How do you know they are doing something useless and aren't sitting there filling out paperwork while keeping on eye on the road looking for the more egregious violations? You may argue that filling out paperwork is a useless waste of their time, but no police officer has ever said "Gee, I sure wish I had more mandatory paperwork to do!" A single felony arrest can result in several hours of paperwork to complete, and If it's not all filed perfectly, that may let the suspect go free.

Even if they released a patch, they can't force phone manufacturers to release it, and they probably won't.

4.4 was announced in Sept 2013 and shipping in Oct 2013, so 4.3 hasn't been the latest version for about 14 months.

I've never heard of AV software scanning all memory pages of all processes. It seems like that would be hugely expensive in terms of CPU resources because a VM can easily touch many gigabytes of RAM in a very short term, and somehow the AV software has to compare this entire dirty page set against a database containing hundreds of thousands, if not millions of potential virus signatures. Without help from the hypervisor, it seems like this would be even harder since when it sees a dirty page, it has no idea where it came from, how it got there, or what it's doing, so it has to scan every block of data just in case it happened to be executable data.

When I was testing AV software, I played with a number of real and test viruses in my disposable VM, yet the host system never alerted on any of them.

Yeah, just gotta get me some of them other materials and I can build one of my own! Maybe Amazon sells them.

Isn't that person going to get tired of accepting packages for every neighbor in a 2 block radios?

I get so many packages from Amazon that i wouldn't even as a friend to accept them all, let alone a neighbor down the block. What happens with this friendly neighbor when UPS says she signed for 3 packages, but she only gives you two, and your $600 iPhone is the one that's missing. Now you're out $600 because UPS has a signed delivery receipt.

My next door neighbor does work from home, but she usually doesn't bother to accept her own packages (they leave them on her front porch) because she's *working*.

Isn't that exactly how the transporter works? Surely they don't actually disassemble the body atom-by-atom, convert it to energy, then stream it to the remote site.

I figured they used a high-resolution scanner to scan the body, then send an energy beam to the remote site to reconstruct an exact replica of the person being transported. After the copy is complete, the original body is no longer needed and is disintegrated.

"...This spring, in the Ismaloya section, which is to the north, some unknown animals ate the crops in a very peculiar manner. They moved each day, in a straight line-almost as straight as an arrow-from the coast, into the mountains, into the jungle."
Grant sat upright.
"Like a migration," Guitierrez said. "Wouldn't you say?"
"What crops?" Grant said.
"Well, it was odd. They would only eat agama beans and soy, and sometimes chickens."
Grant said, "Foods rich in lysine..."

Since I can't draw an image here, imagine a circle around the standard car (standard as in "normal", not "manual transmission") below that encompases only itself, then another circle around Standard+TC (since you can't have Traction Control without a standard car), then finally a big circle around all three:

Standard -> TC -> SC

SC contains many other possible components (active suspension, independent braking, etc), (afaik, it always includes TC) so you'll have other components next to TC that are included in the SC set.

So you can peel back the layers, remove the SC layer and you can still have a standard car with or without TC.

Thus, SC is a superset that encompasses TC and other components.

I don't think google puts strong pressure on employees to "drink the koolaid" - as long as you use the tools you need to get your job done (like Gmail, Google Docs, and Hangouts), then they don't really put much pressure on your to use their entire suite of tools, like GooglePlus. Since G+ is so deeply integrated, you might need a G+ profile with your work address, but you don't need to build a network or post your cat pictures on your personal G+ profile.

Though all of the Google employees I know got there through acquisitions, and still work (mostly) with their original team, they haven't been fully assimilated into the Google collective.

I used to work for a company that was very deep into social networking -- none of the developers in my team used their product (aside from shared test accounts) because they don't like social networking in principle. No one cared or tried to coerce anyone to use the product, as long as we got the job done, that was all that mattered.

That is nice, but for affected users it hardly makes up for shutting down the service -- kind of like a university shutting down while you're mid way through your degree program and telling you "No worries... here's a copy of your transcript, you can transfer your credits to a new school... well, if you can find a school that will accept them!"

Who wants to spend lots of time building a Google Plus network and posting there regularly when Google has a habit of shutting down services with little warning?

At least you have some assurance that Facebook is not going to stop being Facebook, but Google could decide that Google Plus is not worth continuing and shut it down.

If you're going to be snarky, be snarky about the right thing -- the GooglePlus.com URL does take you to your Google Plus home page.

That sounds promising, though I don't see a signature in the rpm download, just sha1/md5 checksums.

That would be more meaningful if the link to the MD5 checksums was not on the same non-SSL page as the link to the binaries, so is subject to manipulation -- an attacker can make it point anywhere they want, and unless a user "knows" that the checksum page is supposed to be SSL, they'd never know (yes, you gave the SSL page, but how do I know that you're not an attacker and that you gave me a fake page that you happened to upload to an Oracle server?). Likewise, if someone can alter the binary on the repo, who is to say that they can't alter the checksum file as well?

There's one well-established method to validate downloads, and that is to use a cryptographic signature (with a well protected private key, the signature should be generated on a completely offline computer.

MD5 verification may be "good enough" for most uses, but it's very weak authentication.

You seem to be confusing download verification with authentication -- they are different concepts.

A simple checksum stored with the binary is not a means of authentication, it's only a means to validate that there was no file corruption on download (since an attacker can update the checksum(s) at the same time he modifies the binary). Something like a cryptographic signature would be needed for authentication (with a validated means of public key distribution)

Since the download link does not use SSL, even if you trust that no one has corrupted Oracle's repository, you have no assurance that the file you download hasn't been modified in-transit using a man-in-the-middle attack.