There are approximately 2080 working hours per year (52 weeks per year, 5 work days per week, 8 hours per work day).
That doesn't include any vacations or lunch breaks. A more normal figure is 1650 hours. Regardless, we're talking about the Home Secretary. She is one of the most senior ministers in the land and does many different things. She is not a full time warrant approver. There's just no way she can do all her other tasks AND this whilst having any time left over.
But even if she was, what kind of review can one person possibly engage in with less than an hour to examine each warrant? They pretty much has to believe whatever is written on it. It's hard to imagine that this is a robust process.
You may think you're discussing something in a calm, logical way -- but to the other person whom you're criticizing, all they see is a point-by-point attack on their work. All it takes is a couple little places where the meaning could be misconstrued, and suddenly they can become very defensive.
Yes, but ultimately that's their problem. Unless they are your boss, of course, in which case it's your problem AND the companies problem.
Whilst it's true that writing an email and then trashing it, or waiting a day to send it, is often a useful strategy (and I've done that myself a bunch of times)..... it rarely solves anything long term. The underlying reason for the anger will still be there. People who deflect attention from their mistakes by saying "he/she offended me" don't actually improve the workplace, they just push the pain off onto another day (and make it worse next time).
The problem with email is not that it's an impersonal medium where it's hard to calibrate your tone. The problem is the opposite - when face to face with someone who is visibly angry or upset it's very hard to speak plainly and tell it like it is. People chicken out, they bail when they see the signs of anger or hurt on the other persons face. Nobody likes to be a meanie.
But now think about all the completely nonsensical, illogical, vastly disruptive rubbish that organisations engage in all over the world, every day. Someone, somewhere in that organisation knows that what they're doing is bad for the customer, or is a huge waste of money, but cannot say it without hurting someone's feelings. So things just carry on. People who really shouldn't be in the job are left alone or even promoted, and the people who can see plainly how messed up things are leave, making the problem worse. How many times have you heard people complain about a corporate culture of ass kissing?
We internalise this sort of thing as "big companies are slow, only startups can innovate" and other such business aphorisms, but often all it boils down to is that without a medium like email, it's often too hard to speak plainly and lay out harsh truths. Small companies don't have enough of a financial cushion to place being nice to your colleague above factual reality. Big companies do. But with email, natural instincts like "oh shit he's going to whack me" or "this woman is crying and probably won't mate with me now" get buried. So people find it easier to say things that might be hurtful, but might also be true and ultimately better long term for the organisation.
Of course, the line is very blurry. There are sometimes people who aren't speaking hard truths, they're just genuinely assholes. But my experience has been that genuine assholes are rare, whereas everyone can just have a bad day or get irritated at poor behaviour by someone else.
Yes, the hypocrisy is the most stunning thing about this guys position. His rationalisation for SIGINT was "if the state knows everything, they'll see that you're truly a good person", where the word good should of course actually read loyal.
But then when a journalist contacts him and offers to let the world get to know him much better, he suddenly decides he likes his privacy and anonymity after all.
I wonder if he feels the cognitive dissonance at all. Probably not.
Well, can't have it both ways. I agree - they should have doxxed him. And if/when random strangers turn up outside his house, follow his wife and kids around, and constantly force him to justify his life.... he can't complain. What goes around comes around.
To the psychopath that decided this person was Socrates I will ask that they actually go study Socrates
I guess you didn't RTFA. The article calls him that because he answered a writing job ad for the NSAs internal magazine that asked, "Are you the Socrates of SIGINT"? The articles author didn't name him that, and he didn't name himself that.
Drones have a long way to go before they are numerically equivalent to Auschwitz, but let's face it, they're both systematic assassination programs that target people in a particular ethnic group which a wildly aggressive administration simply doesn't like. Many strikes are against people whose names aren't even known. The NSA is a key part of the drone program. You can't work there and not be supporting it.
The fact that we don't all wear trackers that inform the government of where we are at all times hinders justice
We do wear trackers that inform the government of where we are at all times, and if/when engineers figure out how to block cell phone triangulation the shitstorm that will result will make this one look like a stroll through a grassy meadow.
The fact that all financial transactions aren't conducted electronically hinders justice.
A few governments are talking about completely banning cash, specifically so all financial transactions are trackable. Most countries just satisfy themselves with severely restricting it.
The fact I can go wherever I want without first obtaining permission from the government hinders justice.
You can't do that either. If your passport is revoked, you're sitting right where you are. Look at how Snowden ended up in Russia.
The fact that I don't have to submit to those intrusions is part of my freedom.
You talk a good talk, but the freedoms you named are already lost. And the attempt to recover even just a tiny part of them is, I fear, likely to end in a swift crackdown by governments who ultimately don't give a shit what nerds and geeks think. If they end up killing innovation in communication systems along the way, well, they were never really comfortable with new technology anyway were they?
They probably did. And having subsequently got the info they wanted and still failed to solve the case, they decided to blame tech companies instead of themselves. After all, what if the answer was conveniently waiting for them behind the lock screen?
Of course, the phones might have contained nothing of interest at all. They don't know. But it's so easy to blame someone else....
It's not just the assumptions that are invalid. Some of the statements presented as fact are also invalid.
For example:
For our investigators to conduct searches in any of our jurisdictions, a local judge or commissioner must decide whether good cause exists.
The UK routinely issues warrants rubber-stamped by the Home Secretary, not a judge. I believe in the span of just one year Theresa May is supposed to have issued several THOUSAND warrants, so obviously it's not possible that each one was actually reviewed.
we are not talking about violating civil liberties — we are talking about the ability to unlock phones pursuant to lawful, transparent judicial orders
They're talking to companies that have been repeatedly served with "lawful judicial orders" from places like the FISA Court. Guess what? Google can't pick and choose which court orders it acts on depending on the quality of that court. It's all or nothing. If these prosecutors are pissed off that they suddenly lost access to people's smartphones they need to take a long hard look at what other sections of government have been doing to trigger this.
The new Apple encryption would not have prevented the N.S.A.’s mass collection of phone-call data or the interception of telecommunications, as revealed by Mr. Snowden
This statement may be technically true, but again, it's a useless thing to say. Whilst this article seems to focus on full disk encryption, other very similar op-eds have focused on the end to end encryption provided by iMessage and WhatsApp. The strategy of these products is obvious: encrypt everything. If governments can snarf it off the wire, they will, so encrypt that. And then if they are rejected at the wire but can get it physically from the device, they will, so encrypt that too.
By attacking one piece of the strategy in isolation whilst ignoring the other components, of course they can claim it'd not solve the problem. But so what?
They're writing the wrong op-ed. Instead of getting angry at tech companies for reacting to colossal abuses of power, they should be publicly calling for the heads of Keith Alexander and his friends. It's because some government agencies pissed in the well that the water is now polluted for all of them, even the "good ones" as they see themselves. If these agencies were severely crippled or abolished, the argument for rethinking features like smartphone FDE would suddenly get a lot stronger. But they aren't asking for that because they are just too weak to endanger their own careers by attacking politicians sacred cows.
With three major, ecosystem-wide exploits published just in the last week or so, why can I still not get root on my S6 Active?
Because that'd make the Android security model the same as the Windows security model. Which is, you know, a failure.
"Application 'Samsung Totally Official Important Update' wants root: approve/deny"
What could possibly go wrong?
Devices that allow firmware reflashing like the Nexus devices are sold on the understanding that only power users and OS enthusiasts will ever find the hidden switches to allow it. And those people can go ahead and buy hardware that caters for them. For Joe Sixpack a Samsung that won't let the user accidentally give away the keys to the security kingdom is probably the better bet.
Carriers, either push out the security updates to all affected phones, or release unlockers to allow your customers to defend themselves; there should be no other options given to you.
Historically, there has been a reason for the way carriers are with respect to software updates. They aren't actually evil you know - they're staffed by engineers, just like most of us.
The issue is that before Android and iOS came along, the vast majority of all phones had firmware updates rarely or at all. Whats more, most phones were made by hardware companies that happened to have a software division, and often the firmwares were of very low quality. Carriers do massive QA/acceptance testing on phones not because they are masochists who like wasting money, but because the carrier testing process had a habit of revealing a lot of bugs. This was true even of the G1 (first Android phone). T-Mobile filed lots of useful bug reports against Android and HTC.
So now you have corporate structures and policies all designed on the assumption that phone manufacturers are full of incompetent, Christmas-deadline-driven embedded developers desperately trying and failing to build working GUIs. And frankly there have been cases in the past where software updates pushed to phones do cause them to regress, even for iPhones and Androids (e.g. think about iOS updates that make the phone really slow).
Yes, it's easy to hate on carriers if you're a tech geek who wants the freshest code on day one and are OK with some rough edges. For everyone else they add a layer of QA that isn't totally useless. The problems start when carriers aren't structurally flexible enough to create fast-track processes for approving security updates, or trusting enough to let OEMs skip approval for security updates. Then they slow down a process where speed is of the essence.
It's not exactly a flaw in Java. All their exploits rely on finding bits of Java that call into C/C++ code because that's the only way to break out of the memory-safe type system constraints. If Android had used a pure Java SSL implementation (like Java SE does) instead of wrapping OpenSSL, this issue would not have existed, as the only class in the entire framework that was vulnerable to this was one that wrapped a native C structure and the issue worked through manipulation of C/C++ memory management code.
So this boils down to "native code is dangerous". Which we already knew. Stagefright was just the same: the parts of Android written in Java rarely have security bugs, and the most serious issues invariably crop up in the C/C++ components.
However. One could argue that the Java serialization mechanism makes it a little bit too easy to accidentally de/serialise things that you didn't mean to. As the paper notes, it is an opt out system in which you tag fields which should not be loaded/unloaded, rather than the other way around. This makes it easy to serialise too much. If you then deserialise a native pointer which is freed inside a finaliser..... bang. So we can imagine that Java could make it harder to commit this mistake if it had a better designed serialisation system. Nobody likes Java serialisation: it's one of the oldest parts of the platform and dates back to the early 90s, before anyone realised the subtle security implications of deserialising malicious object graphs. But of course it cannot be removed for backwards compatibility reasons. Perhaps the Android tools should warn about usage of it, though.
And the design of the Android APIs also comes under fire..... they will happily deserialise objects that the developer did not expect. If they simply asked the developer "what is it you expect this bundle to contain" and then did some checks before actually deserialising the objects, the whole issue could have been avoided as well.
So there are multiple places where things can be tightened here.
iOS and MacOSX have had tons of bugs to do with deserialization of messages passed inter-process, usually XPC type confusion issues.
This is a very neat sort of attack, but it requires quite a few rarely used features to appear in conjunction to pull off, which is why they only found one exploitable class in the entire Android SDK. Their mitigation suggestions are good and can be implemented with some fairly minor API upgrades. I don't think this bug in particular is going to tip the security balance between iOS and Android much.
Good god man, you're right! Reddit Technology(tm) represents a massive investment of R&D. I guess the only way anyone could compete would be to install the open source code of Reddit itself!
The web has video that works these days, yes. This is progress. It also has platforms like Twitter and Facebook that encourage ordinary people to publish and hyperlink to things, even if those people are not wordsmiths and would never have had a regular blog.
Despite all these wonderful new things, I have not noticed people suddenly ceasing to write long form articles. It's been purely additive.
I didn't actually see any evidence of Facebook censoring content because it's insulting to Ataturk on the linked page. The "evidence" appears to be a document that doesn't mention Facebook anywhere, but, let's take it as read that this really is a list of Facebook content abuse standards.
Even with that assumption, things related to Turkey are not listed as always banned. They are under a section labelled "escalate", meaning, if it gets hot, send it to management.
It may well be that Facebook has decided to enforce Turkish laws about this in order to get themselves unbanned there. But it may also be that upper management just wants more precise control over this hot potato. Once I see a clear message from Facebook saying a group was suspended for violating Turkish censorship laws, then I'll agree.
In fact, as a developer, Firefox OS is much more closed to me than Android or iOS are.
Yup.
The problem with FirefoxOS can be summed up in one word: web. The Mozilla guys have NEVER accepted that the web is a shitty platform. The closest they ever came to that was inventing XUL and XBL, but I read that they have been trying to move away from them for a long time in favour of (gah) HTML 5.
Android and iOS utterly spank FirefoxOS because the engineers who built them have no starry-eyed ideological driven illusions about web technologies. Android manages to be open through the clever trick of.... wait for it.... being open source. Not marriage to a more or less randomly evolved technology stack. iOS simply doesn't care: it's an explicit non-goal for them.
Mozilla will continue to waste effort on ridiculous projects like this until they accept the fundamental truth that Javascript is not the worlds best language, HTML is not a particularly great layout language and CSS is not a great styling language. And the combination of all of them is less than the sum of its parts.
YouTube uses various forms of DRM. You aren't supposed to just write arbitrary new frontends for it, even though people do... but Google has both the right and the ability to crack down on that any time they like.
The problem with video compression is that many of the patents involved do represent real research, the expensive kind. They aren't one-click shopping patents. They're fundamentally pushing forward the state of the art. The people who do that work are expensive and need a lot of time, so, there has to be some way to pay for their efforts. Google's approach of subsidising all research via search ads is perhaps not as robust as one might hope for, even though it's convenient at the moment.
I don't know if DASH specifically is complex enough to deserve patent protection, but if you look at the massive efforts that go into the development of codecs like h.264, h.265 etc, the picture gets more complex. It's not pharmaceutical level research budgets but it's probably the closest the software world gets.
No, the issue is that it's open source and carriers customise the components. Android had a working online update infrastructure since day one, actually since before Apple did. But that's no use when the first thing OEMs do is repoint those mechanisms at their own servers and make huge changes to the code.
The comparisons with Linux are especially strange. Guess what? Upstreams who develop software for Linux and see it get repackaged by distributors are in exactly the same boat as Google. They see their software get packaged up, distributed, bugs possibly introduced and then upgrades may or may not make it to users. Yeah yeah, Debian say they backport security fixes. That's great when it's a popular package and a one liner. When the security fix in question is a major architectural upgrade, like adding a sandbox to an app, then users just get left behind on old versions without the upgrades because that's the "stable" version.
And of course many users are on Linux distros that stop being supported pretty quick. Then you're in the same boat as Android: old versions don't get updates.
Governments don't always suck at providing services, you know. The BBC is one of the only major news outlets that does actually try to be unbiased, even if they aren't always perfect at it.
Slashdot Mirror
That doesn't include any vacations or lunch breaks. A more normal figure is 1650 hours. Regardless, we're talking about the Home Secretary. She is one of the most senior ministers in the land and does many different things. She is not a full time warrant approver. There's just no way she can do all her other tasks AND this whilst having any time left over.
But even if she was, what kind of review can one person possibly engage in with less than an hour to examine each warrant? They pretty much has to believe whatever is written on it. It's hard to imagine that this is a robust process.
Yes, but ultimately that's their problem. Unless they are your boss, of course, in which case it's your problem AND the companies problem.
Whilst it's true that writing an email and then trashing it, or waiting a day to send it, is often a useful strategy (and I've done that myself a bunch of times) ..... it rarely solves anything long term. The underlying reason for the anger will still be there. People who deflect attention from their mistakes by saying "he/she offended me" don't actually improve the workplace, they just push the pain off onto another day (and make it worse next time).
The problem with email is not that it's an impersonal medium where it's hard to calibrate your tone. The problem is the opposite - when face to face with someone who is visibly angry or upset it's very hard to speak plainly and tell it like it is. People chicken out, they bail when they see the signs of anger or hurt on the other persons face. Nobody likes to be a meanie.
But now think about all the completely nonsensical, illogical, vastly disruptive rubbish that organisations engage in all over the world, every day. Someone, somewhere in that organisation knows that what they're doing is bad for the customer, or is a huge waste of money, but cannot say it without hurting someone's feelings. So things just carry on. People who really shouldn't be in the job are left alone or even promoted, and the people who can see plainly how messed up things are leave, making the problem worse. How many times have you heard people complain about a corporate culture of ass kissing?
We internalise this sort of thing as "big companies are slow, only startups can innovate" and other such business aphorisms, but often all it boils down to is that without a medium like email, it's often too hard to speak plainly and lay out harsh truths. Small companies don't have enough of a financial cushion to place being nice to your colleague above factual reality. Big companies do. But with email, natural instincts like "oh shit he's going to whack me" or "this woman is crying and probably won't mate with me now" get buried. So people find it easier to say things that might be hurtful, but might also be true and ultimately better long term for the organisation.
Of course, the line is very blurry. There are sometimes people who aren't speaking hard truths, they're just genuinely assholes. But my experience has been that genuine assholes are rare, whereas everyone can just have a bad day or get irritated at poor behaviour by someone else.
Yes, the hypocrisy is the most stunning thing about this guys position. His rationalisation for SIGINT was "if the state knows everything, they'll see that you're truly a good person", where the word good should of course actually read loyal.
But then when a journalist contacts him and offers to let the world get to know him much better, he suddenly decides he likes his privacy and anonymity after all.
I wonder if he feels the cognitive dissonance at all. Probably not.
Well, can't have it both ways. I agree - they should have doxxed him. And if/when random strangers turn up outside his house, follow his wife and kids around, and constantly force him to justify his life .... he can't complain. What goes around comes around.
I guess you didn't RTFA. The article calls him that because he answered a writing job ad for the NSAs internal magazine that asked, "Are you the Socrates of SIGINT"? The articles author didn't name him that, and he didn't name himself that.
Drones have a long way to go before they are numerically equivalent to Auschwitz, but let's face it, they're both systematic assassination programs that target people in a particular ethnic group which a wildly aggressive administration simply doesn't like. Many strikes are against people whose names aren't even known. The NSA is a key part of the drone program. You can't work there and not be supporting it.
It's trivial. The article has enough specific info to locate the guys blog very easily.
We do wear trackers that inform the government of where we are at all times, and if/when engineers figure out how to block cell phone triangulation the shitstorm that will result will make this one look like a stroll through a grassy meadow.
A few governments are talking about completely banning cash, specifically so all financial transactions are trackable. Most countries just satisfy themselves with severely restricting it.
You can't do that either. If your passport is revoked, you're sitting right where you are. Look at how Snowden ended up in Russia.
You talk a good talk, but the freedoms you named are already lost. And the attempt to recover even just a tiny part of them is, I fear, likely to end in a swift crackdown by governments who ultimately don't give a shit what nerds and geeks think. If they end up killing innovation in communication systems along the way, well, they were never really comfortable with new technology anyway were they?
They probably did. And having subsequently got the info they wanted and still failed to solve the case, they decided to blame tech companies instead of themselves. After all, what if the answer was conveniently waiting for them behind the lock screen?
Of course, the phones might have contained nothing of interest at all. They don't know. But it's so easy to blame someone else ....
It's not just the assumptions that are invalid. Some of the statements presented as fact are also invalid.
For example:
The UK routinely issues warrants rubber-stamped by the Home Secretary, not a judge. I believe in the span of just one year Theresa May is supposed to have issued several THOUSAND warrants, so obviously it's not possible that each one was actually reviewed.
They're talking to companies that have been repeatedly served with "lawful judicial orders" from places like the FISA Court. Guess what? Google can't pick and choose which court orders it acts on depending on the quality of that court. It's all or nothing. If these prosecutors are pissed off that they suddenly lost access to people's smartphones they need to take a long hard look at what other sections of government have been doing to trigger this.
This statement may be technically true, but again, it's a useless thing to say. Whilst this article seems to focus on full disk encryption, other very similar op-eds have focused on the end to end encryption provided by iMessage and WhatsApp. The strategy of these products is obvious: encrypt everything. If governments can snarf it off the wire, they will, so encrypt that. And then if they are rejected at the wire but can get it physically from the device, they will, so encrypt that too.
By attacking one piece of the strategy in isolation whilst ignoring the other components, of course they can claim it'd not solve the problem. But so what?
They're writing the wrong op-ed. Instead of getting angry at tech companies for reacting to colossal abuses of power, they should be publicly calling for the heads of Keith Alexander and his friends. It's because some government agencies pissed in the well that the water is now polluted for all of them, even the "good ones" as they see themselves. If these agencies were severely crippled or abolished, the argument for rethinking features like smartphone FDE would suddenly get a lot stronger. But they aren't asking for that because they are just too weak to endanger their own careers by attacking politicians sacred cows.
Because that'd make the Android security model the same as the Windows security model. Which is, you know, a failure.
"Application 'Samsung Totally Official Important Update' wants root: approve/deny"
What could possibly go wrong?
Devices that allow firmware reflashing like the Nexus devices are sold on the understanding that only power users and OS enthusiasts will ever find the hidden switches to allow it. And those people can go ahead and buy hardware that caters for them. For Joe Sixpack a Samsung that won't let the user accidentally give away the keys to the security kingdom is probably the better bet.
Historically, there has been a reason for the way carriers are with respect to software updates. They aren't actually evil you know - they're staffed by engineers, just like most of us.
The issue is that before Android and iOS came along, the vast majority of all phones had firmware updates rarely or at all. Whats more, most phones were made by hardware companies that happened to have a software division, and often the firmwares were of very low quality. Carriers do massive QA/acceptance testing on phones not because they are masochists who like wasting money, but because the carrier testing process had a habit of revealing a lot of bugs. This was true even of the G1 (first Android phone). T-Mobile filed lots of useful bug reports against Android and HTC.
So now you have corporate structures and policies all designed on the assumption that phone manufacturers are full of incompetent, Christmas-deadline-driven embedded developers desperately trying and failing to build working GUIs. And frankly there have been cases in the past where software updates pushed to phones do cause them to regress, even for iPhones and Androids (e.g. think about iOS updates that make the phone really slow).
Yes, it's easy to hate on carriers if you're a tech geek who wants the freshest code on day one and are OK with some rough edges. For everyone else they add a layer of QA that isn't totally useless. The problems start when carriers aren't structurally flexible enough to create fast-track processes for approving security updates, or trusting enough to let OEMs skip approval for security updates. Then they slow down a process where speed is of the essence.
It's not exactly a flaw in Java. All their exploits rely on finding bits of Java that call into C/C++ code because that's the only way to break out of the memory-safe type system constraints. If Android had used a pure Java SSL implementation (like Java SE does) instead of wrapping OpenSSL, this issue would not have existed, as the only class in the entire framework that was vulnerable to this was one that wrapped a native C structure and the issue worked through manipulation of C/C++ memory management code.
So this boils down to "native code is dangerous". Which we already knew. Stagefright was just the same: the parts of Android written in Java rarely have security bugs, and the most serious issues invariably crop up in the C/C++ components.
However. One could argue that the Java serialization mechanism makes it a little bit too easy to accidentally de/serialise things that you didn't mean to. As the paper notes, it is an opt out system in which you tag fields which should not be loaded/unloaded, rather than the other way around. This makes it easy to serialise too much. If you then deserialise a native pointer which is freed inside a finaliser ..... bang. So we can imagine that Java could make it harder to commit this mistake if it had a better designed serialisation system. Nobody likes Java serialisation: it's one of the oldest parts of the platform and dates back to the early 90s, before anyone realised the subtle security implications of deserialising malicious object graphs. But of course it cannot be removed for backwards compatibility reasons. Perhaps the Android tools should warn about usage of it, though.
And the design of the Android APIs also comes under fire ..... they will happily deserialise objects that the developer did not expect. If they simply asked the developer "what is it you expect this bundle to contain" and then did some checks before actually deserialising the objects, the whole issue could have been avoided as well.
So there are multiple places where things can be tightened here.
iOS and MacOSX have had tons of bugs to do with deserialization of messages passed inter-process, usually XPC type confusion issues.
This is a very neat sort of attack, but it requires quite a few rarely used features to appear in conjunction to pull off, which is why they only found one exploitable class in the entire Android SDK. Their mitigation suggestions are good and can be implemented with some fairly minor API upgrades. I don't think this bug in particular is going to tip the security balance between iOS and Android much.
Good god man, you're right! Reddit Technology(tm) represents a massive investment of R&D. I guess the only way anyone could compete would be to install the open source code of Reddit itself!
Triangulation and the fact that cell towers have multiple directional aerials.
Publishing meaningful written content doesn't use any meaningful upstream bandwidth. Try again!
No it isn't.
The web has video that works these days, yes. This is progress. It also has platforms like Twitter and Facebook that encourage ordinary people to publish and hyperlink to things, even if those people are not wordsmiths and would never have had a regular blog.
Despite all these wonderful new things, I have not noticed people suddenly ceasing to write long form articles. It's been purely additive.
In fairness, many AV engines are total crap and are notorious for interfering and breaking all kinds of software.
I didn't actually see any evidence of Facebook censoring content because it's insulting to Ataturk on the linked page. The "evidence" appears to be a document that doesn't mention Facebook anywhere, but, let's take it as read that this really is a list of Facebook content abuse standards.
Even with that assumption, things related to Turkey are not listed as always banned. They are under a section labelled "escalate", meaning, if it gets hot, send it to management.
It may well be that Facebook has decided to enforce Turkish laws about this in order to get themselves unbanned there. But it may also be that upper management just wants more precise control over this hot potato. Once I see a clear message from Facebook saying a group was suspended for violating Turkish censorship laws, then I'll agree.
Yup.
The problem with FirefoxOS can be summed up in one word: web. The Mozilla guys have NEVER accepted that the web is a shitty platform. The closest they ever came to that was inventing XUL and XBL, but I read that they have been trying to move away from them for a long time in favour of (gah) HTML 5.
Android and iOS utterly spank FirefoxOS because the engineers who built them have no starry-eyed ideological driven illusions about web technologies. Android manages to be open through the clever trick of .... wait for it .... being open source. Not marriage to a more or less randomly evolved technology stack. iOS simply doesn't care: it's an explicit non-goal for them.
Mozilla will continue to waste effort on ridiculous projects like this until they accept the fundamental truth that Javascript is not the worlds best language, HTML is not a particularly great layout language and CSS is not a great styling language. And the combination of all of them is less than the sum of its parts.
YouTube uses various forms of DRM. You aren't supposed to just write arbitrary new frontends for it, even though people do ... but Google has both the right and the ability to crack down on that any time they like.
For many software patents, I'd agree with you.
The problem with video compression is that many of the patents involved do represent real research, the expensive kind. They aren't one-click shopping patents. They're fundamentally pushing forward the state of the art. The people who do that work are expensive and need a lot of time, so, there has to be some way to pay for their efforts. Google's approach of subsidising all research via search ads is perhaps not as robust as one might hope for, even though it's convenient at the moment.
I don't know if DASH specifically is complex enough to deserve patent protection, but if you look at the massive efforts that go into the development of codecs like h.264, h.265 etc, the picture gets more complex. It's not pharmaceutical level research budgets but it's probably the closest the software world gets.
No, the issue is that it's open source and carriers customise the components. Android had a working online update infrastructure since day one, actually since before Apple did. But that's no use when the first thing OEMs do is repoint those mechanisms at their own servers and make huge changes to the code.
The comparisons with Linux are especially strange. Guess what? Upstreams who develop software for Linux and see it get repackaged by distributors are in exactly the same boat as Google. They see their software get packaged up, distributed, bugs possibly introduced and then upgrades may or may not make it to users. Yeah yeah, Debian say they backport security fixes. That's great when it's a popular package and a one liner. When the security fix in question is a major architectural upgrade, like adding a sandbox to an app, then users just get left behind on old versions without the upgrades because that's the "stable" version.
And of course many users are on Linux distros that stop being supported pretty quick. Then you're in the same boat as Android: old versions don't get updates.
Don't worry, NuPlayer is sure to have its own unique collection of buffer overflows!
Governments don't always suck at providing services, you know. The BBC is one of the only major news outlets that does actually try to be unbiased, even if they aren't always perfect at it.