At some point, you have to start trusting people/organizations/companies.

What you're really saying is, "You don't have a choice, so just suck it up, princess. Privacy is so 20th century."

No, you don't have to trust people/organizations/companies who have not earned your trust. You are the one paying. Use the power you have as a consumer. Weaponize your purchasing power.

And always, always reserve the right to just say "Nope, I don't need it, I don't want it, and I'll find another way."

For us here in Norway PSTN/ISDN was our bad time, when the one monopolist could charge pretty much everything they wanted. When we got DSL, the market was deregulated and lots of offers showed up. In the US, far more people get Internet via cable, which obviously has far more reason to protect their traditional business. As for recent fiber roll-outs it's really the power companies that got the ball rolling there, eyeing an opportunity to break into a new market by running fiber optics as well as power lines. Obviously the incumbents couldn't sit around and watch that and it became a race to lay down fiber first, since it's rarely profitable to come second. So it's a very nice three-way race to roll it out, though the prices are fairly steep.

We had plenty of choices for dial-up too, what we lacked particularly in the UK was free local calls, that made modem calls expensive compared to the US. Since then everything has been going our way.

However, the issue of free vs metered local calls hasn't been relevant for a long time. I don't think government intervention is a great explanation either, given that the UK telecoms network was privatised.

For large parts of Europe I think there's a simpler explanation - a combination of population density and more regional competition with ISPs. Whereas in the USA you have a handful of nationwide ISPs. There's no equivalent of Verizon or Comcast in Europe that serves the entire continent.

Except if you got a bad batch where some kind of material or production defect will cause many disks to fail near simultaneously. The overall MTBF might be true for all the disks they produce, but unless you make a real effort to source them from different batches over time you can't assume that's going to be your MTBF.

Soylent is often tastier.

I don't care how good it tastes. I'm not eating anything made of people!

azimuthally

Saying that word is like a party in my mouth.

This sounds promising. I could use a memory upgrade.

I get the feeling we're witnessing the beginnings of a superhero origin story.

Mix in a little gene-splicing, some radiation and a brilliant but shy lab assistant who's working late one night. Next thing you know, Manhattan is in shambles.

You know it's not a contest to come up with the worst bullshit. If you're left with one person 95% of the time when you have 249 possible wrong answers, it's like being left with 4000 people when you have 999999 wrong answers. If all those are too close to tell apart you'll misidentify >99.9%.

Imagine for example that you wanted to find people by height and weight, as measured to nearest cm and kilo. It might work decently on a small group, but if you scale it up to a million people there'll be a lot of duplicates and then you're just guessing, double the population and you halve the chance of being right.

Developers and a ton of other professionals. If Linux/FLOSS could replace Windows, Office, Outlook/Exchange, Sharepoint and SQL Server that's probably 15 of Microsoft's $26 billion dollar revenue. Open source has not managed to commodify basic business and collaboration tasks, despite so many years of trying. It's not all about smartphones and tablets.

There will -always- be flaws. However, part of a company selling security is how they respond to issues, and here, BlackPhone has performed quite well. There was a problem, they fixed it, and that is what matters.

I agree that how a company handles incident response is important and the BlackPhone guys have apparently handled this well.

However, there are several things that are troubling about this story which lead me to not trust BlackPhone and question the security experience of the people designing it.

The first thing we notice about this exploit is that the library in question appears to be written in C, even though it's newly written code that is parsing complex data structures straight off the wire from people who might be attackers. What is this, 1976? These guys aren't programming smartcard chips without an OS, they're writing a text messaging app that runs on phones in which the OS is written in Java. Why the hell is the core of their secure messaging protocol written in C?

The second thing we notice is that the bug occurs due to a type confusion attack whilst parsing JSON. JSON?! Yup, SCIMP messages apparently contain binary signatures which are base 64 encoded, wrapped in JSON, and then base64 encoded again. A more bizarre or error-prone format is difficult to imagine. They manage to combine the efficiency of double-base64 encoding binary data with the tightness and simplicity of a text based format inspired by a scripting language which has, for example, only one kind of number (floating point). They get the joy of handling many different kinds of whitespace, escaping bugs, etc. And to repeat, they are parsing this mess of unneeded complexity .... in C.

Compare this to TextSecure, an app that does the same thing as the BlackPhone SMS app. TextSecure is written by Moxie Marlinspike, a man who Knows What He Is Doing(tm). TextSecure uses protocol buffers, a very simple and efficient binary format with a schema language and compiler. There is minimal scope for type confusion. Moreover, the entire app is written in Java, so there is no possibility of memory management errors whilst trying to read messages crafted by an attacker. By doing things this way they eliminate entire categories of bugs in one fell swoop.

So yes, whilst the BlackPhone team should be commended for getting a patch out to their users, this whole incident just raises deep questions about their design decisions and development processes. The fact that such a bug could occur should have been mind-blowingly obvious from the moment they wrote their first line of code.

Indeed. I once read that the limiting factor on how high we can build skyscrapers is not structural engineering but the explosion in space occupied by elevator shafts as you try and go higher and higher whilst preserving reasonable wait times.

Don't worry, you can buy a $500 phone from my non-profit, $400 will be my for salary and $100 for a junk Android phone. Profit is an indication that you're delivering more value relative to cost than the competition, after all sales price is just a number you decide. They're not competing against some imaginary non-profit, the day Google, Microsoft etc. deliver a competing product forcing them to lower prices they will. Until then, keep blaming the one delivering what people want and not the ones who don't.

...less than any other ISP? No. Just like Google funded Mozilla this is more of a long term effort to push more people and more services online, where Google can get a piece of it. The "old media" advertising budgets are still pretty huge and people willingly sign up to Google's services so there's no need to get shady. In fact their roll-out is extremely slow if they were seriously intending to become a major ISP, they're really just trying to shame the rest of the country into demanding they get the same kind of service from their incumbents. Who needs cable TV when you got gigabit service and can watch any show, any time over streaming without hitting any caps? That's what Google is selling, of course it's out of self-interest but for tech geeks I think they're on our side in this case.

OK, I see what you're saying. That there's really little reason for the operating system on a home computer to look and work exactly like the one at work.

I agree. I think as computer users, we're mature enough not to need this level of familiarity. This is one reason that at some point down the road, I hope to be able to use both Windows for my digital audio workstation in my home studio, and some form of "SteamOS" for playing games. Of course, with companies like EA/Origin and Ubisoft using their own game store platforms, I don't see all PC games being compatible with a SteamOS for some time to come.