1. 1

    The downside is that, while safe, memory management in Rust is still manual and non-trivial

    In what sense is it more “manual” than garbage collected languages? RAII means you don’t worry about memory management details unless you’re specifically writing a low-level container like a vector.

    1. 2

      You have to explicitly say whether a variable is shared or exclusively owned by a binding. In a GC-ed language, the runtime just figures it out for you.

      Which actually makes it very similar to a statically/dynamically typed program, now that I think about it.

    1. 3

      No company is investing in core technologies

      Does the author have an idea about core computer science literature? Tensorflow came out of Google, for instance. It’s pretty strange to say that “no company” is investing in core technologies. You could say that industry research is of a worse quality than university research, but the author is trying to make a much broader point, I think, on what would seem to be very little evidence.

      The less incentive they have to make them compatible with other such software

      Is the implication that free software is less portable than non-free software? If anything, free software paves the way for non-free software to inter-operate with other non-free software. Again, I don’t really understand where this comment is coming from.

      How have so many humans reached the point where they accept that even miserable, unnecessary work is actually morally superior to no work at all

      Well, 1) because people need to eat 2) because people are generally poor at knowing what work is useful or necessary. If everybody knew to any useful degree how to direct their own time, nobody would want managers and a lot more firms would have flat org structures.

      1. 1

        How have so many humans reached the point where they accept that even miserable, unnecessary work is actually morally superior to no work at all

        Well, 1) because people need to eat ..

        Maybe is easy to answer in this extremes cases, when people are not starving or are not accumulating a lot of money it gets hard to answer. What would prefer between this 2 options: Hire someone to do a bullshit job or; pay someone and them this person can eat and do anything she wants?

      1. 9

        Contrary to the comments at Reddit, I’m pretty sure Apple cannot do this unless you have installed a MDM profile…

        Locking, remote wipe, etc are limited to your iCloud account. There is no equivalent to “Google Play Services”. APNS has no control; it only handles push notifications.

        1. 15

          Contrary to the comments at Reddit, I’m pretty sure Apple cannot do this unless you have installed a MDM profile…

          When the OS is closed source how would you know?

          1. 12

            If you think Apple has a gaping backdoor in all of their phones which violates the mission of their product line, then please prove me wrong. In fact, take this opportunity to short their stock and prove it to the world. You could make yourself really rich really fast.

            Nobody else has done it, and everything Apple has done with their product line has been to constantly increase user security, not install backdoors for remote control and spying.

            I do not think they are perfect, but this would be a huge blow to their public perception and would certainly tarnish their brand for years to come.

            1. 7

              Objectively, I think that u/user545 has a valid point. When proprietary software is in place there is no way to verify that such software does what the user expects it to do, and nothing more. Just because Apple has said it doesn’t spy on its users, doesn’t mean such a statement is true; and we cannot trust them, because we don’t know what the program does in the inside.

              1. 9

                Perhaps it’s not as severe as user545 says.

                I think the argument can be transposed to anything done by anyone else:

                • I didn’t see how cars were built. So I have to assume the worst.
                • I didn’t see how roads were built. So I have to assume the worst.
                • I didn’t audit this open source project’s source code myself. So I have to assume the worst.
                  • Or I only heard from someone that this source code checks out. But I don’t know that person, so I have to assume the worst (that they’re lying to me).
                  • I didn’t audit the crypto algorithms. So I have to assume the worst.
                  • I didn’t compile it myself. So I have to assume the worst.
                  • I didn’t compile my compiler myself. So I have to assume the worst.
                  • I didn’t compile my operating system myself with my own compiler. So I have to assume the worst.
                  • I didn’t mine and process the raw resources to create my computer. So I have to assume the worst.

                Sure I can assume the worst, but then I probably wouldn’t live in a society.

                “Assume the worst” feels like an impractical rule to follow. Instead, it’s a practical tradeoff of efficiency (of my time) and likelihood I need to “assume the worst”. I’m not discounting the valuable effort that security researchers do to audit and break into these systems. Especially if they take this approach, that’s great. But they’re way more qualified and have more resources (eg - time, money) than me to do it. I’m not going to blindly assume the worst that these security researchers are out to trick me.

                I agree with feld. Apple isn’t perfect. They may change in the future. But Apple seem less likely than Google to implement a backdoor like this based on the way they position themselves in the market right now.

                1. 5

                  You’re missing two things:

                  1. “They’re usually defective since suppliers dont care or have liability.”

                  2. “Intelligence agencies and law enforcement are threatening fines or jail for not putting secret backdoors in. The coercive groups also have legal immunity. Their targets can do 15 years if they talk.”

                  No 1 also applies to FOSS. With those premises, I definitely cant trust closed-source software to not have incidental or intentional vulnerabilities. Now, we’re back to thorough design and review by parties we trust. Multiple, skilled, mutually-suspicious groups.

                  1. 2

                    Thanks,

                    I agree with you on #1, including that it applies to FOSS. I may argue that a supplier has more incentive to fix it if you’re a potentially influential customer over a FOSS that has a disinterested maintainer (making you fall back to build-it-yourself or audit yourself. And to be clear, FOSS is definitely a better option than if the non-cooperative supplier is a monopoly). But I’d admit only be able to back up anecdotally, which isn’t a strong case.

                    For #2, couldn’t that also apply to key maintainers in FOSS if they are contributing to the same project? I’d take a random guess that governments may find it impossible to coerce a small set of individuals. 15 years would equality scare FOSS maintainers as well. Sure, a geographical barrier may make that more difficult, but I’d guess that human-based intelligence agencies like the CIA probably have some related experience in this. I agree that FOSS makes it harder to sneak one by reviewers, but maybe there’s not many people needed to coerce to get the backdoor in a release.

                    I only tangentially review security topics, so I’m not sure if that’s a realistic threat or just a tinfoil haty thought <:-).

                    I guess I’m putting more emphasis from the perspective of typical (non-technical) user of software to:

                    1. care more about security / privacy
                    2. pressure companies they support to have better security/privacy practices

                    Over distrusting all companies and have a significantly worse user experience of using software in general. Non-technical users generally like the fallback of technical support over just “figure it out yourself” or “you lost all your data because you couldn’t manage your secrets”.

                    I’m curious, if a company allowed you to audit their source code before you approved/used it, would that significantly minimize the advantages FOSS software have over proprietary software for you?

                    1. 2

                      I may argue that a supplier has more incentive to fix it if you’re a potentially influential customer over a FOSS that has a disinterested maintainer

                      This hasn’t been the case at all in the mobile space. The supplier has an incentive to not fix things so you buy a new device where as FOSS maintainers want your device to last as long as possible.

                      1. 2

                        I’d agree the motivation for some suppliers to upsell to newer devices, although I don’t really understand motivation for FOSS maintainers to want you to use your device as long as possible. As a one who maintained iOS libraries, there’s strong motivation to deprecate older devices/platforms since it’s a maintenance burden that sometimes hinders new feature work (and typically the most active contributors use the latest stuff). And when pitted against supporting the latest devices vs the older devices, chances are the newer stuff will win in those debates.

                        Thinking through the supplier stuff a bit more doesn’t make that much difference though. Sure, it doesn’t feel like a great business practice for a company to upsell. But it’s also how those companies stay in business. It could be viewed similarly to a maintenance support fee for existing devices. If suppliers offered the a retainer fee, it would effectively be the same thing then?

                        1. 2

                          The lineageOS team does amazing work keeping old Android devices on the latest release. Also means app devs don’t have to worry because these old devices support all the new apis and features.

                      2. 2

                        “For #2, couldn’t that also apply to key maintainers in FOSS if they are contributing to the same project?”

                        That’s a great observation. I held off mentioning it since people often say, “That’s speculation or conspiracy. Prove it with examples.” And the examples would have secrecy orders so… I just dropped the examples where they can find proof it happened. There very well could be coercive action against FOSS maintainers. Both Truecrypt developers and someone doing crypto on Linux filesystems kind of disappeared out of nowhere not talking about the project any longer. Now we’re into heresay and guesswork, though. Also, they might be able to SIGINT FOSS with a secrecy order. We might be able to counter that having people in foreign countries looking for the problem, submitting a fix, and the rule is to always take a fix. They have to spot the problem that might be out of their domain expertise, though.

                        Plenty of possibilities. I just don’t have anything concrete on mandated, FOSS subversion. I will say one of the reasons I’d never publish crypto under my own name or take money for it is this threat. I think it’s very realistic. I think we haven’t seen it play out since the popular libraries for crypto were so buggy that they didn’t need such a setup. If they did, they’d use it sparingly. Those also ran on systems that were themselves ridden with preventable 0-days.

                        Far as open vs closed with review, I wrote an essay on that here.

                        1. 2

                          Thanks for that essay, that was insightful.

                          I’m roughly remember the Truecrypt incident and that was suspect, although never came across the linux file system crypto circumstance. Was it similar to Truecrypt? Was that developer already known. My googling didn’t seem to show up any mention of that at all.

                      3. 1

                        There is one thing I am wondering about. Government agencies require backdoors but I would think they also require backdoors that are kept secret. How does that work with FOSS software? Alright yes they could sneek it in the compiled version maybe but distros are all moving to reproducible builds so that would be detected.

                        1. 2

                          Ignore the Karger/Thompdon attack: only happened twice that I know of. The nation-state attackers will go for low-hanging fruit like other black hats. They also need deniability. So, they’re most likely to either (a) use all bug hunting tools to find what’s already there and (b) introduce the kinds of defects people already do by accident. With (b), discoveries might not even burn the source if they otherwise do good work.

                          For FOSS, they’ll slip the vulnerability into a worthwhile contribution. It can be either in that component or be an interaction between it and others. Error-handling code of a complex component is a particularly-good spot since they often have errors.

                  2. 11

                    They are able to push updates over the internet and the whole thing is proprietary. I am unable to tell you what the system does because I cant see it. And at any time apple can push arbitrary code which could add a back door without anyone knowing.

                    When you can’t see what is going on you have to assume the worst.

                    1. 5

                      I can’t tell whether this is 1. a defense of open-source in general and android in particular or 2. a critique of apple.

                      Neither works.

                      1. See example of what just happened. or the firefox/mr robot partnership recently. open source does not automatically confer transparent privacy.

                      2. Apple has, in fact, emerged as a staunch defender of user privacy. There are many many examples of apple defending users against law enforcement.

                      You can’t wish Apple to be terrible about privacy and use that as the argument.

                      1. 3

                        Sure you can. They could take money to secretly backdoor the phone for NSA and use lawyers to tell FBI to get loss for image reasons. The better image on privcy leads to more sales. The deal with NSA puts upper bound on what FBI will do to them since they might just get data from NSA.

                        If that sounds far fetched, remember two things:

                        1. The telecoms were taking around $100 million each from NSA to give them data that they sometimes passed onto feds to use with parallel construction. Publicly they said they gave it out only with warrants. RSA went further to say they encrypted the data but weakened the crypto for $30 mil. The Core Secrets leak also said FBI could “compel” this.

                        2. In Lavabit trial, Feds argued he wouldnt have losses if customers didnt know he gave Feds the master key. He was supposed to do it under court order and then lie about it.

                        Given those two, I dont trust any profit-motivated company in US to not hand over data. Except maybe Lavabit in the past. Any of them could be doing it in secret for money that they take or get fines/jail.

                        1. 3

                          I would say Apple is more comparable to Lavabit than the others – they’re actively and publicly taking steps to protect their users’ privacy.

                          I wouldn’t argue that they will never do it, but to paint Apple and Google with the same brush on user privacy is silly and irresponsible.

                          1. 2

                            Well, we know that the secret, court meeting was going to put him in contempt or else. He had to shut the business down to avoid it. Apple may have been able to do more due to both size and making case public debate. Then again, that may have been a one-time victory followed by a secret loss. You can’t know if there’s two legal systems in operation side by side, one public and one secret. I assume the worst if the secret system is aggressively after something.

                            “I wouldn’t argue that they will never do it, but to paint Apple and Google with the same brush on user privacy is silly and irresponsible.”

                            I agree with this. Apple is a product company. Google is a full-on, surveillance company. Google is both riskier for their users now and more over time as they collect more which more parties get in various ways.

                        2. 3

                          I am not defending android at all. As you can see in the OP post android is absolutely horrible for privacy and control. I also agree that open source is not flawless of course but open source enables us to have the opportunity to inspect the programs we use (usually while contributing features) from what I understand the firerfox event was pushed through a beta/testing channel and not through the FF source. I would hope all linux distros have this feature turned off when packaging FF.

                          The OP comment was asking me to prove that Apple is able to change user settings over the network and I think that is an unreasonable statement to make when the software is closed source. I also mentioned that it is possible as apple is able to push new updates at any time with arbitrary code. So they have the capability of doing anything that is possible hardware wise.

                          1. 2

                            Fair on your 2nd point of responding to the OP and I don’t know whether they have the capability. However, they seem, at least at the moment, disinterested in taking random liberties with their users’ privacy.

                            1. 3

                              disinterested in taking random liberties with their users’ privacy.

                              I think that’s probably true but no one in this thread actually knows and one day its quite likely that the US government will force them to backdoor devices if they haven’t already.

                          2. 1

                            Apple has, in fact, emerged as a staunch defender of user privacy.

                            this has to be a joke

                          3. 1

                            How do you know they are able to do that then?

                            Because all system updates that got installed on my phone came only after I manually approved them. Unless I am not aware of some previously demonstrated capability this sounds like exactly the same kind of unsubstantiated argument you are arguing against.

                            1. 1

                              What criteria do you use for approving or denying updates and how would that be able to stop a backdoor being installed?

                              1. 2

                                It doesn’t matter since the original argument was that Apple can do the same thing (automatically install/change software on your device) which they cannot. You have to assent to the installation (of updates, backdoor or whatever). May not be a difference you care about, but I do.

                                I agree that black box software makes it impossible to know if software can be trusted, but binary package of an open source software is also just a black box if I am not able to generate the same hash when compiling myself which in my admittedly not recent experience happened a lot.

                                1. 1

                                  “You have to assent to the installation “

                                  You would need a copy of source for all priveleged hardware and software on their platform to even begin to prove that. You dont have that. So, you don’t know. You’re acting on faith in a profit-motivated, company’s promises.

                                  I’ll also add one that has enough money to do a secure rewrite or mod of their OS but doesnt intentionaly. They don’t care that much. They’re barely even investing into Mac OS X from what its users say. Whereas, Sun invested almost $300 million into redoing Solaris for version 10. That brought us things like ZFS.

                                  A company with around a $100 billion that cares less about QA than smaller businesses shouldnt be trusted at all. They’ve already signalled that wealth accumulation was more important.

                                  Meanwhile, tiny OK Labs cranked out mobile sandboxing good enough that General Dynamics bet piles of money on them for Defense use. Several other companies cranked out security-enhanced CPU’s, network stacks, DNS, end-to-end messaging, and so on. Quite a few were for sale, esp those nearing bankruptcy. Shows Apple had plenty of opportunities to do the same or buy them. Didnt care. They’ll make billions anyway.

                                  1. 2

                                    I agree with pretty much everything you say and while interesting, I am not sure how it is relevant to what I said.

                                    I did not argue that one should trust Apple (even though I do think iPhone has a better track record than Android). My point was simply that all other things being equal I prefer platforms that don’t suddenly change on some company’s whim and let me decide when or if I want to perform an update and that AFAICT Apple does not push those updates without user’s consent.

                                    I assume your argument is that consenting is meaningless as I cannot perform any reasonable security analysis of what I will receive. True that I can’t, but I also value predictability and speaking from a personal experience I feel I lose some of it with auto-updates.

                                    1. 1

                                      I assume your argument is that consenting is meaningless as I cannot perform any reasonable security analysis of what I will receive. True that I can’t, but I also value predictability and speaking from a personal experience I feel I lose some of it with auto-updates.

                                      I think you are missing the point. Your iPhone has convinced you that it would only ever install an update if you approved it, but you have no way of knowing that there isn’t already a way for Apple to push software without your consent, in a way that you wouldn’t detect.

                                      I’m sure if you looked at the EULA that you agree to when you use an iPhone, Apple has every legal right to do this even if they try to create an image of a company that wouldn’t.

                        3. 4

                          objdump -d

                          1. 3

                            When the OS is open source how would you know? Have you personally audited all of linux? How do you know you can trust third-party audits? I don’t think “it’s open source” provides much in terms of security all things considered.

                          2. 3

                            how do you know, what APNS does.

                          1. 2

                            The comments in the post discuss a 5XX vs a 4XX error and that client-side errors should be fixed by the client. Now I am wondering if the GDPR applies to European citizens or people that are currently in Europe (maybe a day trip or what ever). I usually thought that these GDPR filters are using geoIp. But what if a European citizen is in the US and the other way around? I only checked Wikipedia for this and they say the GDPR applies to EU-citizens. So how to figure out if a web client is a EU-citizen? What am I doing wrong?

                            1. 4

                              The companies are just trying to protect themselves as best they can. Realistically, a European citizen suing a US-only company in a European court over European law is being frivolous and the company will likely not be affected in any way, so the butt-covering of geoip blocking is more a political statement to potential sue-ers than it is actual legal protection.

                              1. 6

                                What is the actual message to European users of such political statement?

                                We don’t want your money? We don’t want your data? You do not deserve our technology? We are the Spiders of the Web and you are just a fly?

                                Btw, as an European I would really appreciate a clear statement on a website saying “we are sorry but we cannot protect your data and respect your rights, please search for one of our competitor that can do it better”.

                                I’m not ironic.
                                GDPR defines several important rights for the data subject that imply certain investments in cybersecurity and a basic quality of service. Being able to say “I cannot do this right, please ask to someone else” is a sign of professionalism.

                              2. 3

                                You figure it out by asking them. There are many sites that don’t serve US citizens for various reasons. When you enter them, they ask you to declare you are not a US citizen. It’s as simple as that. If they lie, it’s on them.

                                Honestly, this GDPR thing has gotten many Americans acting indignated and generally quite irrational over something that hardly changes anything and is not without a slew of precedent. It’s just the first time US companies are visibly seriously affected by law elsewhere. Now you know how it feels. Get over the feeling and deal with it.

                                1. 1

                                  Well, in principle, I would guess that European courts might be apprehensive about dictating law globally, which would essentially be the case if it was found that GDPR applies to European citizens wherever they may be, and even if a website operator had taken all reasonable precautions to block European citizens from using their cite.

                                  1. 3

                                    GDPR apply to data of European citizens worldwide and to data of non European citizens collected while they are in the Union.

                                    However, if your registration form have a mandatory checkbox “I’m NOT a European citizen and I’m not going to use your services while in the European Union” AND the such checkbox is uncheked by default AND you block all European IPs, I think no European court will ever annoy you.

                                1. 16

                                  Moving from Linux, though, could have upsides for Google. Android’s use of the technology, which is distributed by Oracle Corp., is at the center of a lengthy, bitter lawsuit between the two companies.

                                  I am confused. I thought they were confusing Linux with Java, but the very next paragraph addresses the Java situation.

                                  A previous version of this story was corrected to make clear Oracle link with Linux.

                                  🤔

                                  1. 4

                                    If I had to guess, the reporter writing the story couldn’t imagine them spending the resources to replace something in Android and have that thing not be what Oracle is suing them over.

                                    1. 2

                                      lol… I think they just referred to Java as “Linux” in the correction as well 🤣

                                    1. 5

                                      Engineers of all stripes have an ethical responsibility to uphold, and it’s in making tough choices, like turning down customers, that you prove your worth.

                                      That being said, it makes me sad that a scandal like this one, which in my sense is plagued by political opportunism on the left, has so much traction.

                                      1. 1

                                        Yeah… Some problems are not so clear cut. There are big differences between short term and long term outcomes, also between intent and outcome, as well as adjusting plans that don’t work well currently vs having evil intent.

                                        • Would I say Trump has much empathy? … no.
                                        • Is the right wing sadistic and enjoy suffering? I would also say no.
                                        1. 2

                                          Is the right wing sadistic and enjoy suffering? I would also say no.

                                          Citation needed.

                                          1. 0

                                            That’s pretty outrageous, the hysterics that can be seen everywhere are laughable.

                                            1. 4

                                              So people getting upset that armed cops drag off 4 month old babies from their parents in an act of open terrorism seems outrageous and hysterical to you? People being blase or amused by the same thing seems outrageous to me.

                                              1. 0

                                                No - The hysterics are ignoring the word of people there.

                                                https://www.youtube.com/watch?v=eGuSdXiFtLk

                                                This man seems genuine to me, and seems to save more children than anyone here.

                                                1. 2

                                                  moreover, if you take your or nebkors presented opinion at face value, that agent being interviewed is a terrorist, sadistic and evil. I never said wanting children to be safe are hysterics, but calling half the population evil while ignoring the whole argument is disingenuous to me.

                                                  1. 2

                                                    There is no argument in favor of this policy other than the stated rationale of terrorism. You can either be for terrorism or against it. But being for it, you should get used to being called evil.

                                                    1. 1

                                                      I’m not for it. as far as I know trump signed an order to end it which is fine by me. I never said I wanted children separated from parents.

                                                      1. 2

                                                        Yes, now they get to be imprisoned with their parents, for the crime of attempting to seek asylum, which is against the law for our government to do.

                                                    2. 2

                                                      I’m not saying all of ICE are terrorists. They do, however, all belong to the same violent and murderous gang.

                                                2. 3

                                                  Yes, they are totally laughable if you’re a fascist or fascist sympathizer.

                                                  1. 0

                                                    it sounds like you live is an echo chamber or out of control feedback loop. Try getting information from more than one source.

                                                    1. 1

                                                      We have access to the same information, and have come to different conclusions due to our conflicting values. If you’re ashamed of the label that fits your opinions, perhaps you should consider changing your opinions or values to be less shameful. But I assure you, the problem is not my sources of information. I suspect it’s not yours, either.

                                                      1. -1

                                                        You are a like a sick caricature, You behave exactly how fox news and the right want their opposition to behave, total lunacy is easy to beat in elections.

                                                        1. 2

                                                          Citation needed.

                                                          1. 1

                                                            Ok, let me apologize.

                                                            My ideal situation is everyone is allowed in, and there would a sentiment of charitable nature in the population fostered outside of government mandate to care for those who are in bad situations.

                                                            What would your ideal situation be?

                                                            1. 2

                                                              The barest start is to acknowledge the current atrocities being directly executed by the police and immigration systems, and working to stop them. Things like people being cruelly detained, isolated, abandoned in a heartless bureaucracy, children separated, deporting to known unsafe zones, etc. Next up is recognizing and taking responsibility for our actions (“our” being the United States, apologies for US-centricity) in Latin America over the course of the last 150 years, along with recent drug policy, climate change, etc. that have created this refugee crisis.

                                                              Then we can get into abolishing prisons, disarming all cops, restoring the top marginal tax rate to 90%, providing healthcare and education and food, etc. and really start getting it correct.

                                                              So yeah, because the right wing believes in property over persons, in denying moral responsibilities, in short-sighted selfishness and avarice, they are by definition heartless and sadistic. They are in charge, and their actions speak for themselves.

                                          1. 11

                                            I think that the author misses the point of having those command line tools available. It’s all about gradual development. Unix was designed for interchangeable parts that work together, making it as easy as possible to leverage work that others have done and replacing parts if they fail to work correctly, all the way up to the process level.

                                            This kind of interoperability has proven very difficult to accomplish pervasively with GUI applications. You have to standardize on some interface to exchange data, and not only that, create an intuitive method to compose programs together. Unifying the “small, composable tools” and “graphical interface” paradigms would require a drastic change in the way that current GUI applications work, so much so that it would likely break the dominant WIMP paradigm.

                                            The author was right: it’s easier to work with text, since your CLI applications already do it and that it doesn’t take extreme effort to try to use the applications in a different method than what the author thought of using it for. I think the best example of this has been Apple’s Automator. Sure, you can graphically script your Mac, but you only get the features that the application authors thought to give you.

                                            1. 4

                                              I might just add that Microsoft (with OLE), Apple (with MacOS classic, as well as AppleScript and Automator), Google (Android fragments, and now again with “stripes”) and many, many others have attempted to make “interchangeable” UI components. I think the closest to that today is something like React, where you really can just import a UI component.

                                              That being said, text isn’t exactly “simple.” For one, just text encoding can be tricky. On top of that, applications generally care about the structure of whatever text input they get, whether it be JSON or something else. That means parsers everywhere, which are themselves very complex. I think the PowerShell approach of communicating through objects is worthwhile, since at least in principle behavior can be bundled with data directly.

                                              1. 4

                                                This kind of interoperability has proven very difficult to accomplish pervasively with GUI applications. You have to standardize on some interface to exchange data, and not only that, create an intuitive method to compose programs together.

                                                If I understand you correctly, this is something Smalltalk “got right” nearly 40 years ago. All the GUI stuff can be seamlessly reused and composed. No text files needed. It’s actually very simple.

                                                Unifying the “small, composable tools” and “graphical interface” paradigms would require a drastic change in the way that current GUI applications work, so much so that it would likely break the dominant WIMP paradigm.

                                                Maybe, maybe not. The paradigm it clearly breaks is the one where standalone applications are the basic units of commercial value. Some of us may remember OpenDoc

                                              1. 1

                                                If lobsters is right, and adtech is dead in Europe, then it probably means companies like Facebook will start changing users directly. In a certain sense, I would rather pay upfront than have to deal with ads, but that’s then less money to spend elsewhere, however small the amount.

                                                In short, I think the cat is out of the bag in terms of the internet, and I doubt there’s any way to get back to the Good Old Days of everybody hosting their own personal server out of their garage.

                                                1. 5

                                                  I’m surprised at how much this article seems to coddle students who plagiarize. I would hope I would have the fortitude to enforce a no-fuss two-strikes rule.

                                                  Then again, I bet a large reason why some of these students cheat is because the instructors expect them to produce an obscene amount of work relative to the time they have available. In that case, it really is the instructor’s fault for not respecting the student’s time.

                                                  1. 2

                                                    I’d imagine a large portion of the students who cheat don’t think of themselves as cheaters, and so just don’t recognize that that’s what they’re up to. That’s why calling them out and punish them is important, because it makes them realize they’re actually cheating.

                                                  1. 3
                                                    • Probabilistic programming will become much more important. Neural networks work very well if you have a lot of data, power, and time. Not only do humans not need millions and millions of hours of driving time to become proficient, but often all of data, power, and time are limited.
                                                    • Message passing–and so microkernels–will stage a comeback. Processors just aren’t getting much faster anymore, but datasets keep getting bigger.
                                                    • Not entirely tech related, but the cost of access to space will continue to drop, which will lead to malicious actors. Just take a look at this article from a few days ago. If you know people in aerospace, chances are they’ve at least at some point mentioned how vulnerable basically all the infrastructure is in space, to an even greater degree than on the ground.

                                                    I think generally technology will keep getting better. Personal computing isn’t going to go away, software development will likely remain as easy to get into. I think software will continue to improve to the point that it knows essentially everything about you. The downside is that it then knows absolutely everything about you. While we lobsters might be prudent enough to make a show like Black Mirror as a reminder of people’s humanity, I guarantee that worldwide everybody is not as sensible.

                                                    1. 2

                                                      But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?

                                                      Ok, but what if you haven’t logged into your Google Account? Then this was far less of an issue (not to say that it wasn’t one), at least for me.

                                                      1. 3

                                                        Not logging in doesn’t change much.

                                                        The account information gives them a few more data points, but they’re not very important ones. They don’t need your account info to send you advertisements about nearby businesses, for example, or to know you’ve been searching for some type of product.

                                                        Just because they don’t know your name doesn’t mean they haven’t been following you around the internet monitoring everything you’ve been doing.

                                                        1. 5

                                                          The article describes Google being really invasive about collecting data on you.

                                                          Why would they give a fuck about whether you’re logged in or not? It’s not like being signed in signifies your acceptance of everything they’re doing to you either!

                                                          No one should be surprised by this. Google is basically an arm of the US surveillance state, and has always been. If you look into it, you’ll find they were funded by the CIA (In-Q-Tel) to begin with.

                                                          Ever wonder why no other search engine has come close to the quality of Google’s search results? No one in 2017 can do what Sergey and Larry did in the early 2000’s?

                                                          Investors wouldn’t fund a massive money making machine? People wouldn’t flock to a non-invasive alternative with roughly equal quality search results?

                                                          1. 4

                                                            People wouldn’t flock to a non-invasive alternative with roughly equal quality search results?

                                                            Correct. Unless that alternative can also provide maps, multimedia, try to satisfy sci-fi fantasies, perform nearly every service under the sun, and become just as big of a household name, no one is going anywhere.

                                                            People already see critics and those who use the smaller alternatives as “power-hungry loonies who demand privacy in the postprivacy age” and “reject the inevitable” as I keep getting told.

                                                            1. 3

                                                              Correct. Unless that alternative can also provide maps

                                                              Come on. Google Maps would still work just fine, even if you used something else for searches.

                                                              multimedia, try to satisfy sci-fi fantasies, perform nearly every service under the sun, and become just as big of a household name, no one is going anywhere.

                                                              Now you’re just listing some hand-wavy services that Google supposedly provides, that we couldn’t live without.

                                                              Again, as if you couldn’t use a search engine like you and everyone else started using Google back in the day. It gave you much better results than anything before, and you never looked back.

                                                              Somehow we all managed without maps, “multimedia”, or the search engine “satisfying sci-fi fantasies”, whatever that’s supposed to mean.

                                                              1. 2

                                                                Somehow we all managed without maps, “multimedia”, or the search engine “satisfying sci-fi fantasies”, whatever > that’s supposed to mean.

                                                                Maps has positively impacted my life in a big way. I don’t ever feel lost even in a completely new city. Even in a place with utterly insane streets, it is trivial to get around. It’s pretty freeing to know how to get some place completely new and how long it will take you to get there. Hands down, the best feature modern phones have.

                                                                Gmail and Drive are nice too, but not nearly as important.

                                                                1. 2

                                                                  Yes, maps is nice. Again, you could use both Google Maps AND someone else’s search.

                                                                  1. 1

                                                                    Agreed.

                                                            2. 4

                                                              You’re oversimplifying. Big corporations by necessity cooperate with the states in which they operate. That’s the reality of doing business, anyone who thinks anything different is deluding themselves.

                                                              Also, anyone who thinks they can own a modern smartphone and thinks they can’t be tracked, that their location isn’t being recorded somewhere, and that everything they send and receive isn’t being scanned is also deluding themselves.

                                                              We live in David Brin’s Transparent Society - best either get used to it, or learn to forego the conveniences such modern technological advances bestow.

                                                              1. 10

                                                                We live in David Brin’s Transparent Society - best either get used to it, or learn to forego the conveniences such modern technological advances bestow.

                                                                Brin’s Transparent Society was predicated on “transparency from below”, in which we had an equal view into the lives of those viewing us.

                                                                Our current society is merely an authoritarian surveillance state. It looks nothing like what he described. “Get used to it” is a disastrously passive response to the current situation.

                                                                1. 2

                                                                  My understanding is that the paper outlines two models - one in which total transparency reigns, and everyone can see everyone all the time. I agree we are nowhere near there.

                                                                  The other is the model where only certain parties -state agencies and big companies see everything - we are getting there very quickly IMO.

                                                                  1. 4

                                                                    The paper outlines those two models, labels the former “The Transparent Society” and presents the latter as, essentially, a dystopian hell on earth inimical to human rights and freedom.

                                                                    Since you feel we’re very quickly ending up in the latter, why advocate “best either get used to it, or learn to forego the conveniences”? That really seems to fly in the face of Brin’s paper, which was presenting an alternative to the current state of affairs that we could only ever hope to engage with by ignoring the very “resign yourself or go luddite” attitude that your post reifies.

                                                                    tl;dr it’s weird to cite his paper in an argument that someone should resign themselves to the current surveillance status quo, when the paper advocates a radical alternative the current surveillance status quo

                                                                    1. 4

                                                                      You’re right. Thanks for pointing that out.

                                                                2. 1

                                                                  You’re oversimplifying. Big corporations by necessity cooperate with the states in which they operate. That’s the reality of doing business, anyone who thinks anything different is deluding themselves.

                                                                  Oversimplifying how? You don’t seem to be refuting anything I said.

                                                                  You know the “co-operation” you referred to is all about either: 1) the government controlling the masses, and/or 2) the government preventing competition to the BigCorp, right?

                                                                  But you made it sound like a vaguely good thing. It’s not. It never is.

                                                                  1. 2

                                                                    In the sense that compliance does not imply ownership. Google no doubt cooperates with various US intelligence agencies, but that does not make them owned by them or an “arm” of the government. I don’t disagree at all, I’m just pointing out that the phrasing you use implies things that I do not think are true.

                                                                    1. 2

                                                                      Investment by In-Q-Tel does imply at least part-ownership by the government / CIA / surveillance apparatus. It’s not unreasonable to call Google an arm of the government.

                                                                3. 1

                                                                  The problem is that people, for the most part, assess risk by how often they know of bad outcomes. When was the last time you heard that somebody was bitten by Google’s invasion of their privacy? Europe is a bit different with regard to a cultural memory of spying, and accordingly European policies usually favor privacy.

                                                                  I don’t think things are looking up, either. As robots slowly eclipse humans in various kinds of labor, people’s opinions and attention will become increasingly valuable. If Facebook and Google’s revenue are any indication, there’s a lot of value in people’s privacy.

                                                                  1. 1

                                                                    I thoght that it might be harder for them to accurately track a device without an account, but after thinking about it in more detail, a kind of artifical device IP really shouldn’t be that hard for them to implement f they’ve gotten this far. The second reason was that until recently my phone was rooted with Cyanogen Mod w/o Gapps, so unless they pulled a MINIX on my phone, they shouldn’t have been able to access my device directly.

                                                                  2. 2

                                                                    Have you used that sim on another phone?
                                                                    Have you used that phone number on another phone?
                                                                    Does someone have a contact in their phone/google contact/facebook that says “zge, phone number xxx-xxx-xxx”?
                                                                    Have you visited/logged into some other website that uses some google API that could identify you?
                                                                    Have you connected to a wifi network? Have you used bluetooth? In both cases what you connect to could easily identify you.
                                                                    Have you had wifi or bluetooth turned on but not connected to a network?
                                                                    Has you phone been turned on? Android and iOS will both search for networks/devices anyway, to either make connecting quicker when you do turn it on, aid location information in maps etc., or, track you.