The one law that would make a big difference there would be requiring vendors to unlock bootloaders and provide documentation for all hardware interfaces when they stop providing security updates. When an iDevice stops getting iOS security updates, it quickly becomes unsafe to use on a network and basically a brick. If you could install a third-party OS on it then that would make a big difference to waste (and, given the relatively small number of device types, it would be comparatively easy to support). Of course, this would mean that after a few years you'd probably see more iPhones running Android than iOS...
It also shouldn't work with a sensibly configured corporate network. Our default config for Windows and *NIX machines other than laptops is to have the home directory stored on a NetApp filer, which keeps snapshots of every home directory, with decaying frequency over time. For several of the FreeBSD machines that have local home directories, we do the same thing locally with ZFS (the NetApp runs FreeBSD but with a proprietary filesystem). A ransomware system on these systems would need root privilege because the users can't modify the snapshots.
Windows is fundamentally insecure, due to the lack of granular permissions
You mean the ACLs that govern access to every kernel object exposed by the NT kernel?
For Windows to be a secure OS, you need to be able to install an untrustworthy app and not have it be able to ruin your system
This is entirely possible with the NT kernel infrastructure, except in the presence of kernel bugs (and no system is secure in the presence of bugs in the TCB). It's also possible on FreeBSD with Capsicum or the TrustedBSD MAC framework (also used on iOS and macOS for sandboxing), on Linux with SELinux or seccomp, or OpenBSD with pledge.
The other thing that Microsoft could address more easily is installers that need admin permissions. Every installer is a black box, and most get carte-blanche to do whatever they want.
Microsoft has had MSI installers that are not black boxes for well over a decade and are widely used in large-scale software deployments.
CVE-2016-7117. CVE-2016-10229. CVE-2016-3931. That's three remote code execution vulnerabilities from last year in the Linux kernel alone (and just the top three from a 20-second search - there were others). Most of those were in multiple kernel versions spanning several years. Other software that's found in a typical distribution (*cough*openssl*cough) adds to that.
Plus, older Linux installs are often maintained for security patches far longer than Windows
Windows XP was released in 2001 and went EOL in 2014 (2015 if you're the British government). Please can you point me to the Linux distro that's getting security backports for the entire system for 13 years?
More plant live means that you'll see a carbon dioxide sink for a while, but unless the plants are being buried in the ice then they'll eventually decay and release the carbon back into the atmosphere (some as methane as a byproduct of decay, potentially causing a greater greenhouse effect until it reaches a new equilibrium). More immediately, you'll see a drop in the amount of sunlight reflected straight back from the ice into space and so see additional warming.
It can be undone by requiring Facebook to spin out WhatsApp as a separate company and not share data with them, and to divest themselves of 50% of the shares in the new company within 5 years. That would be very expensive for Facebook, but not entirely without precedent for merger regulations.
Why on earth is Android 6GB?!? That's bigger than a clean install of macOS, including all of the standard apps. It sounds like the solution is to stop bundling so much crap and focus on a sensible base system that people can then install useful software on top of.
To put 512MB of RAM in perspective, that was how much I upgraded my machine to after installing Windows 2000 (upgrading from Windows NT 4, where 32MB was a bit cramped, 64MB was nicer and 256MB was very comfortable). Both of the before and after systems:
Were fully preemptive multitasking 32-bit systems.
Had memory protection.
Had a TCP/IP stack and connected to the Internet, with web, email, and IM (and usenet!) apps all running happily.
Ran a GUI on a monitor with a resolution of 1600x1200.
Could happily run MS Office and StarOffice.
Ran half a dozen applications at the same time.
Ran 3D games.
Rarely needed to swap.
I used to run GEM and Windows 3 (not at the same time) on a machine with 640KB of RAM, but that was definitely cramped. The main reason that 512MB is no longer enough is that the web has become a bloated monstrosity. Web pages are now on average larger than the original Doom, yet have a user experience no better than 10KB of text with light formatting.
It's convenient to blame the carriers, but I've owned three android devices (two phones, one tablet), all of which I've bought directly from the manufacturer. All three were different manufacturers (Motorola, HTC, and Asus) and not a single one of them received security updates either in a timely fashion or for anything approaching the lifetime of the device.
The problem is that there are no incentives. If you buy an iPhone, the same company responsible for pushing the updates takes a cut of all app store revenue. If a phone stops being able to run the latests apps, then their revenue from that user drops. If you buy an Android phone, the company that has to pay the cost of providing the updates just makes it easier for Google to make money from that customer. Worse, if your Android device stops getting updates then you'll probably buy a new Android device, so they have an incentive not to provide updates.
MBP doesn't even have a proper delete button or pgup, pgdn.
Why do you need them? Delete on a MBP is fn-backspace. It's the key in the bottom-left corner of the keyboard plus the key in the top-right corner. Unless you're chording (e.g. ctrl-alt-del), it's far easier to hit than a single delete key in any other location. Similarly, page up and page down are fn-up and fn-down. If your right hand is already on the arrow keys, tapping the button in the bottom-left corner of the keyboard (easy to do with the corner of your left hand, without even moving your fingers over there) is about the easiest way of switching to page up and page down. Having them in the gaps above the left and right arrow keys are almost as convenient, but the common location in other laptop keyboards in the top right is far harder to reach.
The trackpad doesn't physically press down, it detects a firm touch, and activates a force-feedback little widget, giving a very convincing impression of having been pressed dow
I'm not sure about the latest ones, but in my late 2013 MBP and the one I had before it, the trackpad definitely does press down. I just checked by pressing it down and measuring the distance to the side with my fingernail and releasing it on this one, and I know it does on the older one because when the battery died and expanded it applied pressure to the top of the case and prevented the trackpad from moving downwards, so it no longer works as a button.
There's no such thing as an OS that just works for everyone, but this seems like the correct solution. The touchbar provides things that are more useful than the function keys for non-geeks and can be configured to do the right thing for geeks.
The RAM is one component that has to be powered in all power states above suspend-to-disk. The difference between 16GB of LPDDR3 and 32GB of DDR4 is about 8W (32GB of DDR4 consumes around 12W, 16GB of LPDDR3 is 2-4W). The maximum battery size that the FAA permits on a plane is 100Wh. That means that the RAM alone would drain your battery in around 8 hours. The current MBPs get 8 hours of battery life with the RAM, screen, CPU and GPU turned on in light to moderate use. With 32GB of DDR4, they'd get 8 hours of battery life in suspend mode and around 3-4 hours in light use (the RAM would be around half of the total power consumption of the machine). Would you buy a MBP with that kind of battery life? Actually, I'm being optimistic, because with that kind of thermal load the fans would come on in light use and add to the power drain, so you'd have a MBP with 32GB of RAM that was loud, hot, and lasted around 3-3.5 hours in light use. I doubt you'd find enough buyers to cover the costs of manufacturing.
On my three-year-old MBP, I get around two to two and a half hours of battery life when I'm doing something that keeps all four cores warm and about 7-8 in non-intensive use (web browsing without flash, a dozen or so terminals, intermittent incremental compiles). 50 minutes is a joke for a laptop - you may as well have a desktop with a UPS.
When you buy any laptop there's going to be an update before too long - even if Apple were not doing "new" models there's usually some kind of mid-year refresh you're going to not be getting.
I'm typing this from a late 2013 15" MacBook Pro. The current lineup have better GPUs and slightly better CPUs, but the two things that I really want from an update are 2TB of SSD and 32GB of RAM. The former is available with the current updates, the latter is only possible with Kaby Lake. I suspect that there are a lot of people in a similar situation, who want to wait for a Kaby Lake update before they upgrade. We normally have a 3-year update cycle, so this machine is already a bit over 6 months past its normal replacement time, but there's no compelling upgrade. The warranty runs out after three years too...
No it wasn't. The chips support 16GB of DDR3 or LPDDR3 or 32GB of DDR4. It's on the spec sheets. They could have used DDR4, but that would have meant the RAM would be consuming about 10W even in standby mode, which is not acceptable in a laptop.
I don't mind if my students (Cambridge) call me by my first name. Formality can be polite, but it can also be a barrier to free exchange of ideas and that has no place in a university. I'd be very surprised if MPhil or PhD students didn't call me by my first name.
That said, if you write me an email and can't be bothered to write in grammatically correct sentences then you've obviously decided that your time writing the email is more valuable than mine reading it and I'll respond accordingly, if at all.
What's in it for them? We didn't get away from DRM on music because the big four woke up one day and realised that DRM was anti-consumer. We got away from DRM on music because the big four woke up one day and realised that their insistence on DRM had given Apple a huge amount of control over their distribution channel and the only way to regain this control was to allow other distributors (and, eventually, Apple) to sell music without DRM. Netflix wants to have the same control over movie and TV show distribution that Apple had over music distribution at the height of iPod and iTunes Music Store popularity and the studios seem not to have realised that DRM helps Netflix, not them and so are making it a requirement for distribution. It doesn't do anything to prevent piracy, but it sure adds to be barrier to entry for anyone wanting to start up a Netflix competitor (want to support all of the mutually incompatible set-top boxes that all have Netflix clients? You'll need to develop a load of client apps. Of course, almost all of them can already play back DRM-free H.264...).
Only if altruism doesn't exist. People are willing to die to protect their families, their tribe, and in many cases their ideology, even if they accept that dead means dead.
Slashdot Mirror
The one law that would make a big difference there would be requiring vendors to unlock bootloaders and provide documentation for all hardware interfaces when they stop providing security updates. When an iDevice stops getting iOS security updates, it quickly becomes unsafe to use on a network and basically a brick. If you could install a third-party OS on it then that would make a big difference to waste (and, given the relatively small number of device types, it would be comparatively easy to support). Of course, this would mean that after a few years you'd probably see more iPhones running Android than iOS...
It also shouldn't work with a sensibly configured corporate network. Our default config for Windows and *NIX machines other than laptops is to have the home directory stored on a NetApp filer, which keeps snapshots of every home directory, with decaying frequency over time. For several of the FreeBSD machines that have local home directories, we do the same thing locally with ZFS (the NetApp runs FreeBSD but with a proprietary filesystem). A ransomware system on these systems would need root privilege because the users can't modify the snapshots.
If Android Pay becomes popular, expect to see a lot more interesting Android malware...
Windows is fundamentally insecure, due to the lack of granular permissions
You mean the ACLs that govern access to every kernel object exposed by the NT kernel?
For Windows to be a secure OS, you need to be able to install an untrustworthy app and not have it be able to ruin your system
This is entirely possible with the NT kernel infrastructure, except in the presence of kernel bugs (and no system is secure in the presence of bugs in the TCB). It's also possible on FreeBSD with Capsicum or the TrustedBSD MAC framework (also used on iOS and macOS for sandboxing), on Linux with SELinux or seccomp, or OpenBSD with pledge.
The other thing that Microsoft could address more easily is installers that need admin permissions. Every installer is a black box, and most get carte-blanche to do whatever they want.
Microsoft has had MSI installers that are not black boxes for well over a decade and are widely used in large-scale software deployments.
Plus, older Linux installs are often maintained for security patches far longer than Windows
Windows XP was released in 2001 and went EOL in 2014 (2015 if you're the British government). Please can you point me to the Linux distro that's getting security backports for the entire system for 13 years?
More plant live means that you'll see a carbon dioxide sink for a while, but unless the plants are being buried in the ice then they'll eventually decay and release the carbon back into the atmosphere (some as methane as a byproduct of decay, potentially causing a greater greenhouse effect until it reaches a new equilibrium). More immediately, you'll see a drop in the amount of sunlight reflected straight back from the ice into space and so see additional warming.
It can be undone by requiring Facebook to spin out WhatsApp as a separate company and not share data with them, and to divest themselves of 50% of the shares in the new company within 5 years. That would be very expensive for Facebook, but not entirely without precedent for merger regulations.
I guess that means that we're going to have to just talk about something else...
Why on earth is Android 6GB?!? That's bigger than a clean install of macOS, including all of the standard apps. It sounds like the solution is to stop bundling so much crap and focus on a sensible base system that people can then install useful software on top of.
I used to run GEM and Windows 3 (not at the same time) on a machine with 640KB of RAM, but that was definitely cramped. The main reason that 512MB is no longer enough is that the web has become a bloated monstrosity. Web pages are now on average larger than the original Doom, yet have a user experience no better than 10KB of text with light formatting.
It's convenient to blame the carriers, but I've owned three android devices (two phones, one tablet), all of which I've bought directly from the manufacturer. All three were different manufacturers (Motorola, HTC, and Asus) and not a single one of them received security updates either in a timely fashion or for anything approaching the lifetime of the device.
The problem is that there are no incentives. If you buy an iPhone, the same company responsible for pushing the updates takes a cut of all app store revenue. If a phone stops being able to run the latests apps, then their revenue from that user drops. If you buy an Android phone, the company that has to pay the cost of providing the updates just makes it easier for Google to make money from that customer. Worse, if your Android device stops getting updates then you'll probably buy a new Android device, so they have an incentive not to provide updates.
MBP doesn't even have a proper delete button or pgup, pgdn.
Why do you need them? Delete on a MBP is fn-backspace. It's the key in the bottom-left corner of the keyboard plus the key in the top-right corner. Unless you're chording (e.g. ctrl-alt-del), it's far easier to hit than a single delete key in any other location. Similarly, page up and page down are fn-up and fn-down. If your right hand is already on the arrow keys, tapping the button in the bottom-left corner of the keyboard (easy to do with the corner of your left hand, without even moving your fingers over there) is about the easiest way of switching to page up and page down. Having them in the gaps above the left and right arrow keys are almost as convenient, but the common location in other laptop keyboards in the top right is far harder to reach.
The trackpad doesn't physically press down, it detects a firm touch, and activates a force-feedback little widget, giving a very convincing impression of having been pressed dow
I'm not sure about the latest ones, but in my late 2013 MBP and the one I had before it, the trackpad definitely does press down. I just checked by pressing it down and measuring the distance to the side with my fingernail and releasing it on this one, and I know it does on the older one because when the battery died and expanded it applied pressure to the top of the case and prevented the trackpad from moving downwards, so it no longer works as a button.
There's no such thing as an OS that just works for everyone, but this seems like the correct solution. The touchbar provides things that are more useful than the function keys for non-geeks and can be configured to do the right thing for geeks.
The RAM is one component that has to be powered in all power states above suspend-to-disk. The difference between 16GB of LPDDR3 and 32GB of DDR4 is about 8W (32GB of DDR4 consumes around 12W, 16GB of LPDDR3 is 2-4W). The maximum battery size that the FAA permits on a plane is 100Wh. That means that the RAM alone would drain your battery in around 8 hours. The current MBPs get 8 hours of battery life with the RAM, screen, CPU and GPU turned on in light to moderate use. With 32GB of DDR4, they'd get 8 hours of battery life in suspend mode and around 3-4 hours in light use (the RAM would be around half of the total power consumption of the machine). Would you buy a MBP with that kind of battery life? Actually, I'm being optimistic, because with that kind of thermal load the fans would come on in light use and add to the power drain, so you'd have a MBP with 32GB of RAM that was loud, hot, and lasted around 3-3.5 hours in light use. I doubt you'd find enough buyers to cover the costs of manufacturing.
On my three-year-old MBP, I get around two to two and a half hours of battery life when I'm doing something that keeps all four cores warm and about 7-8 in non-intensive use (web browsing without flash, a dozen or so terminals, intermittent incremental compiles). 50 minutes is a joke for a laptop - you may as well have a desktop with a UPS.
When you buy any laptop there's going to be an update before too long - even if Apple were not doing "new" models there's usually some kind of mid-year refresh you're going to not be getting.
I'm typing this from a late 2013 15" MacBook Pro. The current lineup have better GPUs and slightly better CPUs, but the two things that I really want from an update are 2TB of SSD and 32GB of RAM. The former is available with the current updates, the latter is only possible with Kaby Lake. I suspect that there are a lot of people in a similar situation, who want to wait for a Kaby Lake update before they upgrade. We normally have a 3-year update cycle, so this machine is already a bit over 6 months past its normal replacement time, but there's no compelling upgrade. The warranty runs out after three years too...
No it wasn't. The chips support 16GB of DDR3 or LPDDR3 or 32GB of DDR4. It's on the spec sheets. They could have used DDR4, but that would have meant the RAM would be consuming about 10W even in standby mode, which is not acceptable in a laptop.
No, it's Intel's fault. 16GB is the maximum amount of LPDDR supported by their current mobile chips. The ones that support 32GB are due Real Soon Now.
Maybe he meant the ass's bill, and is referring to a donkey-duck chimera?
While I agree with the basic tenants of the Non Aggression Principle
People who live in the non-aggression principle? Or do you mean tenets?
I don't mind if my students (Cambridge) call me by my first name. Formality can be polite, but it can also be a barrier to free exchange of ideas and that has no place in a university. I'd be very surprised if MPhil or PhD students didn't call me by my first name.
That said, if you write me an email and can't be bothered to write in grammatically correct sentences then you've obviously decided that your time writing the email is more valuable than mine reading it and I'll respond accordingly, if at all.
Who watches TV shows on their *phone*?
A lot of phones and tablets have HDMI ports (or, at least, dongles that provide an HDMI port), so you can plug them into a projector or big TV easily.
What's in it for them? We didn't get away from DRM on music because the big four woke up one day and realised that DRM was anti-consumer. We got away from DRM on music because the big four woke up one day and realised that their insistence on DRM had given Apple a huge amount of control over their distribution channel and the only way to regain this control was to allow other distributors (and, eventually, Apple) to sell music without DRM. Netflix wants to have the same control over movie and TV show distribution that Apple had over music distribution at the height of iPod and iTunes Music Store popularity and the studios seem not to have realised that DRM helps Netflix, not them and so are making it a requirement for distribution. It doesn't do anything to prevent piracy, but it sure adds to be barrier to entry for anyone wanting to start up a Netflix competitor (want to support all of the mutually incompatible set-top boxes that all have Netflix clients? You'll need to develop a load of client apps. Of course, almost all of them can already play back DRM-free H.264...).
Only if altruism doesn't exist. People are willing to die to protect their families, their tribe, and in many cases their ideology, even if they accept that dead means dead.