Slashdot Mirror

The free CentOS distribution exists entirely because Red Hat Exists.

- Red Hat isn't just a middleman selling other people's work. Red Hat's employees work on - and contribute to - hundreds of different software packages. Red Hat is consistently one of the largest (and often THE largest) contributors of code to the Linux kernel, year after year.

And IBM is #4. 75% of kernel dev is corporate.
https://www.computerweekly.com...

Um, I don't know what crazy world you live on, but we pay our scientists.

And 75% of Linux kernel development is paid for by corporations.
https://www.computerweekly.com...

and Red Hat contributes A LOT to open source too. If it wasn't for Red Hat there would be no "Linux" as we know it.

IBM too. Red Hat #1 and IBM #4 in terms of corporate development of Linux. All together 75% of kernel development is corporate.
https://www.computerweekly.com...

Remember: not only RH pay salary for FLOSS engineers and supporters...

No, but Red Hat tops the list and IBM is #4:

"The top 10 organizations sponsoring Linux kernel development since the last report (or Linux kernel 2.6.36) are:
1. Red Hat,
2. Intel,
3. Novell,
4. IBM,
5. Texas Instruments,
6. Broadcom,
7. Nokia,
8. Samsung,
9. Oracle
10. and Google."

"... more than 7,800 developers from almost 800 different companies have contributed to the Linux kernel since tracking began in 2005. Of particular interest perhaps is the finding that — seventy-five percent of all kernel development is done by developers who are being paid for their work ..."

https://www.computerweekly.com...

There is another aspect people are ignoring. Linux has been corporate controlled and developed for years. A lot of work has been subsidized, and therefore directed, by various corporations. Linux is long past the point where it is primarily a "hobbyist" and "volunteer" effort.

The Linux foundation reports that 75% of kernel development is done by corporate sponsored developers. Who tops the list of these corporate sponsors? Red Hat.
https://www.computerweekly.com...

EU data protection law doesn't apply to the UK. http://www.computerweekly.com/...

The EU law isn't in force yet, but:

Despite the UK government having triggered Article 50 of the Lisbon Treaty, and being in negotiations regarding leaving the EU, the UK will still be classed as a Member State when the GDPR compliance deadline is reached on 25 May 2018.

EU data protection law doesn't apply to the UK. http://www.computerweekly.com/...

Nope,the EU data protection laws do not apply to the UK, especially since they voted to leave the EU. Note they are trying to bring the UK laws in line to the EU laws but they are not the same http://www.computerweekly.com/... .

Brexit has nothing to do with it

Brexit has something to do with it.

and doesn't mean it will be discarded.

But it means they can adapt it as they see fit:
http://www.computerweekly.com/...

Oh, not to worry, they will still reach you.

Have any friends with smartphones? Congrats, you are in Facebook's facial recog database.

Ever shop in a brick and mortar store? was it one of the ones using facial recognition to track customers behavior?

Ever use a credit card to buy anything?

Are any of your electronics vulnerable to the constant march of de-anonymization techniques? (Hint: the answer is "yes").

Your behavior will be bought and sold, whether you like it or not.

Seriously, this qualifies as a "DUH! question, but you stupid fucking Javascript monkeys never learn.

[....]

remember, properly typed adult languages allow the IDE to intellisense and refactor FOR YOU. They help you write code faster.

Just sayin.

And yet, the Javascript "monkeys" end up delivering working software which gets them money, customers and money and happiness for their customers whilst the IDE jockeys and their "scalable agile frameworks" end up delivering things like the 12 Billion pound NHS IT Disaster.

Just sayin.

It depends on the part of the country you are in. The financial city of London pays twice as much as any other industry. Once you start moving outside of London, the rates drop down. £45K - to £50K doesn't get you very far in London. A basic B&B is £25/night. Staying at a Travelodge is £50/night.

You have to be careful about London jobs. Sometimes they'll just want a "senior" person to train up a team of interns from abroad, who are actually paying £1000/month for the experience. A good guide to the general rates are here:

http://www.computerweekly.com/...

Anything to do with big data or real-time trading commands salaries three times those. Salaries are more related to the cost of renting an apartment or buying a house in a safe area.

Using a feature called Fon, BT is able to siphon off a portion of bandwidth from the wireless connections it provides to homes and offices in order to give the public as a pay as you surf Wi-Fi hotspot. BT told us Fon was automatically enabled for new broadband customers, meaning many users may be having their connections accessed by the public without any knowledge. However, BT protested that customers were informed of the service within its welcome emails and within the Home Hub guidebook.

http://www.computerweekly.com/news/450303841/Barclays-uses-blockchain-for-trade-finance-transactions/

Different sections of the UK mil and gov want their own skills.
GCHQ wants languages and to shape education to ensure a good career.
GCHQ staff teach 'future spies' in schools (9 March 2011)
http://www.bbc.com/news/educat...
Long term the view is to get the tech sector back to the pre Snowden days of weak crypto and effortless gov/mil/private sector sharing.
GCHQ boss: Tech firms should co-operate over encryption (7 March 2016)
http://www.bbc.com/news/uk-357...
That will have to start with more charm and winning over smart people.
The other issue is to find staff that won't be caught up in "MI5 staff repeatedly overrode data surveillance rules" (10 Aug 2016 9:00)
http://www.computerweekly.com/...
As for 'Valuable skills" been lost the thinking on that is more interesting. Imagination, smarts, skills and creativity can come with personalty traits that gov/mil have tested for and find difficult to shape.
Army frowns on Dungeons and Dragons (28.02.05)
http://www.ynetnews.com/articl...

For those that don't remember

Question:"... which IBM server range can run applications written for Windows NT and 2000, Novell NetWare, Aix and OS/2 as well as..."

Answer: "Probably the most important development, however, came in 1998, when the ability to run Windows NT was added (Windows 2000 has become an option now on the latest version)"

* BOTH quotes are from -> http://www.computerweekly.com/...

...which is talking about add-on x86 processors running NT (and other x86 operating systems).

Linux on a Mainframe is a neat party trick, but it doesn't really make a lot of sense.

That "party trick" is generally credited for reviving IBM's mainframe business.

Modern Z Series hardware is heavily derived from Power. Why not just run Power Linux? Mainframe I/O design is intentionally about as un-PDP-like as possible, so it's a bad match for Unix, Linux, or even Windows for that matter (NT ran on MIPS, so it theoretically could be ported to S/390).

Not sure what you're concerned about. Linux sees the mainframe hardware through drivers like any other architecture. Who cares if the DASD driver using a channel is organized differently from a memory mapped driver for some other arch? It just looks like a block driver to the rest of the kernel.

Mainframes get their performance by pushing computation into the channel controllers, and while you could do something like that in Linux, are any of your applications ready to treat your database like a device driver?

Even more puzzled by this comment. S390 applications never need to bother with channel controllers or know they exist.

Because that's what you'll have to do.

I doubt it.

And, incidentally, it's why every attempt from AIX/370 to Linux on Z Series has required virtualization and a ton of independent kernels to get anything resembling decent performance.

Citation needed.

And that's where Dell will come in and put thousands of cores in a 42U rack for you... No, IBM's own P Series is a better idea, and their former x86 division (now Lenovo) looks even better.

IBM covers the whole spectrum of form factors. For some customers, fewer individual boxes looks like a great idea.

Question:"... which IBM server range can run applications written for Windows NT and 2000, Novell NetWare, Aix and OS/2 as well as..."

Answer: "Probably the most important development, however, came in 1998, when the ability to run Windows NT was added (Windows 2000 has become an option now on the latest version)"

* BOTH quotes are from -> http://www.computerweekly.com/...

APK

P.S.=> Still, it's pretty cool seeing Linux being helped along thus by IBM (one of their BIGGEST proponents from the commercial world imo, & afaik, one of the BIGGEST contributors of helping Linux's codebase become more solid as well)... apk

Setup with a noVNC web interfaces, and sshkey management in the web management panel (so users can employ their personal ssh keys post-deployment)

[Unbalanced parentheses.] Which guide to configuring keys in popular SSH clients does your documentation link to?

We don't provide one. Support refers users to the official security guides for the appropriate distro, general questions are answered using this as the main source. Documentation for users is almost identical to that on Digital Ocean (they target the same market segment). We don't write subject documentation for users. They do, if we approve it we pay them and publish it (it's the low cost end of the market, minimal SLA).

Internally we follow NIST procedures and are audited to meet several ISO 27K standards (mainly for insurance purposes). We don't own any data centres, or control the hardware. That's a very common practise, with all but the high-end hosting providers (usually).
Our internal procedures are more stringent with the main (non-hosting) business as most of the clients are Defence related (this is Canberra, the majority of work here is Defence related).

However I was (redundantly) asking why someone who calls themselves a security professional and system administrator does not follow BP.

Because BP got hacked by Chinese? Naaah.

[smile] where following BP means jumping in a tug and telling the captain to "follow that slick".

Setup with a noVNC web interfaces, and sshkey management in the web management panel (so users can employ their personal ssh keys post-deployment

[Unbalanced parentheses.] Which guide to configuring keys in popular SSH clients does your documentation link to?

However I was (redundantly) asking why someone who calls themselves a security professional and system administrator does not follow BP.

Because BP got hacked by Chinese? Naaah.

As this is a European company it is subject to European data protection and privacy legislation. Many countries have given their enforcement agencies quite significant enforcement powers to punish abuse and there is pressure for the penalties to be increased to the point that non-compliance is not going to be viable business model:

http://www.computerweekly.com/...

Namgge

Reason number 48372534786 why it's better just to universally block advertisements on the internet.

Apple has been leading on this front with several initiatives to protect users from malicious ads. One of them was a setting in Safari to only accept cookies from the first-party site, so when you go to cnn.com the browser accepts a cookie from cnn.com but not from malvertiser.com, who has a banner ad on the site.

This upset google because it cut into their business model of selling effective ad space. So google inserted malicious code into webpages to hack the safari browser and override security settings so it could download unwanted and potentially malicious files onto users computers. Because of this, google received the biggest fine in FTC history and is being sued for privacy violations in the UK.

Think about this for a second, and what it means. A website overriding browser security settings to serve unwanted and possibly malicious files. This is outrageous and unethical, and if it were Microsoft then the entire internet community would be enraged. Also think about it in light of this article on malvertisements, which google was actively propagating.

Apple has since taken the cat and mouse game further, so the setting is "allow from current website only". I expect malvertisers to scramble to overcome this block, but I hope that legitimate respected top tier internet companies act a little more ethically.

"Microsoft and CAS recently launched QuickStart Computing. With funding from Microsoft and the Department for Education, Computing At School produced the training toolkit for teachers" ref.

"Software Development – MTA EXAM
Web Development Fundamentals – MTA EXAM
Working with XML, Data Objects, and WCF
C# Fundamentals: Development for Absolute
Microsoft.NET Fundamentals: MTA EXAM
Microsoft .NET Fundamentals" ref

" What is MTA,?: Microsoft Technology Associate (MTA) is an introductory Microsoft certification for individuals considering a career in technology" ref

I think your analogy of ruthless and myopic missed the target; Gates pales in comparison to the likes of Rockefeller, Carnegie and never mind how bad United Fruit was to Central America. The Apple walled garden approach comes with the territory of buying and using Apple products. Those who buy the devices want this kind of environment and there are alternatives. Competitors may not like the fact that Apple's TOS locks them out and Developers may be annoyed that Apple gets its cut, but there's alternatives for them as well. You also have to realize that Apple doesn't own the Mobile Device space, not by a long shot. If you look at it in total, Android and Microsoft have shipped more than Apple has in the past year. http://www.computerweekly.com/... So, if the EFF is unhappy, don't sign up to the TOS and don't put your app out on Apple's App Store. Simple.

Well, it isn't a myth so much as an untested hypothesis. If you posted on your facebook page "Aunt Nelly is on her way to Tacoma, she's running late and not arriving until the 4th instead of the 1st" and you don't have an Aunt Nelly who has some reason to be in Tacoma that would be suspicious.

Ah, but what kind of actionable intelligence do you gain from the millions of "suspicious" posts that would be detected every day? "Ok boys, be on the lookout for something or something called Nelly on it's way to Tacoma on the 4th or 1st... oh, and here are a list of a million other things to watch out for today". This is why collecting and analyzing "everything" on everybody is the wrong thing to do -- separating out the relevant data is nearly impossible when the data collection is not targeted. Even if you can build out perfect relationship graphs that map to real-world relationships for every Facebook user to let you know when he posts something out of the ordinary, thousands (hundreds of thousands?) of new users join and accounts go dormant every day, and there have been so many password hacks that it would be trivial to take over someone's valid, but little used account. And that's only for Facebook - instead of making a facebook post, the terrorist might post a picture of a clock at Times Square on Instagram (or one of millions of other blogs and other sites) to tip off his co-conspirators.

> They might be able to replace me with someone and pay then 1/2 of what I make, but they're not going to get my skillset.

"They" don't care, they've saved 50% of your wage (probably 80%). In fact, the bean counter who approved it has probably gone on to another company for double the pay already (claiming they've saved ££££), whilst taking the "bonus" for saving money with them.

And when it hits the fan .. http://www.computerweekly.com/...

"And guess who's footing the bill??"

Lots of taxpayers and corporations. It is hugely profitable for Microsoft. Here are stories about 2 other governments, from an article I wrote:

Dutch government to pay Microsoft 'millions' to extend XP support (April 4, 2014)

(U.K.) Government signs 5.5m [pounds] Microsoft deal to extend Windows XP support (April 2, 2014)

`One of the key changes involves improving the warning messages that flash on the air traffic controllers' screens when an aircraft moves out of their area of control and responsibility. The aim is for a warning to flash on the display to remind the controllers to ensure that they have completed all their co-ordination checks before an aircraft leaves their screen and becomes the responsibility of others.

"There is a quirk over whether it flashes or not," says Chisholm. "We want it to work in 100% of cases".

It is important to fix this problem because the Swanwick system, unlike the current manual process, supports the automated transfer of aircraft from one air space sector to another.

Currently at the London Air Traffic Control Centre, when controllers relinquish responsibility for an aircraft, they confirm this by phoning the appropriate new controller. This will not happen under the new automated procedures at Swanwick'. link

Amazing what someone genuinely passionate about their work and free of corporate pressures can accomplish.

Ahem. Linux Foundation: 75% of kernel development done by paid developers

As usual, the troll believes what he wants to believe because he feels good believing it. Metro isn't bullshit. The Start Menu had a good run, but it's time for something better. Use it, learn it, customize it. Or, do as the faggots do and bitch about it.

But *no* consumer board I'm aware of ships with the *chip.*

Then you obviously haven't been paying attention. Almost all laptops are now shipping with TPMs, and they are increasingly being shipped in desktops. When I was shopping for a PC last year I spotted TPM listed in several system specification lists from different major PC vendors.

According to the Trusted Computing Group more than a half billion PCs have already shipped with the Trusted Platform Module. Computer Weekly puts it at over 600 million PCs.

And according to "ZDNET "In January 2015, TPM 2.0 will be required on all certified Windows devices".

And according to Microsoft News Center, and I quote:
The Trusted Platform Module is a hardware security device or chip that s a great tool for the enterprise, but until now has been an optional piece of technology for consumer devices. TPM provides a number of crypto functions, including securely storing keys and performing cryptographic measurements. We re working to require TPM 2.0 on all devices by January 2015

So the answer to the question, I think, remains "All of them."

You were trying so say that "all" personal computers were TPM-free, but it turns out that "All of them" is is what they plan to try and force on us starting less than a year and a half from now. And as noted, over a half billion already shipped.

-

Calm and measured explanations of just what the coders are doing wrong would be ever so much more helpful. If all Linus is going to do is mouth off then perhaps it's time he just STFU and GTFO.

I think he should take your advice. Clearly his methods have been unsuccessful.

No development methodology or project management style is going to help you if: 1) people are not telling the truth about their progress and 2) the project has numerous stakeholders (or a revolving door of stakeholders) with conflicting goals pulling the project in different directions.

From the article:
"[...] back in September they were telling us everything was great then too: so either they were lying then or they are lying now or they have been lying all along"

From another article:
"The senior management responsible for delivering the programme has also undergone a significant overhaul in recent months, with UC programme director Hilary Reynolds being the latest figure to be taken off the project after just four months in the role."

"[...] esponsibility for the framework is now being moved to the Government Procurement Service – as we've always said it would."

"DWP IT chief and government chief information officer Joe Harley said in May 2011 that agile would ensure his department delivered Universal Credit on time in October 2013."

So, a two year iteration and a guaranteed delivery date? Yeah, that really sounds like Agile.

The article goes on: "Attention must turn to Accenture and IBM, who are on track to earn £1bn between them as lead developers of the system. They may have played the most significant part in agile's failure at DWP, or DWP's failure at agile. Accenture and IBM may have found agile commercially inconvenient. Neither has yet been able to speak about it."

Ass-Center and IBM? Yes, two companies who are well known for their love of Agile [rolls eyes].

it is actually increasing in other markets faster than it's consumer desktop market is eroding.

I think we need to have a little look at those markets...because its a big fat failure on mobile.

Its started to make money on a subscription service for a....end of life console. Ignoring the fact that Microsoft is about to put a *TON* of money down on keeping in the console market, or that suddenly its getting competition from, mobile...the market its a big fat failure in, or steam...or the rise of disposable Android console gaming...Hell Sony might try to compete with a console costing costing less than its weight in gold (not that that is worth as much as it was).

Ok they are starting to make money from online office....hold the page, does that mean Office without Windows, running in a Web browser...in direct competition with Google, a company it repeatedly lose against...that it can't bribe or bully. Is this new market...or *the same* market that Office is only without the Windows Monopoly to prop it up, and won't this simply cannibalise current sales of Office.

Ok they are making more money in video/telephony software one of the reasons they are currently a big fat failure in mobile...because that is in direct competition with the carriers they are trying to sell to!? I am not sure if that is not a home goal.

Lastly Server Software http://www.computerweekly.com/news/2240173199/Forrester-Microsoft-licence-hike-makes-no-sense price increases are a double edged sword, profitable in the short term, long term customers may look for low or free cost alternatives.

There is no way anyone can argue, that Microsoft has a bad quarter, but arguing these are new markets...or that they are more stable than its old monopoly, is simply not the case.

Can you get google play in China? No, so what are the millions of Android users supposed to do?

You know, when they get something like this:
http://www.computerweekly.com/news/2240159261/New-Android-virus-hits-100K-devices-in-China

They make a lot of telephony equipment, software based switches that run ISDN circuits. Do you have an o2 mobile phone? http://www.computerweekly.com/news/2240150185/Huawei-wins-contract-for-O2-network

Sorry, but no, not everything the government has should be open for anyone to obtain and peruse. Take this as an example, or several other blunders made by the UK government or its contractors. This has some data and discussion on the US. Personally, I'm more concerned with the general lack of responsibility for these kind of breaches in both the public and the private sector.

Don't get me wrong, I agree with your ideal. But ideals can rarely if ever become reality. And they're not always the blessing that they would seem to be.

A later commenter did: http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

A later commenter did: http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

Where are the government in all of this, they should ban off shoring, At a time when our economy needs the money most they are allowing jobs to be cut here and the Indian economy to be boosted by taking our jobs. David Cameron grow some balls and sort this out.

A later commenter did: http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

A later commenter did: http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

Where are the government in all of this, they should ban off shoring, At a time when our economy needs the money most they are allowing jobs to be cut here and the Indian economy to be boosted by taking our jobs. David Cameron grow some balls and sort this out.

A later commenter did: http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

The Unite union says RBS plans to offshore upwards of 500 technology roles to its existing IT operations in the US, India and the Far East.

I had the same question, and then saw this post further down, referencing this story from 2010 (which in turn points to another story discussing this as an ongoing strategy). Seems to have validity.

I had the same question, and then saw this post further down, referencing this story from 2010 (which in turn points to another story discussing this as an ongoing strategy). Seems to have validity.

A later commenter did: http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

When you remove a 1000 members of IT staff [many of which were probably your best] and replace them with 500 offshore workers combined with the need to support *legacy* systems, you are asking for trouble.

http://www.computerweekly.com/news/1280093677/Royal-Bank-of-Scotland-cuts-1000-IT-jobs

Regardless of the technical problems, the root cause of this seems to be management......

They certainly do get enforced - http://www.computerweekly.com/news/1280094253/Google-breached-UK-data-protection-laws-says-ICO

Google also respond to Data Requests under the DPA.

Yes, intercepting data over a 3G network is difficult, but not too difficult. The scenario of the free and unencrypted WiFi at the Denver airport is a totally different matter as firesheep demonstrated time ago.

I'm afraid you are spouting pure shite - no aircraft would be certified by either the FAA or the EASA if your stance was correct

That's speculation, not a factual argument. Do you set the rules for the FAA? Is the FAA infallible? (I'll stick with them since I'm more familiar with them than the EASA.)

"There is a reason that there are so many independent power generation systems onboard a modern (1970s onwards) aircraft, and there is a reason that those systems are checked and certified - there has been zero incidents where an aircraft has completely and utterly lost power during any stage of flight."

No shit, Sherlock. Where did I state otherwise? I mentioned myself that you are SOL either way, if your power goes completely out, including the ram turbo. I guess you missed that part?

I "am *very* familiar with the Airbus control systems, and your assertion that the trim wheel is useless unless in stable horizontal flight just screams that you know fuck all about what you are talking about. You can use the trim wheel to fully control the airframe in all circumstances where you would have to do so with the elevators, because the forces you have to exert during direct mechanical linkages to the elevators would break your arms on a large civil airplane and involve leverage forces that you could not exert from the tiny control columns on modern aircraft."

Really? I won't argue with you about it, but if so, then it's unlike the trimwheel in just about every other aircraft I have ever heard about, in all of which the trimwheel controls either separate small trim surfaces, or the entire surface but only in a very small range. (Hint: that's where the name "trim" came from.) The situations I am talking about were like the one that happened some years back, in which failure of an ADIRU caused the control systems to put the plane in a 30-degree nosedive. Good luck disabling the computers and pulling out of that in time, if you aren't at altitude. You'd better be at altitude if you lost all power including the generator anyway, otherwise you'd never get the turbo deployed, and that trimwheel is all you'd have for pitch.

"I'd love you to show us any cases of an Airbus crash that was attributed to computer failure - you won't find one. And I dare you to trot out the Habsheim A320 crash..."

Glad you said "attributed to" rather than proven, since the causes are often not proven.

Let's start off with Air France flight 447, which as I stated previously, had transmitted earlier that its ADIRU was malfunctioning. The only unusual thing here was that it was a 330.

http://www.bloomberg.com/news/2011-05-26/air-france-crash-pits-pilot-brains-against-computers-taking-over-cockpits.html

The autopilot was not functioning at the time of the crash of 447 (probably due to that failed ADIRU). Guess what? That's a computer failure. Although I admit that does not prove that it was the proximate cause of the crash. It certainly DOES mean that the crash has "been attributed" to computer failure.

http://www.computerweekly.com/news/1280090068/Air-France-Airbus-crash-system-pitot-sensors-a-factor

But ADIRU failures, while they can't be said to be "common", are not exactly what you would call extremely rare on the Airbus, either. See the FAA ruling further down. There was one failure in a Quantas flight a few years ago, in which 51 people were injured due to the computer malfunction caused by a failed ADIRU. Not a crash, though... not that time. But don't take my word for it:

If you read your contract, you agreed. And, they can already see nearly everything anyway. If you bought the phone directly and not through a carrier, you probably have a valid legal situation, but they most likely don't install CARRIERIQ on a direct purchased phone. And as for the post-termination data collection, I haven't seen anything showing the data is sent anywhere after the contract is terminated, or in fact any actual packet capture of any data sent - only internal events being fired.

Every text you send, they already have because they have to send it. Every non-encrypted request, they have the full URL If you're counting on SSL to protect you, consider SSL and TLS 1.0 plaintext

If you start a proprietary app like Yelp or Shazam, you have no guarantee they are using any encryption, and should assume everything is being seen by your carrier.

Their disclosure should read, very simply, we are going to know everything you do because it's going over our network. But that would freak people out, so they don't.

Carrier IQ allows a higher level of detail, but it has not been proven to send anything but aggregate statistics which legitimately could help your carrier isolate problems without people having to call. The only concern I have is that the captured events might be a target for malware.

They don't want users uninstalling it because it's useful information.

If you want full disclosure, you're going to have to build the kernel yourself, and read every line of the code, or disassemble it. Otherwise, read every line of your contract and assume the most lenient interpretation.

Short version: do not buy a subsidized phone.

There will be

http://www.computerweekly.com/Articles/2009/11/04/238414/Acta-talks-focus-on-three-strikes-no-appeal-deal-for-software.htm