Have to agree on the stretching bit. If you want to treat the fans to extra detail maybe stretch it out to two movies, but three is really pushing it.
In order to have three movies you need three sets of introductions, developments, climaxes, resolutions, etc. The original story just wasn't designed that way, so lots of stuff has to be wedged in.
You'll find local and network printer search and configuration, default paper and printer settings, print queues, pretty much everything you need, all in a nice pretty gui.
Yup, and there is a 10% chance that your printer will even be in the list, or work. My last printer was a nightmare to get working with CUPS, and at some point a foomatic upgrade broke it somewhat (disabled color or something).
My current printer is a postscript printer and I'll never go back - works out-of-the-box with the vendor-provided ppd with almost zero effort to set up. However, this is still not the norm for linux printing, unless your distro is doing a LOT of integration work.
especially if they're looking at a combat assignment like fighter pilot
While I tend to agree in general, the air force is probably about as far from the action as you can get in the military. If you don't leave the base it would be almost impossible to get shot at, and the bases are likely to be in relatively safe areas of any occupied territory. Even in a combat assignment like being a fighter pilot there aren't a lot of countries with the ability to shoot down a US plane unless they get VERY lucky.
I just figured no one with another opportunity would bother. Even going into the military there are better paying fields to deal with. That made me assume most just would not bother.
Well, not everybody is in it for the money. I'm sure quite a few are interested it for patriotic reasons, though I imagine that was more appealing back when being in the military was more about being ready for war and not constantly being in a state of war.
West Point isn't that large, and the top 5% of the entire country's graduating class is VERY large. It doesn't take that many applicants to fill it up.
Bring the warthog, the only useful plane in the US Air Force's inventory in the last 30 years.
The A10 is a great plane, and it would be wonderful if there were other aircraft to fill the niche. However, it does need support to operate. You're not going to be having a great time shooting up tanks if the sky is crawling with enemy air-superiority fighters who have free reign to drop missiles on you all day long. You can duck behind hills from SAM sites, but not when the SAM site is at 37,000 feet.
Pilots have always left the air force for private jobs. I think the issue is likely that fewer are signing up to replace them, because the news is out that pilots don't make much money.
If you pay commercial pilots more, then more pilots will join the air force for 5-10 years in order to become commercial pilots later.
Sure, we're likely to see many pilots retire at 65 and all that, but with all the industry consolidation the fact is that new pilots can't make money. There are tons of people with experience flying airliners who can't get jobs flying airliners.
a sapphire glass screen sounds interesting (though will it be as strong as gorilla glass - I doubt it)
Depends on your definition of "strong." If you're going to drop your phone and have it impact a hard surface, then the gorilla glass is probably superior. If you're going to stick the phone in your pocket next to your keys, the sapphire will be FAR superior, unless you have a diamond-studded keychain. Sapphire is very difficult to scratch due to its hardness.
1. If judges have no ability to use discretion we are shielded from much judicial abuse, but we become a nation ruled by lawyers and those who can afford to hire them.
2. If judges have a lot of discretion, then we become a nation ruled by judges. The character of the judges will determine what that nation is like to live in, and judicial abuse will be a larger problem.
Oh, for something like a payment tag that makes a lot of sense. I don't like the idea of having to go to the NFC consortium or tag vendor to have to do a lookup.
I was referring more to tags that people put on things and program only to affect their own phone. If I want to associate a particular tag with turning on WiFi, why is it necessary to store "turn on wifi" in the tag, and what stops somebody else from storing "wipe phone" on the tag while I'm away from it?
The whole idea of having an update feature in a SIM seems foolish to me. Do they have the same thing in credit cards that have a chip?
Yeah, I don't get it either. I also don't get why people do the same thing with NFC tags. I was looking at getting some and was really surprised to see that the phone is used to store data on the tag, and then later this data is used to trigger some kind of phone action. It would make a lot more sense to just stick a dumb GUID on the NFC chip and then just do a DB lookup on the phone to see what to do when it is scanned.
Unnecessary complexity just leads to problems. The SIM card should just have a key burned into it with a simple program that uses it to negotiate session keys with the tower. Such a device could be designed to be extremely hard to penetrate - if you make the thing an updatable turing-complete machine it opens up all kinds of attacks from getting it to run arbitrary code to making it much harder to defeat differential power analysis.
Most gag order statutes have been voided for being unconstitutional.
Great, so all you have to do is go ahead and violate an order (publishing some single event that on its own is trivial), then watch the powers descend on you, take away all your stuff, and possibly lock you up as well. Then you can begin a 5-10 year court battle to get it all back, facing the risk of a long prison term the entire time. That battle will likely cause you to lose your job and waste away a good portion of your adult life.
But yes, in the end there is a decent (but far from certain) chance that you will win. If so, you won't even get an apology - they'll just let you return to life with little more than the clothes on your back so that you can start saving what little you can for your retirement.
Current laws are bad because they assume complete knowledge of the law (ignorance of the law is no excuse, and all that) but the law is unknowable (it changes faster than people can read, and is based on "case law" that is semi-closed and highly complex. When you commit 3 felonies a day, then why bother trying to follow the law?
Ironically, the law suffers from the exact opposite problem at the same time - it is possible to have complete knowledge of certain areas of the law and thereby design a set of actions that both complies with the letter of the law and completely subverts its intent. That's why you can have 14 congressional hearings after some big disaster and yet nobody goes to prison.
For ordinary people the law is a tangled web waiting to snare them. For the spiders crawling around the web, the law is a weapon used to snare the government itself.
Well it turns out that the US justice system is one such that people have to actually violate a law to be tried and convicted, not to just make someone on Slashdot mad.
And that is why corruption is rampant on wall street. I do not think that it is possible to prevent major economic problems in the modern world simply by creating a set of detailed rules and strictly enforcing them. To be more explicit, I think that if your legal system is such that is possible to know whether an act is legal in advance of committing the act then the legal system will not be adequate for preventing undesired outcomes like insiders having unfair advantage, massive concentration of wealth, and the subversion of democracy by bribes.
The reason is simple - it is much easier to work around a law than to create a law. If Congress creates any set of laws, then millions of people will have huge incentives to avoid following the intent of those laws, and they'll look for loopholes that meet the letter of the law and find them. I do not believe it is possible to write a law that contains no loopholes if the enforcement of that law is held rigidly to the letter of the law. The law is slow to change, and those subverting the law are flexible and industrious. I know of a man who was teaching an ethics class for lawyers and most of the questions he got from his class basically amounted to working out exactly how egregiously the students could behave without being punished for it.
I think the only way to prevent things like what happened in 2008 is to round up a bunch of top-level executives from the major banks, declare that they have been found to have followed the letter of the law perfectly, and then sentence them to 20 years in prison anyway. That clearly would not be possible under the US legal system, but it would send a message that extraordinary antisocial behavior will be punished regardless of its legality.
Some of the bedrock principles of jurisprudence is that the law should be consistent and well-defined. It is these very principles that make it ineffective. In order to make it impossible to work around the letter of the law it must not be possible to be certain in advance whether a particular behavior is actually legal.
If all you want to do is blow up a bunch of people, then just send a bomber into the security line and have them set it off when they're in the middle. Or target busses or something.
Meanwhile "The Randomizer" pulls aside a four year old while letting through some sweaty guy with the shakes and an oddly bulging coat.
How do you know that somebody didn't stick something in the four year old's bag? If you proclaim that we'll never search kids and old ladies, then they'll get used as an attack vector of some kind.
I think that having a truly random component to search selection criteria makes sense. That doesn't mean that you can't also have other ways of determining who gets searched. However, at least some part of it should be completely random so that ANYBODY could end up getting searched. That creates risk for those circumventing security without any real way to avoid it.
Yeah, but there's only so many bodies out there in the solar system. Probably under 200 planets/moons/rocks out there that can be used for this purpose. It probably wouldn't take much to throw a super-computer at the problem and just crunch through all the possibilities.
Naively I'd be inclined to agree, but there are a lot of combinations. Cassini encountered Venus twice, the Earth once, and Jupiter once on the way to Saturn. Jupiter is a pretty natural target to hit once at the end of the trip since it is so large and far out, and you really don't want to hit it more than once unless you want to have your grandkids crunching your data when the mission is over. However, for the inner planets there are a lot of possibilities. Again, you don't have to hit them at your periapsis even if that is where you get the biggest boost - being able to squeeze in one more non-optimal boost is better than none at all, or you might just be using the encounter to change your orbit to make up for a previous encounter sending you off in the wrong direction.
If you're not just looking for encounters at periapsis then there are many combinations and a continuum of variations on each. The fact that the guys at NASA are still doing much of the high-level planning by hand speaks to the difficulty of the problem.
Disclaimer - I'm not an astrophysicist, but I have on occasion had fun playing with Orbiter.
John Henry won the battle, but lost the war. How is being outcalculated by a computer news? Just because it's a hard problem?
It involves a certain amount of intuition. You'd always use a computer to optimize a trajectory, but picking the overall approach to be used requires some educated guessing. You can visit any other planets along the way, or their moons, and you can visit them at an optimal point along their orbit or somewhere that is non-optimal (from the standpoint of that particular encounter). You can launch today at one cost, or wait 20 years and maybe launch at a cheaper cost.
So, the current approach is generally to have physicists come up with a couple of basic plans, then use computers to optimize each one, and then see which works best, or perhaps iterate.
Looking at it another way, this is similar to any other problem where you're trying to find the lowest minima in a function that has many local ones. Finding the nearest minima is easy - finding the best is much harder.
Of course there is 99% of dead wood at MS. People who do nothing of value; who do not code, do not invent. Managers who mismanage;
I've seen this at my own company. Do you know why most people at big companies do nothing of value? Simple - they're punished for doing so. Work is seen as something to be outsourced and farmed out - you don't want to be caught doing anything that vaguely looks like writing code/etc. Instead what gets rewarded is changing processes/policies/etc. People get accolades for describing a current process as broken and coming up with some new process that looks way better on paper (usually one that is highly formalized). Then after they get their rewards nobody bothers to follow the new process because it is highly formal, and because nobody gets rewarded for just following a process that somebody else writes. Instead everybody else looks to do things their own way in the hope of coming up with something they can claim as an improvement until enough time passes that somebody else can rewrite the entire process and get credit for it.
Big companies tend to hire fairly smart people. These employees are smart enough to figure out what kinds of behavior will get them rewarded or punished. These behaviors may not be in the best interests of the company.
The issue isn't so much that the documents are executable, but rather that they provide some kind of interface to anything other than where the ink shows up on the paper.
I send postscript files to my printer and there is no security flaw. On the other hand, if postscript defined a command to send arbitrary network packets out the printer's NIC THAT would be a big problem. The fact that my printer can render a fractal and print it is cute, if perhaps overkill, but harmless.
All I know for sure (based on numerous owner accounts) is that the S3 and S4 across all networks got patches "from Samsung" very shortly after the vulnerability went public.
The question is whether those patches had anything to do with this vulnerability. I did find mention of S3 patches a few months ago, but no mention of this issue.
Obviously the solution is for phone OS vendors to do what every PC OS vendor does and have official release notes including CVE references, and then it is easy to know what vulnerabilities do and don't apply to any system. It is amazing how little care is given to security updates on mobile devices.
Nearly 90% of the artists who get a cheque for digital play receive less than $5,000 a year
Technically I think that's pretty good, isn't it? Write some songs, receive residual income whilst you do nothing else for the rest of the delivery platforms life. Win win.
I think there are two issues with this kind of logic.
The first is counter to your argument - the residual income is essentially a big part of the total compensation. When I get paid at work to do a job, I get paid the full value of the job. I don't really have an expectation of residual income. Now imagine that I'm a software developer and I get paid a share of productivity savings over time - I get paid $10k up-front for six months of work, but then I get 30% of any efficiencies the company that bought the software realizes as a result of using my software. Then the company uses accounting games to undermeasure the savings. In a situation like this the residual income was promised as the major component of the total compensation.
On the other hand, I think that a statement that 90% of artists make less than $5000/yr is very misleading because of the way the payments tend to be distributed. With digital distribution there really is no barrier to getting your item listed. That means that I can probably play a few bars on a kazoo and put it up for sale, and maybe sell a few copies to relatives if I'm lucky. When the same service sells that alongside of a top-10 hit I don't think you can really talk about averages in any kind of meaningful way.
I have a (by current standards ancient) Galaxy S3 from Verizon running all provided software and it was patched within a few days of the first news article (without an OS level update). How is it that Nexus devices aren't? This whole thing stinks of smoke and mirrors, and mostly from the fearmongers who "discovered" this issue.
Citation for the security release? I'm genuinely interested in this - I've yet to hear of any vendor updates for this issue that fix the root cause, but it isn't like they usually reference CVE's/etc so it isn't easy to tell when vulnerabilities are patched. The CVE for this issue is CVE-2013-4787.
I don't think I can buy that argument. Virtually every decent authentication technology that utilizes tokens/cookies of some kind invalidates them upon logout. The whole point of using such session tokens is so that master credentials like passwords don't get cached all over the place. In many systems the master credential isn't even able to be cached without greatly compromising its security (as with two-factor authentication).
Master credentials should never be cached, and it only logically follows that session credentials which are cached shouldn't be treated like master credentials or they provide no additional security at all.
As far as I can tell, your phone that gets updates on Day 1 doesn't have an update that fixes this particular issue. I have two Nexus devices, and as far as I can tell the only one not vulnerable to this issue is the one running Cyanogenmod.
Have to agree on the stretching bit. If you want to treat the fans to extra detail maybe stretch it out to two movies, but three is really pushing it.
In order to have three movies you need three sets of introductions, developments, climaxes, resolutions, etc. The original story just wasn't designed that way, so lots of stuff has to be wedged in.
You'll find local and network printer search and configuration, default paper and printer settings, print queues, pretty much everything you need, all in a nice pretty gui.
Yup, and there is a 10% chance that your printer will even be in the list, or work. My last printer was a nightmare to get working with CUPS, and at some point a foomatic upgrade broke it somewhat (disabled color or something).
My current printer is a postscript printer and I'll never go back - works out-of-the-box with the vendor-provided ppd with almost zero effort to set up. However, this is still not the norm for linux printing, unless your distro is doing a LOT of integration work.
especially if they're looking at a combat assignment like fighter pilot
While I tend to agree in general, the air force is probably about as far from the action as you can get in the military. If you don't leave the base it would be almost impossible to get shot at, and the bases are likely to be in relatively safe areas of any occupied territory. Even in a combat assignment like being a fighter pilot there aren't a lot of countries with the ability to shoot down a US plane unless they get VERY lucky.
I just figured no one with another opportunity would bother. Even going into the military there are better paying fields to deal with. That made me assume most just would not bother.
Well, not everybody is in it for the money. I'm sure quite a few are interested it for patriotic reasons, though I imagine that was more appealing back when being in the military was more about being ready for war and not constantly being in a state of war.
West Point isn't that large, and the top 5% of the entire country's graduating class is VERY large. It doesn't take that many applicants to fill it up.
Bring the warthog, the only useful plane in the US Air Force's inventory in the last 30 years.
The A10 is a great plane, and it would be wonderful if there were other aircraft to fill the niche. However, it does need support to operate. You're not going to be having a great time shooting up tanks if the sky is crawling with enemy air-superiority fighters who have free reign to drop missiles on you all day long. You can duck behind hills from SAM sites, but not when the SAM site is at 37,000 feet.
Pilots have always left the air force for private jobs. I think the issue is likely that fewer are signing up to replace them, because the news is out that pilots don't make much money.
If you pay commercial pilots more, then more pilots will join the air force for 5-10 years in order to become commercial pilots later.
Sure, we're likely to see many pilots retire at 65 and all that, but with all the industry consolidation the fact is that new pilots can't make money. There are tons of people with experience flying airliners who can't get jobs flying airliners.
a sapphire glass screen sounds interesting (though will it be as strong as gorilla glass - I doubt it)
Depends on your definition of "strong." If you're going to drop your phone and have it impact a hard surface, then the gorilla glass is probably superior. If you're going to stick the phone in your pocket next to your keys, the sapphire will be FAR superior, unless you have a diamond-studded keychain. Sapphire is very difficult to scratch due to its hardness.
Agreed.
Basically we have two extremes:
1. If judges have no ability to use discretion we are shielded from much judicial abuse, but we become a nation ruled by lawyers and those who can afford to hire them.
2. If judges have a lot of discretion, then we become a nation ruled by judges. The character of the judges will determine what that nation is like to live in, and judicial abuse will be a larger problem.
Oh, for something like a payment tag that makes a lot of sense. I don't like the idea of having to go to the NFC consortium or tag vendor to have to do a lookup.
I was referring more to tags that people put on things and program only to affect their own phone. If I want to associate a particular tag with turning on WiFi, why is it necessary to store "turn on wifi" in the tag, and what stops somebody else from storing "wipe phone" on the tag while I'm away from it?
The whole idea of having an update feature in a SIM seems foolish to me. Do they have the same thing in credit cards that have a chip?
Yeah, I don't get it either. I also don't get why people do the same thing with NFC tags. I was looking at getting some and was really surprised to see that the phone is used to store data on the tag, and then later this data is used to trigger some kind of phone action. It would make a lot more sense to just stick a dumb GUID on the NFC chip and then just do a DB lookup on the phone to see what to do when it is scanned.
Unnecessary complexity just leads to problems. The SIM card should just have a key burned into it with a simple program that uses it to negotiate session keys with the tower. Such a device could be designed to be extremely hard to penetrate - if you make the thing an updatable turing-complete machine it opens up all kinds of attacks from getting it to run arbitrary code to making it much harder to defeat differential power analysis.
Most gag order statutes have been voided for being unconstitutional.
Great, so all you have to do is go ahead and violate an order (publishing some single event that on its own is trivial), then watch the powers descend on you, take away all your stuff, and possibly lock you up as well. Then you can begin a 5-10 year court battle to get it all back, facing the risk of a long prison term the entire time. That battle will likely cause you to lose your job and waste away a good portion of your adult life.
But yes, in the end there is a decent (but far from certain) chance that you will win. If so, you won't even get an apology - they'll just let you return to life with little more than the clothes on your back so that you can start saving what little you can for your retirement.
Current laws are bad because they assume complete knowledge of the law (ignorance of the law is no excuse, and all that) but the law is unknowable (it changes faster than people can read, and is based on "case law" that is semi-closed and highly complex. When you commit 3 felonies a day, then why bother trying to follow the law?
Ironically, the law suffers from the exact opposite problem at the same time - it is possible to have complete knowledge of certain areas of the law and thereby design a set of actions that both complies with the letter of the law and completely subverts its intent. That's why you can have 14 congressional hearings after some big disaster and yet nobody goes to prison.
For ordinary people the law is a tangled web waiting to snare them. For the spiders crawling around the web, the law is a weapon used to snare the government itself.
Well it turns out that the US justice system is one such that people have to actually violate a law to be tried and convicted, not to just make someone on Slashdot mad.
And that is why corruption is rampant on wall street. I do not think that it is possible to prevent major economic problems in the modern world simply by creating a set of detailed rules and strictly enforcing them. To be more explicit, I think that if your legal system is such that is possible to know whether an act is legal in advance of committing the act then the legal system will not be adequate for preventing undesired outcomes like insiders having unfair advantage, massive concentration of wealth, and the subversion of democracy by bribes.
The reason is simple - it is much easier to work around a law than to create a law. If Congress creates any set of laws, then millions of people will have huge incentives to avoid following the intent of those laws, and they'll look for loopholes that meet the letter of the law and find them. I do not believe it is possible to write a law that contains no loopholes if the enforcement of that law is held rigidly to the letter of the law. The law is slow to change, and those subverting the law are flexible and industrious. I know of a man who was teaching an ethics class for lawyers and most of the questions he got from his class basically amounted to working out exactly how egregiously the students could behave without being punished for it.
I think the only way to prevent things like what happened in 2008 is to round up a bunch of top-level executives from the major banks, declare that they have been found to have followed the letter of the law perfectly, and then sentence them to 20 years in prison anyway. That clearly would not be possible under the US legal system, but it would send a message that extraordinary antisocial behavior will be punished regardless of its legality.
Some of the bedrock principles of jurisprudence is that the law should be consistent and well-defined. It is these very principles that make it ineffective. In order to make it impossible to work around the letter of the law it must not be possible to be certain in advance whether a particular behavior is actually legal.
If all you want to do is blow up a bunch of people, then just send a bomber into the security line and have them set it off when they're in the middle. Or target busses or something.
Meanwhile "The Randomizer" pulls aside a four year old while letting through some sweaty guy with the shakes and an oddly bulging coat.
How do you know that somebody didn't stick something in the four year old's bag? If you proclaim that we'll never search kids and old ladies, then they'll get used as an attack vector of some kind.
I think that having a truly random component to search selection criteria makes sense. That doesn't mean that you can't also have other ways of determining who gets searched. However, at least some part of it should be completely random so that ANYBODY could end up getting searched. That creates risk for those circumventing security without any real way to avoid it.
Yeah, but there's only so many bodies out there in the solar system. Probably under 200 planets/moons/rocks out there that can be used for this purpose. It probably wouldn't take much to throw a super-computer at the problem and just crunch through all the possibilities.
Naively I'd be inclined to agree, but there are a lot of combinations. Cassini encountered Venus twice, the Earth once, and Jupiter once on the way to Saturn. Jupiter is a pretty natural target to hit once at the end of the trip since it is so large and far out, and you really don't want to hit it more than once unless you want to have your grandkids crunching your data when the mission is over. However, for the inner planets there are a lot of possibilities. Again, you don't have to hit them at your periapsis even if that is where you get the biggest boost - being able to squeeze in one more non-optimal boost is better than none at all, or you might just be using the encounter to change your orbit to make up for a previous encounter sending you off in the wrong direction.
If you're not just looking for encounters at periapsis then there are many combinations and a continuum of variations on each. The fact that the guys at NASA are still doing much of the high-level planning by hand speaks to the difficulty of the problem.
Disclaimer - I'm not an astrophysicist, but I have on occasion had fun playing with Orbiter.
John Henry won the battle, but lost the war. How is being outcalculated by a computer news? Just because it's a hard problem?
It involves a certain amount of intuition. You'd always use a computer to optimize a trajectory, but picking the overall approach to be used requires some educated guessing. You can visit any other planets along the way, or their moons, and you can visit them at an optimal point along their orbit or somewhere that is non-optimal (from the standpoint of that particular encounter). You can launch today at one cost, or wait 20 years and maybe launch at a cheaper cost.
So, the current approach is generally to have physicists come up with a couple of basic plans, then use computers to optimize each one, and then see which works best, or perhaps iterate.
Looking at it another way, this is similar to any other problem where you're trying to find the lowest minima in a function that has many local ones. Finding the nearest minima is easy - finding the best is much harder.
Of course there is 99% of dead wood at MS. People who do nothing of value; who do not code, do not invent. Managers who mismanage;
I've seen this at my own company. Do you know why most people at big companies do nothing of value? Simple - they're punished for doing so. Work is seen as something to be outsourced and farmed out - you don't want to be caught doing anything that vaguely looks like writing code/etc. Instead what gets rewarded is changing processes/policies/etc. People get accolades for describing a current process as broken and coming up with some new process that looks way better on paper (usually one that is highly formalized). Then after they get their rewards nobody bothers to follow the new process because it is highly formal, and because nobody gets rewarded for just following a process that somebody else writes. Instead everybody else looks to do things their own way in the hope of coming up with something they can claim as an improvement until enough time passes that somebody else can rewrite the entire process and get credit for it.
Big companies tend to hire fairly smart people. These employees are smart enough to figure out what kinds of behavior will get them rewarded or punished. These behaviors may not be in the best interests of the company.
RTFA, they believe the size makes it look like juicy food.
Kind of hard to RTFA when it is behind a paywall...
The issue isn't so much that the documents are executable, but rather that they provide some kind of interface to anything other than where the ink shows up on the paper.
I send postscript files to my printer and there is no security flaw. On the other hand, if postscript defined a command to send arbitrary network packets out the printer's NIC THAT would be a big problem. The fact that my printer can render a fractal and print it is cute, if perhaps overkill, but harmless.
All I know for sure (based on numerous owner accounts) is that the S3 and S4 across all networks got patches "from Samsung" very shortly after the vulnerability went public.
The question is whether those patches had anything to do with this vulnerability. I did find mention of S3 patches a few months ago, but no mention of this issue.
Obviously the solution is for phone OS vendors to do what every PC OS vendor does and have official release notes including CVE references, and then it is easy to know what vulnerabilities do and don't apply to any system. It is amazing how little care is given to security updates on mobile devices.
Technically I think that's pretty good, isn't it? Write some songs, receive residual income whilst you do nothing else for the rest of the delivery platforms life. Win win.
I think there are two issues with this kind of logic.
The first is counter to your argument - the residual income is essentially a big part of the total compensation. When I get paid at work to do a job, I get paid the full value of the job. I don't really have an expectation of residual income. Now imagine that I'm a software developer and I get paid a share of productivity savings over time - I get paid $10k up-front for six months of work, but then I get 30% of any efficiencies the company that bought the software realizes as a result of using my software. Then the company uses accounting games to undermeasure the savings. In a situation like this the residual income was promised as the major component of the total compensation.
On the other hand, I think that a statement that 90% of artists make less than $5000/yr is very misleading because of the way the payments tend to be distributed. With digital distribution there really is no barrier to getting your item listed. That means that I can probably play a few bars on a kazoo and put it up for sale, and maybe sell a few copies to relatives if I'm lucky. When the same service sells that alongside of a top-10 hit I don't think you can really talk about averages in any kind of meaningful way.
I have a (by current standards ancient) Galaxy S3 from Verizon running all provided software and it was patched within a few days of the first news article (without an OS level update). How is it that Nexus devices aren't? This whole thing stinks of smoke and mirrors, and mostly from the fearmongers who "discovered" this issue.
Citation for the security release? I'm genuinely interested in this - I've yet to hear of any vendor updates for this issue that fix the root cause, but it isn't like they usually reference CVE's/etc so it isn't easy to tell when vulnerabilities are patched. The CVE for this issue is CVE-2013-4787.
I don't think I can buy that argument. Virtually every decent authentication technology that utilizes tokens/cookies of some kind invalidates them upon logout. The whole point of using such session tokens is so that master credentials like passwords don't get cached all over the place. In many systems the master credential isn't even able to be cached without greatly compromising its security (as with two-factor authentication).
Master credentials should never be cached, and it only logically follows that session credentials which are cached shouldn't be treated like master credentials or they provide no additional security at all.
My Google sold phone gets updates on Day 1.
As far as I can tell, your phone that gets updates on Day 1 doesn't have an update that fixes this particular issue. I have two Nexus devices, and as far as I can tell the only one not vulnerable to this issue is the one running Cyanogenmod.