Why would one US corporation being acquired by another US corporation make any difference to the laws that apply to it?

That's not true for most carriers. If you ask for a SIM-only deal, they will sell you something a lot cheaper. Someone did the analysis of these phone-and-plane deals in the USA 4-5 years ago and found that the best ones worked out to be the equivalent to a loan with an APR of around 40%, a lot were even higher. You can almost certainly get an unsecured personal loan from your bank with better rates than you can get a phone bundle from your network provider.

It's not surprising that a lot of people are unaware of this difference though - when providers are making so much money from selling overpriced loans to people wanting to buy expensive phones, they have a great incentive to hide their good-value plans.

The fact that the people who wanted to leave had no plan and promised a large number of mutually incompatible things (e.g. access to the common market, freedom from EU regulation) and any time they are given some of the things they demand they complain that they don't have the others. Among the things that were promised in the referendum campaign:

• Membership of the common market.
• Freedom from EU regulation.
• Freedom from the European Court of Justice.
• 'The easiest trade deals in history' with numerous other countries.
• £350m/week more available to the exchequer.

If we lose regulatory alignment with the EU, then we can't have freedom of movement over the Irish border, so we're in violation of the Good Friday Agreement. Good luck conducting trade deals when you've just violated an international treaty. If we remain in the common market, we have to remain aligned with the EU for regulation and answerable to the ECJ.

The only Brexit that doesn't involve completely killing the economy (losing 44% of exports and 53% of imports) involves remaining closely aligned with the common market. This means losing our seats in the EU Parliament, Commission, and Council, but still having to follow their rules. That's practically the exact opposite of 'take back control'.

There is no set of compromises that will keep the 51% (closer to 46% now) happy because they voted for an impossible set of constraints.

There was a case on Slashdot a few years ago where someone had a camera and microphone in their porch, which they used to record the police. They were charged under wiretapping legislation. I don't know what happened to the case in the end, but if they were successfully prosecuted then I can imagine that Bezos and Pichai would be liable for a few million counts of the same.

The problem is signal to noise ratio. Consider email spam: the cost of sending spam to a million people is approximately zero. The cost of sending a thoughtful email to one person is, at the very minimum, a few minutes of real-human time. If you lower the cost of speaking sufficiently then the signal to noise ratio tends towards zero unless you actively filter.

If you're starting with -Os, then your baseline is optimising for size, so presumably that's what you care about. To beat it you need to either remove instructions entirely, replace multiple instructions with a shorter sequence, or pick instructions with shorter encodings. All of these are things that are really easy to automate. Most of the bloat comes from ABI constraints, and if you pass the right flags the compiler will ignore these (e.g. omitting the frame pointer).

If you're optimising for speed, then start with -O3. At this point the compiler has already done things like loop rotation, common subexpression elimination, and autovectorisation. You might be able to beat it, but even understanding what the code is doing for a nontrivial example is quite hard.

Are you sure? I have a version of libc++ that works in the FreeBSD kernel, but I needed to do some quite drastic surgery to remove all of the locale stuff (which I really don't want in the kernel - anything that needs localisation should be done in userspace). A lot of the standard library depends on it indirectly and so I needed a lot of stubs to even let the standard library build.

The C++ standard library could really benefit from some better modularity and layering. The core ADTs, the threading library, simple string handling, localised Unicode string handling, and so on should all be separated out and the dependencies between them made explicit. Unfortunately, the C++ standards committee is philosophically opposed to subsetting, which means that instead of a handful of standard subsets we have hundreds of per-project subsets.

Not the GP, but often airlines turn off most of the in-flight entertainment system on approach and leave it off after landing. If you'd planned on watching a film, weren't able to watch the last 30 minutes, but still had to sit in uncomfortable plane seat for that time, I can imagine that you'd be cranky.

At Cambridge, most of the systems use a single sign on system and provide tokens for the services, so no one sees your password except the authentication system. They've now integrated that with Office365, so Microsoft doesn't see the password when you log in (when they first set it up, they accidentally sent the entire password database to Microsoft, in plain text. Ooops). It ought to be easy to tell people 'only ever enter your password into raven.cam.ac.uk'. Unfortunately, they also:

• Set the flag in the password field that prevents password managers from caching it (I think most browsers now ignore this), which prevented the obvious clue of 'Hmm, why is this not autofilled, maybe something bad is happening here'.
• Use the same password for email, so every single mail client also contains a copy of the master password for that user's account, rather than something like an OAuth token generated for that device and granting access only to email.
• Have a bunch of new systems written by muppets (such as the new payroll system) that ask for the password and don't integrate with the SSO system, so they require people to enter the password into that site (giving that password to Payroll gives Payroll access to everything, including the student information database - I'm astonished that this is allowed under the GDPR).

I filed numerous bugs against these systems while I was there. None of them were fixed.

SSH security leaves a lot to be desired. Do your users all use ssh-agent? If not, they're probably using ssh keys with no passphrase, which can be stolen by anyone who gets read access to their local filesystem. At that point, the attacker can gain access to your system. If they do use ssh-agent, then the attacker needs to gain debug privilege on their local machine, but that's also not too hard. ssh-agent has no protection against a compromised host OS, for example, unless you set up PAM on your systems to require a second factor such as a U2F key (there's no SGX version of ssh-agent, for example).

If their private key is compromised, ssh doesn't have a global revocation mechanism, so you need to go and find all of the places where an authorized_keys file contains their public key. What is your revocation policy? Do you have a simple way for people to submit a compromised public key and automatically revoke it across your entire system?

By default (though, thankfully, now not the only option) the known_hosts file contains a good list of all systems that an attacker should look at next. Do you require that your users turn on the feature that stores hashes of the machines, or does any compromise of one of your users' systems lead immediately to the attacker knowing that they have compromised a key that gains access to your system.