I think this is the takeaway. As I understand, there was a formal review and the reviewer didn't catch it. But then again, why should your company trust an unpaid external reviewer when it comes to critical software like this?
The unfortunate reality is that while open source is a great way to standardize and share code, it really isn't some panacea where the company can get code completely for free. The company either needs to hire reviewers for mission-critical open source software, or (more realistically) they need to hire an outside firm that does this and provides a certain level of guarantee/insurance.
The one thing they don't need to do is assume anything mission-critical they find on Github is "good enough as-is".
*snip*This is one of the big myths surrounding open source.
The concept of open source began many years ago when some programmers got together and said "Hey, wouldn't it be great if everyone made their source available to look at, modify, etc...." And it's a great idea -- IF you are a programmer. But that's the problem. The vast majority of people in the world are not programmers.
In *THEORY* anyone can look at the source code. In *REALITY* the number of people looking at the source code is very small. Other than the people actually working on the code, very few people are looking at the source closely enough to find a serious problem. This is not meant as a criticism of open source, it is simply reality.
This is precisely my point. I think the problem is this notion of 'more eyes on code' when what we really should be concerned with is 'what eyes and if they're any good.'
Now the past few outfits I've worked for have employed third parties to look for vulnerabilities, and I think that perhaps the OS community should look into setting up some sort of body of experts who can advise on this sort of thing. A well-maintained site so that volunteers know what's expected of them, can get advice on how to test for known vulnerabilities, how to avoid script injection etc.
I always thought that one of the advantages of open source code is that bugs are picked up more quickly because there are more eyes on the code.
Is this simply a case of 'not all OS projects are created equal' or do we need some sort of formal review process for critical stuff like this to actually prove it was written and tested by people who know what they're doing?
Nope, the in-app purchase is made through your iCloud account, so every time it is renewed, Apple gets 30%.
This is why Amazon doesn't support purchases through the Kindle app on iOS. If you start your subscription on iOS then switch to Android, Apple will still get a cut, unless you stop the subscription and renew it on Android.
Edit: I just read Apple is getting 30% of the Office 365 subscription.
I can't believe they agreed to that.
Well they didn't really have a choice, did they?
The Surface hasn't turned out to be as much as a draw as Microsoft had hoped, and the lack of Office on the iPad hasn't really put a dent in Apple's sales.
Besides, if Apple had given Microsoft a free ride then their developers would have been, quite rightly, up in arms.
Still, as someone has already pointed out, consumers are not going to sign up for an Office subscription, so most of the sales are going to be for enterprise users who still want to stick with Office (though from what I've seen, most outfits are happy with earlier versions that they don't have to shell out yearly for), and the enterprise customers are not going to be buying this through the app store.
Apple's ongoing developers are more important to Apple than Microsoft, so the 30% is no surprise; there was no way Apple could afford to p*** off its developers by giving MS a free ride on the app store.
It's very telling that on the day of the launch, Tim Cook greets the new addition to the iPad and then goes on to tout their iWork, Evernote (a competitor to OneNote) and Paper (has not comparison).
Nope, the 30% cut is no surprise. The only surprise is how long it took MS to cave in and agree to it.
yeah, a lot less that ms or google
How much you spend is probably less important than what you spend it on.
You forgot the slides and ball pits. :) But it's more because they are a GNU/Linux shop, and that they are especially focused on machine learning and AI (ie. it's core to their main revenue sources). But I'd even work on boring CRUD/business apps just to be around the kind of people that work at Google.
You mean the kind of people who try to strangle innovation by sueing the competition using FRAND patents?