Anyone with an iota of common sense could see that.
I wasn't trying to extol myself as a genius--I was making an observation for those who haven't had much of a look at the history of the market.
What we need is a digital cash system that is run by banks -- yes, I know, we all like to hate on banks, but the truth is that banking is an important part of the economy and the majority of digital cash protocols call for a bank to issue the digital currency.
I think bank-issued digital currency would be worse than government-issued currency, because the government has at least some semblance of advancing the good of its people, whereas a single bank issuing a currency could do whatever it pleases to the market, having only profit motive.
A system like bitcoin where a very large number of users of the currency all have a stake it in with no single user selling all their bitcoins would cause more than a.1% fluctuation in value would be a system that would be very good at holding value for its users (assuming there are no design exploits and no organization with enough computing power to start playing games with the block chain).
The problem with the current bitcoin system is that I imagine there are hundreds of people who could crash the value of the currency because it's likely too concentrated with a few individuals and the market is not deep enough for them to sell their stakes to those who are willing to invest in it more. At the value of $17 US / bitcoin, there are $112,141,350 US in the bitcoin market. There are probably dozens of bitcoin "millionaires" (in USD) who would end up with probably only somewhere in the thousands of dollars if they sold, with the result being putting the bitcoin value back at something like $.10 - $.20 / bitcoin. The system is extremely intriguing, but the current ownership distribution and market seems like a disaster, either waiting to happen or already starting.
Maybe if the system were started again, with the current level of interest, the results would be different. I'd get involved in that. The market with the current ownership distribution? No way.
I've been watching the Bitcoin system/experiment since the beginning of last autumn, and I can't help but feel it's receiving too much attention and increasing in value too quickly for its own good.
I really like the idea of the system and I want to see this system or one like it succeed, but with the extremely quick rise in value since last year and all the attention it's been getting, coupled with the games those with lots of bitcoins could play with the market and the somewhat unknown nature of who controls these fortunes (now in both bitcoin and USD), I felt a devastating crash is unavoidable at $.70 US / bitcoin, much less $17 / bitcoin.
At this sort of insane value, the system is an extremely interesting experiment, but I think it's a huge roadblock for serious adoption.
*sigh*. Okay. I thought it was obvious why this "story" is not quality discussion material, but I'll explain.
The article is presented as if its subject is Eran Feigenbaum's claim that "Professionals should worry about security and privacy of data, rather than where it is stored." But instead the article is a potpourri of quotations and facts unrelated to the main problem with the claim, which the article totally ignores. Any article on the subject of this claim needs to in some way establish that security and privacy can make location irrelevant, and I would expect the supporting statements of the article to do this, but nothing in the story even approaches this basic aspect of the claim. Instead, it is filled with a number of superficially-seemingly-related-but-ultimately-off-topic anecdotes.
After presenting Feigenbaum's main claim, the article presents a "supporting argument" by Feigenbaum: "He cited a meeting in Europe where he had tracked an email sent within an office as it bounced through five countries. In this circumstance, Feigenbaum said, security trumps data sovereignty." So email currently goes through a lot of countries when it is sent from one person in an office to another, where it is likely in plain text and can be read by any number of corporate and government entities. The only way this could possibly be construed as supportive of Feigenbaum's point is if read as "Email currently goes through many nations and it is secure enough". If read with any understanding of how the email system works, it undermines Feigenbaum's point.
Then the article has Michael Cloppert "support" the argument with the same type of claim: "I'm not convinced that the data location issue is a problem - after all, packets are routinely routed around the world irrespective of the export status of their content". Again, the argument is "this is what we're doing now, therefore it is secure enough". Actual security of information going through various nations is not addressed.
Then it presents the "other side" of the argument: There is no way you can know how Google is handling your data even though they assure you they are doing it well. And their contracts have lots of language that could excuse them from legal liability if that is not the case.
Then we go back the argument supporting Feigenbaum's main point. "He said customer data can only be accessed on a need-to-know basis". This does not support 5he argument that privacy and security make location irrelevant. "[L]ess than two per cent of Google staff had entered its top secret data centres". This does not support the argument that privacy and security make location irrelevant. "Google also stamped each hard drive with unique barcodes that allowed the company to track the lifecycle of data stored on each disk." This does not support the argument that privacy and security make location irrelevant.
Then we are presented with this: "But it did not encrypt data at rest, and had no immediate plans to introduce the protection." This makes it sound like location is very important to security and privacy--that someone could entire a facility by force and read the data.
The article acheives nothing other than quoting a single-sentence, questionable claim. It presents the claim, then a number of partially related statements that are presented as "discussion" of the claim but that actually have very little to do with it. I wouldn't be surprised if the article twists what Feigenbaum actually said for sensationalistic purposes.
This article represents the worst type of "journalism".
The rest of us have kept up with English usage changes.
Don't get me wrong--in terms of grammar and usage, I very much take a descriptivist approach rather than a prescriptivist one. I didn't post because the usage was wrong, I mentioned it because I think it sounds stupid. For one reason or another, it's a mutation of English I would rather not see.
Whether it was worth posting about is a valid matter of debate. It seemed like an easy enough place to demonstrate what the fallacy of begging the question is. I had some time to kill.
For this to beg the question, the scenario would have to be something like:
I ask you: how much will the PlayStation Network hack cost Sony?
You say: Let us assume <fact #1>, <fact #2>, that Sony lost $170M, and <fact #4>
You answer: Therefore, the hack cost Sony $170M.
That is begging the question. What you meant is "This makes me wonder..." or less optimally (because of it doesn't indicate who is doing the questioning) "This raises the question...".
I know people like presenting questions they have as if they're so obvious that the questions are just "begging" all rational beings to be asked, but the phrase has a very specific meaning, so find some other way to present that idea.
This was a gambit by them to promote the use of Atom and try to get some leverage in the mobile OS market. Without Nokia they have no horse in this race and no reason to continue supporting Meego...
Perhaps you haven't been paying attention to what Intel's been saying. I'm not sure they'll be successful, but if continued work on Meego is part of their plan, I'm glad to see them try.
Would BitCoin minting really cause that much extra power use to cost more than the value of minted coins?
Probably. I'm not up to speed on the latest developments, but last time I checked, even most GPU mining wasn't worth the cost of the energy used. And GPU mining is quite a bit more efficient than CPU mining.
And that is based on my knowledge from many months ago--I'm sure the GPU code has improved since then. It helps that bitcoins are now worth more than 10 times what they were then, but this is probably more than compensated for in more people trying to get a piece of the action.
Sure, mining's a fun thing to play around with to get familiar with the system, but don't get any illusions of generating real value in bitcoins unless you want to sink some serious money into hardware at this point. This might be unfortunate, as the average user can no longer really help keep the system from being overpowered by potential attackers when each miner plays such a small role in its total processing power compared to specialized systems.
Thanks for your insightful post. As someone who's researched bitcoin (and who should have put that $500 in at the $.20 mark...) I find your post to be the only one so far that actually gives some context about this development and what it means to bitcoin, both to those new to the concept and for those who have been out of the loop for over a year. I'm certainly no expert, but I know enough that I was hoping an explanation like yours would show up earlier in the discussion for those who might not know about the futility in mining with a single CPU beyond just learning about the system, so the conversation could take a more productive direction rather than correcting myths and wild guesses about the system again and again.
This is exactly what happened with George W. Bush's felony wiretapping crimes. The clear fact was that he and his administration, through the NSA's new wiretapping programs, committed multiple wiretapping felonies, each punishable by law by up to five years in prison. Instead of reporting this inconvenient fact, the news "experts" focused on "strategy"--is it a good strategy for Democrats to hold the president to inconvenient standards like the law, when it might make them look weak on security? And somehow this massive crime was talked down into a non-issue, quietly pushed out of the scene, and when people had forgotten about it, swept under the rug by most everyone in power with retroactive immunities.
I think (hope?) that without the "opinion leaders" the outcome would have been very different.
Interesting. Maybe democracy would work better if we didn't know the opinions of others, have poll data, or hear media commentary other than candidates speaking and their records...
I've always assumed "delete" just sets a "user doesn't want this message to be seen" flag on the message record. Perhaps that's overly cynical of me, but I doubt much user data, if any, gets removed from that database once it's written.
In the '90s it was definitely IRC (although it certainly wasn't ubiquitous for everybody). In the late '90s, ICQ popped up. When I went to college in the early '00s, though, it was the first time everyone I knew in a community used such a messaging/presence system, and it was AIM. Those, like me, who had never used AOL created an account just because so many people already had them.
In my opinion, it was much preferable to the Facebook of today. Conversation could be ephemeral (even though I kept logs)--posting anything to Facebook, even a "private message", feels like filing every word into the eternal register.
I had wondered why each time I connect to my wireless network with my Windows machine the interactive firewall tells me svchost.exe is trying to connect to a Microsoft IP and why the icon shows limited connectivity until I load a web page (although I apparently didn't wonder enough to go find out--I just deny the requests or let them expire). Looks like I'll be making some registry changes.
Hopefully they've got the engine to the point where anything users mash together will be workable in their physics engine.
From only playing the story mode so far, I get the feeling there's more work to do on this front. I noticed some glitchiness in the story without looking for it, especially in carrying objects. Some of the fancier (and even not-so-fancy) elements in the game won't let you carry an object onto or past them. I noticed this especially in the later GLaDOS test chambers. In the one with a line of turrets you burn with the laser, the objects from rat man's area won't go through the panel that slides up. They hit an invisible wall. In another, you can't take them onto a lift--again, at the edge, they hit an invisible wall. These are things I'm sure they noticed in testing but weren't worth fixing before release.
Hopefully Valve patches they things in a timely manner as developers start to get creative.
Like you, I really enjoyed the more difficult puzzles in Narbacular Drop and Portal.
When I finished the story mode in the original Portal, I immediately went on to some of the packed-in challenge chambers and modes for some more complex puzzle solving with portals.
When I finished the story mode in Portal 2, I looked for the more challenging content and found... nothing. It seemed like quite an oversight at first not to even include a feature like that that was in the original game.
I get the feeling it's more difficult to create a good puzzle in Portal than in most puzzle games. Here's hoping that the community will quickly fill that gap with some high-quality puzzles.
In fairness, every ad supported app requires network access for downloading apps [ads?]. If you take that away, we as consumers like it as it's a quick and dirty ad blocker, but the advertisers and ad-supported app developers would get the short end of that particular stick.
Or we could, you know, go back to a traditional thing called advertising, and the developer could include some ads in the APKs that don't require internet access. As opposed to what's going on now, or in other words "compile lots of your personal information and activities in a database in order to profile you and sell the data and results to the highest bidder". There's quite a difference, but I think the common person sees the ad as an annoyance rather than the privacy minefield being planted behind it.
And it's an endless path that just pushes itself onward, too. The personal demographic-targeted ads devalue the traditional ads. The geo-targeted demographic-targeted ads devalue the plain targeted ads. The geo-domestic-targeted ads that analyze and report your network of friends and contacts push the value of others further toward 0. And so on.
There's a limit to what the "value" of an ad can be, and as we develop new ways to make them more personally invasive, we only create a little more "value"--what we mostly do is render the traditional ads worthless, in such a way that they are no longer profitable enough to support anything.
I suspect that selective permission removal is the main reason why most developers avoid Blackberrys. It's an equally capable platform as any other smartphone
Is it really? I haven't tried to develop for it, but something tells me that's not the case.
I mean, you can't make your app rely on ads (Internet permission you can simply turn off), etc.
Sure you can. You can include pre-selected ads in your APK. With updates, you can move them in and out of rotation. What you can't do it collect, exploit, and sell users' personal information. This isn't about advertising in any traditional sense--it's about selling knowledge of you and your activities, which is quite different.
I think Google did this to strike a balance between users and developers.
Maybe that's how they see it, but there is no balance here. Giving all the power to the developer and none to the user is by no accurate description a balance.
Has anyone written an app for android that let's the user set permissions?
One exists: Permission Blocker. Though it likely still has bugs and there hasn't been an update from the developer for a while.
I've tried it personally, and it works as described, although it doesn't seem to read packages XML perfectly (it failed to list the permissions for Firefox, though all other applications on the test device listed their permissions, which could be disabled). It requires root access and a reboot after each change. Denying some permissions forces applications to Force Close because they don't know how to deal with the denial from Android.
The Cyanogenmod team is taking the more complicated and functional route of providing acceptable responses applications will accept for denied permissions. A patch has been submitted [javascript required] that might be included in Cyanogenmod 7.1. Looks like there was a lot of activity just three days ago.
It will be great if this is included in custom ROMs, but I strongly feel one shouldn't need to void the device warranty for this simple, important, easy-to-implement feature. Google has no (good) reason for failing to include this in AOSP, and this is becoming more apparent by the day.
You don't have to go trusing them. It is a linux kernel, compile your own.
You don't even need root to do that, just the ability to flash a kernel onto the device.
You shouldn't need to void your warranty for this protection.
That it is exactly the same as the desktop?
I will give you that. Although it is much easier for an application to extract your personal information on a phone.
I can tell you would argue that we shouldn't expect more from companies, and I agree.
But shouldn't we demand it anyway, especially when it is possible and would be so easy for them to do?
It requires a root-able, rooted device running a compatible kernel. Why should you have to turn to a bunch of guys you don't know on a forum somewhere to provide such a basic and important feature?
What does it say about the state of mobile security when it is rational to trust people on an android fan forum to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?
Slashdot Mirror
Anyone with an iota of common sense could see that.
I wasn't trying to extol myself as a genius--I was making an observation for those who haven't had much of a look at the history of the market.
What we need is a digital cash system that is run by banks -- yes, I know, we all like to hate on banks, but the truth is that banking is an important part of the economy and the majority of digital cash protocols call for a bank to issue the digital currency.
I think bank-issued digital currency would be worse than government-issued currency, because the government has at least some semblance of advancing the good of its people, whereas a single bank issuing a currency could do whatever it pleases to the market, having only profit motive.
A system like bitcoin where a very large number of users of the currency all have a stake it in with no single user selling all their bitcoins would cause more than a .1% fluctuation in value would be a system that would be very good at holding value for its users (assuming there are no design exploits and no organization with enough computing power to start playing games with the block chain).
The problem with the current bitcoin system is that I imagine there are hundreds of people who could crash the value of the currency because it's likely too concentrated with a few individuals and the market is not deep enough for them to sell their stakes to those who are willing to invest in it more. At the value of $17 US / bitcoin, there are $112,141,350 US in the bitcoin market. There are probably dozens of bitcoin "millionaires" (in USD) who would end up with probably only somewhere in the thousands of dollars if they sold, with the result being putting the bitcoin value back at something like $.10 - $.20 / bitcoin. The system is extremely intriguing, but the current ownership distribution and market seems like a disaster, either waiting to happen or already starting.
Maybe if the system were started again, with the current level of interest, the results would be different. I'd get involved in that. The market with the current ownership distribution? No way.
I've been watching the Bitcoin system/experiment since the beginning of last autumn, and I can't help but feel it's receiving too much attention and increasing in value too quickly for its own good.
I really like the idea of the system and I want to see this system or one like it succeed, but with the extremely quick rise in value since last year and all the attention it's been getting, coupled with the games those with lots of bitcoins could play with the market and the somewhat unknown nature of who controls these fortunes (now in both bitcoin and USD), I felt a devastating crash is unavoidable at $.70 US / bitcoin, much less $17 / bitcoin.
At this sort of insane value, the system is an extremely interesting experiment, but I think it's a huge roadblock for serious adoption.
*sigh*. Okay. I thought it was obvious why this "story" is not quality discussion material, but I'll explain.
The article is presented as if its subject is Eran Feigenbaum's claim that "Professionals should worry about security and privacy of data, rather than where it is stored." But instead the article is a potpourri of quotations and facts unrelated to the main problem with the claim, which the article totally ignores. Any article on the subject of this claim needs to in some way establish that security and privacy can make location irrelevant, and I would expect the supporting statements of the article to do this, but nothing in the story even approaches this basic aspect of the claim. Instead, it is filled with a number of superficially-seemingly-related-but-ultimately-off-topic anecdotes.
After presenting Feigenbaum's main claim, the article presents a "supporting argument" by Feigenbaum: "He cited a meeting in Europe where he had tracked an email sent within an office as it bounced through five countries. In this circumstance, Feigenbaum said, security trumps data sovereignty." So email currently goes through a lot of countries when it is sent from one person in an office to another, where it is likely in plain text and can be read by any number of corporate and government entities. The only way this could possibly be construed as supportive of Feigenbaum's point is if read as "Email currently goes through many nations and it is secure enough". If read with any understanding of how the email system works, it undermines Feigenbaum's point.
Then the article has Michael Cloppert "support" the argument with the same type of claim: "I'm not convinced that the data location issue is a problem - after all, packets are routinely routed around the world irrespective of the export status of their content". Again, the argument is "this is what we're doing now, therefore it is secure enough". Actual security of information going through various nations is not addressed.
Then it presents the "other side" of the argument: There is no way you can know how Google is handling your data even though they assure you they are doing it well. And their contracts have lots of language that could excuse them from legal liability if that is not the case.
Then we go back the argument supporting Feigenbaum's main point. "He said customer data can only be accessed on a need-to-know basis". This does not support 5he argument that privacy and security make location irrelevant. "[L]ess than two per cent of Google staff had entered its top secret data centres". This does not support the argument that privacy and security make location irrelevant. "Google also stamped each hard drive with unique barcodes that allowed the company to track the lifecycle of data stored on each disk." This does not support the argument that privacy and security make location irrelevant.
Then we are presented with this: "But it did not encrypt data at rest, and had no immediate plans to introduce the protection." This makes it sound like location is very important to security and privacy--that someone could entire a facility by force and read the data.
The article acheives nothing other than quoting a single-sentence, questionable claim. It presents the claim, then a number of partially related statements that are presented as "discussion" of the claim but that actually have very little to do with it. I wouldn't be surprised if the article twists what Feigenbaum actually said for sensationalistic purposes.
This article represents the worst type of "journalism".
The rest of us have kept up with English usage changes.
Don't get me wrong--in terms of grammar and usage, I very much take a descriptivist approach rather than a prescriptivist one. I didn't post because the usage was wrong, I mentioned it because I think it sounds stupid. For one reason or another, it's a mutation of English I would rather not see.
Whether it was worth posting about is a valid matter of debate. It seemed like an easy enough place to demonstrate what the fallacy of begging the question is. I had some time to kill.
This does not "beg the question".
For this to beg the question, the scenario would have to be something like:
That is begging the question. What you meant is "This makes me wonder..." or less optimally (because of it doesn't indicate who is doing the questioning) "This raises the question...".
I know people like presenting questions they have as if they're so obvious that the questions are just "begging" all rational beings to be asked, but the phrase has a very specific meaning, so find some other way to present that idea.
This was a gambit by them to promote the use of Atom and try to get some leverage in the mobile OS market. Without Nokia they have no horse in this race and no reason to continue supporting Meego...
Perhaps you haven't been paying attention to what Intel's been saying. I'm not sure they'll be successful, but if continued work on Meego is part of their plan, I'm glad to see them try.
Would BitCoin minting really cause that much extra power use to cost more than the value of minted coins?
Probably. I'm not up to speed on the latest developments, but last time I checked, even most GPU mining wasn't worth the cost of the energy used. And GPU mining is quite a bit more efficient than CPU mining.
And that is based on my knowledge from many months ago--I'm sure the GPU code has improved since then. It helps that bitcoins are now worth more than 10 times what they were then, but this is probably more than compensated for in more people trying to get a piece of the action.
Sure, mining's a fun thing to play around with to get familiar with the system, but don't get any illusions of generating real value in bitcoins unless you want to sink some serious money into hardware at this point. This might be unfortunate, as the average user can no longer really help keep the system from being overpowered by potential attackers when each miner plays such a small role in its total processing power compared to specialized systems.
Thanks for your insightful post. As someone who's researched bitcoin (and who should have put that $500 in at the $.20 mark...) I find your post to be the only one so far that actually gives some context about this development and what it means to bitcoin, both to those new to the concept and for those who have been out of the loop for over a year. I'm certainly no expert, but I know enough that I was hoping an explanation like yours would show up earlier in the discussion for those who might not know about the futility in mining with a single CPU beyond just learning about the system, so the conversation could take a more productive direction rather than correcting myths and wild guesses about the system again and again.
This is exactly what happened with George W. Bush's felony wiretapping crimes. The clear fact was that he and his administration, through the NSA's new wiretapping programs, committed multiple wiretapping felonies, each punishable by law by up to five years in prison. Instead of reporting this inconvenient fact, the news "experts" focused on "strategy"--is it a good strategy for Democrats to hold the president to inconvenient standards like the law, when it might make them look weak on security? And somehow this massive crime was talked down into a non-issue, quietly pushed out of the scene, and when people had forgotten about it, swept under the rug by most everyone in power with retroactive immunities.
I think (hope?) that without the "opinion leaders" the outcome would have been very different.
Interesting. Maybe democracy would work better if we didn't know the opinions of others, have poll data, or hear media commentary other than candidates speaking and their records...
I doubt "deleted" really means "deleted".
I've always assumed "delete" just sets a "user doesn't want this message to be seen" flag on the message record. Perhaps that's overly cynical of me, but I doubt much user data, if any, gets removed from that database once it's written.
In the 90s it was IRC.
In the '90s it was definitely IRC (although it certainly wasn't ubiquitous for everybody). In the late '90s, ICQ popped up. When I went to college in the early '00s, though, it was the first time everyone I knew in a community used such a messaging/presence system, and it was AIM. Those, like me, who had never used AOL created an account just because so many people already had them.
In my opinion, it was much preferable to the Facebook of today. Conversation could be ephemeral (even though I kept logs)--posting anything to Facebook, even a "private message", feels like filing every word into the eternal register.
I had wondered why each time I connect to my wireless network with my Windows machine the interactive firewall tells me svchost.exe is trying to connect to a Microsoft IP and why the icon shows limited connectivity until I load a web page (although I apparently didn't wonder enough to go find out--I just deny the requests or let them expire). Looks like I'll be making some registry changes.
Hopefully they've got the engine to the point where anything users mash together will be workable in their physics engine.
From only playing the story mode so far, I get the feeling there's more work to do on this front. I noticed some glitchiness in the story without looking for it, especially in carrying objects. Some of the fancier (and even not-so-fancy) elements in the game won't let you carry an object onto or past them. I noticed this especially in the later GLaDOS test chambers. In the one with a line of turrets you burn with the laser, the objects from rat man's area won't go through the panel that slides up. They hit an invisible wall. In another, you can't take them onto a lift--again, at the edge, they hit an invisible wall. These are things I'm sure they noticed in testing but weren't worth fixing before release.
Hopefully Valve patches they things in a timely manner as developers start to get creative.
Like you, I really enjoyed the more difficult puzzles in Narbacular Drop and Portal.
When I finished the story mode in the original Portal, I immediately went on to some of the packed-in challenge chambers and modes for some more complex puzzle solving with portals.
When I finished the story mode in Portal 2, I looked for the more challenging content and found... nothing. It seemed like quite an oversight at first not to even include a feature like that that was in the original game.
I get the feeling it's more difficult to create a good puzzle in Portal than in most puzzle games. Here's hoping that the community will quickly fill that gap with some high-quality puzzles.
what has been released that has been worth all the hub-bub?
Here's an article listing some of the revelations from 2010.
Wooshed! by he who himself was wooshed.
Also, for those who can't tell, I inverted the "o"s in woosh for added effect.
In fairness, every ad supported app requires network access for downloading apps [ads?]. If you take that away, we as consumers like it as it's a quick and dirty ad blocker, but the advertisers and ad-supported app developers would get the short end of that particular stick.
Or we could, you know, go back to a traditional thing called advertising, and the developer could include some ads in the APKs that don't require internet access. As opposed to what's going on now, or in other words "compile lots of your personal information and activities in a database in order to profile you and sell the data and results to the highest bidder". There's quite a difference, but I think the common person sees the ad as an annoyance rather than the privacy minefield being planted behind it.
And it's an endless path that just pushes itself onward, too. The personal demographic-targeted ads devalue the traditional ads. The geo-targeted demographic-targeted ads devalue the plain targeted ads. The geo-domestic-targeted ads that analyze and report your network of friends and contacts push the value of others further toward 0. And so on.
There's a limit to what the "value" of an ad can be, and as we develop new ways to make them more personally invasive, we only create a little more "value"--what we mostly do is render the traditional ads worthless, in such a way that they are no longer profitable enough to support anything.
I suspect that selective permission removal is the main reason why most developers avoid Blackberrys. It's an equally capable platform as any other smartphone
Is it really? I haven't tried to develop for it, but something tells me that's not the case.
I mean, you can't make your app rely on ads (Internet permission you can simply turn off), etc.
Sure you can. You can include pre-selected ads in your APK. With updates, you can move them in and out of rotation. What you can't do it collect, exploit, and sell users' personal information. This isn't about advertising in any traditional sense--it's about selling knowledge of you and your activities, which is quite different.
I think Google did this to strike a balance between users and developers.
Maybe that's how they see it, but there is no balance here. Giving all the power to the developer and none to the user is by no accurate description a balance.
Has anyone written an app for android that let's the user set permissions?
One exists: Permission Blocker. Though it likely still has bugs and there hasn't been an update from the developer for a while.
I've tried it personally, and it works as described, although it doesn't seem to read packages XML perfectly (it failed to list the permissions for Firefox, though all other applications on the test device listed their permissions, which could be disabled). It requires root access and a reboot after each change. Denying some permissions forces applications to Force Close because they don't know how to deal with the denial from Android.
The Cyanogenmod team is taking the more complicated and functional route of providing acceptable responses applications will accept for denied permissions. A patch has been submitted [javascript required] that might be included in Cyanogenmod 7.1. Looks like there was a lot of activity just three days ago.
These things could be done by custom ROMs and I'd be surprised if they're not already being done by somebody.
It's not in any ROMs yet, but a patch is being considered for inclusion in Cyanogenmod 7.1 [javascript required]. Here's the related issue thread.
It will be great if this is included in custom ROMs, but I strongly feel one shouldn't need to void the device warranty for this simple, important, easy-to-implement feature. Google has no (good) reason for failing to include this in AOSP, and this is becoming more apparent by the day.
You don't have to go trusing them. It is a linux kernel, compile your own.
You don't even need root to do that, just the ability to flash a kernel onto the device.
You shouldn't need to void your warranty for this protection.
That it is exactly the same as the desktop?
I will give you that. Although it is much easier for an application to extract your personal information on a phone.
I can tell you would argue that we shouldn't expect more from companies, and I agree.
But shouldn't we demand it anyway, especially when it is possible and would be so easy for them to do?
It requires a root-able, rooted device running a compatible kernel. Why should you have to turn to a bunch of guys you don't know on a forum somewhere to provide such a basic and important feature?
What does it say about the state of mobile security when it is rational to trust people on an android fan forum to build your software more than you trust a company that has a lot to lose and should have a strong sense of responsibility?
But what's to keep them from lying?
The ability to remove permissions you aren't comfortable with.
Except, oh wait, they decided users shouldn't have that ability.