IAAL, and I think you should make up your own mind about what the agreement means. Personally, I think you're over-thinking it, but you shouldn't take my advice, because I don't represent you in this instance. It's a shame that something so simple has to be so dressed up by Apple's legal group in obfuscated language. I also fault Apple for deferring to its outside counsel on these matters. There's nothing stopping them from using plain english that everyone can understand in these agreements. Having said that, I read so many of these things, that I recognize 75% of it as pure "boilerplate" that is for all practical purposes ignored by everyone.
Yes, and never mind that just about everything you take for granted about personal computers was "given" by Apple, too. I find this notion that users are entitled to complete device freedom really annoying.
If you find it so objectionable, go build your own hardware and OS platform. This isn't a matter of human rights because no one is telling you that you can't make your own.
Yes, and never mind that just about everything you take for granted about personal computers was "given" by Apple, too.
The RDF is on full effect there, I see. You might want to look at systems like the Xerox Alto & Star, both released before the Lisa. The implementation was certainly excellent - and I have a lot of respect for the Lisa and Macintosh engineers - but many of the concepts were invented elsewhere.
@recoiledsnake: (for whatever reason, I'm not allowed to reply directly to you)
You're comparing Apple's ecosystem to Earth's.
Apple is a private company that makes products that are sold on the commercial markets. The Earth is something entirely different. If Apple made planets, then yes – they could decide how to manage the atmosphere. That's how business works.
It's not even like these are major motion pictures. They are clips from a television news program that are released for free over the air and have an effective shelf life of less than two weeks. The potential downside to posting their videos in iPad compatible h.264 seems minuscule.
I wish more apps would get out of their own way and employ standard UIKit. I'm all for experimenting with UI on a new-ish platform like iOS, but the amount of parallel energy expended on checklist UIs is just depressing to me – esp. when the standard Cocoa libraries are more than adequate. There are just so many cases where turning the UI upside down is counterproductive.
But usually, those links expire, or are only able to be used once. So the password the user creates is secure, and the period the attacker can use the captured link is only from the time the user requests the password reset until the time the user tries to use the reset, it doesn't work, and the user requests another reset.
When a user is sent a password via email, unless that user is required to change eir password upon entering it, it is inherently less secure than sending a link.
This isn't an attack for the downvote. But if you're the type of customer that flips out over getting your temp password in the mail to a blank account, I don't want you. As the troubles are only starting...
Nope. That would require the user to take more action that necessary, since they now have to click on a link and remember your password. It would also be less secure, since they may choose a bad password.
Hell yeah it is less secure. password, letmein, 123456, j@nuary1
All bad passwords. All will be chosen by your users at some point. The last satisfies any complexity requirements I have ever run against in the wild.
There is nothing insecure about sending a plain-text password that compares to a badly chosen password -- email isn't that easy to intercept and properly nobody is hacking your users physical (or wireless) network. At least not compared to the number of people who will be attempting to crack their online password.
Are you taking the position that only auto-generated passwords can be secure? I'm trying to understand what conclusion to draw from your comment.
My point was that imposing length validations on passwords is not hard. Complexity validation, while more difficult, is also not exactly a novel problem.
I feel like I'm in bizarro-world with all these people telling me that sending a plaintext password via email is more secure than giving users the option to follow an authenticated link to create their own password because...users can't be trusted to choose good passwords?! Really?
Users are hopeless at creating secure passwords. They are especially hopeless at creating secure passwords if you suddenly present them with a password creation screen.
Adding complexity generation does not help. If anything, it makes things worse. People use stupid weak passwords, often re-using them across different websites. They'll do simple substitutions of digits for vowels, or they'll use one word with a couple of digits stuck on the end.
Complexity validation gives a false sense of security.
Am I the only person who considers use of the word "smart" as a leading indicator of the absence of intelligence? The term is so vague as to be utterly meaningless, and is usually a signal that we're really talking about someone's insecurities, their feelings of inadequacy, or their passive-aggressive megalomania. /psychobabble
First, you determine the rule. Then you determine whether it ought to be enforced.
While you might be right that the authorities won't take on the criminal case, you and your friend are wrong about the question of whether this is a criminal offense under the law. It's at least a colorable case of intentional infringement in a commercial setting.