subscribe: Posts | Comments

Apple, Inc. and the pursuit of affordable luxury electronics

0 comments


Saturday, April 19, 2014, 02:42 pm PT (05:42 pm ET)

In an industry captivated by cheap commodity components, Apple’s ability to command healthy profit margins for “magical,” premium priced products designed to delight users—rather than just solve basic problems in a cost effective way—has confounded analysts and pundits for the better part of 40 years. It appears Apple will continue to introduce upscale new products in 2014, rather than following the industry into a race to the bottom in pricing.

The cheap iPhone that wasn’t

Throughout 2013, a wide variety of analysts were insisting that Apple needed to bring a cheap iPhone to market. Jefferies analyst Peter Misek predicted a cheap iPhone in the range of $200 to $250. Just one month before Apple launched its new iPhones for 2013, Piper Jaffray analyst Gene Munster expected a new model “priced at $300 without a contract.”

However, after refreshing its lineup last fall, Apple’s cheapest iPhone remained at around $400, while the middle tier 5c was priced at $550 and its high end 5s started at $650 and went as high as $850. Analysts, who had been stewing fears that a cheap new iPhone would erode Apple’s margins, turned around and skewered Apple for not doing what they expected, slashing their stock price expectations even lower on fears Apple couldn’t maintain its sales volumes in such a competitive climate replete with a cheap phone.

We can only speculate about whether a cheap new iPhone could have stolen away more sales from the already sickly numbers of Samsung’s Galaxy S4, HTC’s One, LG’s G2, Google’s Moto X and Nokia’s Lumia line sold over the holiday quarter. All of those models were outsold by even Apple’s middle tier iPhone 5c, which in turn was wildly outsold by the iPhone 5s.

A cheaper iPhone quite likely would have eaten into sales of Apple’s other iPhones; hurt the Apple brand by cheapening new users’ initial experience and dramatically affected Apple’s revenues and profits, the same way that Samsung’s focus on cheap, low end phones contributed to plummeting average selling prices and its slim profit margins.

Race for the future

We can’t run the 2013 experiment over again to find out exactly what would have happened had Apple offered a very low end iPhone. We do know, however, that Apple earned more than everyone else in the mobile industry, giving it more capital to invest in even more sophisticated OS, chip, app and service developments and manufacturing capacity than anyone else. Apple took an astounding 87 percent of the entire industry’s global phone profits just in the winter quarter.

Apple is quadrupling its headquarters’ office space and plans to build 30 new retail stores this year: substantial projects that indicate long term expectations. All of those massive investments require very significant capital.

Had Apple blown $10-15 billion producing tons of profitless, cheap phones to win IDC’s respect as the top volume commodity producer for 2013, it wouldn’t have been able to also spend that capital to acquire more talent, technology and production capacity than even Google last year.

In terms of sales volumes, Apple was outsold by Commodore in the 1980s, by HP Dell in the 1990s, by Nokia in the 2000s, and it’s being outsold by Samsung in the 2010s. What’s more remarkable is that Apple is now outselling those old competitors from the past. Apple has consistently won in the future. And that’s clearly where Apple expects to win today. It’s not wishing it could have won a ribbon for “most smartphones sold” in 2013, because having made the most money will eventually allow it to outpace Samsung the same way.

Samsung is also investing in the future, but it has been giving up half of its margins to “win” in the past in terms of market share. For an example of how to run yourself out of business, just look at what happened to Apple in the early 1990s when it decided to heed the advice of analysts and go for cheap, unprofitable volume sales with Performa Macs designed and sold like the commodity PCs everyone else was making.

Affordable luxury in a sea of cheap commodity

As Apple gears up to expand, it is not (so far at least) focusing on making cheaper devices. Instead, it has released a series of upscale luxury offerings. From the ultra thin iMac to new Retina Display MacBook Pros, the thin and light MacBook Air, high end Mac Pro, slim new iPad Air and 64-bit iPhone 5s, Apple has more luxury class, premium devices for sale than it has in the middle of the market.

Even Apple’s entry level models are significantly higher end that the economy class phones, tablets and PCs that make up the bulk of its competitors’ sales, as evidenced by the fact that Apple doesn’t even have an iPhone cheaper than $400, while the Average Selling Price of smartphones in general is, according to IDC, now at $335. Apple’s iPhone ASP for 2013 remained at $650 while Android’s dropped down to $276.

This is particularly remarkable because Samsung (and other Android licensees) price their premium phones at or higher than iPhones. The base price of Samsung’s 16GB Galaxy S5 Android phone and its 16GB ATIV SE Windows Phone are both $600 through Verizon Wireless, while its baseline 32GB Note 3 starts at $700. That’s more than the $550 Verizon charges for Apple’s 16GB iPhone 5c, and at or above the full $650 price of the 16 GB iPhone 5s, even before you compare the fact that a 16GB iOS device has more available storage than a 16GB Android device, particularly one from Samsung.

While it would certainly like to earn as much as Apple, Samsung doesn’t usually get full price; it is currently offering even its brand new Galaxy S 5 in “buy one get one free” deals. It does however highlight the fact that Android isn’t making phones cheaper, it’s just making cheaper phones.

Apple’s top of the line iPhone 5s is its best selling model. All of Samsung’s premium phone models put together only amount to a third of the company’s total “smartphone” sales. That’s a huge difference in the demographic of customers that Samsung is attracting with its focus on cheap commodity phones.

Broadly available luxury

Throughout its existence, Apple has released a series of products showcasing technological advances that have at times simply embarrassed the rest of the industry, while at the same time creating new, premium-priced product categories and raising the bar of what the public considered to be minimally sufficient going forward. After iPod, a DiscMan or USB 1.0 MP3 player wasn’t good enough. After iPhone, a Java button phone wasn’t interesting anymore. After iPad, thick Tablet PCs were toast.

Apple’s $400 iPod in 2001; the $600 iPhone in 2006 and 2010′s $500 iPad and $1000 MacBook Air induced competitors to scramble to make knockoff “MP3 players” and “smartphones” and “tablets” and “ultrabooks,” but Apple still hasn’t been outmaneuvered in any one of those premium product arenas where it redefined and set new price points for products designed to delight its customers.

The best that can be said of Apple’s competitors is that they are working harder to build greater quantities of lower end, cheaper products that they profit considerably less from as they sell them to customers who report significantly less satisfaction from owning and using them. In the conclusions arrived at by IDC, Gartner and Strategy Analytics, such losing is mysteriously portrayed as winning.

The myth of commodity

The idea that Apple’s innovative products are fated to overrun by commodity sales of competitors’ duplicates is not reflected in modern reality. Despite many copies of Apple’s iPod—most of which were cheaper and supported by large firms ranging from Microsoft to Dell to Samsung and Toshiba—none became even remotely as successful.

And while there are lots of phone companies that make iPhone-like devices that compete with the iPhone, none make Apple-like profits nor do they sell iPhone-like devices in iPhone-like quantities. Samsung, the only company even close to Apple in “smartphone” sales, primarily sells low end devices that it internally calls “carrier friendly good enough” phones. Last year, Samsung sold around 100 million Galaxy S and Note premium-tier phones, compared to 150 million iPhones sold by Apple.

Apple is the only significant luxury goods vendor in the high volume consumer tech industry. Many bloggers and tech industry columnists specialize in generating great quantities of low value content aimed at covering virtually every base and filling every possible niche, a role for which they earn virtually nothing. To them, Samsung and Google are the heroes, simply through a familial affinity. They understand what commodity producers do, but find Apple’s business foreign and mystifying, and vent their xenophobia at every opportunity.

In the tech industry, low-end companies appear to be winning the conversation. However, they’re losing the war in profits, and there’s plenty of historical precedent supporting the idea that they will continue to lose in the future.

Apple’s balance of luxury and affordability

Apple hasn’t simply raised the price of technology. In many areas, it has aggressively slashed prices to make its premium technology broadly affordable. One obvious example is the $500 iPad, which appeared in 2010, a time when Tablet PC vendors like Samsung were struggling to sell bulky, heavy and anemically slow tablets like the Windows-powered $775 Samsung Q1EX-71G.

The following year, Google’s 2011 Android 3.0 Honeycomb initiative attempted to push tablet buyers to pay at least a 20 percent premium over Apple’s iPad for more complicated tablet devices like the Motorola Xoom. Microsoft attempted to do the same thing in 2012 with its Surface RT and its essentially requisite Touch Cover.

However, no amount of lavish press and liberal advertising in either case convinced customers to pay higher prices for either Google or Microsoft’s response to Apple’s iPad. Android and Surface tablets, along with other knock off iPods, iPhone alternatives and UltraBooks, all continue to struggle to remain viable, even at sharply discounted prices.

It’s particularly interesting to note that Apple entered the smartphone area in 2007 with a product so much more expensive than Microsoft’s mainstream offerings that Steve Ballmer was driven to mock its pricing with scoffing laughter. However, just a few years later Apple had effectively drained the profitability from all of Microsoft’s licensees, while at the same time driving Nokia’s Symbian, RIM’s Blackberry and Palm from lavish profits into financial ruin.

Apple’s future in premium gear

The way Apple plays its cards has allowed it to win hand after hand in virtually every game it chooses to play, despite the outrage and contempt voiced over its style by analysts and pundits who would prefer Apple played like all the market losers have. That suggests that Apple will continue to face intense criticism in 2014.

We don’t yet know what Apple will do in 2014, but we do have some hints. Signs point toward luxury-class new wearable products that would, like the iPod and iPhone, introduce a new product category that takes very little from the existing products in the wearables space and instead established an entirely new price tier and product definition, one that can deliver a compelling “use case” that today’s “smart watches” haven’t been able to do.

The direction Apple is heading with iPhone also appears to have an upscale trajectory. While the rest of the industry is fixated on cheap phones, Apple is catering to customers who want to pay more for innovative, luxurious, high tech features.

Compare Samsung’s high end flagships, which over the past two generations have been differentiated largely by app-like software features like hand waving and camera effects, with Apple’s introduction of Touch ID, 64-bit A7 processing and M7 motion co-processing, features that helped entice the majority of iPhone buyers to jump for the most expensive model.

We don’t have as much public data on the kinds of Macs that Apple is selling, but it appears clear that the company’s cheapest Mac mini is not a massive seller, while its pricy MacBook Air and MacBook Pro lines are. Armed with keen insight into what sells in its own retail stores and across the retail partners it closely manages, Apple has invested in making expensive, premium MacBook models from precision crafted aluminum shells and Retina Displays, not plastic netbooks or even low end laptops.

The last time Apple reinvented a major Mac model, it delivered a pricey, high tech Mac Pro aimed directly at serving the needs of high end customers, rather than revisiting the Mac mini or building a copy of the kind of commodity, volume PC boxes that dominated the market in the 1990s.

Even Apple’s iPad, which is effectively a streamlined, low cost computing device that works as an alternative to netbooks or a cheap PC box, has been trending upscale. Apple rapidly introduced a series of faster models with Retina screens, then jumped to an all new iPad Air form factor that was both light and thin, not just “good enough” and cost effective.

Clearly, Apple is paying more attention to its own internal data on what buyers want than the recommendations of analysts who who so strongly believe in cheap commodity that they are blind to the very profitability that drives the capitalism they analyze.

Article source: http://appleinsider.com.feedsportal.com/c/33975/f/616168/s/398bbb75/sc/4/l/0Lappleinsider0N0Carticles0C140C0A40C190Capple0Einc0Eand0Ethe0Epursuit0Eof0Eaffordable0Eluxury0Eelectronics/story01.htm


Samsung experts say Apple’s patented features not valuable in trial

0 comments


Friday, April 18, 2014, 11:33 pm PT (02:33 am ET)

During the Apple v. Samsung trial on Friday, Samsung continued its defense by calling on a number of expert witnesses who asserted Apple has grossly exaggerated the value assigned to each of its patents-in-suit.

According to in-court reports, Samsung spent most of the day trying to dismantle Apple’s patent valuation arguments that put damages in the case at nearly $2.2 billion on lost profits and royalties. The Korean company calls the number a “gross exaggeration” of the patents’ worth.

Apple is seeking damages on five patents, including the so-called “slide-to-unlock” feature made popular by the original iPhone, unified search, data identifiers, background syncing and word input prediction.

In Friday’s proceedings, Samsung brought up New York University professor Tulin Erdem who blames the inflated damages claim on an allegedly flawed study presented by Apple expert John Hauser, reports Re/code.

Earlier in the case Hauser, a professor at the Massachusetts Institute of Technology, testified that his conjoint survey found smartphone users willing to spend between $32 to $102 for the features covered by Apple’s patents.

Erdem argued that Hauser’s study created “demand artifacts” by teaching consumers about features most were not aware of and did not already value.

“You are elevating artificially the importance, the value of these things,” Erdem said. “They are not even in the radar screen of consumers. These are very granular…and they wouldn’t drive demand.”

As noted by Re/code, the statement was slightly different from her deposition, in which Erdem said Apple’s patents covered features that only a “weird” or “crazy person” or a “techno-whatever” would see as valuable.

According to CNET, Erdem offered specifics of her own studies that used eye-tracking technology to discover what consumers look for in a smartphone.

“As a group, the minor things didn’t drive demand,” Erdem said. “It was the major things that drive demand.”

Included among these “minor” features are processors, an on-screen keyboard, and GPS. She went on to say that extras like a secondary camera also do not impact consumer desire. However, Erdem failed to include the features described by Apple’s patents in her study, saying it wouldn’t be in line with consumer review and comparison websites.

Apple pointed out that Erdem’s testimony ran counter to that of Samsung expert David Reibstein, a marketing professor at the University of Pennsylvania’s Wharton School of Business. Reibstein also disagreed with the results of Hauser’s study, in part because it did not include the very features Erdem omitted.

“You’re trying to predict what it is people will buy, and if you just focus on smaller aspects and a couple major factors, you’re going to miss what would drive sales and why people would buy your products,” Reibstein said of Hauser’s survey.

Reibstein said using the study is similar to determining what car consumers would buy by asking which cup holder they like rather than noting an auto company’s brand, CNET reports.

Friday’s proceedings wrapped up week three of the second California Apple v. Samsung patent trial. Presiding Judge Lucy Koh said the testimony phase of the trial should be completed by next Friday with closing arguments to be heard on Apr. 28.

Article source: http://appleinsider.com.feedsportal.com/c/33975/f/616168/s/39870b86/sc/5/l/0Lappleinsider0N0Carticles0C140C0A40C190Csamsung0Eexperts0Esay0Eapples0Epatented0Efeatures0Enot0Evaluable0Ein0Etrial/story01.htm


Beats Music enables in-app subscriptions with latest update in bid for more users

0 comments


Friday, April 18, 2014, 05:35 pm PT (08:35 pm ET)

Beats Music, the streaming radio arm of the Beats empire, updated its iPhone app on Friday with the notable addition of in-app subscriptions, meaning the company is now paying Apple’s usual 30 percent commission on new sign-ups.

The Beats Music app launched in January alongside the streaming subscription service looking to take on industry stalwarts Pandora and newcomers like Apple’s own iTunes Radio. At the time, fees were processed outside of the iOS app, meaning Apple didn’t get a direct share of the sign-up proceeds generated through its mobile platform.

As reported by Re/code, Beats CEO Ian Rogers said the decision to include in-app subscriptions — 30 percent of which goes to Apple — was based on Apple’s massive iOS user base. According to Rogers, more than half of all Beats users own an iPhone and asking these people to sign up outside of Apple’s ecosystem is “very hard,” the publication said.

In addition to the iPhone, Beats is expected to launch an iPad app, which will likely draw an even larger crowd.

Moving to in-app subscriptions is “what you do when you want subscribers,” Rogers said. “If you don’t care if people subscribe or not, and you’ve got a free product, maybe then you wouldn’t do it.”

Re/code points out that Beats’ decision to accept Apple’s commission rates may raise concern over the company’s performance, though Rogers claims the move is not indicative of a struggling business.

“We’ve had far more people try the product than projected,” Rogers said. “Clearly the marketing works. The conversion rate on the ATT plan is off the charts. It’s safe to say the biggest problem is coverting iOS users, and we’ve just fixed that.”

Article source: http://appleinsider.com.feedsportal.com/c/33975/f/616168/s/39863036/sc/15/l/0Lappleinsider0N0Carticles0C140C0A40C180Cbeats0Emusic0Eenables0Ein0Eapp0Esubscriptions0Ewith0Elatest0Eupdate0Ein0Ebid0Efor0Emore0Eusers/story01.htm


Nike to reportedly exit wearables market, fires bulk of FuelBand team [u]

0 comments


Friday, April 18, 2014, 06:10 pm PT (09:10 pm ET)

A rumor on Friday claims Nike is planning to shut down the division responsible for creating wearable fitness trackers, starting with the axing of as many as 55 people from the FuelBand team.

Citing people familiar with the situation, CNET reports Nike is looking to quickly spin down its Digital Sport division, which is responsible for products like the FuelBand SE, Nike+ sportwatch and other connected devices.

According to the source, Nike notified the division’s 70-person hardware team of the decision on Thursday, ultimately firing 70 to 80 percent of the group, or up to 55 people. A number of those let go may potentially take on positions in other Nike offices, though details are unknown at this time. Nike has yet to confirm the supposed job cuts .

“As a fast-paced, global business we continually align resources with business priorities,” said Nike spokesman Brian Strong. “As our Digital Sport priorities evolve, we expect to make changes within the team, and there will be a small number of layoffs. We do not comment on individual employment matters.”

In a more questionable post on anonymous social network Secret last week, one supposed team member said, “The douchebag execs at Nike are going to lay off a bunch of the eng team who developed the FuelBand, and other Nike+ stuff. Mostly because the execs committed gross negligence, wasted tons of money, and didn’t know what they were doing.”

The hardware team accounted for less than half of Nike’s Digital Sport arm, which employs some 200 people. Interestingly, the software team, called Nike Digital Tech, will not be affected by the reported rejiggering, leading some to speculate that the company is planning to provide Apple with backbone software for its much-rumored iWatch device.

Nike last week announced a new research and development entity in San Francisco called Fuel Lab, which will concentrate on building out products leveraging the NikeFuel workout metric.

Circumstantial evidence supports such a partnership, but proof of a deal is far from concrete. Apple CEO Tim Cook has been on Nike’s board for nine years, which likely played a role in the brand’s ability to stay on the cutting edge of fitness software incorporated into Apple products. Nike+, for example, has been part of Apple’s ecosystem since the Nike+iPod sensor kit was released in 2006.

Most recently, when the latest iPhone 5s was revealed, a specialized Nike+ Move app was shown off during a demo of the handset’s dedicated M7 motion coprocessor.

Update: In a statement to Re/code, Nike confirmed a “small number” of people within its digital division were been let go, but refuted CNET’s report that it is closing the team’s hardware arm.

“The Nike+ FuelBand SE remains an important part of our business. We will continue to improve the Nike+ FuelBand App, launch new METALUXE colors, and we will sell and support the Nike+ FuelBand SE for the foreseeable future.”

Article source: http://appleinsider.com.feedsportal.com/c/33975/f/616168/s/398632c4/sc/21/l/0Lappleinsider0N0Carticles0C140C0A40C180Cnike0Eto0Ereportedly0Eexit0Ewearables0Emarket0Efires0Ebulk0Eof0Efuelband0Eteam/story01.htm


How Apple dodged the Heartbleed bullet

0 comments


Friday, April 18, 2014, 11:29 am PT (02:29 pm ET)

In 2011, Apple told its developers that it would be deprecating OS X’s Common Data Security Architecture including OpenSSL, describing it as an outdated relic of the late 1990s. Nearly three years later, OpenSSL was hit by a severe flaw that affected a wide swath of vendors and their users, but not Apple.

When it announced plans to deprecate OpenSSL in June 2011, Apple wasn’t aware of the Heartbleed flaw because it didn’t yet exist. However, the company was aware of other problems with OpenSSL (libcrypto), a security toolkit Apple began using within the Common Data Security Architecture more than a decade ago.

CDSA, according to the Open Group that designed it, “is a set of layered security services and cryptographic framework that provide an infrastructure for creating cross-platform, interoperable, security-enabled applications for client-server environments is an architecture.”

Apple incorporated support for CDSA and OpenSSL in its early development of Mac OS X. In 2004, Apple was recommending that Mac developers adopt CDSA, noting that it “will improve the overall performance of the system by reducing the number of libraries that frameworks link against to do cryptography.”

As the company noted in its Mac security documentation from a decade ago, “CDSA is an Open Source security architecture adopted as a technical standard by the Open Group. Apple has developed its own Open Source implementation of CDSA, available as part of Darwin at Apple’s Open Source site. This API provides a wide array of security services, including fine-grained access permissions, authentication of users’ identities, encryption, and secure data storage.”

Apple builds its own security architecture

By at least 2006 however, Apple began working on a new cryptography API for the future, designed to use less code, run faster and support concurrent use of multiple processors. These features were not only necessary for future Macs, but would also be critically important to iOS. Apple began working on a new cryptography API for the future, designed to use less code, run faster and support concurrent use of multiple processors

The desire to build a streamlined, modern security architecture was also driven by a need for FIPS 140-2 validation, required to sell devices to a variety of U.S. government agencies. As sales of iPhone and later iPad began to explode, Apple’s efforts to address a robust alternative to the outdated CDSA took on new urgency.

The first step was Common Crypto, a low level C framework supporting core encryption algorithms Apple first released for OS X 10.5 Leopard in 2007 and later brought to iOS 5 in 2011. Apple has continued to work on making low level crypto functions easier for developers to use.

That includes Apple’s OS X Security Transforms package, which is deeply integrated with Grand Central Dispatch to enable pipelines of data (including encryption tasks) to be spread out across available processors. It also supports hardware acceleration of crypto functions on modern processors like Intel’s Core i5 and i7.

Apple deprecates CDSA OpenSSL

By 2011, Apple was ready to deprecate CDSA, noting to developers at its WWDC event that the architecture was based on an Open Group standard that few other vendors supported besides Apple, and included lots of features nobody actually used. That required Apple to assume and manage a lot of complex external issues without any real cross-platform benefit.

“CDSA has its own standard programming interface, it is complex and does not follow standard Apple programming conventions,” the company noted to its developers in Mac security documentation. iOS never incorporated CDSA, and both OS X and iOS “include their own higher-level security APIs that abstract away much of that complexity.”

Building its own security software meant that Apple and its developers were no longer captive to the external development issues and eccentricities related to the OpenSSL open source project, which despite its critical importance and broad use by the industry, was being funded through donations and was, incredibly, maintained by a very small team of just four core developers.“OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS. Use of the OS X OpenSSL libraries by apps is strongly discouraged “

“Although OpenSSL is commonly used in the open source community,” Apple stated in its documentation, “OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS. Use of the OS X OpenSSL libraries by apps is strongly discouraged.

“If your app depends on OpenSSL, you should compile OpenSSL yourself and statically link a known version of OpenSSL into your app. This use of OpenSSL is possible on both OS X and iOS. However, unless you are trying to maintain source compatibility with an existing open source project, you should generally use a different API.”

Apple’s concern about OpenSSL lacking a “stable API from version to version” relates to the complications it would face in trying to update or patch security flaws in the open source software package in a way that wouldn’t break third party apps wired to a previous version of OpenSSL. Deprecating OpenSSL in favor of its own software meant that Apple had greater control in managing its own platform.

A broad variety of vulnerabilities in Apple’s OS X software have actually related to outside software that Apple has bundled with its own, including both open source software packages and third party commercial components like Adobe Flash.

Heartbleed hits OpenSSL

Apple’s timing proved to be fortuitous. Just six months after Apple officially deprecated OpenSSL, the Heartbleed flaw was inadvertently introduced in OpenSSL via a Heartbeat feature designed to keep secure connections alive and active. The flawed Heartbeat feature was included in the following March 2012 release of OpenSSL, and enabled by default.

While Apple had been advising its Mac and iOS developers to use other software before the bug had ever been introduced and never distributed the subsequent versions of OpenSSL that incorporated the security flaw, much of the rest of the industry had been standardizing on the latest, freely available version of OpenSSL.

More than two years later, a researcher at Google discovered that the OpenSSL Heartbeat feature was flawed, potentially allowing a malicious user to “bleed” data from a server using an affected version of OpenSSL, and possibly even recover security keys that could be used to spy on intercepted streams of encrypted data. Client software affected by Heartbleed could also be exploited by a malicious server.

“Servers vulnerable to Heartbleed are less secure than they would be if they simply had no encryption at all,” noted a report by The Guardian

According to a report by Brendan Sasso of the National Journal, Google began work on addressing the flaw internally without telling anyone else about it, not even the U.S. government, which ostensibly wasn’t aware of the vulnerability until Google first disclosed it on April 1 via the company’s Google Plus social network.

A timeline compiled by Ben Grubb of the Sydney Morning Herald indicates that various firms over the next week battled both for publicity and against public disclosure of the Heartbleed flaw, with security companies seizing upon it as a way to make a name for themselves, and those affected scrambling to address the problem before they and their clients could be exploited by third parties armed with the same knowledge.

The perceived advantage of open software being innately more secure through broad use and exposure to more eyeballs ran into the reality of disadvantages involved with broad industry reliance upon a widely distributed monoculture of software developed by relatively few people who didn’t necessarily share the same design goals as their broad spectrum of users (including that lack of interest in maintaining API compatibility).

A flaw in Apple’s own code

Apple and its Mac and iOS users weren’t affected by Heartbleed, but just weeks before, the company had been hit by a similar vulnerability related to a flaw in Apple’s own code, which just happened to also be related to SSL certificate based security.

In Apple’s case, the flaw, branded as “GoToFail,” related to code the company maintained itself, although like OpenSSL, Apple’s code had also been published as open source. As with OpenSSL, merely being open to eyeballs didn’t result in Apple’s code being free of undiscovered flaws.

Apple was condemned in a series of posts laced with profanity for patching iOS first (before GoToFail was publicly known about) and not releasing a patch for OS X until three days later.

In contrast, it took a week for the various parties involved in Heartbleed to even coordinate its disclosure, with embargo leaks informing some clients, including OpenSSL, Akamai and Facebook as much as several days before the general public and even major companies including Cisco, Dropbox, Juniper, Twitter, Ubuntu and Yahoo.

Another security flaw, similarly affecting network security, was identified in Android’s WebView 16 months ago. While much more serious in that it provided full control of a device to remote malicious users and had functional tools available that allowed virtually anyone to exploit the flaw, roughly 75 percent of Android devices appear to remain vulnerable.

Article source: http://appleinsider.com.feedsportal.com/c/33975/f/616168/s/398470b0/sc/15/l/0Lappleinsider0N0Carticles0C140C0A40C180Chow0Eapple0Edodged0Ethe0Eheartbleed0Ebullet/story01.htm


Briefly: Online Apple Store delays 24-hour ship times in Europe for Easter

0 comments


Friday, April 18, 2014, 01:47 pm PT (04:47 pm ET)

In a change to certain European Online Apple Stores, the company is no longer offering 24-hour delivery turnarounds, while the option remains active in the U.S. and Canada.

Apple’s UK Online Store page for the iPhone 5c now shows 1-2 day delivery (top) compared to Apr. 16.

First spotted by Portuguese blog All Mac Long, the shipping delays are being seen in nearly all European countries in which the Online Apple Store operates.

With current delivery times quoted at one to two days for nearly all products, including Apple’s own equipment, the modification is likely a reflection of regional warehouse or courier companies’ Easter weekend schedules, not Apple’s European product channel inventory.

AppleInsider was able to confirm that Apple’s new shipment protocol was adjusted within the past two days.

While the countries listed above may not be promised a quick one-day turnaround on Internet orders, Apple is continuing to offer the 24-hour availability in other parts of the world including the U.S. and Canada.

Article source: http://appleinsider.com.feedsportal.com/c/33975/f/616168/s/398532f7/sc/5/l/0Lappleinsider0N0Carticles0C140C0A40C180Cbriefly0Eonline0Eapple0Estore0Edelays0E240Ehour0Eship0Etimes0Ein0Eeurope0Efor0Eeaster/story01.htm


« Previous Entries