I don't think it has to be explained why this is a potential problem. So then, it should be explained why this is such a great idea that the problems it creates are insignificant.

The Android permissions model is a mess and has been since day one, but not in the way most Slashdot geeks are up in arms about. When was the last time you actually looked at the full list of permissions? It's ridiculous. You have to be an Android developer to understand some of them. Many are pointless in the extreme: the result of simply associating every API with a permission whether it makes sense or not. Do I really need to know that an app might use the vibrator when I install it? A few permissions aren't even written in understandable English, so god knows what they become when translated into a language like Arabic or Chinese.

What's more, others (like the internet access permission) have never worked. People think it means "you can give this app personal data and it can't upload that data to the internet", but it never did that, because for example there are OS services that let you configure them to retrieve and process data from arbitrary URLs. The media player component does that. You can ask the OS to play music from a URL without having internet access permission, and it'll do it, so just put your personal data into the URL of your "music file" and the data gets uploaded. Heck even just invoking the web browser with a long mystery URL will let your internet-less app upload small amounts of data to the net. And there's no real way to fix any of this because any app that exposes services to other apps that involve downloading from a user-provided URL would end up breaking the "can't upload" model. So now they're hiding the internet access permission entirely, and good riddance.

Conclusion: the permissions framework was badly thought out. It was designed to let you know when apps might do something nasty to the OS, as a way to defend against aggressive apps that would otherwise do what they do on Windows and reconfigure the entire computer at install time. But there were no UI guidelines about how and when to use it, so it became a dumping ground for technical nonsense hardly any users understand. Worse, over time people's expectations have changed, and now some of them want it to be some all singing all dancing privacy framework that gives you a million knobs to tweak, even though it was never meant to be that.

Perhaps in future Android will actually get an all singing, all dancing privacy framework that does what people want, but it probably won't be a part of the app permissions system, which is meant to be for security. And it's not easy. A lot of the hacks people throw around in this thread could be easily detected and apps could just refuse to run entirely if you try and fool them.

And how does the phone learn when a new tower goes online? That scheme isn't going to work.

Beating Stingray devices can be done, if we assume that telco's don't approve of Stingray devices. Given that Stingrays interfere with their services, given that they bypass their own power and authority, given that all people like power and authority, given that they can charge the government for processing legal requests and court orders, and given that they were forced to spend lots of money on doing interception the "proper" way by CALEA, this isn't totally unreasonable.

If you're willing to assume that, the best way to beat Stingray's is to disable GSM support in your phone's baseband somehow. In GSM, towers authenticate the handset but handsets do not authenticate the towers, because portable cell towers did not seem like a threat that could surface within the intended lifespan of the technology. UMTS (3G) fixed this problem and now handsets do cryptographic handshakes with the tower.

I am assuming that the reason US cops are fighting so hard to stop info about Stingray's coming out is that these are tools used by little tinpot forces that can't be bothered getting real warrants, not the NSA who prefer to just directly compromise the backhaul networks. Therefore most likely they do not have the keys needed to emulate the real cell towers. If it came out that forcing a phone to 3G+ only could stop them connecting to Stingray's, that's a setting that'd suddenly appear in all kinds of aftermarket firmwares and heck probably Android upstream itself, and then some of the people they're going after would simply tick the "ignore Stingrays" box.

Is there any reason that reducing pointless barriers to trade has to occur in one giant all-or-nothing pact, instead of lots of little treaties over a period of years that don't depend on each other?

I'm all for the notion of free trade in theory, but the problem with treaties like these (and the EU in general, and the US Federal government, etc) is that their notion of "free trade" tends to simply mean "trade under the rules of whatever is biggest" rather than what the term mentally implies, i.e. people trading without lots of red tape getting in their way.

Given the absolute and total weakness of EU "leadership" when it comes to demands by the USA, I suspect any trade deal reached between the EU and USA would simply amount to adjusting EU law to match whatever Congress already came up with regardless of whether it makes sense or not. So this seems like a good incentive to not go for it, for Europeans. Unfortunately both America and EU increasingly tend to enforce their laws internationally, regardless of jurisdiction, so in the end I'm not sure it really matters much anyway: in a globalised world with lots of trade between rich countries you end up with a horrific hodge podge of conflicting laws and regulations, with companies trying to comply with all of them and ultimately putting their hope on lax enforcement to be able to remain in business. I don't see much of a way to solve this, short of a sea change in the level of government intervention in trade people tolerate.

Why? Even if you disregard the reports that have described close cooperation, and exchange of employees, between Google and NSA and other TLA agencies.

Which reports? Could you show me these reports describing close cooperation with respect to spying on people between Google and the NSA?

And the head of Google publicly stating that "you have no privacy, get over it".

I think you are grossly misquoting Eric Schmidt who said words to the effect of, people have to understand the PATRIOT Act, what powers it gives the US government and how little companies can do to fight it. They can't assume they can put stuff into Google and have it be inaccessible to the US Govt. And you know what? He was dead right, wasn't he? But he got crucified by idiots like you for unemotionally stating the facts of the law. A better example of shooting the messenger is hard to find.

What about Google's actions or solutions are so different than the other players that they have earned that trust.

Which other players do you mean? If you mean, big web companies, how about:

Being the first big webmail provider to enable SSL for everyone, all the time. Being the first to develop and then open source TLS forward secrecy code (ephemeral EC Diffie Hellman), then being first to activate it. Developing the first SSL pinning implementation, and catching Iran when they tried to use a hacked CA to monitor everyone. Being first to encrypt all internal traffic, something Yahoo is planning to catch up on maybe by the end of this year. Being first to publish transparency reports. Being first to publish statistics on SMTP TLS to help shame companies into upgrading (looking at you Apple). Being first to add and activate new ciphersuites in TLS (ChaCha20 and Curve25519) to replace the horribly broken RC4. Being first to release a new, modern PGP implementation.

If you put down the Google hate I think you'll find they've done a heck of a lot and routinely raised the bar over the past few years. No, they don't collectively march themselves to jail when served with a court order but that's a failure of our governments and indirectly the people who elect them.

Ob. disclaimer: I used to work for Google, doing security related stuff. And I think my colleagues achieved the best that can be expected of them in this arena. Certainly they went well beyond what other companies were doing (nothing).

The dude broke the law. A very real, very good (shockingly) law.

Is it good?

I don't think there's any problem with governments competing against ratings agencies: I think 2008 showed pretty conclusively that the existing private sector organisations kind of suck at protecting people from risk. But the SEC isn't just an organisation that gives a stamp of approval to well run investment schemes. They actively stamp out any that don't register with them and report to them. That makes the entire economy very vulnerable to poor decision making by a mere handful of people. It also can seriously hinder innovation: look at the glacial speed of progress towards the oh so ambitious goal of "not killing crowdfunding sites". You'd think not doing something would be easier, wouldn't you, but it's taking years and an 800+ page report.

If the SEC lost their enforcement powers and just acted as a place where reputable, respectable fundraisers wanted to go it'd be pretty unobjectionable and there'd be natural flex in the system if they started making bad decisions. They'd give Moody's a run for their money. But it's not like that. They probably stopped some scams by virtue of the threat of their enforcement actions, it's hard to know how many, but they probably also stopped a lot of legitimate and non-scam investments too. The cost/benefit ratio of securities laws is rather hard to know.

Ref counting can be extremely expensive in multi-threaded programs because refcount incs/decs must always be atomic, and they happen a lot. You really don't want to be doing a bus assert every few method calls if you care about speed.

Are there any important features in iOS8 that Android doesn't already have? On the Apple web page I see:

Cloud photos. Complete with an icon that looks identical to the current Android/G+ photos app icon. Got it.

iMessages can do voice recordings now, and share locations and videos. WhatsApp does these things for ages already (and everyone here uses WhatsApp).

Notifications can have actions now. Android had this since Jellybean, though I'm not sure if they can have edit fields. Buttons certainly. Beneficially, Android notifications do not look like ass.

The multi-tasking UI shows recent people as well as recent apps now. OK, Android doesn't have that, though switching to a chat app usually does the trick for me. I'm not sure how important this is.

The Mail app now lets you swipe to mark as read (Gmail on Android uses swipe to archive for a while now), and recognises flight notifications and lets you add them to your calendar. Google Now does this for quite some time already, but it's automatic and you don't have to manually add to your calendar.

Safari now lets you see all open tabs (?? did it not do this before?). Chrome on Android at least lets you also zoom out to see tabs in a stack.

The keyboard now suggests the next word based on a language model. Android keyboard did this for a while already. Although from the screenshots it looks like maybe Apple's implementation is smarter (is it reading the question in the dinner/movie example?). I found the Android next word suggestions to rarely be helpful.

They allow third party keyboards now. A feature Android had since v1.0

Family sharing seems pretty unique, although as my family does not consistently use iOS and I am not a father or husband this is pretty irrelevant for me.

iCloud Drive. Same as Google Drive. Integrated since Jellybean with better integration since (I think) KitKat.

Health app/kit. I guess this is for Bluetooth LE profiles. Android does not have an integrated health app, alright. However I do not own any BLE health devices and don't plan to, so also pretty unimportant for me.

Cross device sync (but only if you use Apple stuff). Well, Google apps do this for many years already. Hangouts ring my phone and laptop already, Gmail syncs drafts already, etc.

A better integrated search engine. The one I've got in Android works fine. Not sure how much of a difference there is now.

And that's it. Out of all the new features, only three are unique to iOS and none matter for me personally. People in the multitasking UI is the only one I might possibly want to use. The rest are all catching up to Android, again. It's funny ... the times when I most appreciate my Nexus 5 are Apple announcement times, because it reminds me of all the features I sort of forgot about and take for granted.

Snowden could have chosen to leak his documents anonymously through a Congressman. Amash would have loved to blame Obama for evil. Wyden is always good on these issues. And he probably could have done so anonymously, because the NSA can't piss off Congress or they all get fired

That'd be the same Wyden who already knew a lot of what Snowden revealed and felt he couldn't say anything because it was all classified? The same Congress that discovered they'd been lied to, openly, baldly and repeatedly, and did diddly squat because it was a high ranking member of the security state who did it?

Good one. Snowden did what he did because the entire US political structure has been subverted by the military to such an extent that there is nobody left who will hold them genuinely accountable. The press won't do it. Congress won't do it. The courts won't do it. The only guy left who will do it was a 30 year old former spy. That's what America is, now.

Well, you'd be naive if you believed the German's weren't spying on us in some fashion.

Given that the US Gov is collectively shitting bricks over China allegedly spying on America and is busy indicting Chinese government employees, actually you'd be naive to believe Germany is doing anything like what the NSA has been doing. Do you think if Germany had managed to tap Obama and was busy following his phone around, taping his conversations with his generals etc America would just blow it off and say "oh no problem, we knew you were doing that and we're cool with it"? Of course not.

Goddamn yanks. That's the whole problem with America summed up right there - the division of the world into only two categories, domestic and foreign, patriot and traitor. As if other countries and other people don't even exist. Then you wonder why a whopping 70% of under 30 in Europe want to give Snowden asylum i.e. they would jump at the chance to massively piss off the USA and cause a diplomatic crisis. That's what they think of America.

I'm not convinced the NSA is collecting more information about me than Google is

Then you haven't been paying attention. The NSA has been collecting everything from Google via fibre taps, and lots more in addition. So by definition they are collecting more.

How is XMPP in any way comparable to Twitter?

They never really explained why federation wouldn't work or why XMPP wasn't sufficient for their needs. As far as I can tell, this was purely to thicken the walls on the garden.

I think it's obvious isn't it? The "Hangouts" product works in a fundamentally different way to XMPP. In particular, it's trying to be a WhatsApp competitor, which means users are identified by things which are not JIDs, like verified phone numbers and Google+ profiles. What's more the entire thing on mobile runs over the C2DM system which uses tightly packed binary protocols to save bandwidth and battery instead of XML. GTalk had been architecturally moving away from XMPP for years as the product evolved, it's hardly surprising that this trend continued.

As to why they stopped caring about federation, I'd guess the answer is: nobody uses it (except spammers). Heck, I'm a technical guy with lots of technical colleagues and friends, mostly using GTalk, and zero of them use a federated XMPP server. XMPP just is not competitive and is a market failure as a result. Or can you give me one good, solid reason why an ordinary person would want to use a non-Google XMPP server? No ideology please, just practical things. I can't think of one.

The European Economic Area is not identical to the European Union. For example Switzerland has most of the free trade agreements but does not have to obey random dictats from Brussels.

Did you read the paper? I did. That's what the research does. It turns out that there isn't a lot of malicious MITM out there, and what little does exist is done by malware on the same machine. The other MITM "attacks" are things like corporate proxies, etc.

The most interesting thing about this research is that it rather decimates the oft-repeated meme that SSL is broken and gets busted all the time. The data doesn't show that.

Pax Americana as a theory might hold water, if it weren't for the fact that the USA has spent most of the latter half of the 20th century fighting wars that it started itself. How many active wars did the USA decisively stop by itself? None? Bosnia might have been an example, except that would be better described as being ended by NATO, in fact Operation Deliberate Force had 15 nations take part. It would probably have worked out the same even if the USA did not take part.

It's deeply unclear that the USA is single handedly responsible for a net drop in state-on-state violence. Certainly just looking at surface facts would suggest it's the opposite: the world would have been even more peaceful if the USA had a less aggressive foreign policy.

It's actually a bit of a muddled critique ("I will say 20% of jobs are BS but I won't say which ones") that attempts to convince people that they shouldn't criticize other jobs they might think were overpaid (like unionized auto workers, as specifically cited) just because the complainer has a job they are unhappy with. In short, it's a load of academic twaddle, but interesting as a conversation starter.

Right on the money. Actually he does identify some job categories he thinks are BS at the end - an entirely arbitrary list that labels actuaries as having BS jobs, but poets not! Right, because insurance is so useless!

That said I agree it's useful to start interesting conversations, even if the article itself is largely nonsense. The question of why we aren't all living lives of idle leisure is an interesting one to explore. I can think of several explanations. One is that many of us are essentially idle. Unemployment figures exclude people who have stopped looking for work. If you look at raw data series (graph here) you can see that actual employment has been steadily falling since the 1960's in the USA, typically taking a dive after each recession, then regaining some but not all of the previous employment. This is not what futurists envisioned because this is a form of enforced idleness, but then again, in a world where machines do all the drudge work wouldn't we expect that to surface as unemployment? We'd only see this as a problem due to a hard-wired cultural expectation that unemployment is immoral and working is ethically superior. The transition to a world of leisure would require rewriting of that fundamental component of our psyche which clearly has not been happening.