Yes, copper will survive into the future, but there will be less of it, and the quality will be worse
Depending on how much less, and how much legacy customers are willing to pay, this could actually be convenient for an experienced support tech, of course...
Infrastructure decay should open up a vast supply of weird and ghastly problems with connections over those lines. The main question is whether there are enough high-rolling legacy customers(and/or enough institutional inertia) that there will still be demand for people to keep the remaining copper customers on life support, or whether the across-the-board solution to copper problems will be "This upgrade is Exciting and Mandatory"...
If you're worried about your skills becoming obsolete, then GET NEW SKILLS! This isn't that hard. Anyone in a technology field should not expect to use the same skill set for 30 (!) years, let alone 45.
Granted, this far along in the process may experience a bit of a renaissance (much like COBOL programmers), but if job security is a concern, it's time for some new education/training.
The major issue is usually not the 'get new skills' part per se; but the 'then get hired by people who could also just hire Joe 22-year-old whose first skills are your new skills, and who won't cost our insurance plan as much and is probably willing to start for less'.
The implementation is such that the devil in the details will be banished; but replaced by the devil in communicating with the details:
The Arduino work-a-like should be perfect, since the 'Arduino' half of the system is provided by exactly the same Atmel SAM3X8E as the Arduino Due, with the same I/O headers and so forth. The Freescale Cortex-A9 half of the board can communicate with the Atmel side; but has no role in attempting to emulate Arduino anything.
However, because of that, it's architecturally just a reasonably speed ARM board with an Arduino connected to it. Smaller footprint, because the two systems share a board; but software running on the Cortex-A9 side of things will just see a USB device of whatever flavor the Arduino is providing(they used to be USB serial only; but I think they can emulate HID devices and possibly a few other things now as well). The two processors don't share a memory space, or have automagic access to one another's peripherals, or anything of that nature.
It also seems to rely on the(severely dubious) assumption that Google's disclosure will have much of an effect, on anything aside from how slow the vendor looks, for 'actively exploited unpatched vulnerabilities'.
This isn't a 'Hey, we found a bug that nobody else knows about yet, we are going to release it just for giggles!' situation. Clock. Is. Already. Ticking. Google's 'deadline' may be the one at which you start looking increasingly incompetent in public; but the deadline at which everyone running your software started to be in danger has already passed, and was set by somebody else, over which neither you nor Google have any control.
That's what I don't understand about this 'argument'. Sure, in a hypothetical world where Google alone controls the time at which a vulnerability becomes known and exploited, there might be room for argument about how much time they should grant. This isn't that world.
1. So far it's been marketed more successfully and therefore exists on most HD devices
That'd be about it.
On the plus side, the devices that are HDMI only are also unlikely to be sufficiently new and powerful to provide 4k output, and the scaling from the 1080 they do provide is a trivial 1->4, so there should be no unpleasant artifacts.
The only real losers are the (relatively thin) slice of HDMI 1.4 capable PC video cards, which are capable of pushing 4k pixels; but only at low refresh rates. Anything earlier than 1.4 won't handle that resolution at all, and anything that isn't a PC(home theatre type devices) isn't going to be providing more than 1080p anyway, so it shouldn't be a problem.
The question is... what content will take advantage of this? Most consumable content is at 1080p and I've yet to see a game which can run at these resolutions yet alone the newest Cryengine.
If you can't hear your card screaming for air right now, you probably don't own a video card that can handle it; but most reasonably modern engines are flexible on resolution. The drop-down menu may not present the option, if it's something odd; but some bodging around with.ini files or command line options can usually be made to happen.
I'm sure some games just don't ship with the texture assets to fully do justice; but unless the textures the engine uses even for right-in-your-face distances are truly dreadful, it should be possible to get noticable improvement over 1080p.
Photos/editing are one obvious area that would benefit: even the '4k' screen is only 8.2 megapixels. Even cheap happy-snap cameras dump pictures that large(some of them may have lower effective resolutions because their optics suck; but somebody buying a several-thousand-dollar screen is probably also in the market for a real camera, if that's their thing).
While mundane, text should also look pretty nice: 30 inches is a lot of real space, to have multiple documents tiled, and 140ppi is on the high side for desktop panels, so fonts should look really good.
If anything, team video and their 'consumable content' are probably last in terms of readiness.
You should really factor in at least state taxes, if not local, there: the US is a federalist country, and the effective tax rate on the citizenry is determined at both the federal and state level...
The point remains in that case: an illogical/capricious law enforced inconsistently or selectively is going to be even more illogical and capricious than such a law upheld uniformly. Doesn't mean that you don't want to get it off the books as soon as possible; but selective enforcement is a beautiful tool for keeping shit on the books: if you don't enforce it in situations were somebody might fight back, it could remain for decades without trouble, ready to be thrown at anybody unsympathetic enough to be a safe target.
... or maybe they have a sense that taxes are a necessary evil. One might feel schadenfreude at the violators due to the former... but also sympathy due to the latter.
I think that the surprising thing is that anybody would think that a necessary evil badly and unevenly enforced would possibly be better than a necessary evil efficiently and fairly enforced.
There is, arguably, nothing more corrosive to the rule of law than flagrantly spotty and selective enforcement of it.
Aside from 'fairness' in itself(which probably is a motivator, you can even piss off some of the smarter flavors of monkeys by presenting them with 'unfair' situations), I suspect that perfectly sensible self-interest is at work:
When the tax man comes, the poor are least able to hide(they have no lawyers, no accountants, and they tend to spend close to what they earn, so even if they are being paid in cash under the table, they still show up in sales taxes); but they also have fuck all money to collect.
The wealthy(especially so in countries with high levels of economic inequality) are where the assets are, often a commanding percentage of them; but they also have by far the most sophisticated measures for avoiding taxation.
It's the intermediate cases, who might actually have enough money to even be worth the trouble of collecting; but have neither the money nor the influence to engage in effective tax evasion, who end up footing the bill(since going after people poorer than them is nearly pointless, there just isn't any wealth there, and going after people richer than them has traditionally been difficult). Why wouldn't they resent tax evasion?
What goes in, must come out. I'm not sure if I'd like to swallow a pill every day for authentication. Besides, it doesn't seem that secure. What's to stop my friend from taking my pills and authenticating as me? The Tattoo idea may be better, but it better be secure. You can't exactly "Patch" a tattoo with a security fix.
C'mon, coward, the patching process is a routine inpatient procedure, and isn't quite as gruesome, painful, or infection-prone as that picture makes it look.
As an Iranian I see this as a very positive development.
The computing technology sanctions were doing exactly what the Iranian regime wants, that is to prevent average Iranian from uncontrolled access to information. They filter the web, ban VPN services, limit home Internet access to a maximum of 128Kbps. When people are already sanctioned by their own government, better not to add to that.
One thing that I'd be more than a trifle concerned about is exactly which American tech outfits are lining up to do some exportin'...
We certainly have some fine folks on Team Freedom; but we also have a massive list of spook shops and 'lawful intercept' outfits who are delightfully service oriented when it comes to assisting customers with achieving their compliance goals, so to speak...
I'm all for Iranian citizens getting tor and PGP and friends; but I wish them luck when their government responds by inking some sweet contracts with Palantir, and Bluecoat, and Sandvine, and their ilk...
pro-tip: when buses are hijacked or children kidnapped, it will be an adult that does it. As for recognizing kids, the driver can work off a paper with thumbnail pictures
I wouldn't put it past some of the older students(grades 6-12 certainly would include a few) to be overtly dangerous; but some iris-scanning nonsense also entirely fails to address that, since a student will be an authorized user and sail right through...
It really doesn't make much sense at all. Even if you wanted to play some electronic-orwell attendance tracking game, iris scanning is both expensive and invasive compared to, say, mag stripes on student IDs.
Is somebody's cousin the vendor? Does somebody in admin or on the school board jerk off to Minority Report every night?
I suspect that even a nigh-science-fiction breakthrough in robust biological characterization wouldn't free you of the dreaded 'spectrum'.
Even among comparatively well understood and characterized medical problems, where you can run some labs or an MRI or something and get an nice graph and some numbers out, there are very few 'binary' disorders. You might either have a strep infection or not; but the only limit on the detail of the 'strep spectrum' is how much diagnostic detail is worth the effort. In principle, you could count up every last bacterium, rank the more heavily and less heavily colonized patients, classify them according to location(s) of heaviest infection, have subclasses based on efficacy of immune response(possibly even which elements of the immune response are active, and how fast they come online). If that isn't enough, you could even start looking at the (definitely variable from one person to another) genomes of the bacteria. Any special plasmids? Obviously, that isn't worth bothering with, because it'd cost a fucking fortune and(aside from a few basic tests for antibiotic resistance) wouldn't change the proposed treatment.
The odds that a serious perturbation in something as complex as the human neural network wouldn't result in myriad different outcomes, of varying flavor and severity, seems vanishingly unlikely, even if you had arbitrarily good diagnostic tools at your disposal.
That the current methods don't work is disappointing; but(given how arduous, time-consuming, and expensive they are for the families and patients) having a robust early test whose results strongly suggest that they don't work does represent progress.
Unless you go for the real lunatic fringe, who are shooting kids full of lupron, chelating them to hell and back, and who knows what else, most autism treatment is harmless enough; but very, very, time-intensive.
...and I don't mean street view. I'm glad to see Nintendo get the spanking they deserve on the Wii U. They need to step up, stop reshoveling the same old franchises and strategy. Your games are getting old, stop betting the farm on them every gen, branch out and CREATE SOMETHING. Make some awesome games, or you deserve what you're getting.
I'd be happier about it if I thought that Nintendo were getting spanked for some reason other than the fact that they aren't releasing Mario Sequel X: HD Polygons as quickly and effectively as Microsoft and Sony are shoveling out their respective franchise warm-overs, and failing to get EA on board for FIFA 20-something-or-other-who-gives-a-fuck: Roster update edition...
For those of us that's not Windows users thats Solaris Zones/Containers or Linux Namespaces/SELinux in a nutshell. Or software partitioning, kernel virtualization and many other names/labels.
You are missing the relevant bit: All those partitioning technologies, right back to when LPARs crawled out of the primordial mainframe at the dawn of time, let the owner of the system do whatever they want to the subordinate partitions/zones/containers/etc. The system protects the subordinate containers from one another; but not from the entity at the top of the pyramid.
If you are on a system with a partition you can't look into, that's a very good sign that you aren't the owner.
Don't get me wrong, I agree that they are screwed, it's just that the 7-day window is when black-hats are already known to be using the bug. Under those circumstances, you would be screwed no matter what: the 'disclosure' has already happened among the people who are interested in using it for evil. The only value in a delay by the 'responsible' parties is that it reduces the apparent lateness of your fix.
You're so busy playing corrective geek, SHOW US YOUR STANCE!
In case it isn't clear, I think that the plan is a steaming load of shit smeared with a thin layer of dishonesty. By adding just enough references to javascript, and one cripple implementation, the W3C has created the impression(seen abundantly throughout this thread) that 'web DRM' will somehow be magical interoperable, cross-platform DRM, so even if you don't like DRM, at least this DRM will work everywhere and you won't need plugins, why can't you be pragmatic, man? However, it actually fails to solve any problems of interoperability, cross-platform support, plugins, or anything else.
Plenty of DRMed-tighter-than-a-drum systems run linux, some vendors of such even comply with the GPL. The ability to build your own kernel, though, is pretty much academic when you can't boot your own kernel.
(or, increasingly likely in our SoC-riddled 'mobile' and STB world, the 'CDM' will be implemented as part of the hardware that supplies accelerated video decode: if you are running on a vendor-blessed platform, the browser will pass the encrypted stream to the hardware/firmware, which will decrypt it, decompress it, and write it directly to a video overlay on the screen(that area of framebuffer being in protected RAM, naturally). The OS will never even see it...
What if a bug cant be fixed and systems patched in 7 days time? are they going to cut corners on something like testing?
Going from bug report to design and code a fix, to test, to roll it out to the infrastructure in 5 working days seems like an impossible benchmark to sustain even with the super brainiacs working at google
There isn't a good alternative: If a bug is already being actively exploited, the clock started ticking before Google even knew about it, you just didn't know it yet. The secret is already out, at least one attack system is in the wild, etc. If nobody tells the customers, they risk getting owned and don't know to take precautionary measures above and beyond the usual. If somebody tells the customers, at least some of them might be able to mitigate the risk.
There's room for risk-acceptance bargaining in situations where a bug isn't believed to have gone wild(and so you can balance 'risk of it going wild before we fix' with 'quality and adoption of the fix we have time to build' when deciding how much time to grant); but with bugs already in exploitation, the 'risk of it going wild' is already 100%, starting even before the conversation begins.
Yes, copper will survive into the future, but there will be less of it, and the quality will be worse
Depending on how much less, and how much legacy customers are willing to pay, this could actually be convenient for an experienced support tech, of course...
Infrastructure decay should open up a vast supply of weird and ghastly problems with connections over those lines. The main question is whether there are enough high-rolling legacy customers(and/or enough institutional inertia) that there will still be demand for people to keep the remaining copper customers on life support, or whether the across-the-board solution to copper problems will be "This upgrade is Exciting and Mandatory"...
If you're worried about your skills becoming obsolete, then GET NEW SKILLS! This isn't that hard. Anyone in a technology field should not expect to use the same skill set for 30 (!) years, let alone 45.
Granted, this far along in the process may experience a bit of a renaissance (much like COBOL programmers), but if job security is a concern, it's time for some new education/training.
The major issue is usually not the 'get new skills' part per se; but the 'then get hired by people who could also just hire Joe 22-year-old whose first skills are your new skills, and who won't cost our insurance plan as much and is probably willing to start for less'.
The implementation is such that the devil in the details will be banished; but replaced by the devil in communicating with the details:
The Arduino work-a-like should be perfect, since the 'Arduino' half of the system is provided by exactly the same Atmel SAM3X8E as the Arduino Due, with the same I/O headers and so forth. The Freescale Cortex-A9 half of the board can communicate with the Atmel side; but has no role in attempting to emulate Arduino anything.
However, because of that, it's architecturally just a reasonably speed ARM board with an Arduino connected to it. Smaller footprint, because the two systems share a board; but software running on the Cortex-A9 side of things will just see a USB device of whatever flavor the Arduino is providing(they used to be USB serial only; but I think they can emulate HID devices and possibly a few other things now as well). The two processors don't share a memory space, or have automagic access to one another's peripherals, or anything of that nature.
It also seems to rely on the(severely dubious) assumption that Google's disclosure will have much of an effect, on anything aside from how slow the vendor looks, for 'actively exploited unpatched vulnerabilities'.
This isn't a 'Hey, we found a bug that nobody else knows about yet, we are going to release it just for giggles!' situation. Clock. Is. Already. Ticking. Google's 'deadline' may be the one at which you start looking increasingly incompetent in public; but the deadline at which everyone running your software started to be in danger has already passed, and was set by somebody else, over which neither you nor Google have any control.
That's what I don't understand about this 'argument'. Sure, in a hypothetical world where Google alone controls the time at which a vulnerability becomes known and exploited, there might be room for argument about how much time they should grant. This isn't that world.
1. So far it's been marketed more successfully and therefore exists on most HD devices
That'd be about it.
On the plus side, the devices that are HDMI only are also unlikely to be sufficiently new and powerful to provide 4k output, and the scaling from the 1080 they do provide is a trivial 1->4, so there should be no unpleasant artifacts.
The only real losers are the (relatively thin) slice of HDMI 1.4 capable PC video cards, which are capable of pushing 4k pixels; but only at low refresh rates. Anything earlier than 1.4 won't handle that resolution at all, and anything that isn't a PC(home theatre type devices) isn't going to be providing more than 1080p anyway, so it shouldn't be a problem.
TVs are also... renowned... for the quality and accuracy of the EDID data they provide the hapless device attempting to drive them.
The question is... what content will take advantage of this? Most consumable content is at 1080p and I've yet to see a game which can run at these resolutions yet alone the newest Cryengine.
If you can't hear your card screaming for air right now, you probably don't own a video card that can handle it; but most reasonably modern engines are flexible on resolution. The drop-down menu may not present the option, if it's something odd; but some bodging around with .ini files or command line options can usually be made to happen.
I'm sure some games just don't ship with the texture assets to fully do justice; but unless the textures the engine uses even for right-in-your-face distances are truly dreadful, it should be possible to get noticable improvement over 1080p.
Photos/editing are one obvious area that would benefit: even the '4k' screen is only 8.2 megapixels. Even cheap happy-snap cameras dump pictures that large(some of them may have lower effective resolutions because their optics suck; but somebody buying a several-thousand-dollar screen is probably also in the market for a real camera, if that's their thing).
While mundane, text should also look pretty nice: 30 inches is a lot of real space, to have multiple documents tiled, and 140ppi is on the high side for desktop panels, so fonts should look really good.
If anything, team video and their 'consumable content' are probably last in terms of readiness.
You should really factor in at least state taxes, if not local, there: the US is a federalist country, and the effective tax rate on the citizenry is determined at both the federal and state level...
Yes, the US is an unfortunately good example of this behavior in action.
The point remains in that case: an illogical/capricious law enforced inconsistently or selectively is going to be even more illogical and capricious than such a law upheld uniformly. Doesn't mean that you don't want to get it off the books as soon as possible; but selective enforcement is a beautiful tool for keeping shit on the books: if you don't enforce it in situations were somebody might fight back, it could remain for decades without trouble, ready to be thrown at anybody unsympathetic enough to be a safe target.
... or maybe they have a sense that taxes are a necessary evil. One might feel schadenfreude at the violators due to the former ... but also sympathy due to the latter.
I think that the surprising thing is that anybody would think that a necessary evil badly and unevenly enforced would possibly be better than a necessary evil efficiently and fairly enforced.
There is, arguably, nothing more corrosive to the rule of law than flagrantly spotty and selective enforcement of it.
Aside from 'fairness' in itself(which probably is a motivator, you can even piss off some of the smarter flavors of monkeys by presenting them with 'unfair' situations), I suspect that perfectly sensible self-interest is at work:
When the tax man comes, the poor are least able to hide(they have no lawyers, no accountants, and they tend to spend close to what they earn, so even if they are being paid in cash under the table, they still show up in sales taxes); but they also have fuck all money to collect.
The wealthy(especially so in countries with high levels of economic inequality) are where the assets are, often a commanding percentage of them; but they also have by far the most sophisticated measures for avoiding taxation.
It's the intermediate cases, who might actually have enough money to even be worth the trouble of collecting; but have neither the money nor the influence to engage in effective tax evasion, who end up footing the bill(since going after people poorer than them is nearly pointless, there just isn't any wealth there, and going after people richer than them has traditionally been difficult). Why wouldn't they resent tax evasion?
What kind of shitty future did I wake up in where 'unlocking your cellphone' is a "superpower"?
What goes in, must come out. I'm not sure if I'd like to swallow a pill every day for authentication. Besides, it doesn't seem that secure. What's to stop my friend from taking my pills and authenticating as me? The Tattoo idea may be better, but it better be secure. You can't exactly "Patch" a tattoo with a security fix.
C'mon, coward, the patching process is a routine inpatient procedure, and isn't quite as gruesome, painful, or infection-prone as that picture makes it look.
Happy patch Tuesday!
As an Iranian I see this as a very positive development.
The computing technology sanctions were doing exactly what the Iranian regime wants, that is to prevent average Iranian from uncontrolled access to information. They filter the web, ban VPN services, limit home Internet access to a maximum of 128Kbps. When people are already sanctioned by their own government, better not to add to that.
One thing that I'd be more than a trifle concerned about is exactly which American tech outfits are lining up to do some exportin'...
We certainly have some fine folks on Team Freedom; but we also have a massive list of spook shops and 'lawful intercept' outfits who are delightfully service oriented when it comes to assisting customers with achieving their compliance goals, so to speak...
I'm all for Iranian citizens getting tor and PGP and friends; but I wish them luck when their government responds by inking some sweet contracts with Palantir, and Bluecoat, and Sandvine, and their ilk...
pro-tip: when buses are hijacked or children kidnapped, it will be an adult that does it. As for recognizing kids, the driver can work off a paper with thumbnail pictures
I wouldn't put it past some of the older students(grades 6-12 certainly would include a few) to be overtly dangerous; but some iris-scanning nonsense also entirely fails to address that, since a student will be an authorized user and sail right through...
It really doesn't make much sense at all. Even if you wanted to play some electronic-orwell attendance tracking game, iris scanning is both expensive and invasive compared to, say, mag stripes on student IDs.
Is somebody's cousin the vendor? Does somebody in admin or on the school board jerk off to Minority Report every night?
Have you considered the hypothesis that your boss considers the emotions of his peons to be irrelevant?
I suspect that even a nigh-science-fiction breakthrough in robust biological characterization wouldn't free you of the dreaded 'spectrum'.
Even among comparatively well understood and characterized medical problems, where you can run some labs or an MRI or something and get an nice graph and some numbers out, there are very few 'binary' disorders. You might either have a strep infection or not; but the only limit on the detail of the 'strep spectrum' is how much diagnostic detail is worth the effort. In principle, you could count up every last bacterium, rank the more heavily and less heavily colonized patients, classify them according to location(s) of heaviest infection, have subclasses based on efficacy of immune response(possibly even which elements of the immune response are active, and how fast they come online). If that isn't enough, you could even start looking at the (definitely variable from one person to another) genomes of the bacteria. Any special plasmids? Obviously, that isn't worth bothering with, because it'd cost a fucking fortune and(aside from a few basic tests for antibiotic resistance) wouldn't change the proposed treatment.
The odds that a serious perturbation in something as complex as the human neural network wouldn't result in myriad different outcomes, of varying flavor and severity, seems vanishingly unlikely, even if you had arbitrarily good diagnostic tools at your disposal.
That the current methods don't work is disappointing; but(given how arduous, time-consuming, and expensive they are for the families and patients) having a robust early test whose results strongly suggest that they don't work does represent progress.
Unless you go for the real lunatic fringe, who are shooting kids full of lupron, chelating them to hell and back, and who knows what else, most autism treatment is harmless enough; but very, very, time-intensive.
...and I don't mean street view. I'm glad to see Nintendo get the spanking they deserve on the Wii U. They need to step up, stop reshoveling the same old franchises and strategy. Your games are getting old, stop betting the farm on them every gen, branch out and CREATE SOMETHING. Make some awesome games, or you deserve what you're getting.
I'd be happier about it if I thought that Nintendo were getting spanked for some reason other than the fact that they aren't releasing Mario Sequel X: HD Polygons as quickly and effectively as Microsoft and Sony are shoveling out their respective franchise warm-overs, and failing to get EA on board for FIFA 20-something-or-other-who-gives-a-fuck: Roster update edition...
For those of us that's not Windows users thats Solaris Zones/Containers or Linux Namespaces/SELinux in a nutshell. Or software partitioning, kernel virtualization and many other names/labels.
You are missing the relevant bit: All those partitioning technologies, right back to when LPARs crawled out of the primordial mainframe at the dawn of time, let the owner of the system do whatever they want to the subordinate partitions/zones/containers/etc. The system protects the subordinate containers from one another; but not from the entity at the top of the pyramid.
If you are on a system with a partition you can't look into, that's a very good sign that you aren't the owner.
Don't get me wrong, I agree that they are screwed, it's just that the 7-day window is when black-hats are already known to be using the bug. Under those circumstances, you would be screwed no matter what: the 'disclosure' has already happened among the people who are interested in using it for evil. The only value in a delay by the 'responsible' parties is that it reduces the apparent lateness of your fix.
You're so busy playing corrective geek, SHOW US YOUR STANCE!
In case it isn't clear, I think that the plan is a steaming load of shit smeared with a thin layer of dishonesty. By adding just enough references to javascript, and one cripple implementation, the W3C has created the impression(seen abundantly throughout this thread) that 'web DRM' will somehow be magical interoperable, cross-platform DRM, so even if you don't like DRM, at least this DRM will work everywhere and you won't need plugins, why can't you be pragmatic, man? However, it actually fails to solve any problems of interoperability, cross-platform support, plugins, or anything else.
Tivoization, good sir, Tivoization...
Plenty of DRMed-tighter-than-a-drum systems run linux, some vendors of such even comply with the GPL. The ability to build your own kernel, though, is pretty much academic when you can't boot your own kernel.
(or, increasingly likely in our SoC-riddled 'mobile' and STB world, the 'CDM' will be implemented as part of the hardware that supplies accelerated video decode: if you are running on a vendor-blessed platform, the browser will pass the encrypted stream to the hardware/firmware, which will decrypt it, decompress it, and write it directly to a video overlay on the screen(that area of framebuffer being in protected RAM, naturally). The OS will never even see it...
What if a bug cant be fixed and systems patched in 7 days time? are they going to cut corners on something like testing?
Going from bug report to design and code a fix, to test, to roll it out to the infrastructure in 5 working days seems like an impossible benchmark to sustain even with the super brainiacs working at google
There isn't a good alternative: If a bug is already being actively exploited, the clock started ticking before Google even knew about it, you just didn't know it yet. The secret is already out, at least one attack system is in the wild, etc. If nobody tells the customers, they risk getting owned and don't know to take precautionary measures above and beyond the usual. If somebody tells the customers, at least some of them might be able to mitigate the risk.
There's room for risk-acceptance bargaining in situations where a bug isn't believed to have gone wild(and so you can balance 'risk of it going wild before we fix' with 'quality and adoption of the fix we have time to build' when deciding how much time to grant); but with bugs already in exploitation, the 'risk of it going wild' is already 100%, starting even before the conversation begins.