Of course not. They were rhetorical questions intended to highlight what I believe to be a dishonest business practice. Maybe I'm an idealogue, but I do know it's possible to run a business without resorting to such practices.

Well, I'm not a big firm, so I can't do all the fancy tricks. I'm a software developer, and I dabble in algorithmic trading. For the time being, I'll stick to the stock market, which I'm able to play with moderate success.

If it was that simple, I'd be a Forex millionaire by now, as would many others, since buying each dip would be a viable strategy. Unfortunately (or fortunately, since I didn't go broke), I ultimately threw out about 6 months of development into a complex algorithmic trading system that targeted Forex. Bear in mind I did that as somebody that's not afraid to take risks; unfortunately, currency pairs swing wildly, even when no geopolitical events can be easily attributed to the fluctuations.

To get an idea, take a look at the 52-week pictures for a few currency pairs:

USD/EUR
GBP/USD
GBP/EUR

These are major currency pairs, and as you can see, they move wildly on a daily basis, let alone weekly or monthly. Sometimes there are obvious events such as Brexit, but most of the time it's due to innumerable factors and a dash of irrationality. Fixed currency conversion rates do not have a place in modern society, and are almost always a scam. What Apple is doing is wrong, and I'm sure at least some of the people involved know.

It's possible, but if I'm not mistaken, that would take an almost 20% drop from where it stands now. Seems unlikely considering political fervor is one of the major forces behind the rising USD (and the decline of the GBP too--nothing has really changed as of right now), and that sort of thing typically doesn't last.

Even if my predictions are wrong (which I doubt, given how general they are), the core of my statement remains true: currencies are volatile and subject to sudden movements. This is not the type of thing that can be accurately captured in corporate policies, and anybody with the slightest exposure to Forex knows this.

Apple is arrogant for not doing proper currency conversion.

The problem is that this seems to be corporate policy, which is notoriously slow to change. Currency markets, on the other hand, are extraordinarily fast paced, and typically open 24 hours a day. The USD rally will not continue, and similarly, the GBP depression won't either. Once these corrections take place, what then? Is Apple going to revise their policy once more?

The only fair way to handle this is by doing a proper currency exchange at fair market values, then adding appropriate fees and taxes. Anything less is sheer arrogance. I wouldn't be surprised if this policy remains in place even after major price movements occur, invalidating the original justification.

Despite the USD being up and the GBP being down, at the time of this writing, 1 USD stands at 0.8 GBP. What's wrong with doing a fair conversion, Apple?

This is far beyond your typical corporate politicking. Sounds like you work with some toxic idiots.

Actually, you're right in many cases. As a dev that has shipped software with poor security at the behest of ignorant management that didn't care to understand the problems, I shouldn't be so shortsighted. Open source software is another matter, however; somebody should step up, and do things the right way.

The solution is simple, and the onus is on software developers.

First, secure by default is a requirement. Always prompt for a strong user specified password by default. Most people take the path of least resistance when installing and configuring software, so this will drastically reduce instances of network exposed services that lack creds or have documented default creds. Second, if insecure features must be enabled e.g. anonymous access is required in some legitimate use cases, bury such settings deep in configuration files and UI-based advanced configuration settings. This too will deter people from using bad security configurations, unless the truly feel they must.

This is a solved problem, and that's why we see this type of issue in a small subset of domain specific programs. It's always the shitty IoT devices and hipster databases. Blame devs that lack security consciousness, if you want somebody to point a finger at.

Maybe if Steam streamed games and could revoke access at any point, but it's a bit different. More akin to iTunes and similar services, I think.

Agreed. Let's kill this pop culture abomination once and for all.

I'm not entirely sure about the scope of what you're claiming here, but know that virtual machine escapes aren't uncommon. I'm not saying that virtualizing the browser is a bad idea (defense in depth and all that), but it won't get you perfect security. Also, in some cases, it's possible to attack the host OS without leaving the VM. Then there's the sensitive information within the VM (user credentials, session cookies, etc.), which doesn't require an escape.

The American spelling of terrorist.

Dead on. Fuck BuzzFeed.