You really need to drive here.

Like most of the US, the population density simply isn't enough for mass transit to be practical.

Buses run every 15-30 minutes on the main grid streets, nominally a mile apart. Most aren't particularly full, and there aren't enough transit police to enforce basic civility, such as the blaring music from multiple speakerphones.

A planned light rail has been replaced with an expansion of the bus line on Maryland parkway.

There are more bike lanes with spacing than there used to be, but there is *no* way I am going back on to the roads with the drivers around here.

Underground tunnels with regular small automated cars would seem to be a possibility, but only if monitored well enough. I have no idea whether it would be financially viable, though.

In case you never took that course, the classical economist David Ricardo figured out that if you were a tenant farmer choosing between two lots of land, the difference in the productivity of the lands makes no difference to you. Thatâ(TM)s because if a piece of land yielded, say, ten thousand dollars more revenue per year, the landlord would simply be able to charge ten thousand more in rent. In essence landlords can demand all these economic advantages their land offers to the tenant.

All these tech companies are fighting to create platforms which you, in essence, rent from them. Why do you want to use these platforms? Because they promise convenience, to save you time. Why do the tech companies want to be in the business of renting platforms deeply embedded in peopleâ(TM)s lives? Because they see the time theyâ(TM)re supposedly saving you as theirs, not yours.

Sure, the technology *could* save you time, thatâ(TM)s what youâ(TM)d want it for, but the technology companies will inevitably enshittify their service to point itâ(TM)s barely worth using, or even beyond that if they can make it hard enough for customers to extract themselves.

If I'm understanding the article correctly, the conference room window mitigation wouldn't work against this. It doesn't rely on vibrations of the windows. Instead, you'd just need a piece of paper inside the room, lit by ordinary lamps. As long as the light reflecting off the paper could pass through the windows unmodified (i.e. the windows provide clear visibility) the white noise vibrations of the windows would have no effect.

On the other hand, lightweight curtains that blocked the view through the window would stop this technique, but probably wouldn't significantly reduce what was detectable from a laser bounced off the windows (assuming no white noise).

I think we're talking past one another. I'll try to be clearer.

Sure, but that's not the point. The point is that Android does prevent most users from using anything other than Play. Not by actually blocking them from using other app stores but by simply not offering the option. And that's a good thing, because most users have no idea how to decide whether or not something is safe.

I think perhaps the confusion here is because you and I are looking at this from different directions. You seem to be looking at it from the perspective of what you or I might want to choose. I'm looking at it from the perspective of an engineer whose job is to keep 3B users safe, most of whom have no idea how to make judgments about what is safe and what isn't. Keeping them within the fenced garden (it's a low fence, but still a fence) allows them to do what they want without taking much risk. The fact that the fence is easily stepped over preserves the freedom of more clueful and/or adventurous users to take greater risks. I think this has been a good balance.

I'm pretty sure that the ability to allow unknown sources is required by the Android compliance definition document, and that a manufacturer who disables it is not allowed to call their device Android, or to pre-install the Google apps or Play.

Until Epic decides that they want their store to be able to install and update as seamlessly as Play can, and gets a court to order that. Still, your point is valid, there is still some friction for other stores. Is it enough? I guess we'll find out. Will it be allowed to remain? I guess we'll find that out, too.

goo.gl links are a significant abuse vector, so Google has to maintain a non-trivial team to monitor and mitigate the abuse. I'll bet there are several full-time employees working on that, and that the total annual cost is seven figures.

Even if it weren't an abuse vector, the nature of Google's internal development processes mean that no service can be left completely unstaffed. The environment and libraries are constantly evolving, and all the services require constant attention to prevent bit rot. A fraction of one engineer would probably be enough for something like goo.gl if it weren't abused, but that's still six figures per year, not pennies.

oh, no.

It doesn't even *compare* to the uselessness of the Las Vegas monorail and its multiple bankruptcy.

It goes to something like five resorts and the convention center.

Due to the juice that the taxi companies used to have, it was blocked from going anywhere useful, such as the airport.

And the fair for those short hops is something like $9, although only a dollar for locals.

I haven't heard of any extensions of the boring loop in at least a couple of years, though. It will *supposedly* reach the airport and downtown, but I'll believe it when I see it.

And I'm not sure that there's any point in the current form in which it needs drivers in passenger cars. But next to the monorail, it's downright brilliant! [insert eyeball here]

This isn't true for the vast majority of Android users. To a first approximation, all Android users are using devices that have "unknown sources" disabled, so they can only get stuff from Play. Of course, it's trivial to find out how to enable unknown sources and install stuff from other places and I'd expect that nearly all slashdotters who use Android have at least experimented with that, even if they don't use f-droid or whatever on a regular basis. But slashdotters are not remotely a good representative sample of Android users.

If you're talking about desktop/laptop software, sure... but most Android users don't use a desktop or a laptop and are accustomed to expecting that anything they can install is safe. And even among those who do use a non-mobile device, people expect mobile devices to be safer, because they are. This court ruling may change that, to some degree. The result will probably be good for Apple, since Android insecurity will drive people to the safety of Apple's walled garden.

Delegating security decisions to users is the best way to ensure that users have no security. I'm all for enabling users who understand what they're doing to make their own choices and are willing to accept the consequences, but the vast, vast majority don't understand security or the consequences of their security decisions, especially not in the face of clever attackers who are quite good at making malware appear completely innocuous. Even a knowledgeable security professional can't reliably distinguish malware from a legitimate app, not without deep and very specific expertise, and not always even then, and you think your grandma can?

There are three billion Android devices in the world; it's used by approximately 1/3 of all people living, and they put a lot of very important information about themselves in their devices. Android platform security decisions have enormous consequences. Android has gradually gotten more opinionated about user security because we've found time and again that if you ask users, they don't understand the implications and they make bad choices.

Many people think that the existence of unlockable bootloaders and the developer options are bad choices and suggest that we should push the Android ecosystem into the Apple model of closed, locked-down hardware and a closed app ecosystem. I disagree, and I've worked hard to make sure that the ability of people to run the software they want on the hardware they own is not restricted. For example, I have regular meetings with the leaders of various Android ROMs, including Lineage, Graphene, Calyx, etc., to help them navigate the security hardware changes that we make. This isn't something I do because my management tells me to, it's something I do on my own because I think it's important.

User freedom is deeply important to me... and so is user security, but these things are in tension. To a first approximation, increasing one decreases the other. IMO, Android has struck the right balance. By default, devices are locked down and software comes from a controlled source, but users who know what they're doing have the right and ability to remove the restrictions (mostly; low-level firmware is locked down -- I would like to see Android gain a "dev screw" capability like ChromeOS to completely open it up in a safe way). This court ruling seems likely to upset that balance in a direction that endangers users who don't know what they're doing -- and it doesn't provide any additional capabilities to users who do. It's all risk, no benefit.

Try a web search for my username and "Android". Or look for "swillden" in the AOSP codebase and commit logs. Seriously, why would you imply that I'm lying when it's extremely easy to verify? And if you think that I made up a /. username to match some rando Android engineer, look at my /. UID. I've been on /. since before Android even existed.

You have an odd definition of "subsidize".

The phrase is "script kiddies", meaning young guys who know how to execute a script but don't understand how it works.

"Script kitties" is a funny visual, though. Thanks for that :-)

Very, very unlikely -- the resources required to do good malware detection at any sort of scale are enormous -- but also irrelevant. The issue isn't what the best app store does, it's what the worst does. Users who would choose an app store because it does extremely good vetting are users who would be careful what they install regardless of how careful their store is. It's the users who aren't cautious that will be harmed by Google being required to give them access to many app stores.

>When the power goes out, I can start a gas generator and use my local library.

when power goes out, my local library closes, and its servers go down . . .

Here in Las Vegas, we don't have an imaginary one, but we do have a *real* tunnel built by said ketamine junkie . . .

On the bright side, now we know what *really* happened to the dodo!

It wasn't hunting; but rather that they annoyed the peacocks and suffered the consequences . . .

In this case I think the Play store's "captiveness" is beneficial to the consumer in one important way: Google does a much better job of policing the Play store for malware than most third party app stores do. The extra hoops that users have to jump through to use third party stores do keep most users "captive", but they also keep them fairly safe. The fact that users can easily turn on the ability to sideload other apps or app stores, though, means that they're not really captive. I think this is the right level of friction, though obviously the courts disagreed.

Unless Play can find a way to effectively police malware on third party app stores (which will be hard) they're now going to be required to distribute through Google Play, I predict that this will be pretty bad for Android users. Play could try to put warnings on third party app stores and leave it up to the user to decide, but the courts may not allow that, and it's not really a good solution anyway because when given a choice between security and something they want right now, nearly all users ignore security. I think there needs to be a little more friction than clicking through a warning.

This court ruling is really good for Android malware authors and somewhat good for Epic, but I think it's a net negative for Android users. I hope I'm wrong!

(Disclosure: I work for Google, on Android Platform Security, but not on the anti-malware team. I do below-the-OS security stuff.)