So, Apple's claim is that Spotify wants preferential treatment as compared to the rules Apple applies to *all* developers and your "rebuttal" is that Amazon Video has different rules?
Not exactly a non sequitur, but your assertion in no way invalidates Apple's claim that they are applying the same rules to all developers.
What I don't get about them "having to be perfect" is that they usually aren't when switching between versions of MS Office. Not just between the mac and windows versions (which between fonts and various incompatibilities is pretty much guaranteed to give different results), but different versions on Windows as well. Heck, I've seen Word fail to load a document the way it saved it.
And yet that hasn't seemed to harm MS Office adoption.
While some may find it annoying that there are not two keys dedicated to the function, despite persistent claims to the contrary you can both backspace and delete on a mac. It is achieved by using a modifier key (the apple key, in this case). Really, a worse complaint is the lack of arrow keys. In both cases it comes down to how many keys you can fit onto a keyboard of a certain size while keeping the keys large enough to be useful.
In other news, apple doesn't put a top row of special keys on the keyboard (like Dell does) and instead uses the function keys. To actually get a function key you have to use the Function modifier key. I find this annoying and it makes it easy to change display brightness when trying to contort for some god-awful keyboard shortcut (there's one I use frequently that is a horrible mashup of *four* modifier keys plus the key being modified -- and there is no menu equivalent, it is the keyboard or nothing).
Backspace and delete? Only weenies who don't use apple computers would complain about that.
"A whitelist is useless. It will either--as you said--just lock down the computer a la Windows RT, or it won't prevent the admin from whitelisting whatever he wants to execute or install, thus retaining the exact same threat risk as before."
I wouldn't say that a white list is useless, but I'm not sure you really get the idea of white listing.
A white list isn't to prevent execution of unknown code, it is to prevent the execution of unapproved code. And conflating the two results in mistakes of intent, purpose and deployment. For example, "decisions were made(tm)" and only applications from are allowed to be executed is a white list approach to avoiding execution of unapproved code. This may or may not result in preventing the execution of unknown code, but it *does* (unless there's a bug in the implementation) prevent execution of unapproved code.
The reality of white listing is that you can't just white list certain executables, it doesn't scale. (Think the *many* executables inherent on a modern operating system, then consider the consequent and required updates.) One of the workable solutions is to white list based on publisher and require signed executables. This seems good at first blush, but it only works to stop yesterday's attackers (maybe).
There are three fundamental problems: 1) the belief that you can trust the signed executables, 2) the belief that the normal and proper functioning of the executables is good, 3) the belief that the only "code" that will be executed is in those signed executables.
Trust: basically, if I can cause a vulnerable but white listed application to execute in a certain way (say, to parse my jpg file) then I can execute arbitrary code.
Good/Evil: the problem is that code and applications are not so easily categorized as good versus evil. A bad guy can get by quite happily with *only* Microsoft signed executables that are installed automatically with Windows. For example, need to sniff network traffic and send the packet captures out? Microsoft has you covered.
Interpreters: as an extended carry over from the good/evil problem you get the shell and, especially, power shell. I qualify these differently because case #2 is about leveraging installed functionality. Bad guys don't need to install much of anything, they just repurpose the tools Microsoft has put in place. Here, you can execute arbitrary code of your choosing.
A fairly typical scenario nowadays involves executing entirely in memory (e.g., using a browser to execute your javascript ddos code) or minimally touching the disk without using the file system (store powershell in the registry). White listing, in a practical deployment, does nothing against these threats. But it is *still* useful as a component. Even AV can actually be useful -- may favorite was the low-tech approach of using McAfee as a canary. It didn't protect the system at all, but when it stopped running you *knew* it was compromised and time for a rebuild. (Not that I'm advocating the exact approach, but I've known it to be used and it serves to illustrate how value can be derived.)
So while white listing can be an important part of a security plan, only the naive or foolish will consider it to be a hurdle to a targeted attack (and increasingly these techniques are being kitted so that everyone can take advantage).
I don't think it is quite accurate to describe what the Thuggee did as "ritual murders". What they actually did was much simpler: they would infiltrate a group of travelers, kill them, and take the loot. That makes them murder/robbers and any ritual they displayed is really neither here nor there.
"Let's say I agree with your reasons. AirBnB operates in 34,000 cities. Is it seriously reasonable to expect they will have someone in each city walk to city hall to manually check paperwork for every city? Since the onus is on AirBnB with this law, they'd have to. Considering they have 1,600 employees right now, they'd have to hire almost 33,000 more to comply with such legislation. Blatantly unfair."
So because one company operates in different markets it is unfair for one market to regulate itself? That sounds like you are denying sovereignty to the governing body. What gives you the right to say the government, which is elected by the people, cannot regulate commerce within its domain? This principle goes back thousands upon thousands of years. The oldest writings fall into three categories: religious (stories/plays), government regulation (laws regulating personal conduct, commerce, etc.) and economic (recording transactions, tracking stocks, contracts).
But I suppose in this brave new world we should just shuck this accumulation of knowledge on how to make society work and dispense with government. Because regulation bad.
Why? I'd hazard for the same reasons that some vocal people keep defending Uber and attacking legal taxi services. Because someone said "disruptive technology"? Maybe because they're libertarian and like to see corporations giving the government the finger? I'm not really sure, but it has all of the same flavor.
So you don't see any difference between "they managed to move up" versus "other companies moved down"? Comcast did *nothing* to improve customer relations, thus their change in the relative rankings was not due to any positive effort on their part. This then implies that other companies have done negative things to adversely their own relative rankings.
"My experience is that speed readers always claim that they retain more than people who read at normal rates do, but I'm not so sure."
Well... I can only speak from experience and that is that, past a certain point, retention goes to the shitter. I used to re-read books and when I encountered "new stuff" on a re-read (not just a little dialogue I'd forgotten, but obvious and plot significant things) I realized something was wrong. The other part was reading ~2ppm is just too damned fast. If you can read a novel in an hour or two then you don't get much overall enjoyment out of it -- you're off hungry for the next thing. So I deliberately slowed my reading down. More to extend enjoyment than improve retention (when reading non-entertainment it is a completely different approach for me).
There are "speed reading" classes that are supposed to improve throughput while increasing retention. I've never felt the need to take one, but have always suspected that they were just training on skimming. The only time I speed read any more is for skimming. That I can do *very* quickly and while there is no retention (let alone comprehension), I can pattern match. That is, focus on finding one of a few keywords. Hit on that, stop there and actually read. Maybe not slow & retain reading, but at least comprehend speed. If it is what I was after, read that, otherwise go back to skimming. Is it perfect? No, I can miss key words if I hit "stupid fast". And there's no real point on digital media (use the search function). But for technical reading it can be quite helpful, particularly when the authors couldn't be bothered to include an index and there isn't an overall structure that can be leveraged.
Absolute agreement on this. When I was younger I read fast. Not a novel in 30 minutes fast, but close enough. I also noticed that I wasn't enjoying the material as much. And, it really sucked to finish a whole series in a day -- then I had to find something new to read. Far better to read at a normal pace and *really* enjoy the same material over the course of a week.
The other part of reading so quickly is retention. When you are blazing through material, comprehension and retention both suffer. Reading fast or skimming by themselves don't necessarily cause that, but taken to extremes they do.
Victim of their own success? Or a predictable outcome of the security model?
The android security model is what I call "blame the user". Although things have shifted slightly, the original intent was pretty simple: an application could only do things that it was pre-approved to do. This was handled by having declarations and the user would have to agree to those declarations. There are several problems with this model.
1. Users are not generally equipped to properly discriminate and thus are not able to make an actual informed decision.
2. Permissions are not granular. You even mention one of the most glaringly ungranular permissions, "access the Internet".
3. Permissions are an all-or-nothing proposition. They only have any meaning when there is no adversary. That is, they provide no security whatsoever, merely at best providing limited information as to whether or not you might want to install an app. Kind of like a ratings system.
4. Applications can (and do) declare permissions that they don't need. This can be attributed to laziness (why bother worrying about what the app needs, just select them all) but in the end allows an app to do things that it never needed to do which can be leveraged maliciously.
I call this "blame the user" because when someone's device ends up with malware on it the response was (especially initially) "but you knowingly installed it, accepting that it would 'access the Internet'".
With a few exceptions (such as a web browser), the user doesn't really intend to give an app unlimited access to the Internet. Instead, they are thinking that a game app will send and receive leader board information, or that an advertising supported app will connect to an advertising network, or that drawing app will check for updates, or whatever. They are *not* expecting that the will use this global "access the Internet" permission for command-and-control traffic for the botnet it just joined.
The entire model is flawed. Anyone who has dealt with "normal" users on any long term basis is well acquainted with how unsolvable #1 is. And, while making permissions more granular and separable would address #2 and #3, it does so at the expense of #1. Addressing #4 is more difficult, but should be achievable by making them inherent to function usage.
But, in the end, the user is no more equipped to make security decisions based on a declaration of access requirements on a mobile device than they are to make security decisions based on a Windows security alert. If it goes any deeper than confirming an action (because of the possibility of non-interactive triggers) then it is not a good use-case for a user decision.
For example, prompting before allowing first-time execution of something that was downloaded by a browser -- if the user just downloaded and attempted to run the installer they can confirm this -- but if a malicious site managed to trick the browser into downloading and executing then a user has a chance of realizing they should say "no" when prompted by the operating system.
In short, the android model of permissions/capabilities does not provide security. At best, it provides a framework for an educated to user to possibly make an informed decision about installing an application. This isn't a *bad* thing as there is nothing wrong with enabling better management of a device -- unless it is mistaken for security.
Security is difficult. There is no silver bullet. It cannot be automated. While some sort of automatic scanning can be *part* of an overall security approach, it will always fail if it is all there is to the approach. Google (or Apple) scanning apps in their stores can gain *something* but does not provide a good endgame. Increasingly, the only time malicious applications are first detected is by actual analysis. That this is a high cost to perform that users are not willing to play doesn't help matters any. It remains to be seen how well relying on voluntary third-party audits of applications will work. I just don't see it scaling very well.
I'm sorry, I didn't realize that Great Britain was a country, much less a democracy in 1016 or so. I know you said, "nearly" so were you going for when the Normans conquered? And pretending that there was something remotely democratic about the government?
I also don't get the part about being in the EU for 43 years. The EU didn't even exist 43 years ago (formed in the early 90s). Is this like how job postings for Java developers would want "10 years Java experience" when the language wasn't even five years old? Or is it like how the United States of America was founded around the year 1000 when Eric the Red found Skraelings in Newfoundland?
Maybe there's a big "whoosh" coming, but I just can't see it. Must be *far* over my head...
so... the powerless house of lords rejected a a bad bill that had been passed by parliament -- and were not overruled by parliament? So how exactly were they powerless? If they were actually powerless then removing them would have no effect, but you give an example where removing them would have resulted in a different outcome.
Now, I'm an American and not all that familiar with the workings of the British government so I'm just going from your statements here. But as it stands it just doesn't add up to support your claim.
...and so many people I know would respond, "thanks for proving my point." Meaning, they interpret what you said as making them not a bigot for saying exactly that.
"I think this is actually what we want in our society, to create tolerance and acceptance."
I think you misunderstand the xenophobic half of society. I'm American (so not UK), but at least here they are specifically, explicitly, and in all other ways against "tolerance and acceptance". Its so bad that "tolerance" is a pejorative. At best, someone who is "tolerant" supports crime, terrorism and giving up rights to the federal government.
"I would never vote for Trump, even though I loathe Hillary."
I know, rose-tinted glasses and all that, but this election year seems to be the worst in decades for "voting for the lesser evil". Your statement seems a succinct expression of now many Americans feel.
I get it, you don't like the EU, but when you can't even agree with yourself as to whether or not it is an economic union (you do realize that in English reversing "economy union" to "unified economy" does not change the essential meaning?) the rest of what you saying comes across as "blah blah blah"
violating slashdot's rule, I went and read the article. The winning explanation is.... selective quoting.
"Owners would have a choice between selling their vehicles back to VW at the value before the scandal broke on Sept. 18, 2015, or keeping the cars and letting the company repair them. Either way, they would also get $1,000 to $7,000 depending on their cars' age, with an average payment of $5,000, one of the people said."
So about 25% of the amount would go to the third option, "compensation", while unspecified amounts would go to either buying back the cars or paying to have them repaired. If 10.2 billion is only represented by payouts to consumers and does not include fines, then an estimated 7.8 billion would be spent on buying cars back or repairing them. And, yes, buying back the car or repairing it are also forms of compensation. Most forms of compensation are not direct financial gifts, even though they will have cost.
That's because you weren't paying attention. Sure, 10.2*10^9/482*10^3 = ~21*10^3, but that isn't what even your clips say.
"most of the money" means *less* than 10.2 billion. How much less you can get by reversing the average. That is, 5*10^3*482*10^3... which comes out to about 2.4*10^9, or ~25% of the total.
How can "most of the money" be represented by this amount? First, your choice of quotes implies that the only form of owner compensation is $1,000 to $7,000. I haven't read the article so I have no idea if that is correct or not, but at least according to the summary the money may be spent in three different ways: fixing, buying back, compensating. So, a very dangerous assumption to be sure, but assuming that the summary is at least somewhat on target, which of those three does the "$1,000 to $7,000" refer to?
Further, there is always the "greatest portion". If 25% goes to compensating owners, 20% goes to one set of fines, 20% goes to lawyer fees, 20% goes to advertising, and 15% goes to funding the rest of it -- the biggest portion is "owner compensation".
Slashdot Mirror
Since you brought it up, what is this preferential treatment that Facebook is getting from Apple? Are they selling subscriptions via in-app purchases?
anonymous trolls...
So, Apple's claim is that Spotify wants preferential treatment as compared to the rules Apple applies to *all* developers and your "rebuttal" is that Amazon Video has different rules?
Not exactly a non sequitur, but your assertion in no way invalidates Apple's claim that they are applying the same rules to all developers.
You know, it never really bothered me enough to look into. Thanks!
What I don't get about them "having to be perfect" is that they usually aren't when switching between versions of MS Office. Not just between the mac and windows versions (which between fonts and various incompatibilities is pretty much guaranteed to give different results), but different versions on Windows as well. Heck, I've seen Word fail to load a document the way it saved it.
And yet that hasn't seemed to harm MS Office adoption.
While some may find it annoying that there are not two keys dedicated to the function, despite persistent claims to the contrary you can both backspace and delete on a mac. It is achieved by using a modifier key (the apple key, in this case). Really, a worse complaint is the lack of arrow keys. In both cases it comes down to how many keys you can fit onto a keyboard of a certain size while keeping the keys large enough to be useful.
In other news, apple doesn't put a top row of special keys on the keyboard (like Dell does) and instead uses the function keys. To actually get a function key you have to use the Function modifier key. I find this annoying and it makes it easy to change display brightness when trying to contort for some god-awful keyboard shortcut (there's one I use frequently that is a horrible mashup of *four* modifier keys plus the key being modified -- and there is no menu equivalent, it is the keyboard or nothing).
Backspace and delete? Only weenies who don't use apple computers would complain about that.
"A whitelist is useless. It will either--as you said--just lock down the computer a la Windows RT, or it won't prevent the admin from whitelisting whatever he wants to execute or install, thus retaining the exact same threat risk as before."
I wouldn't say that a white list is useless, but I'm not sure you really get the idea of white listing.
A white list isn't to prevent execution of unknown code, it is to prevent the execution of unapproved code. And conflating the two results in mistakes of intent, purpose and deployment. For example, "decisions were made(tm)" and only applications from are allowed to be executed is a white list approach to avoiding execution of unapproved code. This may or may not result in preventing the execution of unknown code, but it *does* (unless there's a bug in the implementation) prevent execution of unapproved code.
The reality of white listing is that you can't just white list certain executables, it doesn't scale. (Think the *many* executables inherent on a modern operating system, then consider the consequent and required updates.) One of the workable solutions is to white list based on publisher and require signed executables. This seems good at first blush, but it only works to stop yesterday's attackers (maybe).
There are three fundamental problems: 1) the belief that you can trust the signed executables, 2) the belief that the normal and proper functioning of the executables is good, 3) the belief that the only "code" that will be executed is in those signed executables.
Trust: basically, if I can cause a vulnerable but white listed application to execute in a certain way (say, to parse my jpg file) then I can execute arbitrary code.
Good/Evil: the problem is that code and applications are not so easily categorized as good versus evil. A bad guy can get by quite happily with *only* Microsoft signed executables that are installed automatically with Windows. For example, need to sniff network traffic and send the packet captures out? Microsoft has you covered.
Interpreters: as an extended carry over from the good/evil problem you get the shell and, especially, power shell. I qualify these differently because case #2 is about leveraging installed functionality. Bad guys don't need to install much of anything, they just repurpose the tools Microsoft has put in place. Here, you can execute arbitrary code of your choosing.
A fairly typical scenario nowadays involves executing entirely in memory (e.g., using a browser to execute your javascript ddos code) or minimally touching the disk without using the file system (store powershell in the registry). White listing, in a practical deployment, does nothing against these threats. But it is *still* useful as a component. Even AV can actually be useful -- may favorite was the low-tech approach of using McAfee as a canary. It didn't protect the system at all, but when it stopped running you *knew* it was compromised and time for a rebuild. (Not that I'm advocating the exact approach, but I've known it to be used and it serves to illustrate how value can be derived.)
So while white listing can be an important part of a security plan, only the naive or foolish will consider it to be a hurdle to a targeted attack (and increasingly these techniques are being kitted so that everyone can take advantage).
whose business is that, anyway?
I don't think it is quite accurate to describe what the Thuggee did as "ritual murders". What they actually did was much simpler: they would infiltrate a group of travelers, kill them, and take the loot. That makes them murder/robbers and any ritual they displayed is really neither here nor there.
No where's my tobacco?
"Let's say I agree with your reasons. AirBnB operates in 34,000 cities. Is it seriously reasonable to expect they will have someone in each city walk to city hall to manually check paperwork for every city? Since the onus is on AirBnB with this law, they'd have to. Considering they have 1,600 employees right now, they'd have to hire almost 33,000 more to comply with such legislation. Blatantly unfair."
So because one company operates in different markets it is unfair for one market to regulate itself? That sounds like you are denying sovereignty to the governing body. What gives you the right to say the government, which is elected by the people, cannot regulate commerce within its domain? This principle goes back thousands upon thousands of years. The oldest writings fall into three categories: religious (stories/plays), government regulation (laws regulating personal conduct, commerce, etc.) and economic (recording transactions, tracking stocks, contracts).
But I suppose in this brave new world we should just shuck this accumulation of knowledge on how to make society work and dispense with government. Because regulation bad.
Why? I'd hazard for the same reasons that some vocal people keep defending Uber and attacking legal taxi services. Because someone said "disruptive technology"? Maybe because they're libertarian and like to see corporations giving the government the finger? I'm not really sure, but it has all of the same flavor.
So you don't see any difference between "they managed to move up" versus "other companies moved down"? Comcast did *nothing* to improve customer relations, thus their change in the relative rankings was not due to any positive effort on their part. This then implies that other companies have done negative things to adversely their own relative rankings.
So, yes, there is a difference.
"My experience is that speed readers always claim that they retain more than people who read at normal rates do, but I'm not so sure."
Well... I can only speak from experience and that is that, past a certain point, retention goes to the shitter. I used to re-read books and when I encountered "new stuff" on a re-read (not just a little dialogue I'd forgotten, but obvious and plot significant things) I realized something was wrong. The other part was reading ~2ppm is just too damned fast. If you can read a novel in an hour or two then you don't get much overall enjoyment out of it -- you're off hungry for the next thing. So I deliberately slowed my reading down. More to extend enjoyment than improve retention (when reading non-entertainment it is a completely different approach for me).
There are "speed reading" classes that are supposed to improve throughput while increasing retention. I've never felt the need to take one, but have always suspected that they were just training on skimming. The only time I speed read any more is for skimming. That I can do *very* quickly and while there is no retention (let alone comprehension), I can pattern match. That is, focus on finding one of a few keywords. Hit on that, stop there and actually read. Maybe not slow & retain reading, but at least comprehend speed. If it is what I was after, read that, otherwise go back to skimming. Is it perfect? No, I can miss key words if I hit "stupid fast". And there's no real point on digital media (use the search function). But for technical reading it can be quite helpful, particularly when the authors couldn't be bothered to include an index and there isn't an overall structure that can be leveraged.
Absolute agreement on this. When I was younger I read fast. Not a novel in 30 minutes fast, but close enough. I also noticed that I wasn't enjoying the material as much. And, it really sucked to finish a whole series in a day -- then I had to find something new to read. Far better to read at a normal pace and *really* enjoy the same material over the course of a week.
The other part of reading so quickly is retention. When you are blazing through material, comprehension and retention both suffer. Reading fast or skimming by themselves don't necessarily cause that, but taken to extremes they do.
Victim of their own success? Or a predictable outcome of the security model?
The android security model is what I call "blame the user". Although things have shifted slightly, the original intent was pretty simple: an application could only do things that it was pre-approved to do. This was handled by having declarations and the user would have to agree to those declarations. There are several problems with this model.
1. Users are not generally equipped to properly discriminate and thus are not able to make an actual informed decision.
2. Permissions are not granular. You even mention one of the most glaringly ungranular permissions, "access the Internet".
3. Permissions are an all-or-nothing proposition. They only have any meaning when there is no adversary. That is, they provide no security whatsoever, merely at best providing limited information as to whether or not you might want to install an app. Kind of like a ratings system.
4. Applications can (and do) declare permissions that they don't need. This can be attributed to laziness (why bother worrying about what the app needs, just select them all) but in the end allows an app to do things that it never needed to do which can be leveraged maliciously.
I call this "blame the user" because when someone's device ends up with malware on it the response was (especially initially) "but you knowingly installed it, accepting that it would 'access the Internet'".
With a few exceptions (such as a web browser), the user doesn't really intend to give an app unlimited access to the Internet. Instead, they are thinking that a game app will send and receive leader board information, or that an advertising supported app will connect to an advertising network, or that drawing app will check for updates, or whatever. They are *not* expecting that the will use this global "access the Internet" permission for command-and-control traffic for the botnet it just joined.
The entire model is flawed. Anyone who has dealt with "normal" users on any long term basis is well acquainted with how unsolvable #1 is. And, while making permissions more granular and separable would address #2 and #3, it does so at the expense of #1. Addressing #4 is more difficult, but should be achievable by making them inherent to function usage.
But, in the end, the user is no more equipped to make security decisions based on a declaration of access requirements on a mobile device than they are to make security decisions based on a Windows security alert. If it goes any deeper than confirming an action (because of the possibility of non-interactive triggers) then it is not a good use-case for a user decision.
For example, prompting before allowing first-time execution of something that was downloaded by a browser -- if the user just downloaded and attempted to run the installer they can confirm this -- but if a malicious site managed to trick the browser into downloading and executing then a user has a chance of realizing they should say "no" when prompted by the operating system.
In short, the android model of permissions/capabilities does not provide security. At best, it provides a framework for an educated to user to possibly make an informed decision about installing an application. This isn't a *bad* thing as there is nothing wrong with enabling better management of a device -- unless it is mistaken for security.
Security is difficult. There is no silver bullet. It cannot be automated. While some sort of automatic scanning can be *part* of an overall security approach, it will always fail if it is all there is to the approach. Google (or Apple) scanning apps in their stores can gain *something* but does not provide a good endgame. Increasingly, the only time malicious applications are first detected is by actual analysis. That this is a high cost to perform that users are not willing to play doesn't help matters any. It remains to be seen how well relying on voluntary third-party audits of applications will work. I just don't see it scaling very well.
I'm sorry, I didn't realize that Great Britain was a country, much less a democracy in 1016 or so. I know you said, "nearly" so were you going for when the Normans conquered? And pretending that there was something remotely democratic about the government?
I also don't get the part about being in the EU for 43 years. The EU didn't even exist 43 years ago (formed in the early 90s). Is this like how job postings for Java developers would want "10 years Java experience" when the language wasn't even five years old? Or is it like how the United States of America was founded around the year 1000 when Eric the Red found Skraelings in Newfoundland?
Maybe there's a big "whoosh" coming, but I just can't see it. Must be *far* over my head...
so... the powerless house of lords rejected a a bad bill that had been passed by parliament -- and were not overruled by parliament? So how exactly were they powerless? If they were actually powerless then removing them would have no effect, but you give an example where removing them would have resulted in a different outcome.
Now, I'm an American and not all that familiar with the workings of the British government so I'm just going from your statements here. But as it stands it just doesn't add up to support your claim.
...and so many people I know would respond, "thanks for proving my point." Meaning, they interpret what you said as making them not a bigot for saying exactly that.
"I think this is actually what we want in our society, to create tolerance and acceptance."
I think you misunderstand the xenophobic half of society. I'm American (so not UK), but at least here they are specifically, explicitly, and in all other ways against "tolerance and acceptance". Its so bad that "tolerance" is a pejorative. At best, someone who is "tolerant" supports crime, terrorism and giving up rights to the federal government.
"I would never vote for Trump, even though I loathe Hillary."
I know, rose-tinted glasses and all that, but this election year seems to be the worst in decades for "voting for the lesser evil". Your statement seems a succinct expression of now many Americans feel.
The cognitive dissonance is strong with this one:
"The EU is an economy union, and only that."
"The EU as a unified economy doesn't exist."
I get it, you don't like the EU, but when you can't even agree with yourself as to whether or not it is an economic union (you do realize that in English reversing "economy union" to "unified economy" does not change the essential meaning?) the rest of what you saying comes across as "blah blah blah"
"The latest poll shows they're no longer the most hated company in the US, they managed to move up a notch or two, but they're still far from loved."
You are mistaken, your data simply indicates one or two other companies managed to move down.
violating slashdot's rule, I went and read the article. The winning explanation is.... selective quoting.
"Owners would have a choice between selling their vehicles back to VW at the value before the scandal broke on Sept. 18, 2015, or keeping the cars and letting the company repair them. Either way, they would also get $1,000 to $7,000 depending on their cars' age, with an average payment of $5,000, one of the people said."
So about 25% of the amount would go to the third option, "compensation", while unspecified amounts would go to either buying back the cars or paying to have them repaired. If 10.2 billion is only represented by payouts to consumers and does not include fines, then an estimated 7.8 billion would be spent on buying cars back or repairing them. And, yes, buying back the car or repairing it are also forms of compensation. Most forms of compensation are not direct financial gifts, even though they will have cost.
That's because you weren't paying attention. Sure, 10.2*10^9/482*10^3 = ~21*10^3, but that isn't what even your clips say.
"most of the money" means *less* than 10.2 billion. How much less you can get by reversing the average. That is, 5*10^3*482*10^3 ... which comes out to about 2.4*10^9, or ~25% of the total.
How can "most of the money" be represented by this amount? First, your choice of quotes implies that the only form of owner compensation is $1,000 to $7,000. I haven't read the article so I have no idea if that is correct or not, but at least according to the summary the money may be spent in three different ways: fixing, buying back, compensating. So, a very dangerous assumption to be sure, but assuming that the summary is at least somewhat on target, which of those three does the "$1,000 to $7,000" refer to?
Further, there is always the "greatest portion". If 25% goes to compensating owners, 20% goes to one set of fines, 20% goes to lawyer fees, 20% goes to advertising, and 15% goes to funding the rest of it -- the biggest portion is "owner compensation".
pics or it never happened
which you can always try to convince counsel is a good argument when you are suing the bank for taking the funds out of your account...