Balance is more important than proper portions, though you could argue that a proper portion of one part of your diet will leave you hungry for proper portions of the rest until you get those; but once you've eaten that balanced diet, it doesn't much matter what you shove down your gullet after that; your body all bot stops processing food once it has everything it needs. You'll literally start pooping out partially-digested food if you overeat a balanced diet.
Or, maybe the metric is wrong and actually getting some balance in your diet (not based on the Food Pyramid, e.g. a dietary schedule derived by an industry wanting to drive sales of cheap-to-manufacture high-margin goods over those which are expensive to produce but don't draw the same prices) is the solution. Did you ever think of that? I can tell you with certainty that my wife will eat over 6000cal/day if her diet isn't balanced but has no trouble keeping it in the 1200-1600 range when her body gets the nutrients it needs. Fix the model (and the marketing that drives it) and you fix the problem.
No, it's calling out the importance of eating a *balanced* diet, balanced being the operative word and different for each person. I can get 2000 calories a day in a few spoonfuls of sugar, or I can get it in a few well-balanced meals. What you're implying is that those, because they potentially provide the same amount of energy, will have the same effect on my body. This has been proven, thoroughly and repeatedly, wrong.
Your body is going to process everything you put into it until it has everything it needs. If you eat 10,000cal worth of sugar, your body will process every calorie; if you eat the same number of well-balanced calories (nutritionally balanced, that is to say the food you eat contains all the nutrients your body needs, not just referencing the incorrectly-stacked food pyramid), you'll end up pooping out a lot of partially-digested food as your body got what it needed and stopped expending the energy to extract any more.
I'll admit that I started with a sample size of one and that has only grown slightly as I've convinced a few people close to me to try it, but I've tested this with a 100% success rate. And the participants have been healthier (both physically and mentally) to boot, because their bodies are getting all the nutrients they need to fuel their immune systems and balance out body and brain chemistries. Of course, there are still maladies that can befall a person that simple dietary changes won't do much for, but it's amazing the number of "ailments" for which the recommended course of treatment is to mask the symptoms with drugs, rather than face the root cause of the problem.
Don't take my word for it, though. Talk to a doctor and a dietitian; if they don't agree, ask the doctor which drug company is in his back pocket, then talk to a different doctor. Once you find a doctor that agrees with your dietitian on the importance of treating illness with a balanced died over masking the symptoms with drugs, keep seeing that doctor, and know that you can trust that any prescription (s)he writes serves a purpose other than earning them a kickback.
It may appear that I have veered slightly off-topic, but not really; diet and overall health are very closely related.
You talk about Apple but Apple is not an excuse because they are bad themselves, yes Apple also sucks.
I talk about Apple not to excuse Google, but because everyone always brings up Apple as an example of "doing it right". If that is incorrect (as I've shown) then, perhaps, people should stop doing it. If you weren't slyly hinting at Apple, and I know you weren't pointing to Microsoft of Blackberry, just who is the shining beacon of "doing it right"? And if nobody, who is doing it best? I'd venture that Google isn't doing too horribly if your requirement is the ability to buy a device from any number of suppliers and avoid Apple's vendor-lock. Mind you, I willingly submit to that as an iPad owner, but that's essentially become a glorified digitizer tablet since I got my Nexus 6.
I am not talking about myself, you or other technical people. My sister, mom or my grandma will not be able to install this crap.
So, you're saying you wouldn't help your sister, mom, or grandma with this? I know I would, as wold most technical people who wish to encourage their friends and family to be more secure.
If the company can't support a highly expensive device for more than 2 years then the install process should be as simple as dowloading a Google app that will update the phone.
And then every app and piece of malware would have fill write access to/system/ along with the update app. You don't think that would make things less secure? It would, by a lot. I'll remind you that I'm talking about unlocking your bootloader and flashing a new ROM to/system/, not rooting and installing things to/bin/ and/usr/bin/. In many cases, rooting an Android device is actually much more complicated than flashing a new ROM, though you can flash a pre-rooted ROM if you're flashing one anyway.
This is something that Google could easily do if they would just get of their asses and stop being evil.
You mean it's something Google cold easily do if they would just stop write-locking/system/ during the boot process to prevent malware from completely pwning Android devices. You must not realize that this is a security measure, and a very strong one at that; it's literally as simple as it could possibly be without opening the door to all kinds of nasty malware we currently don't have to deal with. The only thing that might make it easier is a GUI, but that would also make it easier for people to install malicious ROMs without really thinking about it; having to type it out makes you think about what you're about to do before you press enter.
You do realize that nothing you just said is true, right? Your example phone, the Nexus 4, was still getting updates after more than 3 years and. In fact, 6.0.1 was released in the first week of December 2016, while 5.1.1 was released in the first week of January 2016. Ignore version numbers for a moment and realize that means that the Nexus 4 has been updated more recently than the Nexus 5, Nexus 6, Nexus 5X, and Nexus 6P, all of which came out long after the Nexus 4. And anything that works on 5.x works on 6.x and vise-versa. Meanwhile, you go on to attack Google for "deprecating and messing things up for no reason" while Siri was an app that wan on the 3Gs and newer iPhone until Apple integrated it into iOS and only allowed it to work on the 4s and newer. Likewise with split-screen multitasking in iOS 9, which the iPad Air is more than capable of supporting in hardware (hell, Android devices with much more restricted resources have been doing it for years) but, yet, it only works on the Air 2; I know this because I have both devices. And no, the sidebar "multitasking" is not the same; both models do that, I'm talkign about the side-by-side, 2 apps actually fully running at the same time split-screen multitasking. My first Android phone, over 4 years ago now, cold do that, hell, it even had a dock that it plugged into that let it operate as an Ubuntu laptop *alongside* its android phone functionality. If the Motorola Atrix could do it, why can't the iPad Air? It's not the Apple isn't interested in the functionality, because the Air 2 does it; it's all in software and both devices run the same software, so what gives?
I think you're the one who's lazy. Or maybe just blind. I'm not sure. Do you just not see that you can unlock your Nexus 4's bootloader (Google gives you instructions, they allow it, they even encourage it once support has ended) and install Marshmallow on the damn thing, or are you too lazy to do it?
To clarify, what I'm referring to is the following:
there is absolutely no reason why it shouldn't be able to install a new version on older phone
And you're oh so right. There is no reason you shouldn't be able to. With about 2 minutes worth of research, you'll find that you can, actually.
Derp, posting before fully awake... forgot 6.0 was out. That said, Google guarantees major version updates for 2 years from first sale and security updates for the longer of 3 years from first sale or 18 months from discontinuation. Lollipop was released more than 2 years after the Nexus 4 went on sale (November 13, 2012) and more than 18 months have passed since the Nexus 4 was discontinued (and no longer available from the Google Store) on November 1, 2013. They've lived up to what they promised; in fact, considering that Lollipop 5.1.1 was released on January 4 of this year, they've provided over 3 years of major version updates, going well above and beyond that promise. If the promised support duration wasn't enough for you, why did you buy the phone?
You mean the Nexus 4 that has the most recent updates available? I think you meant Galaxy Nexus, and that phon was supported for over 4 years, except on Verizon, who blocked the last update.
Odin works (for some definitions of "works") for Samsung, there are better tools for HTC, LG, and Motorola. Beyond that, dedicated community members tend to build full-function firmwares for popular devices and yes, it is the user's fault if they can't be assed to learn this stuff before purchasing a device, if security is a concern to them and other options are available.
Yes, the carriers and OEMs share in the blame, and Google gets their fair share as well for not requiring that the OEMs conform to some standardized update schedule (as a minimum, of course the OEMs could go above and beyond that schedule) in order to ship Google Apps with their devices (AOSP should remain unrestricted as it currently is), but let's not kid ourselves by saying the users bear no responsibility for their purchase decisions. Android isn't the only option; and, even if it were, OEM firmware and phones locked to such are not the only options in the Android world. This is true everywhere. And for users who may be concerned about security and, for whatever reason, are incapable of learning which phones can run alternate firmwares and/or how to load them, there is sure to be a friend or family member who can help.
But no, you'd have them keep giving their money for locked devices that will never see updates, when other options are available. Clearly, you disagree that their dollars would be much better spent on devices that are capable of community support when the OEM backs down from updates, then applying a bit of knowledge (or asking a capable friend or family member to do so) to extend the useful secure life of the device, rather than rewarding the OEMs and carriers for their shit-show by buying new devices to get the newest software.
You don't have to tell me the Nexus 6 is great, I absolutely love mine. I've had it since it was released and not only is this the longest I've kept the same phone since I got my first phone in 2000, this is the longest I've gone without looking at what's on the market for any purpose other than to help a friend select the phone that is the best fit for them. That is to say that, in 16 years of cellphone ownership (and all flagship devices, mind you; I even had the first MP3 player phone to hit the market, released by Samsung, and the first phone with an OLED display, released by BenQ Seimens), the Nexus 6 is the first device I've owned that has met and exceeded my long-term expectations for a tool of its nature. It's actually all but replaced my iPad Air for all functions not requiring the pressure sensitive pen (Adonit Jot Touch) that just so happens to be iPad-only.
Beyond that, yes, I agree that the fragmented ecosystem needs to get sorted out and you are correct that only the OEMs and carriers are winning the current game. But, again, let's not pretend that users can't vote with their dollars and stop giving money to the OEMs for devices they're not allowed to take actual ownership of. It just takes a little bit of common sense and forethought, both of which seem to be lacking in today's society; globally.
It's good enough for the Nexus device in my pocket. I don't own the majority of Android devices out there and neither would an educated consumer. Those OEMs aren't getting a free pass, I voted with my dollars and made them irrelevant, so it's not worth my time to jump on them.
It is the fault of the users that they bought into it, though. Grasp that reality and take responsibility for your own decisions, maybe then you'll realize that it's important to learn exactly what it is you're buying before you buy it. The information was clearly available, as many of us made use of it when deciding to buy Nexus devices over all else. Those of us who live in a country where Nexus devices aren't available can still learn which devices ship with unlocked bootloaders and load vanilla Android ourselves. If lacking the technical knowhow to load a 3rd-party firmware, the iPhone is still an option. Failing the availability of the iPhone, Android isn't going to be an option either, rendering further extrapolation unnecessary.
There is no situation in which a user's only option is an Android device with OEM firmware that will never see updated. Literally none. It's a user choice, pure and simple; it may be made in ignorance, by users who don't know any better, but that ignorance is a user choice, as well.
They support their phones for at least as long as Apple. In fact, they've made a legally binding commitment to supporting devices for at least a certain period of time: major version updates for at least 2 years from date of first sale; security updates for at least 3 years from date of first sale or 18 months from date of removal from the Google Play Store, whichever is longer.
Meanwhile, Apple and Microsoft have done no such thing. I'm not sure of Microsoft's track record regarding device support, but I know Apple's done fairly well; there's nothing indicating they'll continue to do so, however, and no requirement that they do. With Google, you know how long to expect device support and anything beyond that is icing.
with the number of devices updated by OEMs and carriers to Lollipop and Marshmallow being lower than any previous versions of Android
specifically because, starting with Lollipop, carrier apps are installed on first boot (based on the inserted SIM, so no carrier apps if no SIM is installed) and can be removed by the user once installed. They're no longer part of the firmware, thus no longer require carrier customization. which removes the carrier's ability to require their approval before updates are pushed by the OEMs. While this makes it easier for OEMs to push updates, they can only do so where standalone versions of the carrier apps are available; e.g. they can't update a KitKat device to Lollipop without carrier approval, but once the device is running Lollipop or newer, they can push their own updates. Carriers don't want to give up this control where they can avoid it, so they don't approve those updates for devices shipping with KitKat or older.
This problem will solve itself as those devices fall out of use.
And if you were at all familiar with the restrictions mobile operators place on device manufacturers, you'd understand that's it's a factual one, as well. Even Microsoft recognizes that.
We work closely with our carrier partners, and encourage them to test our software as swiftly as possible. But it’s still their network, and the reality is that some carriers require more time than others. By the way, this carrier testing is a common industry practice that all of our competitors must also undergo. No exceptions.
That said, this only applies to devices which the carrier has customized in some way. As far as Nexus devices go, that only includes the T-Mobile Nexus 6 and, even then, the customization was done by Google and T-Mobile allows them to push updates directly and without approval. Every other Android device sold, by literally any carrier, is customized with carrier apps and features and requires the carrier's approval for updates.
I wouldn't say the Nexus 6 is lagging behind in hardware, even comparing to the generation of devices released after it. Actually, for the first time I've owned a phone for over a year and still see nothing compelling on the market. Just saying.
Sure, a fingerprint reader would be nice, but that's something I'd use for a grand total of a couple seconds per day, versus the display I'd be giving up, which gets used much, much more. The Nexus 6P is comparable, but trading wireless charging for a fingerprint reader and USB-C seems silly when the performance gains of the device are relatively small and the current model still handles everything I throw at it without a hiccup and likely will until the mid-range catches up with it in several years. That sure sounds like a device that's lagging behind, no?
Right? And here's the thing: Apple fans (I'm a user, but not a fan, it's a tool and it does a job, it's not deserving of fandom) will insist that issues that affect rooted or non-Nexus Android devices are worse than issues that affect jailbroken iOS devices, but they're really one-in-the-same. The reality is that rooting an Android device is a departure from the vanilla Android binaries and configuration provided by Google, as is a manufacturer replacing Android binaries and configurations with their own or adding their own binaries for additional features or interface layers, just as jailbreaking an iOS device is a departure from the stock binaries and configurations of iOS. To a logical person, that would indicate that the only possibly non-compromised iOS devices are the non-jailbroken ones and the only possibly non-compromised Android devices are those running vanilla Android (e.g. Nexus devices) which have not been rooted.
Mind you, this is largely because rooting and jailbreaking are, in and of themselves, compromises of the device. From the perspective of the user, they're not actually compromised until some bit of malware makes its way onto the device, which generally only happens in either class of device when the device's OS has been modified; again, that means rooted, jailbroken, or tampered with by the manufacturer. Allowing for that, both classes of device are equally secure, which is to say their radios have direct and unfiltered network connections and direct memory access, you can extrapolate whatever you want from that.
Or, as a user, educate yourself and buy a Nexus device which, much as the iPhone gets its updates directly from Apple, gets its updates directly from Google. I've noticed that Google is generally quicker to update my Nexus 6 than Apple is to update my iPad Air when a flaw is publicly disclosed; I would assume the same when the flaw is not publicly disclosed but there is not frame of reference for this.
Still, all the "attack warning", "turn your neighbors in", is getting to be a bit too too much.
Indeed, so much wolf-crying. Anyone with the intelligence to actually be able to do anything useful in the event of another major terrorist event has already figured out that all these reports are bullshit and stopped listening. Where does that leave us when the next credible threat comes along? In the hands of fools.
I'll add, as well, that someone going through the trouble of planning such an attack will want as much attention for it as possible. That's the whole point of a terrorist attack: to get it in front of as many eyeballs as possible, in order to spread terror. Cutting communications cables is basically the exact opposite of what someone planning a terrorist attack would do.
In the end, that doesn't really solve the big problem
and it's fairly obvious that you realize it actually would solve the problem, because you go on to clarify:
but no one is seriously going to deny an Email because there isn't an SPF or DMARC record.
But, and buckle up because this might rock your world, that's an issue with the industry, not an issue with the solution. You (and I mean the general "you", not you specifically) say the problem is that most sending domains don't bother with SPF and DMARC? You're right, and there's a solution. Let Google, Yahoo!, and Hotmail start denying based on the existence of these records.
People want their mail delivered and they're not gonna listen to Amazon (or anyone else) telling them they must switch mail providers because the one they're using has implemented a workable spam solution and they (the sender) can't be assed to make sure their domains comply. People will blame the senders, and they'll be right to do so, so the senders will comply. Then, who cares if all providers implement it? As long as your provider does, you're golden; all senders with any level of legitimacy will implement it in order to have the larger providers accept their messages and people will be free to choose providers who do or don't implement it (or to implement or not implement on their own servers) based on how big of a problem they perceive spam to be.
All it takes is a relatively small handful of big-player providers agreeing to implement it and actually following through. Trust me, the senders will follow.
the sending servers are still obeying the forms and have SPF or DKIM records, even that is failing.
Right. This would simply allow you to deny mail from those domains, then. The same scanning and filtering that goes on today would still be necessary in order to identify spam domains, this just prevents someone from sending mail "From: somelegitaddress@google.com" and "Reply-to: iamascammer@myrandomdomain.nl" because their servers won't be allowed to send messages on behalf of google.com and, if they do happen to use the same servers, their user account won't have access to the signing key required to properly authenticate the message. Remember, security is always comprised of multiple layers; at least you won't have to guess whether or not you should deny mail from "google.com", because you'll know that message didn't legitimately come from Google, which kills an entire (and, in fact, the largest) class of spam right out of the gate, it kills 85% with, essentially, the flip of a switch. The remaining 15% can be dealt with by filtering, including domain age and mail volume as filter parameters.
Will it ever be perfect? No, security can never be perfect, but if we can kill 85% of spam for users who care to bother, why should we not do it?
And, for the record, the self-proclaimed expert I was referring to in my reply wasn't you.
And, yet, we still have self-proclaimed experts that think it's a new problem that we don't have yet and can avoid by not implementing an otherwise workable solution. God I love this industry.
Balance is more important than proper portions, though you could argue that a proper portion of one part of your diet will leave you hungry for proper portions of the rest until you get those; but once you've eaten that balanced diet, it doesn't much matter what you shove down your gullet after that; your body all bot stops processing food once it has everything it needs. You'll literally start pooping out partially-digested food if you overeat a balanced diet.
Or, maybe the metric is wrong and actually getting some balance in your diet (not based on the Food Pyramid, e.g. a dietary schedule derived by an industry wanting to drive sales of cheap-to-manufacture high-margin goods over those which are expensive to produce but don't draw the same prices) is the solution. Did you ever think of that? I can tell you with certainty that my wife will eat over 6000cal/day if her diet isn't balanced but has no trouble keeping it in the 1200-1600 range when her body gets the nutrients it needs. Fix the model (and the marketing that drives it) and you fix the problem.
No, it's calling out the importance of eating a *balanced* diet, balanced being the operative word and different for each person. I can get 2000 calories a day in a few spoonfuls of sugar, or I can get it in a few well-balanced meals. What you're implying is that those, because they potentially provide the same amount of energy, will have the same effect on my body. This has been proven, thoroughly and repeatedly, wrong.
Your body is going to process everything you put into it until it has everything it needs. If you eat 10,000cal worth of sugar, your body will process every calorie; if you eat the same number of well-balanced calories (nutritionally balanced, that is to say the food you eat contains all the nutrients your body needs, not just referencing the incorrectly-stacked food pyramid), you'll end up pooping out a lot of partially-digested food as your body got what it needed and stopped expending the energy to extract any more.
I'll admit that I started with a sample size of one and that has only grown slightly as I've convinced a few people close to me to try it, but I've tested this with a 100% success rate. And the participants have been healthier (both physically and mentally) to boot, because their bodies are getting all the nutrients they need to fuel their immune systems and balance out body and brain chemistries. Of course, there are still maladies that can befall a person that simple dietary changes won't do much for, but it's amazing the number of "ailments" for which the recommended course of treatment is to mask the symptoms with drugs, rather than face the root cause of the problem.
Don't take my word for it, though. Talk to a doctor and a dietitian; if they don't agree, ask the doctor which drug company is in his back pocket, then talk to a different doctor. Once you find a doctor that agrees with your dietitian on the importance of treating illness with a balanced died over masking the symptoms with drugs, keep seeing that doctor, and know that you can trust that any prescription (s)he writes serves a purpose other than earning them a kickback.
It may appear that I have veered slightly off-topic, but not really; diet and overall health are very closely related.
Keys can be forged or stolen, we've seen it happen. I'll keep my hardware write lock, thanks, and you can have your insecure softlocked toy.
You talk about Apple but Apple is not an excuse because they are bad themselves, yes Apple also sucks.
I talk about Apple not to excuse Google, but because everyone always brings up Apple as an example of "doing it right". If that is incorrect (as I've shown) then, perhaps, people should stop doing it. If you weren't slyly hinting at Apple, and I know you weren't pointing to Microsoft of Blackberry, just who is the shining beacon of "doing it right"? And if nobody, who is doing it best? I'd venture that Google isn't doing too horribly if your requirement is the ability to buy a device from any number of suppliers and avoid Apple's vendor-lock. Mind you, I willingly submit to that as an iPad owner, but that's essentially become a glorified digitizer tablet since I got my Nexus 6.
I am not talking about myself, you or other technical people. My sister, mom or my grandma will not be able to install this crap.
So, you're saying you wouldn't help your sister, mom, or grandma with this? I know I would, as wold most technical people who wish to encourage their friends and family to be more secure.
If the company can't support a highly expensive device for more than 2 years then the install process should be as simple as dowloading a Google app that will update the phone.
And then every app and piece of malware would have fill write access to /system/ along with the update app. You don't think that would make things less secure? It would, by a lot. I'll remind you that I'm talking about unlocking your bootloader and flashing a new ROM to /system/, not rooting and installing things to /bin/ and /usr/bin/. In many cases, rooting an Android device is actually much more complicated than flashing a new ROM, though you can flash a pre-rooted ROM if you're flashing one anyway.
This is something that Google could easily do if they would just get of their asses and stop being evil.
You mean it's something Google cold easily do if they would just stop write-locking /system/ during the boot process to prevent malware from completely pwning Android devices. You must not realize that this is a security measure, and a very strong one at that; it's literally as simple as it could possibly be without opening the door to all kinds of nasty malware we currently don't have to deal with. The only thing that might make it easier is a GUI, but that would also make it easier for people to install malicious ROMs without really thinking about it; having to type it out makes you think about what you're about to do before you press enter.
Well, maybe not you, but most people.
I think you're the one who's lazy. Or maybe just blind. I'm not sure. Do you just not see that you can unlock your Nexus 4's bootloader (Google gives you instructions, they allow it, they even encourage it once support has ended) and install Marshmallow on the damn thing, or are you too lazy to do it?
To clarify, what I'm referring to is the following:
there is absolutely no reason why it shouldn't be able to install a new version on older phone
And you're oh so right. There is no reason you shouldn't be able to. With about 2 minutes worth of research, you'll find that you can, actually.
Derp, posting before fully awake... forgot 6.0 was out. That said, Google guarantees major version updates for 2 years from first sale and security updates for the longer of 3 years from first sale or 18 months from discontinuation. Lollipop was released more than 2 years after the Nexus 4 went on sale (November 13, 2012) and more than 18 months have passed since the Nexus 4 was discontinued (and no longer available from the Google Store) on November 1, 2013. They've lived up to what they promised; in fact, considering that Lollipop 5.1.1 was released on January 4 of this year, they've provided over 3 years of major version updates, going well above and beyond that promise. If the promised support duration wasn't enough for you, why did you buy the phone?
You mean the Nexus 4 that has the most recent updates available? I think you meant Galaxy Nexus, and that phon was supported for over 4 years, except on Verizon, who blocked the last update.
And even more especially when you write "Specially" because you do not know any better. Please do a world a favor, and stop using the "Internet".
Odin works (for some definitions of "works") for Samsung, there are better tools for HTC, LG, and Motorola. Beyond that, dedicated community members tend to build full-function firmwares for popular devices and yes, it is the user's fault if they can't be assed to learn this stuff before purchasing a device, if security is a concern to them and other options are available.
Yes, the carriers and OEMs share in the blame, and Google gets their fair share as well for not requiring that the OEMs conform to some standardized update schedule (as a minimum, of course the OEMs could go above and beyond that schedule) in order to ship Google Apps with their devices (AOSP should remain unrestricted as it currently is), but let's not kid ourselves by saying the users bear no responsibility for their purchase decisions. Android isn't the only option; and, even if it were, OEM firmware and phones locked to such are not the only options in the Android world. This is true everywhere. And for users who may be concerned about security and, for whatever reason, are incapable of learning which phones can run alternate firmwares and/or how to load them, there is sure to be a friend or family member who can help.
But no, you'd have them keep giving their money for locked devices that will never see updates, when other options are available. Clearly, you disagree that their dollars would be much better spent on devices that are capable of community support when the OEM backs down from updates, then applying a bit of knowledge (or asking a capable friend or family member to do so) to extend the useful secure life of the device, rather than rewarding the OEMs and carriers for their shit-show by buying new devices to get the newest software.
You don't have to tell me the Nexus 6 is great, I absolutely love mine. I've had it since it was released and not only is this the longest I've kept the same phone since I got my first phone in 2000, this is the longest I've gone without looking at what's on the market for any purpose other than to help a friend select the phone that is the best fit for them. That is to say that, in 16 years of cellphone ownership (and all flagship devices, mind you; I even had the first MP3 player phone to hit the market, released by Samsung, and the first phone with an OLED display, released by BenQ Seimens), the Nexus 6 is the first device I've owned that has met and exceeded my long-term expectations for a tool of its nature. It's actually all but replaced my iPad Air for all functions not requiring the pressure sensitive pen (Adonit Jot Touch) that just so happens to be iPad-only.
Beyond that, yes, I agree that the fragmented ecosystem needs to get sorted out and you are correct that only the OEMs and carriers are winning the current game. But, again, let's not pretend that users can't vote with their dollars and stop giving money to the OEMs for devices they're not allowed to take actual ownership of. It just takes a little bit of common sense and forethought, both of which seem to be lacking in today's society; globally.
It's good enough for the Nexus device in my pocket. I don't own the majority of Android devices out there and neither would an educated consumer. Those OEMs aren't getting a free pass, I voted with my dollars and made them irrelevant, so it's not worth my time to jump on them.
It is the fault of the users that they bought into it, though. Grasp that reality and take responsibility for your own decisions, maybe then you'll realize that it's important to learn exactly what it is you're buying before you buy it. The information was clearly available, as many of us made use of it when deciding to buy Nexus devices over all else. Those of us who live in a country where Nexus devices aren't available can still learn which devices ship with unlocked bootloaders and load vanilla Android ourselves. If lacking the technical knowhow to load a 3rd-party firmware, the iPhone is still an option. Failing the availability of the iPhone, Android isn't going to be an option either, rendering further extrapolation unnecessary.
There is no situation in which a user's only option is an Android device with OEM firmware that will never see updated. Literally none. It's a user choice, pure and simple; it may be made in ignorance, by users who don't know any better, but that ignorance is a user choice, as well.
Wrong.
* Google (Nexus devices)
They support their phones for at least as long as Apple. In fact, they've made a legally binding commitment to supporting devices for at least a certain period of time: major version updates for at least 2 years from date of first sale; security updates for at least 3 years from date of first sale or 18 months from date of removal from the Google Play Store, whichever is longer.
Meanwhile, Apple and Microsoft have done no such thing. I'm not sure of Microsoft's track record regarding device support, but I know Apple's done fairly well; there's nothing indicating they'll continue to do so, however, and no requirement that they do. With Google, you know how long to expect device support and anything beyond that is icing.
with the number of devices updated by OEMs and carriers to Lollipop and Marshmallow being lower than any previous versions of Android
specifically because, starting with Lollipop, carrier apps are installed on first boot (based on the inserted SIM, so no carrier apps if no SIM is installed) and can be removed by the user once installed. They're no longer part of the firmware, thus no longer require carrier customization. which removes the carrier's ability to require their approval before updates are pushed by the OEMs. While this makes it easier for OEMs to push updates, they can only do so where standalone versions of the carrier apps are available; e.g. they can't update a KitKat device to Lollipop without carrier approval, but once the device is running Lollipop or newer, they can push their own updates. Carriers don't want to give up this control where they can avoid it, so they don't approve those updates for devices shipping with KitKat or older.
This problem will solve itself as those devices fall out of use.
although that's been a bit hard to verify
and probably in violation of net-neutrality regulations.
That's a fantastic excuse for a horrible model.
And if you were at all familiar with the restrictions mobile operators place on device manufacturers, you'd understand that's it's a factual one, as well. Even Microsoft recognizes that.
We work closely with our carrier partners, and encourage them to test our software as swiftly as possible. But it’s still their network, and the reality is that some carriers require more time than others. By the way, this carrier testing is a common industry practice that all of our competitors must also undergo. No exceptions.
That said, this only applies to devices which the carrier has customized in some way. As far as Nexus devices go, that only includes the T-Mobile Nexus 6 and, even then, the customization was done by Google and T-Mobile allows them to push updates directly and without approval. Every other Android device sold, by literally any carrier, is customized with carrier apps and features and requires the carrier's approval for updates.
those are typically lagging behind in hardware
I wouldn't say the Nexus 6 is lagging behind in hardware, even comparing to the generation of devices released after it. Actually, for the first time I've owned a phone for over a year and still see nothing compelling on the market. Just saying.
Sure, a fingerprint reader would be nice, but that's something I'd use for a grand total of a couple seconds per day, versus the display I'd be giving up, which gets used much, much more. The Nexus 6P is comparable, but trading wireless charging for a fingerprint reader and USB-C seems silly when the performance gains of the device are relatively small and the current model still handles everything I throw at it without a hiccup and likely will until the mid-range catches up with it in several years. That sure sounds like a device that's lagging behind, no?
Right? And here's the thing: Apple fans (I'm a user, but not a fan, it's a tool and it does a job, it's not deserving of fandom) will insist that issues that affect rooted or non-Nexus Android devices are worse than issues that affect jailbroken iOS devices, but they're really one-in-the-same. The reality is that rooting an Android device is a departure from the vanilla Android binaries and configuration provided by Google, as is a manufacturer replacing Android binaries and configurations with their own or adding their own binaries for additional features or interface layers, just as jailbreaking an iOS device is a departure from the stock binaries and configurations of iOS. To a logical person, that would indicate that the only possibly non-compromised iOS devices are the non-jailbroken ones and the only possibly non-compromised Android devices are those running vanilla Android (e.g. Nexus devices) which have not been rooted.
Mind you, this is largely because rooting and jailbreaking are, in and of themselves, compromises of the device. From the perspective of the user, they're not actually compromised until some bit of malware makes its way onto the device, which generally only happens in either class of device when the device's OS has been modified; again, that means rooted, jailbroken, or tampered with by the manufacturer. Allowing for that, both classes of device are equally secure, which is to say their radios have direct and unfiltered network connections and direct memory access, you can extrapolate whatever you want from that.
These types of worms also rely on social engineering to convince the user to click on the link and run the malware.
So, not a worm, but a trojan, which iOS also has.
Or, as a user, educate yourself and buy a Nexus device which, much as the iPhone gets its updates directly from Apple, gets its updates directly from Google. I've noticed that Google is generally quicker to update my Nexus 6 than Apple is to update my iPad Air when a flaw is publicly disclosed; I would assume the same when the flaw is not publicly disclosed but there is not frame of reference for this.
Still, all the "attack warning", "turn your neighbors in", is getting to be a bit too too much.
Indeed, so much wolf-crying. Anyone with the intelligence to actually be able to do anything useful in the event of another major terrorist event has already figured out that all these reports are bullshit and stopped listening. Where does that leave us when the next credible threat comes along? In the hands of fools.
This.
I'll add, as well, that someone going through the trouble of planning such an attack will want as much attention for it as possible. That's the whole point of a terrorist attack: to get it in front of as many eyeballs as possible, in order to spread terror. Cutting communications cables is basically the exact opposite of what someone planning a terrorist attack would do.
In the end, that doesn't really solve the big problem
and it's fairly obvious that you realize it actually would solve the problem, because you go on to clarify:
but no one is seriously going to deny an Email because there isn't an SPF or DMARC record.
But, and buckle up because this might rock your world, that's an issue with the industry, not an issue with the solution. You (and I mean the general "you", not you specifically) say the problem is that most sending domains don't bother with SPF and DMARC? You're right, and there's a solution. Let Google, Yahoo!, and Hotmail start denying based on the existence of these records.
People want their mail delivered and they're not gonna listen to Amazon (or anyone else) telling them they must switch mail providers because the one they're using has implemented a workable spam solution and they (the sender) can't be assed to make sure their domains comply. People will blame the senders, and they'll be right to do so, so the senders will comply. Then, who cares if all providers implement it? As long as your provider does, you're golden; all senders with any level of legitimacy will implement it in order to have the larger providers accept their messages and people will be free to choose providers who do or don't implement it (or to implement or not implement on their own servers) based on how big of a problem they perceive spam to be.
All it takes is a relatively small handful of big-player providers agreeing to implement it and actually following through. Trust me, the senders will follow.
the sending servers are still obeying the forms and have SPF or DKIM records, even that is failing.
Right. This would simply allow you to deny mail from those domains, then. The same scanning and filtering that goes on today would still be necessary in order to identify spam domains, this just prevents someone from sending mail "From: somelegitaddress@google.com" and "Reply-to: iamascammer@myrandomdomain.nl" because their servers won't be allowed to send messages on behalf of google.com and, if they do happen to use the same servers, their user account won't have access to the signing key required to properly authenticate the message. Remember, security is always comprised of multiple layers; at least you won't have to guess whether or not you should deny mail from "google.com", because you'll know that message didn't legitimately come from Google, which kills an entire (and, in fact, the largest) class of spam right out of the gate, it kills 85% with, essentially, the flip of a switch. The remaining 15% can be dealt with by filtering, including domain age and mail volume as filter parameters.
Will it ever be perfect? No, security can never be perfect, but if we can kill 85% of spam for users who care to bother, why should we not do it?
And, for the record, the self-proclaimed expert I was referring to in my reply wasn't you.
And, yet, we still have self-proclaimed experts that think it's a new problem that we don't have yet and can avoid by not implementing an otherwise workable solution. God I love this industry.