ranson

Just wow, Andrew. You mentioned Secure or Security 4 times in this article to describe WiFi QR Codes. Please educate yourself.

PSA:    Using WiFi QR Codes does not secure your network or improve network security. They are a convenience-only feature.

Here are the facts:

• As @madprof73 stated, the QR code is actually an encoded (not encrypted) string of text that includes the network name and password. So saying the QR Code is secure is the same as suggesting a base64 or rot13 encoded string of the WiFi credentials is secure. Anyone can decode the QR code to its text value and see the credentials in plaintext, the same way an iPhone, iPad or Android device decodes the QR code to capture and input the credentials.
• Scanning the QR code and connecting to the WiFi stores the WiFi credentials into the user's Keychain, so they can then retrieve the credentials via KeyChain Access at any time
• The point of WiFi QR codes then, is simply for users to be able to connect to the WiFi without having to go through the process of manually transcribing the password with the device's virtual keyboard, character-by-character. They ensure that the password is entered correctly, seamlessly and without human error. That's it.
• In Andrew's example of an AirBNB rental, the owner would need to provide the credentials in plaintext alongside the QR code anyway, because most people would want to connect their laptop, nintendo switch, etc., which may not support WiFi QR Codes or even have a camera at all.

spheric said:

Unless I’m completely misunderstanding something, the EU paper
 https://ec.europa.eu/commission/presscorner/detail/es/ip_24_5727
specifically calls for equal access WITHIN THE EU. 

What this means is that there needs to be a single distribution license for the entire EU, NOT that EU citizens must have access to the same distribution deals as residents of countries outside the EU. 

The answer to that is, „Wait, this isn‘t the case already? Why the hell not?“ 

I don’t understand the point of this article — it feels like it’s arguing against something that isn’t even on the table. 

If I’m misunderstanding, somebody please enlighten me. 

Completely agree here. This was a hastily written article that does not attempt to understand or articulate the nuance in what the EU Commission is saying. This is about letting EU citizens travel anywhere within the EU without being geo-fenced by Apple. EU citizens, it should be noted, can travel anywhere within the EU without a passport, using a common currency among many other shared benefits and policies. Imagine if Apple geo-fenced people who created their Apple Account in Alaska so that if they traveled to Texas they wouldn't be able to see half of their music. The US would regulate them to stop that behavior (and rightly so). That is what this is about, it's just countries in the EU rather than states in the US. It has nothing to do with anyone outside of the EU, or how Apple treats EU citizens while they are outside of the EU.

My advice to AppleInsider? Stick to reporting about rumors, news, hardware and software reviews, etc., and abort these opinion pieces. While one would expect them to have a pro-Apple slant, the analysis is poor and authors come across as bratty, entitled toddlers who don't actually know anything about the topic other than that it is a reason to kick and scream because a big meanie is trying to antagonize Apple.

As it stands in October 2024, certificates have a lengthy lifespan of about 13 months. 

The lifespan of TLS certificates can actually be between 1 day and 13 months (or longer if you roll your own Certificate Authority), and it varies from solution to solution. Most places go with exactly 1 year because it is easier to remember the same day every year.

Anyone using a modern public cloud solution (CloudFlare, AWS, etc.) to operate their web offering will not have any problems with increasing the cadence of TLS renewal and the overhead involved, because the cloud provider handles it automatically behind the scenes. So anyone complaining that it is too much work to renew more frequently has chosen not to use the available public cloud automations for this and has also chosen not to invest in an alternative or homegrown automated certificate renewal solution. Instead, they are manually renewing and loading certificates - in an age where good systems administrators do everything possible to avoid manual deployments and the potential for human error that comes with it.

For the "Microsoft sucks, this is their fault and they should have never let it happen" crowd - 

1 - Yes, Windows has historically been terribly insecure and full of bugs for 30 years.  2 - This incident was not Microsoft's fault.  3 - Both things can be true at the same time.

CrowdStrike is a third party security solution that many companies pay for, just like others use Symantec or McAfee security solutions. Microsoft has nothing to do with CrowdStrike, just like they have nothing to do with Symantec. CrowdStrike's Falcon service (which is what failed) is not something that just comes on every Windows machine or is even sold by Microsoft. It's not something Joe User can just install on their personal home computer. A company's enterprise IT team installs Falcon via Group Policy to its fleet of Windows and Mac machines, because they pay CrowdStrike a license for it. In this case, CrowdStrike pushed out an update to their own software that was faulty for Windows machines. So, at least in this case, if you are blaming Microsoft, you need to check your ignorance.

Situations like this, along with what went on in China during their mass Covid protests, are precisely why Apple needs to give up on its quest to prohibit sideloading. If an app is not being used to harm others, let the people install it.