He is, naturally, only describing one side of the coin: With a well executed GoogleTV approach you get one UI to use. With Apple you need to switch between totally different UIs in the Apple box and the cable box -- maybe yet another one in the TV itself.
I don't see how one option is clearly "more simple" or "easier" than the other. But I do know I'd like to have just one UI.
That point was not related to information security at all, yet you apparently accuse me of infosec paranoia (the point was about choice, but more on that in end of the post). Security is just an example of the many things that can go wrong when users choices are artificially limited.
This is what matters: with Skype and other communication methods that work over proprietary protocols I'm tied to whoever owns the protocol. If the provider becomes evil, my _only_ choices are to stop communicating totally using this method or continue using the evil provider -- this is not how a free market should work.
You mentioned Google specifically, let's take a closer look at that example: I currently use Google as my xmpp/email provider but the "address" I give people is on my own domain. If I want to change either xmpp or email provider, I can do that by asking my DNS provider to change the relevant records. My contacts will never notice a thing a thing Google doesn't have any say in my decision.
If you can't see how Skype and Google are different from the example above, then I just can't help.
Finally, I hope you realize this isn't about infosec paranoia, it's not about security at all. It's about being able to choose your service provider -- ensuring that there is a real free market on this level as well. It's great that there is "protocol-level" free market (e.g. Skype vs xmpp vs Facebook chat) but it's important to realize that there should be competition below that as well. If you disagree, would you really be fine with the idea of a single telephone service provider for the whole world?
I don't get your "You think that the carriers are going to let them?" comment. Carriers love it when CDNs want to park a server inside their network. Ads are no different: less traffic through the external tube, faster load times for customers.
It's a classic chicken and egg problem: Everyone realizes that making the change sooner rather than later would be cheaper -- as we wait, the total estimated costs keep rising and rising. The problem is that for an individual actor this is not true: making the change before others is not cheaper, in fact it's probably more expensive.
The end result is that everyone waits and waits until the pain of IPv4 is totally unbearable. Ungodly amounts of money will be spent in stop gaps and workarounds because for the individual companies that is still the economically smart thing to do.
So, I can only assume you don't use IM (Google Chat, AIM, Facebook chat, or IRC) or SMS, nor do you make use of, say, an ISP or telephony company, right?
I really don't understand what you mean. Of the communication methods you list I use XMPP (Google chat), IRC, SMS, telephone. I also have a website, email address and a contract with an ISP.
None of the above tie me to a single operator. If I lose trust in any of network operators or software providers involved, I can change to another one without significant service disruption -- or my contacts noticing it.
Enforcing any kind of sane network security policy with skype is impossible.
Verifying Skype message security is very difficult: we just have to take their word for it.
Skype head of security said "I will not say if we are listening in or not" when asked about eavesdropping. Apparently they have the means anyway.
Oh, and the most important thing: why the fuck would anyone want to give control of a communication network to a single company when it's not physically required? That makes no sense.
"We're closing down the service" was the main message. It's awesome if you and others familiar with GOG knew the whole deal, but the intention was clearly to deceive the media and the public. Take a look at the last/. discussion: a lot of people fell for it.
It's not like this is a big deal but it was clearly dishonest.
How about you start licensing it with non nazi-like licences.... But then, I suppose some people LIKE nazi-like licences.
Software license can often be negotiated: Authors may be willing to relicense (or add another one), if given a well presented and compelling argument for the change. This has happened before -- picking the right license can be difficult and it's possible the original authors did not think of all scenarios.
Speaking of "a well presented and compelling argument": you, sir, did not make one.
Maybe it tells you nothing useful, but to a bug reporter the bug is TREMENDOUSLY IMPORTANT and they very much hope that you FIND IT USEFUL.
Easy cowboy, no need to shout. I only explained why the number is not a useful statistic for evaluating the quality of development. Your experiences, as interesting and useful for improving the Mozilla development process as they may be, are not relevant to that argument.
Please realize that my argument had _nothing_ to do with the source license or development model, just the difficulty of evaluating software QA process efficiency. Bugs get lost, forgotten and buried in proprietary development and open source, working with any massive bug database will teach you this. Saying "453 BUGS!!!" does not tell us whether Mozilla is doing well or not.
It's not about the Google apps: every OS manufacturer has closed apps. The major point here is being part of the Android ecosystem: most importantly the application market. According to Skyhook, Motorola would have been banned from the marketplace if they had used Skyhook (because Android certification is a requirement and Google won't certify skyhook-enabled devices).
There may be good reasons for this: as I mentioned elsewhere, maybe Skyhook couldn't implement the location API well enough. We can't tell at this point.
You know what they about statistics... just showing a number like that isn't the whole truth. Omitting context here is not lying but it is dishonest.
As an example, you could have mentioned that your list includes bugs from _all_ products in the Mozilla bugzilla, things like Venkmann, a js debugger that hasn't existed for five years or so. You could also have mentioned that 453, while an impressive number of forgotten bugs is actually 0.075% of all reported bugs. Or you could have noted that the vast majority or those bugs only have 0-5 votes which in b.m.o means a very obscure bug, and that most of the remaining bugs don't really belong in Critical...
I'm not claiming that the those bugs don't include real, important bugs, I'm saying your figure alone tells us _nothing_ useful. B.m.o is a massive and ancient issue tracker, things do get lost in there, but that doesn't prove that the process is totally broken. If you can't understand this, then you haven't worked with massive issue trackers. In the corporate world this problem is often "solved" by a QA cleanup: sweep under the rug any issues that are too obscure and where no progress is being made. That looks a lot better in the reports but doesn't really help the users.
Look, it's not about "actively stopping the use of Skyhook", no-one is claiming that! What end users can do is just not relevant. This is all about OEMs and what they are allowed to do: Skyhook is saying that Google now prevents OEMs from using a service that competes with Google if they want to be part of the ecosystem.
Google Maps has no technical reason to require exactly the Google location implementation, anything that provides the same API should do. But even if you were right, Google isn't just demanding their location services for Maps to work: According to Skyhook OEMs that do not use Google location services cannot be Android compatible, meaning no Android market, no gmail or anything in the ecosystem for them.
I have no idea if Skyhook is telling the truth -- they could be omitting details like not being able to implement a good replacement for the Google location component. But if they are mostly correct, I think this is a big deal -- it shows that openness only goes so far if you are an OEM... when you start competing with Google, you may get kicked out. This isn't inherently bad, but good to know.
All actual data like messages is (supposed to be) encrypted. So the rogue seed can see your network or parts of it but should not get anything else.
My understanding is from a quick glance, it would be awesome if the developers would document things a bit more and lay out the design and roadmaps properly.
sure, it goes against the idea that android is supposedly completely free/open, but google has a right to protect their platform, and the experience on that platform
This, I believe, is the only problem here -- Apple does everything exactly like Google with the exception that they don't claim to be "open". Likewise Intel doesn't say Centrino is about choice in anyway. Google does, according to Daring Fireball Vic Gundotra says "If you believe in openness, if you believe in choice, if you believe in innovation from everyone, then welcome to Android". Now maybe he meant Android the base operating system, but I would have thought he meant the Android ecosystem -- OS, software, services, market...
I think what you said is 100% true: Google has every right to stop you from using the Android name if you do anything Google doesn't like. But the fact remains, calling that an open system is dishonest.
In this particular case I can't accept that they are just protecting the integrity of the platform: do you think Google would have done this if location wasn't a Google service? Would Google really have forced every manufacturer to use e.g. Skyhook if they thought Skyhook was really good?
OEMs are not allowed to ship other location products, or they lose their access to Google services, the market, etc. So the operating system itself is really open, but the ecosystem around it is "open as long as you do what we tell you to do".
You physically cannot make that impossible. You could encrypt messages and things like that but your service provider must know quite a few things, like your friends service IDs. Putting a lot of effort in this is a fools errand: you need to trust you service provider to a large extent (not just in social networking, but in any networking).
Also, many people are fine giving their personal info in exchange for better service. Why should that be impossible -- as long as there are other options for the privacy conscious? The important point is that users must be able to move from one provider to another.
It's still a lousy excuse for not doing the actual work.
When the Finnish block list leaked (for the first time) it turned out a lot of the sites were actually hosted in countries where child porn is illegal (and where you could actually assume the police might act on it). Guess what the Finnish police did? They just slapped the sites on their secret list, and did not inform the police in the countries where the crime was being committed.
"No impact on speed": true, there's no effect (it's usually just a simple DNS blocklist at ISP, or sometimes a http proxy).
"80-95% of citizens are censored": False, as far as I know. Some large ISPs did start enthusiasticly but it seems most have now gone back to not censoring, or offer both censored and uncensored access. The three large ISPs I am in contact with (Elisa, Sonera and Welho) all offer uncensored DNS.
"Accuracy is 100%": True if you define accuracy as "how many sites on the block list get blocked when using a blocking DNS server". No-one knows how many false positives the list contains or what percentage of all child porn sites are on the list -- there's no possibility of knowing this for sure as the only time citizens get to see the list is when it happens to leak (check wikileaks for the most recent ones). There have been some fairly high profile false posititives though: www.w3.org was blocked for a time -- and the police had no other explanation than "human error".
Ad supported hosting is used for thousands of services already... Why couldn't a diaspora service provider do that?
There are lots of reasons why this may fail, but you didn't provide one, I think. As I see it, the diaspora service providers should get their profit much like Facebook does, with the exception that people can change providers and pick the one that has the features they want (be it better privacy or a wide selection of funny cat pictures).
I guess if this actually gets off the ground there would be a few major hosts and a large amount of small ones, much like what has happened with git: Github and Gitorious are big but then there are a large amount of "project" services like git.gnome.org or git.kernel.org and even more very small personal servers often hosting just one repo.
The sad thing is, they realize the problem of proxying testosterone by age and spend a couple of pages hand waving it away and fail pretty badly... Your gut feeling is correct, no need to read the paper.
Slashdot Mirror
He is, naturally, only describing one side of the coin: With a well executed GoogleTV approach you get one UI to use. With Apple you need to switch between totally different UIs in the Apple box and the cable box -- maybe yet another one in the TV itself.
I don't see how one option is clearly "more simple" or "easier" than the other. But I do know I'd like to have just one UI.
That point was not related to information security at all, yet you apparently accuse me of infosec paranoia (the point was about choice, but more on that in end of the post). Security is just an example of the many things that can go wrong when users choices are artificially limited.
This is what matters: with Skype and other communication methods that work over proprietary protocols I'm tied to whoever owns the protocol. If the provider becomes evil, my _only_ choices are to stop communicating totally using this method or continue using the evil provider -- this is not how a free market should work.
You mentioned Google specifically, let's take a closer look at that example: I currently use Google as my xmpp/email provider but the "address" I give people is on my own domain. If I want to change either xmpp or email provider, I can do that by asking my DNS provider to change the relevant records. My contacts will never notice a thing a thing Google doesn't have any say in my decision.
If you can't see how Skype and Google are different from the example above, then I just can't help.
Finally, I hope you realize this isn't about infosec paranoia, it's not about security at all.
It's about being able to choose your service provider -- ensuring that there is a real free market on this level as well. It's great that there is "protocol-level" free market (e.g. Skype vs xmpp vs Facebook chat) but it's important to realize that there should be competition below that as well. If you disagree, would you really be fine with the idea of a single telephone service provider for the whole world?
I don't get your "You think that the carriers are going to let them?" comment. Carriers love it when CDNs want to park a server inside their network. Ads are no different: less traffic through the external tube, faster load times for customers.
It's a classic chicken and egg problem: Everyone realizes that making the change sooner rather than later would be cheaper -- as we wait, the total estimated costs keep rising and rising. The problem is that for an individual actor this is not true: making the change before others is not cheaper, in fact it's probably more expensive.
The end result is that everyone waits and waits until the pain of IPv4 is totally unbearable. Ungodly amounts of money will be spent in stop gaps and workarounds because for the individual companies that is still the economically smart thing to do.
You're still free to do weird things in your network for whatever odd reason you want, go ahead.
As a counterpoint to the specific example you mentioned: https://panopticlick.eff.org/
I really don't understand what you mean. Of the communication methods you list I use XMPP (Google chat), IRC, SMS, telephone. I also have a website, email address and a contract with an ISP.
None of the above tie me to a single operator. If I lose trust in any of network operators or software providers involved, I can change to another one without significant service disruption -- or my contacts noticing it.
Could you clarify the question?
I assume you are referring to the Google VOIP service that is currently available to ~4.5% of the world population?
Enforcing any kind of sane network security policy with skype is impossible.
Verifying Skype message security is very difficult: we just have to take their word for it.
Skype head of security said "I will not say if we are listening in or not" when asked about eavesdropping. Apparently they have the means anyway.
Oh, and the most important thing: why the fuck would anyone want to give control of a communication network to a single company when it's not physically required? That makes no sense.
"We're closing down the service" was the main message. It's awesome if you and others familiar with GOG knew the whole deal, but the intention was clearly to deceive the media and the public. Take a look at the last /. discussion: a lot of people fell for it.
It's not like this is a big deal but it was clearly dishonest.
If this is what all your friends are doing, may I suggest the problem is with them, not the medium?
Software license can often be negotiated: Authors may be willing to relicense (or add another one), if given a well presented and compelling argument for the change. This has happened before -- picking the right license can be difficult and it's possible the original authors did not think of all scenarios.
Speaking of "a well presented and compelling argument": you, sir, did not make one.
Easy cowboy, no need to shout. I only explained why the number is not a useful statistic for evaluating the quality of development. Your experiences, as interesting and useful for improving the Mozilla development process as they may be, are not relevant to that argument.
Please realize that my argument had _nothing_ to do with the source license or development model, just the difficulty of evaluating software QA process efficiency. Bugs get lost, forgotten and buried in proprietary development and open source, working with any massive bug database will teach you this. Saying "453 BUGS!!!" does not tell us whether Mozilla is doing well or not.
It's not about the Google apps: every OS manufacturer has closed apps. The major point here is being part of the Android ecosystem: most importantly the application market. According to Skyhook, Motorola would have been banned from the marketplace if they had used Skyhook (because Android certification is a requirement and Google won't certify skyhook-enabled devices).
There may be good reasons for this: as I mentioned elsewhere, maybe Skyhook couldn't implement the location API well enough. We can't tell at this point.
No android certification, no Android app Market. That is way more important than the Google name.
You know what they about statistics... just showing a number like that isn't the whole truth. Omitting context here is not lying but it is dishonest.
As an example, you could have mentioned that your list includes bugs from _all_ products in the Mozilla bugzilla, things like Venkmann, a js debugger that hasn't existed for five years or so. You could also have mentioned that 453, while an impressive number of forgotten bugs is actually 0.075% of all reported bugs. Or you could have noted that the vast majority or those bugs only have 0-5 votes which in b.m.o means a very obscure bug, and that most of the remaining bugs don't really belong in Critical...
I'm not claiming that the those bugs don't include real, important bugs, I'm saying your figure alone tells us _nothing_ useful. B.m.o is a massive and ancient issue tracker, things do get lost in there, but that doesn't prove that the process is totally broken. If you can't understand this, then you haven't worked with massive issue trackers. In the corporate world this problem is often "solved" by a QA cleanup: sweep under the rug any issues that are too obscure and where no progress is being made. That looks a lot better in the reports but doesn't really help the users.
Look, it's not about "actively stopping the use of Skyhook", no-one is claiming that! What end users can do is just not relevant. This is all about OEMs and what they are allowed to do: Skyhook is saying that Google now prevents OEMs from using a service that competes with Google if they want to be part of the ecosystem.
Google Maps has no technical reason to require exactly the Google location implementation, anything that provides the same API should do. But even if you were right, Google isn't just demanding their location services for Maps to work: According to Skyhook OEMs that do not use Google location services cannot be Android compatible, meaning no Android market, no gmail or anything in the ecosystem for them.
I have no idea if Skyhook is telling the truth -- they could be omitting details like not being able to implement a good replacement for the Google location component. But if they are mostly correct, I think this is a big deal -- it shows that openness only goes so far if you are an OEM... when you start competing with Google, you may get kicked out. This isn't inherently bad, but good to know.
All actual data like messages is (supposed to be) encrypted. So the rogue seed can see your network or parts of it but should not get anything else.
My understanding is from a quick glance, it would be awesome if the developers would document things a bit more and lay out the design and roadmaps properly.
This, I believe, is the only problem here -- Apple does everything exactly like Google with the exception that they don't claim to be "open". Likewise Intel doesn't say Centrino is about choice in anyway. Google does, according to Daring Fireball Vic Gundotra says "If you believe in openness, if you believe in choice, if you believe in innovation from everyone, then welcome to Android". Now maybe he meant Android the base operating system, but I would have thought he meant the Android ecosystem -- OS, software, services, market...
I think what you said is 100% true: Google has every right to stop you from using the Android name if you do anything Google doesn't like. But the fact remains, calling that an open system is dishonest.
In this particular case I can't accept that they are just protecting the integrity of the platform: do you think Google would have done this if location wasn't a Google service? Would Google really have forced every manufacturer to use e.g. Skyhook if they thought Skyhook was really good?
Read the summary at least :)
OEMs are not allowed to ship other location products, or they lose their access to Google services, the market, etc. So the operating system itself is really open, but the ecosystem around it is "open as long as you do what we tell you to do".
You physically cannot make that impossible. You could encrypt messages and things like that but your service provider must know quite a few things, like your friends service IDs. Putting a lot of effort in this is a fools errand: you need to trust you service provider to a large extent (not just in social networking, but in any networking).
Also, many people are fine giving their personal info in exchange for better service. Why should that be impossible -- as long as there are other options for the privacy conscious? The important point is that users must be able to move from one provider to another.
It's still a lousy excuse for not doing the actual work.
When the Finnish block list leaked (for the first time) it turned out a lot of the sites were actually hosted in countries where child porn is illegal (and where you could actually assume the police might act on it). Guess what the Finnish police did? They just slapped the sites on their secret list, and did not inform the police in the countries where the crime was being committed.
For Finland:
"No impact on speed": true, there's no effect (it's usually just a simple DNS blocklist at ISP, or sometimes a http proxy).
"80-95% of citizens are censored": False, as far as I know. Some large ISPs did start enthusiasticly but it seems most have now gone back to not censoring, or offer both censored and uncensored access. The three large ISPs I am in contact with (Elisa, Sonera and Welho) all offer uncensored DNS.
"Accuracy is 100%": True if you define accuracy as "how many sites on the block list get blocked when using a blocking DNS server". No-one knows how many false positives the list contains or what percentage of all child porn sites are on the list -- there's no possibility of knowing this for sure as the only time citizens get to see the list is when it happens to leak (check wikileaks for the most recent ones). There have been some fairly high profile false posititives though: www.w3.org was blocked for a time -- and the police had no other explanation than "human error".
Ad supported hosting is used for thousands of services already... Why couldn't a diaspora service provider do that?
There are lots of reasons why this may fail, but you didn't provide one, I think. As I see it, the diaspora service providers should get their profit much like Facebook does, with the exception that people can change providers and pick the one that has the features they want (be it better privacy or a wide selection of funny cat pictures).
I guess if this actually gets off the ground there would be a few major hosts and a large amount of small ones, much like what has happened with git: Github and Gitorious are big but then there are a large amount of "project" services like git.gnome.org or git.kernel.org and even more very small personal servers often hosting just one repo.
The sad thing is, they realize the problem of proxying testosterone by age and spend a couple of pages hand waving it away and fail pretty badly... Your gut feeling is correct, no need to read the paper.
eh, sorry -- I thought you were the same guy as the original poster. Please do 's/you/Haedrian/' in your head when you read that.