1. You won't have to wait for an hour for your tank to fill up.
2. The supercharges aren't free: you're paying for them when you buy the car. And it's proprietary: you can't use it with other electric cars.
Usually in the managed world you have references that point to an object. The objects themselves don't live in the same place forever, they may be moved by the GC (to consolidate "holes" in memory). References reflect that movement so you don't notice. However, when using unsafe code (which has pointers and pointer arithmetic) you need to keep the objects in place. That's pinning and it essentially forces the GC to work around those islands of pinned objects.
Does Google Play have a public API for downloading APKs? Does it work for paid apps as well? (I'm not able to construct good keywords for search here: Google thinks I'm looking for an APK for the store app instead)
Even when they don't shut them down, they can often turn gold into shit. See Delicious, Flickr (before Melissa Mayer) and so on...
Google actually does a better when they decide to keep the product (Android, Blogger, Google Docs...), but it's impossible to know whether they're buying the product or the team until they either integrate the product or shut it down.
They searched the account of a French blogger, so that adds another layer of insane complications (I'd guess both France and EU would come down pretty hard on Microsoft, but for the wrong reasons)
What happened to the Hydrogen option? A few years ago, everybody was talking about how it would be the best possible fuel and how much better than batteries it is, but I haven't heard much about it after.
From a distribution point of view, it seems like both batteries and hydrogen are pretty much equally bad. Is there something holding back the powertrain technology with hydrogen?
Hydrogen is difficult to store and transport safely, as it has to be highly compressed to get a useful amount into a fuel tank, and is obviously highly flammable. It also requires a lot of energy to extract (via electrolysis), which I imagine makes it, at best, of comparable energy efficiency to battery power.
Aren't a lot of people who used to work at Microsoft during the 90s/early 2000s working at Google now? I'd be surprised if the people who implemented Embrace/Extend/Extinguish in the first place aren't one step ahead.
The best parts of Android are already closed sourced and patented: gapps, all the stuff Samsung, Motorola, HTC etc. add on, the baseband etc.
Even if Google is a step ahead, it wouldn't be too bad for devs to have a top tier common Mobile app Dev environment. I for one love .Net and if MS can pull off Extend and Embrace successfully (less extinguish) we (or at least .Net fans) will be better off.
The market will be better off with MS, Google, and Apple as strong rivals.
XPrivacy should really come installed by default with Android: the new versions are really quite good (especially with the cloudsourcing and on-demand bits) and really highlight how atrocious most apps are with your personal data. And it is a hell of a lot more effective than relying on companies like Avast to detect and remove bad actors from the market. I've lost track of the number of times random apps (most of whom are just shells around a website) ask permissions for my full phone number, Google and Facebook accounts, contact info etc. for no reason at all. At this point, I'm scared of using Android without the module. (not that ios or windows are any better)
Denying permissions breaks most apps (I'd say, 8-9 out of 10 just crash due to unhandled exceptions), so XPrivacy returns fake data (no contacts, no Internet connection, spoofed MAC and IMEI etc.).
But, then, some companies are really upset about spoofing. For example, Swype had serious issues with that to the extent they cried they won't even be able to release their famous keyboard if they weren't be able to get personal data for their analytics. [1] So, CM team decided to not built any spoofing (the only practically working solution to the problem) in.
I see where the Swype folks are coming from, but it's a bit like the people who complained against the existence of mailinator.com a decade back. Are they seriously claiming that a company whose entire business is based on making sense of dubious data will completely break down if its analysis service gets some bad inputs? How do they deal with shady manufacturers who return wrong data?
Swype is operating in a marketplace that is full of apps crying wolf and asking for way more permissions than they need, usually for unknown purposes. For example, I like to read The Verge and use its app[1], but it has "read phone status and identity" and "modify or delete the contents of your USB storage" in its manifest, which I'm not comfortable with. There is nothing that explains what they use this information for, how long they store it, and who they share it with. Heck, my desktop browser doesn't give theverge.com this permission and yet the site functions just fine.
Why should I bare my personal data to the whole world just because one developer is too lazy to implement checks on his inputs?
If you don't handle SecurityException you deserve to lose. Google made revocation of permissions possible, but then hid the capability. They chickened out. Making permissions revocable is one of the best enhancements Google could make to Android.
Developers don't really lose anything. A bunch of privacy-caring nerds who don't let spy on them too much? They're a tiny fraction, and even then, they've increased download counter.
If app doesn't handle exceptions, it's the consumers who are at loss. They either lose their privacy or service. Former is worse (in my viewpoint), but still...
(Obviously, losing some dubious malware-ridden "night vision" app is not real loss to begin with, but there are more high-quality apps that are quite disastrous from privacy viewpoint.)
Google has, at least, hinted in this direction. Developers should get a clue. Or they will find more junk data in their analytics, as users deploy more spoofing.
There's no incentive to get a clue. Typical users will click through anyway. And, well, if you don't get a clue you get a possibility to spy on your users.
Unless Google will start actively penalizing requesting more permissions than absolutely necessary, nothing will change. And, considering all top market players (including Google themselves) are actually interested in analytics and whatever and not interested in end-user's privacy, it's very unlikely scenario.
Swype's issues with spoofing date back to before they were a paid app (that only happened last year). At the time, there were only two ways to get Swype:
1. Your device manufacturer paid to include Swype in their default keyboard (no IMEIs requested or desired, AFAIK). That was where they made their money, at the time.
2. You signed up for Swype's beta program, to get a free version of Swype directly from them (which you sideloaded, possibly on multiple devices and/or ROMs). To me, whether or not they "really" needed IMEIs for their statistics is beside the point. Gathering those statistics was the only thing they were getting out of their beta program, so if you didn't like that deal you should just not participate - not spoil it for other people by giving false information.
The paid version of Swype still collects location information (or at least uses the location API, according to my phone). Paying users of the keyboard would be quite justified in trying to prevent Swype from getting that information.
Yeah, I've been holding back on rooting my Nexus 5 for a while just because I don't want to deal with the full wipe, but this convinced me. Obviously this article is somewhat AV FUD (just don't download the sketchy Spanish night vision app with WRITE_SMS permissions), but it's time I got my permissions in check.
The entire store experience is the opposite of what Eric Lippert calls the Pit of Success: literally no one involved in the process is incentivized to protect your data. Developers ask for all the permissions they can get away with because users get confused by multiple warnings, users blindly click accept on everything because they've learnt they can't use the app without that, Google is blindly complicit in all this because for some reason, they think everyone is as interested in/capable of protecting user data as they are... (Or they just don't care.)
To be honest, the default approach should be making app developers only be allowed to ask for one permission at a time. This would provide a constraint where the developer would ask for permissions they need only when a user tries out a feature in the app that relies on that one permission.
Accessing the address book is another area where permissions could be made much better. No app really needs access to my entire address book. They just need to launch the built in address book and only get the information they need for the one or more contacts you choose from your address book.
I agree, but look at the grief Microsoft got when they tried it with Vista's UAC prompts... more permission popups is clearly not what the majority of users want.
I think one solution is having the prompts integrate with the sort of crowdsourcing algorithm that XPrivacy has (e.g., if >90% of users have granted the app permissions on the address book, then don't show the prompt.)
Another important feature is that the app should not know if the user has granted it the permissions it asked for. If the user doesn't want to, the system should just feed the app bogus data and let the user continue interacting with other parts of the app (as we see today, most apps don't really need the data they collect in order to work.)
This isn't the problem with UAC prompts. Their problem is that the user simply doesn't have the information to make any kind of informed decision, since the prompts are at pointless places in the lifetime of a process or give very little information on what is actually going to happen ("Do you want to allow the following program [..] to make changes to this computer?").
Android permissions, on the other hand, are reasonably fine-grained and allow the user to deduce what the app is going to do. If the app wants to send a SMS, how hard is it to popup a modal dialog that shows the target number and asks for the permission right there? That is obviously much better than showing it in one big list along with "internet access" in some nag-screen on the store.
Of course the app should know I didn't grant the permission. The only reason you revert to bogus data is because apps currently crash in horrible ways instead of handling it gracefully, as would be the case if this kind of at-the-spot permissions handling was the default.
Showing modal dialogs on every new permission request is how XPrivacy works right now, and while I understand and deal with the process, I can easily see how most people would (rightly) see it as an annoyance. I'm just saying they could easily augment it with their crowdsourced data and reduce the number of prompts, which would mean people will actually pay attention to the prompts when something bad happens.
Re: your second point, you're right, if the on-demand permissions handler were the default, more apps would handle it gracefully. However, it's not, and most apps today crash because they don't handle SecurityException when they call the android APIs. Also, you're assuming developers will act in good faith and will do whatever the users want. I would not be surprised at all if companies like Zynga, if they knew the user didn't give them the permissions, implement all sorts of dark UIs to trick/force the user to give them their data.
Should we not protect users just because they're too trusting with computers to realize what's going on?
> I agree, but look at the grief Microsoft got when they tried it with Vista's UAC prompts... more permission popups is clearly not what the majority of users want.
Counterpoint, iOS appears to have a very successful permissions model in doing exactly this.
* Permissions are asked for one at a time
* Apps are expected to handle rejected permissions, but they're sent dummy data anyway (address book has no contacts, GPS coords is 0,0 etc)
I guess something like that may work better in a more limited mobile environment where you don't have to do it 20 times an hour, and it's also easier to do it with touch.
>I agree, but look at the grief Microsoft got when they tried it with Vista's UAC prompts... more permission popups is clearly not what the majority of users want.
Android only asks for those permissions when installing the app, which is not too burdensome. Iirc Vista did UAC popups for almost every user action, which people rightfully rose hell about.
A better way would be to come up with a smart grouping profile for apps that want reasonable common combinations. For example, "Standard application that can access your INTERNET". Give it a nice screen. "Standard application application that can USE YOUR CAMERA and access your INTERNET" would get a big question mark icon.
For any app that wants any weird combination outside the standards, make it opt in like you say - one permission at a time. With each requiring a screaming skull and crossbones.
If you did that, you could integrate more fine-grained permissions into a small number of supported profiles, and developers would be strongly discouraged from choosing anything outside that combination.
They blindly click on ACCEPT because Google stupidly lists relatively benign permissions ("network access", "read phone state", "vibrate") where they should be only listing severe ones. And the permissions they do list are often poorly explained.
xprivacy and xposed framework give an insane amount of control back to us end users. I suggest everyone cautious of their private data being taken without permission to look into them for android.
GPS just means the plane knows where it is. The equipment necessary for the plane to inform the airline ops about its location is still vulnerable to all sorts of problems, even with the kind of anal development practices required by FAA and equivalent agencies. Airports usually have have radars that track nearby airspace, but otherwise, I think most planes are tracked by the ADS-B signals that they actively transmit (insecurely).
Does that mean that they pretty much know where the plane is likely to be? I recall from previous accidents that sometimes they can't find the plane very quickly. I don't know much about this subject, but what stops them from locating the plane within just a few hours?
Over water or in other remote locations, there is no radar coverage thus there is absolutely no information about the plane location except position reports from the pilot. Airliners have "ping home" systems that regularly send various info (including GPS location) back to the central company servers using satellites. However, the reports frequency varies from 15 to 90+ minutes and even 5 minutes is A LOT for a plane traveling at MACH 0.7. But even if the position reports will be timely and accurate, during the descend (after a catastrophic event onboard), the plane might travel tens of miles from the last reported position. Then, ocean currents can move the pieces even further from the last reported position (as it have happened with Air France plane pieces).
Lastly, ADS-B is not a solution for over the ocean position reports - the radio is not powerful enough to transmit data over the long distance (this is why we need to build so many ground stations in the US to actually use it). Not to mention, that ADS-B is not fully operational even in US.
I think they could look at satellites looking at that region at the time. There are satellites just taking photos and they probably have captured something.
...there really aren't satellites 'just taking photos' of the ocean. You might have a spy satellite taking pictures of a naval exercise. I think you are underestimating a) how vastly big the ocean is, and b) satellite capacity (most intelligence satellites are over land).
71% of the world is ocean. The ocean is vast, and most of it has very little going on. Last month someone washed up having been lost at sea for over a year, having only seen two or three ships (which didn't stop). A few ships in 13 months.
I was wondering the same thing. I'm guessing as much as the media and Hollywood want us to believe that the government / military is tracking everything in the air, in reality that isn't really the case.
