threats. Even if you encrypt your data, you're trusting whoever wrote the encryption software, along with the people who created the platform that the encryption software runs on, to be both honest and competent.

What praxis was pointing out, which is entirely correct, is that security is not about being "absolutely secure". It's about balancing "making things accessible to those who I'd like to grant access" against "making things inaccessible to those who I would not like to have access." It inherently includes trusting authorized users, but also it pretty much always includes some level of trust (not necessarily absolute trust) of some 3rd parties. When you put money in the bank, you're putting some trust in the people who own the bank, in the bank's guards and tellers, in the police to protect the bank, and in the government to oversee the whole system and provide legal recourse if anyone else violates your trust. You don't have to trust any of those people absolutely, but that's because of the security practice of dispersing trust among multiple parties.

So no, you're trusting someone, whether you admit to it or not.

Do you actually know this, or is this your guess? Because my understanding is that iMessage encryption was designed explicitly to avoid having Apple hold the kind of private keys that can decrypt the message. I thought there was some scheme where each device got its own decryption key, and that those keys never left the device.

Well, not entirely "silently". Messages sent via SMS turn green, so you know whether they were sent via iMessage. You don't necessarily know ahead of time whether, when you hit "Send", your message will be sent via SMS or iMessage, but I believe that can also be turned off on the device itself, so that it won't fall back to SMS.

This is actually a very important technical difference, even if it's not a big practical difference. Essentially, the NSA was already collecting all of the data first, and just saying, "we promise we won't look at it unless we have a warrant." If the procedure is now to have telecoms (who inherently have access to that information) turn over records when they're presented with a warrant, then this falls back into something resembling normal law enforcement procedures. The police can get your phone records if they have a warrant.

It's like this: The police can search your home if they can get a search warrant. It's as though the NSA was performing a warrant-less search your home on a regular basis, collecting photos, samples for analysis, fingerprints, and anything else they wanted, then running it all through analysis looking for crimes, and then saying, "But that's not an illegal search because we promise not to use that evidence against you unless we can get a warrant first."

So if now there's reform that says, "No, you can't collect that evidence until you have a warrant," then it's a big step towards solving the problem. I feel like the whole "secret court" thing is still a problem. The records should be made public at some point, even if it's somewhat delayed and with some information redacted. You can't have a democracy while having secret courts devoid of public oversight.

You're implying that Apple's music service will be so good that it's addictive. If so, good for Apple.

Oh no! Businesses trying to have a successful business venture!