If there actually is evidence to support such assertions
Which are the ways by which Google allows collecting such "evidence" ?
Irrelevant. Asserting the existence of evidence you can't collect doesn't make sense. Asserting the possibility that such evidence may exist does make sense, but that's not what I constantly see slashdotters doing.
Try this sometime as an exercise. Take a privacy policy with "weasel words" in it, and try to rewrite it without them (assuming that the company actually doesn't want or intend to behave badly). Be absolutely sure that the resulting text cannot possibly be construed to imply that the company is not doing anything that it actually is (e.g. that your company isn't using user data to provide the services that the user wants provided), because the legal liability inherent in making claims that could be refuted is huge. Once you've gotten yourself thoroughly protected against that sort of misinterpretation, now look at how it could be misinterpreted in the opposite direction, by people who want to believe that you're being abusive. You'll find lots of weasel words.
Seriously. Try it yourself.
Note that I'm not using this argument to claim absence of bad behavior, just to point out that it is impossible to accurately divine bad behavior from the presence of cautious wording in a privacy statement. English is imprecise, even legal English, and so lawyers have to err on the side of safety. Even worse, Google (and many others) have begun making a serious effort to write their policies in "normal" English, rather than legalese, which means that they're eschewing the greater precision provided by legalese, making the language fuzzier than lawyers are used to. That means they need an even larger safety margin. More weasel words.
The reason is that, once grown your medial frontal gyrus, which makes the "what/when/where" go/no-go decisions is already grown.
It's not quite that simple. Changing genes in a developed brain isn't going to change gross structure, but it could well change low-level biochemical behavior, perhaps changing the levels of specific neurotransmitters, or changing the way that the brain forms new connections or breaks old ones.
It seems unlikely that gene editing could turn a Republican into a Democrat, but it doesn't seem so unlikely that it could turn a happy person into a severely depressed one, or maybe seriously decrease (or increase?) the ability to form new long-term memories, etc. Of course, those same things can be done with drugs.
People can certainly have suspicions, without means to confirm or deny. But many make bold assertions of bad behavior, apparently claiming certain knowledge. If there actually is evidence to support such assertions, I'd like to hear about it, so I regularly ask. I never get a reply, which I guess means that the assertions are actually just suspicions.
Well, I'd disagree because people aren't aware of what they're giving google, and aren't aware of the ways it gets used either. "We use it to target ads at you" really doesn't do justice to the amount of data they scoop up and how much 'mining' they do on your data and how they use that data to influence you in various ways.
Cite?
Note that I'm not arguing with you, just asking for details and sources. I see claims like yours a lot, but no one ever seems to be able to explain in detail what other stuff Google does, or how they know about what other stuff Google does.
The maximum profit most contracting officers will allow is 8%, which is lower than private industry
That's the problem.
If you tell me that my maximum profit margin is 8%, well, I'll do the math. If I spend $100M I can charge you $108M and I make $8M. If I spend $1B, I can charge you $1.08B, and I make $80M. Plus, the bigger the budget the easier it is to hide more profit in it.
Moreover, I not only want to do this, I have to do this, and i have to do it because 8% is lower than private industry. Even on the government dole, I still need private sector investment from time to time, and I need to be able to generate sufficient return on that investment to attract the money. That's tough when my competition is generating 15-20% profit margins. And while government contracts are great in some ways -- the government always pays, almost always on time -- they're actually pretty expensive to acquire. So when I get one I have to milk it for all its worth. To the degree possible, I need to spend the government's money to expand my infrastructure. Where I have to get private money for that, I have to generate maximal returns.
So, I need to inflate my costs as much as possible. Luckily (for me), it's *always* possible to inflate costs in R&D and production efforts. There are always other avenues to explore, due diligence to be performed.
Where can I find out more about this business venture to import silicon from the moon?
I can tell you about it, but we want serious investors only so there's a $100K non-refundable investment required before I can give you details. And an NDA, of course.
If you're thinking this is silly because 15% of the Earth's mass (28% of the crust) is silicon, I'll just point out that the Earth's silicon is of a lower grade. The best silicon is extra-terrestrial and the moon has some of the highest-grade silicon in the solar system, and it's also (obviously) the nearest and most accessible source. Given the growing demand for the highest quality silicon, this is the investment opportunity of several lifetimes. If you've got the cash, you don't want to miss out on this one.
And don't let anyone tell you that silicon is silicon, that any nucleus with 14 protons and a reasonable number of neutrons is as good as any other. The quality of those protons and neutrons matters.
it enables individual voters to verify that their vote was actually included in the final tally, but without enabling them to prove to anyone else how they voted.
This is the logical equivalence of stating "true" is "false". If you can verify your vote was included in the final tally, ie, I cast my vote for candidate A, then yes, you can prove to someone else you voted for candidate A. Otherwise, you cannot verify that your vote for candidate A was included in the final tally. QED
Sigh. Read the paper.
This is actually kind of funny. The last time I posted about Scantegrity (a month or so ago), david_thornley made exactly the same argument, repeatedly. Then I eventually convinced him to actually read the paper and he understood. The same thing happened a year or so ago with a different slashdotter.
Essentially, this verification is a variation on the cryptographic notion of a zero-knowledge proof. It's done entirely differently from common zero-knowledge proofs, but it's conceptually related.
You really should finish the paper, and understand it. It has all the advantages of normal paper ballots, and eliminates a lot avenues for manipulation. Among other things, it enables individual voters to verify that their vote was actually included in the final tally, but without enabling them to prove to anyone else how they voted. It also allows anyone to independently verify the final tally.
Hmm... first you said you wanted one byte, and now you want two bytes, or magic bits.
You're not thinking. Kjella said that null termination saves one byte, but since the null terminator takes a byte, clearly his initial alternative was a two-byte length prefix. This is obvious.
unless you religiously follow RAII as a pattern [...] you will have crazy leaks all over as you create and destroy objects
You say this as though RAII is hard, or weird. In modern C++ its extremely simple: Any time you see a naked pointer, you see a bug. Most of the time, you should just replace it with a std::unique_ptr and be done with it. There are cases where something more sophisticated is needed, but it's pretty rare. I work on significant bodies of both C++ and Java code, and I don't find that there's a significant difference in the incidence of memory leaks. More up-front effort is put into memory management in C++, but GC tuning also consumes a significant number of engineering hours for Java code.
I find that C++ is often a better choice than Java (or other GC'd, managed languages) simply because of its consistency under load. GC adds a layer of unpredictability that often results in production crises unless you massively over-provision RAM -- and sometimes even then.
In the modern world a/c uses ammonium for heart Transfer. Closed Loop.
Are you saying that this works in arid environments?
Refrigerated air conditioning not only works fine in arid environments, it works more efficiently than in humid environments, because much less energy is spent chilling water that condenses out of the air and is discarded. Swamp coolers also work very well in arid environments (and don't work at all in humid environments).
Use the computer count as the first estimate.
Count the paper ballots manually.
You should read the paper I linked. With the Scantegrity system there's neither need for nor value in manual counts. Nothing precludes them, but other mechanisms make them unnecessary.
Per your statement on paper backed with math - blockchain actually becomes somewhat interesting in this, as voting is essentially one of the largest one time ledgers you could create and validate.
It's way too easy for someone to sneak in an extra box of fake ballots to rig an election.
It's hard to rig an election with a single box of fake ballots. It's also hard to bring in thousands of boxes without anybody noticing.
In addition, cryptographic security researchers have constructed a cost-effective, scalable, paper ballot system which makes this sort of fraud (and others) detectable.
Paper, backstopped with math, is unquestionably the most fraud-resistant way to conduct elections. Pure electronic voting systems are perhaps the best way to enable fraud.
There is a valid argument for the use of electronic voting machines for accessibility. Large touch screens are easier to use, especially for people with disabilities, but they should merely be an interface to collect information for printing on a human-readable paper ballot.
I'm both a computer scientist and a computer security expert. I think you'd be hard-pressed to find anyone who understands computer security who would honestly support direct recording electronic voting.
I can't recall where i read, but such an option creates a horrendous system of required tips way beyond surge pricing.
I think it was either Singapore or Phillipines where the driver must be tipped like 5usd at minimum or they just wont accept. So everyone had to pay more... Which in the end became similar to taxies.
It aas another ride hailing app
If that's the case, then either there are too many obstacles to becoming a driver for the ride hailing app, or else the taxi pricing is already at the market price. Auction systems are very good at finding the real market price of a good or service. (I'm not sure where "tips" come in; there's no need for tipping when the price negotiation is up front, and what an odd system you describe where tips are offered *before* the ride)
Drivers don't get the opportunity to negotiate with passengers because the passengers are not who is contracting the drivers in the first place. The passengers are Uber's clients, not the driver's.
IMO, Uber should fix this. Enabling drivers to set prices would solve their employee vs contractor problem in most (maybe all?) jurisdictions.
The fix is pretty straightforward. Essentially, pricing should be done by a sort of a real-time auction. Drivers should be allowed to set their price in generic terms, using a per-mile, per-minute, etc. model, similar to how taxi metering is done in most places, or to how I'm sure Uber calculates prices now -- but the driver gets to pick the numbers. Drivers should also be allowed to set mileage, etc. rates for their trip to the pickup. Then, when a passenger opens the app and requests a ride to a specific destination, Uber should calculate -- for every nearby, available driver -- the total fare for the passenger, including a fixed percentage markup for Uber. Uber's app should present the passenger with a list, sortable by fare, ETA or driver rating.
This approach would get Uber entirely out of the business of setting fares, whether for normal or "surge" times. It would make fare pricing a purely market-driven negotiation between drivers and passengers.
Under this model, I expect many drivers would mark themselves as "available" even during their nominal downtimes, but just bump their fares up enough that they won't be offered a trip unless there is a surge. In this way, surge response would be more natural. Uber could still try to predict surges ahead of time and inform drivers of what is probably coming.
This scheme could be augmented with an even more direct negotiation scheme. Passengers who aren't happy with any of the offered fares could be given the option of making an offer. Nearby drivers would be notified of the offer, along with information about the time, mileage and final destination (since a trip that leaves them in a bad location to pick up another passenger is less desirable), and they'd be able to accept or reject it. The passenger would be notified of the first acceptance, and the count of rejections -- providing feedback on the reasonableness of the offer.
FYI: the iPhone 5 and 5c were the last that had the countermeasures in flashable firmware. iPhones since have had a "secure enclave" that would do all the deciphering, with no possibility of reading the key from it by normal means, and doing its own counting of invalid passwords. I'm sure there's some way to break into them, but the security is much, much improved.
Secure Enclave firmware is still flashable, AFAICT. It almost has to be. However, it is possible to make it so that flashing a new version without presentation of the user password wipes all of the user data. I don't know if Apple did this in earlier versions, but I'd be surprised if they haven't done it now.
Authorities have no one to blame but themselves. They have proven beyond any doubt time and time again that they cannot be trusted to have such access without abusing it, so why would anyone ever trust them.
That may be true, but frankly it's irrelevant.
Cryptographic security is almost binary, within a specific threat model. If it can be bypassed, it's not secure, and that's true regardless of whether or not a judge has signed off.
Consider the big hullabaloo between the FBI and Apple, over the San Bernardino shooter's phone. The FBI wanted Apple to create and sign a modified version of the firmware that would eliminate the brute force countermeasures, making a brute force attack on the password feasible. The request highlighted a serious weakness in Apple's security model. If Apple was able to disable brute force mitigations for a warrant, then Apple was able to do it for any reason. And, more importantly, any Apple employee with the right access could do it for any reason. If the keys used to sign the firmware are really well-managed, maybe the employee would have to collude or coerce a colleague or two.
Basically, Apple's scheme is (or was, anyway) vulnerable to an insider attack. For engineers at tech companies, especially the sort of crypto geeks that get assigned to build these sorts of security systems, the solution to this problem is obvious: redesign the system to resist insider attacks... and given bits of physically-secure hardware to work with, it's actually not that hard to build a solution which is resistant.
Bottom line: If the DoJ wants access, they're going to have to get Congress to pass laws mandating it, because the natural progression of security designs is to continue reaching for as close to perfect, airtight security as is physically possible.
Asking Congress is going to mean public debate on how to balance individual vs societal security. And that's a good thing. Personally, my take is that when backdoor-free crypto is outlawed, only outlaws will have backdoor-free crypto. But it's a subject ripe for serious, broad and deep public debate. At the end of which every rational person will agree with me:P
Umm telephones and text messages still work last I checked. Nope not on FB.
Well, they work if your friends and family use them.
Unfortunately, for lots of people -- me included -- if you're not on Facebook, you don't know what's going on in their lives, because they no longer communicate in other ways. I don't use Facebook, but if my wife didn't I would probably have to. It's the primary communication mechanism of my extended family, and my community.
I agree except that the historical average has been more like 7% rather than 10-12%.
The Dow Jones average since 1900 has been 10%. The S&P 500 average since its inception in 1923 is 12%. Certainly, if you're making plans for retirement, etc., you should choose a more conservative number just to be safe, and because as you approach retirement you'll want to shift to less aggressive investments with lower rates of return. Personally, I assume 5% after inflation.
You underestimate the lawyers' ancient and finely crafted skill of rhetoric.
No, I don't. Remember that there would be lawyers on both sides, and the argument that this was a limited, one-way grant, not a contract, looks like a very powerful one. There's also no need for a contract in this case, nor any language that implies one.
Slashdot Mirror
If there actually is evidence to support such assertions
Which are the ways by which Google allows collecting such "evidence" ?
Irrelevant. Asserting the existence of evidence you can't collect doesn't make sense. Asserting the possibility that such evidence may exist does make sense, but that's not what I constantly see slashdotters doing.
Which is why anything other than server access and data access, without being NDA'ed so that experts can be consulted, is merely "weasel words".
FWIW, the FTC has such access, pursuant to the Google Buzz consent decree, and regularly audits Google's compliance with the terms of the decree.
based on weasel words in Google's privacy policy.
Oh, one more point.
Try this sometime as an exercise. Take a privacy policy with "weasel words" in it, and try to rewrite it without them (assuming that the company actually doesn't want or intend to behave badly). Be absolutely sure that the resulting text cannot possibly be construed to imply that the company is not doing anything that it actually is (e.g. that your company isn't using user data to provide the services that the user wants provided), because the legal liability inherent in making claims that could be refuted is huge. Once you've gotten yourself thoroughly protected against that sort of misinterpretation, now look at how it could be misinterpreted in the opposite direction, by people who want to believe that you're being abusive. You'll find lots of weasel words.
Seriously. Try it yourself.
Note that I'm not using this argument to claim absence of bad behavior, just to point out that it is impossible to accurately divine bad behavior from the presence of cautious wording in a privacy statement. English is imprecise, even legal English, and so lawyers have to err on the side of safety. Even worse, Google (and many others) have begun making a serious effort to write their policies in "normal" English, rather than legalese, which means that they're eschewing the greater precision provided by legalese, making the language fuzzier than lawyers are used to. That means they need an even larger safety margin. More weasel words.
The reason is that, once grown your medial frontal gyrus, which makes the "what/when/where" go/no-go decisions is already grown.
It's not quite that simple. Changing genes in a developed brain isn't going to change gross structure, but it could well change low-level biochemical behavior, perhaps changing the levels of specific neurotransmitters, or changing the way that the brain forms new connections or breaks old ones.
It seems unlikely that gene editing could turn a Republican into a Democrat, but it doesn't seem so unlikely that it could turn a happy person into a severely depressed one, or maybe seriously decrease (or increase?) the ability to form new long-term memories, etc. Of course, those same things can be done with drugs.
People can certainly have suspicions, without means to confirm or deny. But many make bold assertions of bad behavior, apparently claiming certain knowledge. If there actually is evidence to support such assertions, I'd like to hear about it, so I regularly ask. I never get a reply, which I guess means that the assertions are actually just suspicions.
Well, I'd disagree because people aren't aware of what they're giving google, and aren't aware of the ways it gets used either. "We use it to target ads at you" really doesn't do justice to the amount of data they scoop up and how much 'mining' they do on your data and how they use that data to influence you in various ways.
Cite?
Note that I'm not arguing with you, just asking for details and sources. I see claims like yours a lot, but no one ever seems to be able to explain in detail what other stuff Google does, or how they know about what other stuff Google does.
Wait, people are getting paid to post on social media sites, and I've been giving it away to Slashdot for free? I feel so cheap.
Well, your high karma lets you disable ads.
Oh, wait...
The maximum profit most contracting officers will allow is 8%, which is lower than private industry
That's the problem.
If you tell me that my maximum profit margin is 8%, well, I'll do the math. If I spend $100M I can charge you $108M and I make $8M. If I spend $1B, I can charge you $1.08B, and I make $80M. Plus, the bigger the budget the easier it is to hide more profit in it.
Moreover, I not only want to do this, I have to do this, and i have to do it because 8% is lower than private industry. Even on the government dole, I still need private sector investment from time to time, and I need to be able to generate sufficient return on that investment to attract the money. That's tough when my competition is generating 15-20% profit margins. And while government contracts are great in some ways -- the government always pays, almost always on time -- they're actually pretty expensive to acquire. So when I get one I have to milk it for all its worth. To the degree possible, I need to spend the government's money to expand my infrastructure. Where I have to get private money for that, I have to generate maximal returns.
So, I need to inflate my costs as much as possible. Luckily (for me), it's *always* possible to inflate costs in R&D and production efforts. There are always other avenues to explore, due diligence to be performed.
Where can I find out more about this business venture to import silicon from the moon?
I can tell you about it, but we want serious investors only so there's a $100K non-refundable investment required before I can give you details. And an NDA, of course.
If you're thinking this is silly because 15% of the Earth's mass (28% of the crust) is silicon, I'll just point out that the Earth's silicon is of a lower grade. The best silicon is extra-terrestrial and the moon has some of the highest-grade silicon in the solar system, and it's also (obviously) the nearest and most accessible source. Given the growing demand for the highest quality silicon, this is the investment opportunity of several lifetimes. If you've got the cash, you don't want to miss out on this one.
And don't let anyone tell you that silicon is silicon, that any nucleus with 14 protons and a reasonable number of neutrons is as good as any other. The quality of those protons and neutrons matters.
it enables individual voters to verify that their vote was actually included in the final tally, but without enabling them to prove to anyone else how they voted.
This is the logical equivalence of stating "true" is "false". If you can verify your vote was included in the final tally, ie, I cast my vote for candidate A, then yes, you can prove to someone else you voted for candidate A. Otherwise, you cannot verify that your vote for candidate A was included in the final tally. QED
Sigh. Read the paper.
This is actually kind of funny. The last time I posted about Scantegrity (a month or so ago), david_thornley made exactly the same argument, repeatedly. Then I eventually convinced him to actually read the paper and he understood. The same thing happened a year or so ago with a different slashdotter.
Essentially, this verification is a variation on the cryptographic notion of a zero-knowledge proof. It's done entirely differently from common zero-knowledge proofs, but it's conceptually related.
You really should finish the paper, and understand it. It has all the advantages of normal paper ballots, and eliminates a lot avenues for manipulation. Among other things, it enables individual voters to verify that their vote was actually included in the final tally, but without enabling them to prove to anyone else how they voted. It also allows anyone to independently verify the final tally.
Hmm... first you said you wanted one byte, and now you want two bytes, or magic bits.
You're not thinking. Kjella said that null termination saves one byte, but since the null terminator takes a byte, clearly his initial alternative was a two-byte length prefix. This is obvious.
unless you religiously follow RAII as a pattern [...] you will have crazy leaks all over as you create and destroy objects
You say this as though RAII is hard, or weird. In modern C++ its extremely simple: Any time you see a naked pointer, you see a bug. Most of the time, you should just replace it with a std::unique_ptr and be done with it. There are cases where something more sophisticated is needed, but it's pretty rare. I work on significant bodies of both C++ and Java code, and I don't find that there's a significant difference in the incidence of memory leaks. More up-front effort is put into memory management in C++, but GC tuning also consumes a significant number of engineering hours for Java code.
I find that C++ is often a better choice than Java (or other GC'd, managed languages) simply because of its consistency under load. GC adds a layer of unpredictability that often results in production crises unless you massively over-provision RAM -- and sometimes even then.
In the modern world a/c uses ammonium for heart Transfer. Closed Loop.
Are you saying that this works in arid environments?
Refrigerated air conditioning not only works fine in arid environments, it works more efficiently than in humid environments, because much less energy is spent chilling water that condenses out of the air and is discarded. Swamp coolers also work very well in arid environments (and don't work at all in humid environments).
Use the computer count as the first estimate. Count the paper ballots manually.
You should read the paper I linked. With the Scantegrity system there's neither need for nor value in manual counts. Nothing precludes them, but other mechanisms make them unnecessary.
Per your statement on paper backed with math - blockchain actually becomes somewhat interesting in this, as voting is essentially one of the largest one time ledgers you could create and validate.
You should read the paper I linked.
It's way too easy for someone to sneak in an extra box of fake ballots to rig an election.
It's hard to rig an election with a single box of fake ballots. It's also hard to bring in thousands of boxes without anybody noticing.
In addition, cryptographic security researchers have constructed a cost-effective, scalable, paper ballot system which makes this sort of fraud (and others) detectable.
Paper, backstopped with math, is unquestionably the most fraud-resistant way to conduct elections. Pure electronic voting systems are perhaps the best way to enable fraud.
There is a valid argument for the use of electronic voting machines for accessibility. Large touch screens are easier to use, especially for people with disabilities, but they should merely be an interface to collect information for printing on a human-readable paper ballot.
I'm both a computer scientist and a computer security expert. I think you'd be hard-pressed to find anyone who understands computer security who would honestly support direct recording electronic voting.
I can't recall where i read, but such an option creates a horrendous system of required tips way beyond surge pricing.
I think it was either Singapore or Phillipines where the driver must be tipped like 5usd at minimum or they just wont accept. So everyone had to pay more... Which in the end became similar to taxies.
It aas another ride hailing app
If that's the case, then either there are too many obstacles to becoming a driver for the ride hailing app, or else the taxi pricing is already at the market price. Auction systems are very good at finding the real market price of a good or service. (I'm not sure where "tips" come in; there's no need for tipping when the price negotiation is up front, and what an odd system you describe where tips are offered *before* the ride)
and what about airport fees / toll / etc in that system?
Clearly those would have to be included in the fare -- both en route to pickup and from pickup to destination.
Drivers don't get the opportunity to negotiate with passengers because the passengers are not who is contracting the drivers in the first place. The passengers are Uber's clients, not the driver's.
IMO, Uber should fix this. Enabling drivers to set prices would solve their employee vs contractor problem in most (maybe all?) jurisdictions.
The fix is pretty straightforward. Essentially, pricing should be done by a sort of a real-time auction. Drivers should be allowed to set their price in generic terms, using a per-mile, per-minute, etc. model, similar to how taxi metering is done in most places, or to how I'm sure Uber calculates prices now -- but the driver gets to pick the numbers. Drivers should also be allowed to set mileage, etc. rates for their trip to the pickup. Then, when a passenger opens the app and requests a ride to a specific destination, Uber should calculate -- for every nearby, available driver -- the total fare for the passenger, including a fixed percentage markup for Uber. Uber's app should present the passenger with a list, sortable by fare, ETA or driver rating.
This approach would get Uber entirely out of the business of setting fares, whether for normal or "surge" times. It would make fare pricing a purely market-driven negotiation between drivers and passengers.
Under this model, I expect many drivers would mark themselves as "available" even during their nominal downtimes, but just bump their fares up enough that they won't be offered a trip unless there is a surge. In this way, surge response would be more natural. Uber could still try to predict surges ahead of time and inform drivers of what is probably coming.
This scheme could be augmented with an even more direct negotiation scheme. Passengers who aren't happy with any of the offered fares could be given the option of making an offer. Nearby drivers would be notified of the offer, along with information about the time, mileage and final destination (since a trip that leaves them in a bad location to pick up another passenger is less desirable), and they'd be able to accept or reject it. The passenger would be notified of the first acceptance, and the count of rejections -- providing feedback on the reasonableness of the offer.
FYI: the iPhone 5 and 5c were the last that had the countermeasures in flashable firmware. iPhones since have had a "secure enclave" that would do all the deciphering, with no possibility of reading the key from it by normal means, and doing its own counting of invalid passwords. I'm sure there's some way to break into them, but the security is much, much improved.
Secure Enclave firmware is still flashable, AFAICT. It almost has to be. However, it is possible to make it so that flashing a new version without presentation of the user password wipes all of the user data. I don't know if Apple did this in earlier versions, but I'd be surprised if they haven't done it now.
Authorities have no one to blame but themselves. They have proven beyond any doubt time and time again that they cannot be trusted to have such access without abusing it, so why would anyone ever trust them.
That may be true, but frankly it's irrelevant.
Cryptographic security is almost binary, within a specific threat model. If it can be bypassed, it's not secure, and that's true regardless of whether or not a judge has signed off.
Consider the big hullabaloo between the FBI and Apple, over the San Bernardino shooter's phone. The FBI wanted Apple to create and sign a modified version of the firmware that would eliminate the brute force countermeasures, making a brute force attack on the password feasible. The request highlighted a serious weakness in Apple's security model. If Apple was able to disable brute force mitigations for a warrant, then Apple was able to do it for any reason. And, more importantly, any Apple employee with the right access could do it for any reason. If the keys used to sign the firmware are really well-managed, maybe the employee would have to collude or coerce a colleague or two.
Basically, Apple's scheme is (or was, anyway) vulnerable to an insider attack. For engineers at tech companies, especially the sort of crypto geeks that get assigned to build these sorts of security systems, the solution to this problem is obvious: redesign the system to resist insider attacks... and given bits of physically-secure hardware to work with, it's actually not that hard to build a solution which is resistant.
Bottom line: If the DoJ wants access, they're going to have to get Congress to pass laws mandating it, because the natural progression of security designs is to continue reaching for as close to perfect, airtight security as is physically possible.
Asking Congress is going to mean public debate on how to balance individual vs societal security. And that's a good thing. Personally, my take is that when backdoor-free crypto is outlawed, only outlaws will have backdoor-free crypto. But it's a subject ripe for serious, broad and deep public debate. At the end of which every rational person will agree with me :P
Umm telephones and text messages still work last I checked. Nope not on FB.
Well, they work if your friends and family use them.
Unfortunately, for lots of people -- me included -- if you're not on Facebook, you don't know what's going on in their lives, because they no longer communicate in other ways. I don't use Facebook, but if my wife didn't I would probably have to. It's the primary communication mechanism of my extended family, and my community.
I agree except that the historical average has been more like 7% rather than 10-12%.
The Dow Jones average since 1900 has been 10%. The S&P 500 average since its inception in 1923 is 12%. Certainly, if you're making plans for retirement, etc., you should choose a more conservative number just to be safe, and because as you approach retirement you'll want to shift to less aggressive investments with lower rates of return. Personally, I assume 5% after inflation.
"There's no exchange of value here"
You underestimate the lawyers' ancient and finely crafted skill of rhetoric.
No, I don't. Remember that there would be lawyers on both sides, and the argument that this was a limited, one-way grant, not a contract, looks like a very powerful one. There's also no need for a contract in this case, nor any language that implies one.