That's a bit like telling a career criminal that he should better not do a petty crime. Like telling a murderer that it's not ok to steal a car to drive to his victim.
The fault lies with software developers who blindly rushed features out the door without giving proper thought to the security implications. Microsoft had a really bad habit of this until they made security a significant corporate priority - it's time for Apple to catch up now, as proven by the recent "goto fail" fiasco.
I think it's safe to share blame with the designers of that programming language for this specific example.
I've left plenty of bugs in code because management told me that it had to ship Tuesday.
Hint: decisions like "the code is ready to ship" are not made by engineers, they are made by managers, just like when they launched the Challenger with frozen O rings, over engineering objections.
As to the specific example, it was likely put there on purpose for code signing testing prior to signing keys being available for the engineers writing the code signing code.
Unfortunate when the thieves cut your hand off to get the phone though.
They could always cut your hand off anyway.
'cause all the money they had went into the product and nothing was left for the PR department?
15. How often do we get to hear about it? I read about it on $otherpage $time ago.
Buy a "Hello Kitty" wrist strap. That way you can prevent your phone from being stolen in the first place.
If you want everything encrypted: Sorry, you can't have that.
Think about it, next time you wonder how on earth someone could come up with a law that is so far away from reality that it hurts. These people are the same the make laws concerning computers, the internet and everything connected to it. Most of the time taken verbatim from sources that have a rather intense interest in certain laws (aka "lobbying groups"), without even having the slightest idea what their laws will entail.
And this is why the whole crap is in the sorry state it is in today, with laws that are not executable, laws that make no sense, laws you cannot heed and laws that benefit a minority at the expense of everyone else.
And it's only half as dangerous as long as it's just domestic. It gets downright scary, though, when international laws get negotiated. Because one thing is certain: Whatever country can field the ones that can spell TCP/IP without too many accidents will be the one-eyed king amongst the blind.
Even though I'd fear that he'll just be the one eyed dummy that's being remote controlled by some corporate lawyer who DOES have an idea what he's doing.
Cooling will certainly not be a problem and the geological activity is minimal (if at all present), so earthquakes and tsunamis are out of the question.
Nuclear power is frightening, since the U.S. used it to bomb Japan in 1945, and since nobody seems to know what a becquerel is, or they'd quit using it instead of roentgens. Of course becquerels are more fun, because it makes the absolute number 3.7^10 larger than if it were expressed in curies (also not a unit of radiation exposure).
Like Fawn Hall in 1986? Ollie North's secretary, who printed out his emails so she could shred them?
Managers know that you get diminishing returns on labor hours. But it's still economical to squeeze every last drop, if the employee is exempt from overtime.
Even if they're not. The amount you give an employee as wages/salary is a fraction of what it costs the business to employ them at all.
In truth, there would probably be a lot more people employed if it weren't for employers having to foot the bill for a lot of benefits, and the employees either paid for their own benefits, or the benefits came from the government and were funded by income taxes rather than employment taxes on the employer.
Ironically, most benefits offered to employees are taxed as income these days, even though the original intent of benefits was to make your business a more desirable place to work than your competitors business. Now that these benefits have grown into unfunded government mandates, it's a lot cheaper to hire one person for 6 hours than it is to hire 2 for 30 hours each. Once you get down to 18 hours or less, so that the employment can't be counted as full time, and the mandates are no longer in effect, the employer can afford to hire more people again (and, in fact, it's better for the employer, since they get more work hours per $ when they don't have to pay for the unfunded mandates.
So the U.S. has basically built a tax system that rewards employers for overworking salaried employees and underworking hourly employees.
Which is more moronic?
Somehow, we seem to think that for your house and your car - probably the two most expensive pieces of property you own - physical keys are good enough. But for your Twitter account, the danger that someone could steal them is insurmountable?
Or, rather than playing the 'jealousy card', maybe it's because they're legitimately stupid?
Unless you have seriously investigated the possibility that they aren't stupid, You don't have a leg to stand on. Some of these "idiots" have degrees, Ph.D.s and other indicators that lack of IQ is not among their problems.
Honestly, though, it's hard to blame normal users for this. Should a user have to be a computer expert in order to actually use a computer?
Actually, it's very east to blame them. They are using a technology they don't understand in a way which is unsafe.
They shouldn't have to be experts, but on the other hand, if they're not, then they should avoid using unsafe versions of the technology until they either understand them, or safe alternatives are available. The problem here is the technology in question is so damn useful, and has therefore become an ubiquitous part of daily life, without ever getting safety features added to it so that ordinary morons can use it safely.
If we look to the famous slashdot analogy, the first factory car was produced in Czechoslovakia in 1897. But what about vehicle safety?
Stop signs : 1914
Stop lights : 1919
Safety glass : 1924
Windshield wipers : 1925
Turn signals : 1939
Seatbelt : 1950
--- Milestone : 1,000,000 car traffic related deaths
First driver's education class required : 1955
Shoulder belts : 1959
Dashboard : 1960
Front lap belts standard equipment : 1964
ABS : 1966
Bumper 5 MPH crash safety requirement : 1972
--- Milestone : Last human on the moon
First air bags : 1974
First seatbelt law : 1984
Third brake light : 1986
Rear seat belts : 1987
Passengers get airbags : 1998
Tire pressure sensors : 2008
So cry me a river if it's still a problem in 110 years.
but what lesson are we to learn from someone who emails lists of passwords to herself?
That real-world security is very disconnected from the clean and nice scenarios in your books and head, because real users think differently than geeks and do different things for different reasons. Some of them we gloat over and call them Lusers and other deragatory terms, but that's mostly to cover up our own insecurity because most of the Lusers out there have had ten times as many and twice as beautiful women and don't live in their mothers basements anymore.
Yes, I know that's also untrue. The point is that different people have different skills and while many of the non-techie people do stuff that we techies consider stupid, they could laugh just as much about us in other areas of expertise. Maybe not women, maybe for them it's sports or marketing or making friends.
So stop gloating and calling people stupid and look at what they can, in fact, teach you. In this case, there's quite a bit to be learned, not the least of which is that passwords are a moronic concept and need to die.
Nature may recycle it, but it may not end up anywhere near where you need it.