More-over the pilots will feel pretty obligated to go wherever the gun toting whack job threatening to shoot the other crew or passengers wants to go.
Yep, you could hijack the plane for transportation, just like used to happen frequently in the 70s. Of course, just as then, the plane doesn't have enough fuel on board to get anywhere further away than its original destination, and you also have to figure out what to do when you land. See history for the ways that can go wrong.
Hijacking to acquire a bunch of hostages you can threaten if authorities don't release your compatriots from prison proved to be similarly ineffective.
But... it's actually worse now. Much worse. Because of 9/11, you may find it difficult to convince people that you're not planning to try to use the airplane as a missile. If you can't convince the passengers, they may well rush you and kill you, figuring they have nothing to lose. This has happened a few times, post-9/11, not to mention on Flight 93. And even if you can convince the passengers, you may not be able to convince the fighter jets who will shortly be trailing you.
Maybe you could put a hole in a window, and force the aircraft to descend to a lower altitude and deploy oxygen masks
Probably not. Airplanes have a lot of holes in them and leak a lot of air. They have a system that automatically maintains the air pressure, and it can generally deal with a few more smallish holes just fine.
what if the manufacturers have disabled SELinux or set it to be permissive?
Then those manufacturers' devices cannot pass the Android Compliance Test Suite, and they have no right to call their devices Android and cannot use Google's apps. SELinux, in enforcing mode and with the Google-defined configuration (mostly; OEMs can make tweaks in some areas, but not the ones relevant to this vulnerability) has been a formal Android compliance requirement since Lollipop.
It's a matter of time before a worm like Blaster hits Android and does some serious damage.
I doubt it. Android is vastly more secure than Windows was (or even is... and Windows is much better than it was when Blaster hit). The lack of updates delivered by OEMs has caused the Android security team to focus on defense in depth, and the system is working pretty well (see last year's report -- or wait a bit for the new report which should be out in a few weeks). In particular, less than 0.1% of Android devices that use the Play store have any potentially harmful apps (PHA) installed, and that PHA definition is much broader than just traditional malware. Of the PHA apps, only about 5% try to exploit vulnerabilities; the rest focus on social-engineering the users.
So, 0.005% of Android devices have some exploit-using malware on them. And AFAIK there are no Android worms. So, I really, really doubt Android is ripe for a Blaster.
Fix your damn security model!
The Android security model is actually very good... with one glaring exception, which is the update problem. But Google has committed to a monthly patch cycle for Nexus devices, and several other OEMs have hopped on that patch train. Thanks to that, carriers are being forced to get updated software through QA faster, and the focus on monthly updates is pushing OEMs to simplify their offerings to make updating them more practical (you probably won't see a visible reduction in number of offerings; but in the future I expect each model will have a handful of SKUs, at most, rather than hundreds as is often the case today).
The update problem isn't going to get fixed overnight, but I think it is getting fixed, at least from top manufacturers. The next step is for consumers to insist on well-defined and sufficiently-lengthy support and update policies as a condition of purchase, to force all of the rest to get with the program.
In the short term, if you want the most secure and up-to-date Android device, buy Nexus, but I expect soon others will be challenging Google for that spot.
(Full disclosure: I'm a Google engineer, on the Android security team.)
There are going to be some fireworks at Google's internal company-wide TGIF meeting tomorrow (yes, TGIF is on Thursday). Lots of Google employees are going to be really unhappy about this statement, and Larry's gonna get some really angry questions.
I'm going to make sure I get there early. With popcorn.
people are slowly developing a resistance to advertisements
Cite? I've seen no evidence of that.
people are becoming hostile to advertisements in unusual numbers, and making efforts to avoid them
I see some slight evidence of increase in people making efforts to avoid advertisements, but it's small.
Every Netflix user is explicitly dodging ads with his wallet and time.
Nonsense. People pay for Netflix for the convenience. Not having ads is a nice additional benefit, but not the primary goal.
If Netflix were to put ads in shit, they'd be in serious trouble, and they know it.
Yeah, I remember exactly the same claims during the rise of cable television, that cable providers who showed ads would die in short order. Notice what happened.
If you throw ANYTHING to jostle the house of cards- an economic downturn, a religion recruiting heavily, any of the many political orientations that are ad-hostile gaining adherents, a series of studies that show a shitty ROI on ads- you could see a massive crash.
And yet we've seen all of those things... and no crash. In fact, studies show -- as they always have -- that some advertising has terrible ROI and other advertising has awesome ROI, and that overall advertising is essential to successful product sales.
I think you have a strong case of confirmation bias going here. Or it's possible that I do... I don't particularly like ads but they do pay a big chunk of my salary. I also think they're a better way to fund mass media services than the alternatives, which is why ads have always been the funding source of mass media ever since it came into existence, in print, radio, TV and now online.
Google will have a harder time. They have nothing of value that could fund their operations beyond the ad/tracking services. A crash in the ad market would probably be the end for Google.
The Google Apps SaaS business could fund itself, including its supporting systems -- Gmail, Drive and Docs, primarily. It's already a multi-billion dollar business. Google Apps could also begin charging individual users. If advertising disappeared, so would all of the free e-mail services, so I think Gmail could begin charging and would keep most of its active users (though the large number of mostly-idle accounts would be shut down).
Android could self-fund from the Play store now, and could probably get OEMs to start paying it for ongoing development.
Google search, Analytics, Compute Engine and AppEngine are a question mark. It would depend on how much of the web died. If the web stayed healthy, then people would be willing to pay for search services, and webmasters would be willing to pay for analytics and compute services. But the loss of advertising revenue would likely destroy so much of the web that maybe there wouldn't be enough left to support these services. On the gripping hand, in that sort of webpocalypse, Google would be extraordinarily well-positioned to sweep up what business of that sort is available, so odds are that Google's would survive (much reduced), while smaller players would be driven out.
The self-driving car work will be profitable. It's not ready yet, but not too far off and Google has the cash reserves to get it there.
Other GoogleX work would probably die.
So... Google would take a serious hit, have to scale back its operations in lots of ways and would have to start charging for many services which are currently free. I think all in all, though, it would have a much easier time surviving than Facebook, because Google's underlying services are more valuable.
Today I think the American will be arrested for shouting in front of the White House and charged for terrorism.
I hear you, but luckily it's not that bad yet. Back in 2011 some protesters were arrested and charged with failure to obey a lawful order. They were told to "move along" and failed to comply because they'd handcuffed themselves to the fence and couldn't. That arrest and charge had been the practice for decades, but in 2011 the government took the new step of prosecuting. Prior to that, protestors were always offered the option of posting $500 bail and forfeiting it rather than going to trial. If they did that, the charge would be dropped. In 2011 they weren't offered that chance, and were prosecuted. Most took a deal where they plead guilty but their charges were dismissed. One refused and went to trial. The story was complicated, but ultimately a misdemeanor conviction and $100 fine resulted.
AFAICT, after that incident the government went back to the $500 get-out-of-jail approach.
So, no, you can still shout in front of the White House. If you stand there and the police ask you to move along and you don't obey, it'll cost you $500.
SELinux doesn't block access to this vulnerability, it merely makes exploitation more complex.
In Lollipop SELinux it does make it impossible. Nothing in the system used these syscalls, so access to them is completely disabled by SELinux. If you can obtain root you can disable SELinux, but if you can obtain root you don't need the vulnerability.
In Marshmallow there might be some possibility. A couple of system services started using the feature, so the SELinux configuration was partially opened up. We'll see if it turns out that there is some way to exploit it in Marshmallow. I suspect not, but if there is Marshmallow devices are also quite likely to be getting security updates, so most -- if not all -- will be patched very soon.
KitKat is the vulnerable population. The portion of it that is using 3.10. After digging a bit more, I found that the Nexus KitKat devices were still on 3.4, and that was the configuration Google recommended. Some OEMs switched to 3.10, though. I have no idea what the market share of KitKat w/3.10 is.
Well, let's see how Google fixes this... Although Lollipop (5.0) has been out since june 2014, I can still order for example the HTC Desire 310 which comes with Jellybean (4.2).
How are all of these Android versions in the wild going to get fixed?
Since the bug didn't appear until kernel version 3.8, Jellybean devices are safe because Jellybean has kernel 3.4.39.
Also, since Lollipop and Marshmallow have SELinux in enforcing mode, blocking access to the relevant syscalls, the bug is present but not exploitable on Lollipop and Marshmallow devices.
This means that only KitKat devices (kernel 3.10) both have the bug and don't have SELinux blocking access to it. KitKat currently has about 36% market share.
Incidentally, this also means that no Nexus devices are vulnerable. All devices newer than Galaxy Nexus have been upgraded to at least Lollipop, and so have SELinux protection. The GNex stopped at Jelly Bean, so doesn't have a vulnerable kernel (though there are other JB vulns).
along with blocking duckduckgo.com from being a search engine
What are you talking about? Chrome doesn't "block" duckduckgo.com from being a search engine. In fact, it's even in the pre-configured list of search engines in the Chrome settings, and you can make it your default search engine with a grand total of four mouse clicks: click on the hamburger menu, then Settings, then "Manage search engines", then mouse over duckduckgo in the "Other search engines" list and click the "default" button that appears.
Luckily, we can search innocent people given the right conditions, because if we wouldn't go very far by only being able to search "proven guilty" people.
True. The standard for getting a search warrant is considerably lower than proof of guilt... but it's also a lot more than nothing. Specifically, police have to have "probable cause", which basically means some significant evidence of guilt, though not enough to prove guilt (else they'd have no need to search).
In the hypothetical, police have no evidence of guilt of any of the billion or so Gmail users, but want to search through their stuff anyway. That's a clear violation of the fourth amendment.
You know the best way to abolish corporate income taxes? By abolishing corporations.
What alternative structure would you use to perform capital-intensive projects? Unless you're going to turn all production of goods and large-scale services over to government (we've seen how well *that* works), corporations, or something very much like them, are necessary to provide a means for many individuals to pool their resources in order to do big things... big things like manufacturing essentially all of the goods that you use on a daily basis, including the computer you're reading this on.
While corporations do create some risks which need to be managed, as all centralization of power creates risks, they're absolutely essential and one of the key innovations that has made our modern high standard of living possible. In fact, it's not unreasonable to say that corporations are one of the most important and beneficial ideas the human race has ever had.
It doesn't matter if the search is only "the briefest of computerized 'touches' on their accounts", it's still a search of the modern equivalent of the "papers" of nearly a billion people. The government may not rifle through the papers of a billion people because they suspect that a handful of them may possess an incriminating document. Absolutely not. And neither can they compel a private company to do the rifling for them.
The better solution is just to abolish corporate income taxes. Corporate taxes ultimately come out of the pockets of real people anyway, whether customers (in the form of higher prices), employees (in the form of lower wages) or investors (in the form of lower gains), so corporate taxes are really just a way to tax real people (AKA "voters") in a hidden way. They don't know they're paying those taxes or how much the taxes are because the taxes are washed through the corporation -- which incidentally makes it almost impossible to tell if the taxes are progressive or regressive. This makes corporate taxes not only difficult to collect correctly and subject to huge lobbying pressure, it makes them evil. Taxes are fine, but taxpayers should know what they're paying.
So the best solution is to eliminate the corporate taxes entirely, and make up the shortfall by taxing real people more. Depending on which segment of the population you want to be paying those taxes, you can allocate them among sales/VAT taxes, personal income taxes or capital gains taxes.
It would also eliminates this particular competitive advantage of size.
You're claiming that Page and Brin aren't pretty smart? That's a pretty big claim, considering what they've done. And I don't mean building a business, I mean technically.
Ah, okay. My guess is that this was phased out before I encountered it. Google has tried a lot of different things. There's a relatively new one called "foo.bar" which is somewhat similar, but initiated by a challenge offered by Google web search, rather than by a recruiter.
I can state with absolute certainty that the average Google engineer would be a star virtually anywhere else in the industry.
So, Google manages to get a whole bunch of star programmers together and churn out... absolute shit?
I disagree with your assessment of Google's products, but even if we accept it hypothetically, the things you complain about aren't the programmers' job. Deciding what products should do and how they should look is the job of product management and UX design. But if you want to do anything at the scale Google does it, you need really good, and really clever, people. Try building YouTube... not the penny ante little system that existed when Google bought it, but the behemoth that exists now. Only Netflix generates more traffic and Netflix has a dramatically easier problem because their catalog is many (five? six?) orders of magnitude smaller.
Look at the product offerings from Google since Gmail and Google Maps, how many of those people actually want to use? Google Wave? Google+?
Android? Google Docs? And, FWIW, I think Google+ is by far the best of the social networks around, especially if you like to engage in serious conversations.
"...candidate showed a lack of aptitude bordering on open disdain for abstract thinking that leads one to wonder why on earth he chose this profession..."
So when I'm confronted with the Bus Gold Ball Problem [quora.com] and answer with "calculate the volume of the bus, which would be easy, and start throwing gold balls in a pool until I get the same amount of water displaced" and I get back "well we wanted to see your math" I get discouraged.
Yeah, that would be a really sucky interview question.
The answer is that at Google I don't have to deal with idiots. It's possible my co-workers think I'm the idiot (though they hide it well, if so), but that's their problem. Also, being below average at Google pays better than being a star most other places.
I ran into quite a few idiots while working the Google help desk in 2008. The most memorable idiot was a new hire from Stanford University who was shocked — shocked! — that he had to press the power button on his workstation. He actually wanted someone to come out to his desk to turn on his computer. I explained to him that a corporate cubicle farm wasn't a university computer lab.
Actually, some of the most brilliant people I've ever met fall into that sort of "idiot" category. I went to school with a guy who made a habit of reading math textbooks. He'd read the definitions, read a theorem, close the book, prove the theorem, open the book and move on. Insanely smart. But he could barely tie his own shoes.
I'm not saying your kid from Stanford was one of those... but it's a distinct possibility. Stanford doesn't tend to graduate CS majors who aren't pretty smart, and Google doesn't tend to hire them. There are exceptions, but they're very rare.
Slashdot Mirror
More-over the pilots will feel pretty obligated to go wherever the gun toting whack job threatening to shoot the other crew or passengers wants to go.
Yep, you could hijack the plane for transportation, just like used to happen frequently in the 70s. Of course, just as then, the plane doesn't have enough fuel on board to get anywhere further away than its original destination, and you also have to figure out what to do when you land. See history for the ways that can go wrong.
Hijacking to acquire a bunch of hostages you can threaten if authorities don't release your compatriots from prison proved to be similarly ineffective.
But... it's actually worse now. Much worse. Because of 9/11, you may find it difficult to convince people that you're not planning to try to use the airplane as a missile. If you can't convince the passengers, they may well rush you and kill you, figuring they have nothing to lose. This has happened a few times, post-9/11, not to mention on Flight 93. And even if you can convince the passengers, you may not be able to convince the fighter jets who will shortly be trailing you.
All in all, hijacking is a bad idea.
Maybe you could put a hole in a window, and force the aircraft to descend to a lower altitude and deploy oxygen masks
Probably not. Airplanes have a lot of holes in them and leak a lot of air. They have a system that automatically maintains the air pressure, and it can generally deal with a few more smallish holes just fine.
what if the manufacturers have disabled SELinux or set it to be permissive?
Then those manufacturers' devices cannot pass the Android Compliance Test Suite, and they have no right to call their devices Android and cannot use Google's apps. SELinux, in enforcing mode and with the Google-defined configuration (mostly; OEMs can make tweaks in some areas, but not the ones relevant to this vulnerability) has been a formal Android compliance requirement since Lollipop.
It's a matter of time before a worm like Blaster hits Android and does some serious damage.
I doubt it. Android is vastly more secure than Windows was (or even is... and Windows is much better than it was when Blaster hit). The lack of updates delivered by OEMs has caused the Android security team to focus on defense in depth, and the system is working pretty well (see last year's report -- or wait a bit for the new report which should be out in a few weeks). In particular, less than 0.1% of Android devices that use the Play store have any potentially harmful apps (PHA) installed, and that PHA definition is much broader than just traditional malware. Of the PHA apps, only about 5% try to exploit vulnerabilities; the rest focus on social-engineering the users.
So, 0.005% of Android devices have some exploit-using malware on them. And AFAIK there are no Android worms. So, I really, really doubt Android is ripe for a Blaster.
Fix your damn security model!
The Android security model is actually very good... with one glaring exception, which is the update problem. But Google has committed to a monthly patch cycle for Nexus devices, and several other OEMs have hopped on that patch train. Thanks to that, carriers are being forced to get updated software through QA faster, and the focus on monthly updates is pushing OEMs to simplify their offerings to make updating them more practical (you probably won't see a visible reduction in number of offerings; but in the future I expect each model will have a handful of SKUs, at most, rather than hundreds as is often the case today).
The update problem isn't going to get fixed overnight, but I think it is getting fixed, at least from top manufacturers. The next step is for consumers to insist on well-defined and sufficiently-lengthy support and update policies as a condition of purchase, to force all of the rest to get with the program.
In the short term, if you want the most secure and up-to-date Android device, buy Nexus, but I expect soon others will be challenging Google for that spot.
(Full disclosure: I'm a Google engineer, on the Android security team.)
Some software engineers just want to watch the world burn...
[all the ones at Google]
The basis for that claim? You certainly couldn't get it from my post.
There are going to be some fireworks at Google's internal company-wide TGIF meeting tomorrow (yes, TGIF is on Thursday). Lots of Google employees are going to be really unhappy about this statement, and Larry's gonna get some really angry questions.
I'm going to make sure I get there early. With popcorn.
people are slowly developing a resistance to advertisements
Cite? I've seen no evidence of that.
people are becoming hostile to advertisements in unusual numbers, and making efforts to avoid them
I see some slight evidence of increase in people making efforts to avoid advertisements, but it's small.
Every Netflix user is explicitly dodging ads with his wallet and time.
Nonsense. People pay for Netflix for the convenience. Not having ads is a nice additional benefit, but not the primary goal.
If Netflix were to put ads in shit, they'd be in serious trouble, and they know it.
Yeah, I remember exactly the same claims during the rise of cable television, that cable providers who showed ads would die in short order. Notice what happened.
If you throw ANYTHING to jostle the house of cards- an economic downturn, a religion recruiting heavily, any of the many political orientations that are ad-hostile gaining adherents, a series of studies that show a shitty ROI on ads- you could see a massive crash.
And yet we've seen all of those things... and no crash. In fact, studies show -- as they always have -- that some advertising has terrible ROI and other advertising has awesome ROI, and that overall advertising is essential to successful product sales.
I think you have a strong case of confirmation bias going here. Or it's possible that I do... I don't particularly like ads but they do pay a big chunk of my salary. I also think they're a better way to fund mass media services than the alternatives, which is why ads have always been the funding source of mass media ever since it came into existence, in print, radio, TV and now online.
Google will have a harder time. They have nothing of value that could fund their operations beyond the ad/tracking services. A crash in the ad market would probably be the end for Google.
The Google Apps SaaS business could fund itself, including its supporting systems -- Gmail, Drive and Docs, primarily. It's already a multi-billion dollar business. Google Apps could also begin charging individual users. If advertising disappeared, so would all of the free e-mail services, so I think Gmail could begin charging and would keep most of its active users (though the large number of mostly-idle accounts would be shut down).
Android could self-fund from the Play store now, and could probably get OEMs to start paying it for ongoing development.
Google search, Analytics, Compute Engine and AppEngine are a question mark. It would depend on how much of the web died. If the web stayed healthy, then people would be willing to pay for search services, and webmasters would be willing to pay for analytics and compute services. But the loss of advertising revenue would likely destroy so much of the web that maybe there wouldn't be enough left to support these services. On the gripping hand, in that sort of webpocalypse, Google would be extraordinarily well-positioned to sweep up what business of that sort is available, so odds are that Google's would survive (much reduced), while smaller players would be driven out.
The self-driving car work will be profitable. It's not ready yet, but not too far off and Google has the cash reserves to get it there.
Other GoogleX work would probably die.
So... Google would take a serious hit, have to scale back its operations in lots of ways and would have to start charging for many services which are currently free. I think all in all, though, it would have a much easier time surviving than Facebook, because Google's underlying services are more valuable.
(Disclosure: I work for Google.)
(Note to self: test before posting)
python -c "with open('prime.txt','w') as f: f.write('0x1' + 'F' * 9275910)"
python -c "with open('prime.txt','w') as f: f.write('%d' % (2**74207281-1))"
That's gonna take a while. This is much faster:
python -c "with open('prime.txt','w') as f: f.write('0x' + 'F' * 9275910))"
Oop, but wrong. It leaves out one bit.
python -c "with open('prime.txt','w') as f: f.write('0x1' + 'F' * 9275910))"
That one is right.
python -c "with open('prime.txt','w') as f: f.write('%d' % (2**74207281-1))"
That's gonna take a while. This is much faster:
python -c "with open('prime.txt','w') as f: f.write('0x' + 'F' * 9275910))"
Today I think the American will be arrested for shouting in front of the White House and charged for terrorism.
I hear you, but luckily it's not that bad yet. Back in 2011 some protesters were arrested and charged with failure to obey a lawful order. They were told to "move along" and failed to comply because they'd handcuffed themselves to the fence and couldn't. That arrest and charge had been the practice for decades, but in 2011 the government took the new step of prosecuting. Prior to that, protestors were always offered the option of posting $500 bail and forfeiting it rather than going to trial. If they did that, the charge would be dropped. In 2011 they weren't offered that chance, and were prosecuted. Most took a deal where they plead guilty but their charges were dismissed. One refused and went to trial. The story was complicated, but ultimately a misdemeanor conviction and $100 fine resulted.
AFAICT, after that incident the government went back to the $500 get-out-of-jail approach.
So, no, you can still shout in front of the White House. If you stand there and the police ask you to move along and you don't obey, it'll cost you $500.
SELinux doesn't block access to this vulnerability, it merely makes exploitation more complex.
In Lollipop SELinux it does make it impossible. Nothing in the system used these syscalls, so access to them is completely disabled by SELinux. If you can obtain root you can disable SELinux, but if you can obtain root you don't need the vulnerability.
In Marshmallow there might be some possibility. A couple of system services started using the feature, so the SELinux configuration was partially opened up. We'll see if it turns out that there is some way to exploit it in Marshmallow. I suspect not, but if there is Marshmallow devices are also quite likely to be getting security updates, so most -- if not all -- will be patched very soon.
KitKat is the vulnerable population. The portion of it that is using 3.10. After digging a bit more, I found that the Nexus KitKat devices were still on 3.4, and that was the configuration Google recommended. Some OEMs switched to 3.10, though. I have no idea what the market share of KitKat w/3.10 is.
I have a Nexus 4.
Your Nexus 4 got Lollipop, which has SELinux turned on, which should block any access to this vulnerability.
Well, let's see how Google fixes this... Although Lollipop (5.0) has been out since june 2014, I can still order for example the HTC Desire 310 which comes with Jellybean (4.2).
How are all of these Android versions in the wild going to get fixed?
Since the bug didn't appear until kernel version 3.8, Jellybean devices are safe because Jellybean has kernel 3.4.39.
Also, since Lollipop and Marshmallow have SELinux in enforcing mode, blocking access to the relevant syscalls, the bug is present but not exploitable on Lollipop and Marshmallow devices.
This means that only KitKat devices (kernel 3.10) both have the bug and don't have SELinux blocking access to it. KitKat currently has about 36% market share.
Incidentally, this also means that no Nexus devices are vulnerable. All devices newer than Galaxy Nexus have been upgraded to at least Lollipop, and so have SELinux protection. The GNex stopped at Jelly Bean, so doesn't have a vulnerable kernel (though there are other JB vulns).
along with blocking duckduckgo.com from being a search engine
What are you talking about? Chrome doesn't "block" duckduckgo.com from being a search engine. In fact, it's even in the pre-configured list of search engines in the Chrome settings, and you can make it your default search engine with a grand total of four mouse clicks: click on the hamburger menu, then Settings, then "Manage search engines", then mouse over duckduckgo in the "Other search engines" list and click the "default" button that appears.
Luckily, we can search innocent people given the right conditions, because if we wouldn't go very far by only being able to search "proven guilty" people.
True. The standard for getting a search warrant is considerably lower than proof of guilt... but it's also a lot more than nothing. Specifically, police have to have "probable cause", which basically means some significant evidence of guilt, though not enough to prove guilt (else they'd have no need to search).
In the hypothetical, police have no evidence of guilt of any of the billion or so Gmail users, but want to search through their stuff anyway. That's a clear violation of the fourth amendment.
You know the best way to abolish corporate income taxes? By abolishing corporations.
What alternative structure would you use to perform capital-intensive projects? Unless you're going to turn all production of goods and large-scale services over to government (we've seen how well *that* works), corporations, or something very much like them, are necessary to provide a means for many individuals to pool their resources in order to do big things... big things like manufacturing essentially all of the goods that you use on a daily basis, including the computer you're reading this on.
While corporations do create some risks which need to be managed, as all centralization of power creates risks, they're absolutely essential and one of the key innovations that has made our modern high standard of living possible. In fact, it's not unreasonable to say that corporations are one of the most important and beneficial ideas the human race has ever had.
It doesn't matter if the search is only "the briefest of computerized 'touches' on their accounts", it's still a search of the modern equivalent of the "papers" of nearly a billion people. The government may not rifle through the papers of a billion people because they suspect that a handful of them may possess an incriminating document. Absolutely not. And neither can they compel a private company to do the rifling for them.
The better solution is just to abolish corporate income taxes. Corporate taxes ultimately come out of the pockets of real people anyway, whether customers (in the form of higher prices), employees (in the form of lower wages) or investors (in the form of lower gains), so corporate taxes are really just a way to tax real people (AKA "voters") in a hidden way. They don't know they're paying those taxes or how much the taxes are because the taxes are washed through the corporation -- which incidentally makes it almost impossible to tell if the taxes are progressive or regressive. This makes corporate taxes not only difficult to collect correctly and subject to huge lobbying pressure, it makes them evil. Taxes are fine, but taxpayers should know what they're paying.
So the best solution is to eliminate the corporate taxes entirely, and make up the shortfall by taxing real people more. Depending on which segment of the population you want to be paying those taxes, you can allocate them among sales/VAT taxes, personal income taxes or capital gains taxes.
It would also eliminates this particular competitive advantage of size.
You're claiming that Page and Brin aren't pretty smart? That's a pretty big claim, considering what they've done. And I don't mean building a business, I mean technically.
I don't recall, it was 5 or 6 years ago.
Ah, okay. My guess is that this was phased out before I encountered it. Google has tried a lot of different things. There's a relatively new one called "foo.bar" which is somewhat similar, but initiated by a challenge offered by Google web search, rather than by a recruiter.
http://thehustle.co/the-secret-google-interview-that-landed-me-a-job
I can state with absolute certainty that the average Google engineer would be a star virtually anywhere else in the industry.
So, Google manages to get a whole bunch of star programmers together and churn out... absolute shit?
I disagree with your assessment of Google's products, but even if we accept it hypothetically, the things you complain about aren't the programmers' job. Deciding what products should do and how they should look is the job of product management and UX design. But if you want to do anything at the scale Google does it, you need really good, and really clever, people. Try building YouTube... not the penny ante little system that existed when Google bought it, but the behemoth that exists now. Only Netflix generates more traffic and Netflix has a dramatically easier problem because their catalog is many (five? six?) orders of magnitude smaller.
Look at the product offerings from Google since Gmail and Google Maps, how many of those people actually want to use? Google Wave? Google+?
Android? Google Docs? And, FWIW, I think Google+ is by far the best of the social networks around, especially if you like to engage in serious conversations.
"...candidate showed a lack of aptitude bordering on open disdain for abstract thinking that leads one to wonder why on earth he chose this profession..."
+1
So when I'm confronted with the Bus Gold Ball Problem [quora.com] and answer with "calculate the volume of the bus, which would be easy, and start throwing gold balls in a pool until I get the same amount of water displaced" and I get back "well we wanted to see your math" I get discouraged.
Yeah, that would be a really sucky interview question.
The answer is that at Google I don't have to deal with idiots. It's possible my co-workers think I'm the idiot (though they hide it well, if so), but that's their problem. Also, being below average at Google pays better than being a star most other places.
I ran into quite a few idiots while working the Google help desk in 2008. The most memorable idiot was a new hire from Stanford University who was shocked — shocked! — that he had to press the power button on his workstation. He actually wanted someone to come out to his desk to turn on his computer. I explained to him that a corporate cubicle farm wasn't a university computer lab.
Actually, some of the most brilliant people I've ever met fall into that sort of "idiot" category. I went to school with a guy who made a habit of reading math textbooks. He'd read the definitions, read a theorem, close the book, prove the theorem, open the book and move on. Insanely smart. But he could barely tie his own shoes.
I'm not saying your kid from Stanford was one of those... but it's a distinct possibility. Stanford doesn't tend to graduate CS majors who aren't pretty smart, and Google doesn't tend to hire them. There are exceptions, but they're very rare.