In case you never took that course, the classical economist David Ricardo figured out that if you were a tenant farmer choosing between two lots of land, the difference in the productivity of the lands makes no difference to you. Thatâ(TM)s because if a piece of land yielded, say, ten thousand dollars more revenue per year, the landlord would simply be able to charge ten thousand more in rent. In essence landlords can demand all these economic advantages their land offers to the tenant.

All these tech companies are fighting to create platforms which you, in essence, rent from them. Why do you want to use these platforms? Because they promise convenience, to save you time. Why do the tech companies want to be in the business of renting platforms deeply embedded in peopleâ(TM)s lives? Because they see the time theyâ(TM)re supposedly saving you as theirs, not yours.

Sure, the technology *could* save you time, thatâ(TM)s what youâ(TM)d want it for, but the technology companies will inevitably enshittify their service to point itâ(TM)s barely worth using, or even beyond that if they can make it hard enough for customers to extract themselves.

Yes, yes, the AC was not completely specific about the question.

When does private party A doing something illegal mean the government can fairly compel private party B to take some non-emergency action?

If I'm understanding the article correctly, the conference room window mitigation wouldn't work against this. It doesn't rely on vibrations of the windows. Instead, you'd just need a piece of paper inside the room, lit by ordinary lamps. As long as the light reflecting off the paper could pass through the windows unmodified (i.e. the windows provide clear visibility) the white noise vibrations of the windows would have no effect.

On the other hand, lightweight curtains that blocked the view through the window would stop this technique, but probably wouldn't significantly reduce what was detectable from a laser bounced off the windows (assuming no white noise).

I think we're talking past one another. I'll try to be clearer.

Sure, but that's not the point. The point is that Android does prevent most users from using anything other than Play. Not by actually blocking them from using other app stores but by simply not offering the option. And that's a good thing, because most users have no idea how to decide whether or not something is safe.

I think perhaps the confusion here is because you and I are looking at this from different directions. You seem to be looking at it from the perspective of what you or I might want to choose. I'm looking at it from the perspective of an engineer whose job is to keep 3B users safe, most of whom have no idea how to make judgments about what is safe and what isn't. Keeping them within the fenced garden (it's a low fence, but still a fence) allows them to do what they want without taking much risk. The fact that the fence is easily stepped over preserves the freedom of more clueful and/or adventurous users to take greater risks. I think this has been a good balance.

I'm pretty sure that the ability to allow unknown sources is required by the Android compliance definition document, and that a manufacturer who disables it is not allowed to call their device Android, or to pre-install the Google apps or Play.

Until Epic decides that they want their store to be able to install and update as seamlessly as Play can, and gets a court to order that. Still, your point is valid, there is still some friction for other stores. Is it enough? I guess we'll find out. Will it be allowed to remain? I guess we'll find that out, too.

goo.gl links are a significant abuse vector, so Google has to maintain a non-trivial team to monitor and mitigate the abuse. I'll bet there are several full-time employees working on that, and that the total annual cost is seven figures.

Even if it weren't an abuse vector, the nature of Google's internal development processes mean that no service can be left completely unstaffed. The environment and libraries are constantly evolving, and all the services require constant attention to prevent bit rot. A fraction of one engineer would probably be enough for something like goo.gl if it weren't abused, but that's still six figures per year, not pennies.

This isn't true for the vast majority of Android users. To a first approximation, all Android users are using devices that have "unknown sources" disabled, so they can only get stuff from Play. Of course, it's trivial to find out how to enable unknown sources and install stuff from other places and I'd expect that nearly all slashdotters who use Android have at least experimented with that, even if they don't use f-droid or whatever on a regular basis. But slashdotters are not remotely a good representative sample of Android users.

If you're talking about desktop/laptop software, sure... but most Android users don't use a desktop or a laptop and are accustomed to expecting that anything they can install is safe. And even among those who do use a non-mobile device, people expect mobile devices to be safer, because they are. This court ruling may change that, to some degree. The result will probably be good for Apple, since Android insecurity will drive people to the safety of Apple's walled garden.

Delegating security decisions to users is the best way to ensure that users have no security. I'm all for enabling users who understand what they're doing to make their own choices and are willing to accept the consequences, but the vast, vast majority don't understand security or the consequences of their security decisions, especially not in the face of clever attackers who are quite good at making malware appear completely innocuous. Even a knowledgeable security professional can't reliably distinguish malware from a legitimate app, not without deep and very specific expertise, and not always even then, and you think your grandma can?

There are three billion Android devices in the world; it's used by approximately 1/3 of all people living, and they put a lot of very important information about themselves in their devices. Android platform security decisions have enormous consequences. Android has gradually gotten more opinionated about user security because we've found time and again that if you ask users, they don't understand the implications and they make bad choices.

Many people think that the existence of unlockable bootloaders and the developer options are bad choices and suggest that we should push the Android ecosystem into the Apple model of closed, locked-down hardware and a closed app ecosystem. I disagree, and I've worked hard to make sure that the ability of people to run the software they want on the hardware they own is not restricted. For example, I have regular meetings with the leaders of various Android ROMs, including Lineage, Graphene, Calyx, etc., to help them navigate the security hardware changes that we make. This isn't something I do because my management tells me to, it's something I do on my own because I think it's important.

User freedom is deeply important to me... and so is user security, but these things are in tension. To a first approximation, increasing one decreases the other. IMO, Android has struck the right balance. By default, devices are locked down and software comes from a controlled source, but users who know what they're doing have the right and ability to remove the restrictions (mostly; low-level firmware is locked down -- I would like to see Android gain a "dev screw" capability like ChromeOS to completely open it up in a safe way). This court ruling seems likely to upset that balance in a direction that endangers users who don't know what they're doing -- and it doesn't provide any additional capabilities to users who do. It's all risk, no benefit.

Try a web search for my username and "Android". Or look for "swillden" in the AOSP codebase and commit logs. Seriously, why would you imply that I'm lying when it's extremely easy to verify? And if you think that I made up a /. username to match some rando Android engineer, look at my /. UID. I've been on /. since before Android even existed.

You have an odd definition of "subsidize".

The Earth's magnetic field is weakening which is measurable by the accelerating traversal of the magnetic poles. That's why a relatively small CME last year caused the same Northern Lights all the way down to Hawaii as the Carrington Event which was 10x stronger. The beauty is unquestionable but the impacts will cause us difficulty.

There was a recent solar storm which ionized the atmosphere more than we are used to as "normal" in our recent history, which sets up the conditions for lightning to travel further. The physics on it are pretty simple with all variables considered.

We're going to see more of these than we're used to as the pole shift continues to accelerate.

This happens every 6000 years or so and we're right on schedule but we're really unprepared to handle it. Preparing for this ought to be a planet-wide project for our species, and to help out the other species that rely on geomagnetic migration for their reproductive success.

As a kid in the 80's we only needed to update our compass calculations for variance to True North every 20 years or so; now it's yearly.

I wish Humanity could not plant their heads in the sand on this one but I'm planning like we will.

The phrase is "script kiddies", meaning young guys who know how to execute a script but don't understand how it works.

"Script kitties" is a funny visual, though. Thanks for that :-)

Very, very unlikely -- the resources required to do good malware detection at any sort of scale are enormous -- but also irrelevant. The issue isn't what the best app store does, it's what the worst does. Users who would choose an app store because it does extremely good vetting are users who would be careful what they install regardless of how careful their store is. It's the users who aren't cautious that will be harmed by Google being required to give them access to many app stores.

People say that a lot, but where I work, utility closets are locked. People need to (depending on the closet) know a combination, have the right badge, or have a physical key. And company policy is to escort people without badges to security.

This was unauthorized hardware running the attacker's choice of OS. It was not part of the bank's normal system, running their usual security tools, or with bank-managed accounts -- detecting unauthorized network traffic is a proactive detection mechanism for things like that. On the other hand, why they don't disable and lock down ports on their network switches is a good question.

Yes, it's quite rare that a Congressman's constituents are his voters.

Maybe a dozen, max.

Yet incumbents win reelection 92 % of the time.

We also have the government we deserve.

In this case I think the Play store's "captiveness" is beneficial to the consumer in one important way: Google does a much better job of policing the Play store for malware than most third party app stores do. The extra hoops that users have to jump through to use third party stores do keep most users "captive", but they also keep them fairly safe. The fact that users can easily turn on the ability to sideload other apps or app stores, though, means that they're not really captive. I think this is the right level of friction, though obviously the courts disagreed.

Unless Play can find a way to effectively police malware on third party app stores (which will be hard) they're now going to be required to distribute through Google Play, I predict that this will be pretty bad for Android users. Play could try to put warnings on third party app stores and leave it up to the user to decide, but the courts may not allow that, and it's not really a good solution anyway because when given a choice between security and something they want right now, nearly all users ignore security. I think there needs to be a little more friction than clicking through a warning.

This court ruling is really good for Android malware authors and somewhat good for Epic, but I think it's a net negative for Android users. I hope I'm wrong!

(Disclosure: I work for Google, on Android Platform Security, but not on the anti-malware team. I do below-the-OS security stuff.)