Not saying this is a good idea, but I don't think the gig worker would know if you're paying $6.99 or $2.99 for the delivery, which is what would tell them if you have more than $100k in assets.

In general data owned by app A is not readable/writable by app B. This is a pretty important security feature. There are ways for apps to choose to share data, but by default every app's data is private to that app.

I can see how that might inconvenience you, but I think it's Really Good Idea.

Nah, their previous plan already provided the bare minimum, since it didn't restrict sideloading of unverified apps via ADB. This is just an attempt to calm the complaints by offering an even easier sideloading option. Unfortunately, it will probably make the whole scheme pointless, since malware authors will just train users to click through the scary warnings.

This is sadly true. They're going to attempt to throw up a lot of warning dialogs to dissuade users, but we know from long experience that users will click through anything to get to cat videos.

This is actually not a change, really, since they were already going to leave sideloading via ADB open, so their plan already included an "advanced user option" which users could be trained to do. This new thing must presumably be easier than ADB. My guess is that it will feature more scary warnings than enabling ADB, but will allow sideloading without using a USB cable to connect to another computer so that on balance it will be approximately as hard.

During another discussion of this I posted a story that an Android OEM related to me when I worked on Android security, when they asked me when we were going to "close the USB vulnerability", i.e. disable ADB.

How so? The developer verification does not require compliance with any of the Play store policies or anything at all other than the rule "don't distribute malware", since distributing malware would result in the developer account (and signing certificate) being revoked, which is the point of the whole thing, to enable Google to shut down malware authors. Or at least to slow them down, since they'd have to register for a new account, with a different government ID.

This does leave determination of "what is malware" up to Google, but they've been doing that for a long time and I've yet to see any case where people disagreed with their assessment. Note that I'm talking about designation of malware, not about removal from the Play store. Identified malware is removed from the Play store, but there are lots of other policy violations that can trigger Play store removal.

This is not correct. Per the information on Google's developer console sideloading of unverified apps via ADB was not going to be disallowed:

Q: If I want to modify an app and install it on my own device, or if I'm a power user, is there a way to turn this verification requirement off?

A: We understand that's an important use case for many developers and power users. While the verification requirement itself is a core OS feature to help protect the broader ecosystem from malware and can't be turned off, developers and power users can still use Android Debug Bridge (ADB) to continue to build, test, and install modified or unverified apps on their own devices.

(Emphasis mine)

This information has been up since shortly after the announcement.

For example?

I included a link.

Yeah, it would probably take legislation forcing all of them to post and advertise prices including taxes. If everyone had to do it no retailer would be disadvantaged by being the first.

That said, I think it's a bad idea, unless retailers also have to itemize out the taxes on receipts so that consumers can see how much tax they're paying, which typically doesn't happen in Europe, as far as I've noticed (other than VAT, which is often itemized out on some purchases so that foreigners can get a VAT rebate). I think it's important that people see the taxes they pay so they can evaluate whether they think they're getting good value for their tax money. This is why I also oppose corporate taxes and any other sorts of taxes that are ultimately borne by individual taxpayers but are hidden by layers of obfuscation. Actually, there's another reason to oppose corporate taxes: Corporate taxes delegate to corporations the decision of how to allocate the cost of the taxes between customers, employees and shareholders. That allocation is an important public policy matter, and it should be decided by legislation, not by corporate bosses.

To be clear, I think there are a variety of public services that absolutely should be funded by taxpayers, and wholeheartedly support taxation for those purposes. But exactly what should be taxpayer-funded, at what level and with what efficiency are all important questions that voters should have input into, and that requires that they actually see what taxes they're paying.

ARM's TrustZone is definitely more secure than the alternatives on Intel/AMD, but TrustZone is also subject to side-channel attacks. To a first approximation, it's impossible to run two workloads on the same CPU and keep them perfectly isolated from one another.

However, I don't think any of these secure enclave concepts are relevant in this case. The way you'd build a private AI cloud is not to run it in enclaves (which are essentially just security-focused VMs) on CPUs that are running other tasks, the way you'd do it is to devote a bunch of CPUs solely to running the private AI workloads. Then your isolation problem becomes the traditional ones of physical access control to the secure machines and securing data flowing into and out of those machines over network connections.

I've noticed this kind of thing a LOT lately. Evidently this book is out called Nudge that tells its readers to annoy the shit out of their customers until they 'install the app". Because evidently running in the background and draining your battery constantly harvesting your data and monitoring your location is more profitable than actually selling the service.

I booked air tickets on a website and it was deliberately irritating, pausing for a long time between screens, showing a QR code and saying, 'tired of waiting? our app is much faster!" Hell, even Youtube is unwatchable without a Google account and giving them your real name, address, phone number for 2FA, email, backup email to cross-check databases. And once you've done all that. the jack-in-the-box pops open and it's like, let's get your social, your tax return info for last year, last three places of employment, and then upload a photo of yourself holding your ID. And your selfie cam photo wasn't clear, our facial recognition can't read it. Nice try scammer, your application has been denied. We'll be keeping the info you already entered, though.

China is like this, an entirely real-name internet. You can't so much as order food delivery without all of this. Simply entering the country requires facial scan and fingerprints.

1984 was a warning, not a role model.

Savages? What? Excuse me? Racist much? Hey, could you give us your opinion on people from India? Or tasmanian aboriginies? Or the Jews? Enlighten us! Once upon a time you'd be at -1 flamebait. But I guess it's true if you don't kick out the natzees your bar becomes a natzee bar, too. And while you're at it tell us about slt right hero and Googler James Damore, too. Go read his famous anti diversity screed again, you'd love it.

However, most people who ask that do it while pointing to people who are actually quite important producers, such as financiers. Be careful not to conflate "don't produce anything of value" with "do something I don't understand the importance of".

Of course there are people in every profession who get paid a lot more than they're worth. This is less true of manual labor jobs where the output is easy to see and measure, but it's true across the board. Even in manual labor jobs you can have people whose output is negative. They may pick X apples or whatever, but they might do it while making everyone around them work slower.

Just to complete the description of the "empty chair" tactic, this is why lawsuits typically name anyone and everyone who might possibly be blamed, including many who clearly aren't culpable. It's not because the plaintiff or the plaintiff's attorney actually thinks all of those extra targets really might be liable, it's so that the culpable parties can't try to shift the blame to an empty chair, forcing the plaintiff to explain why the empty chair isn't culpable (i.e., defend them). Of course this means that those clearly non-culpable parties might have to defend themselves, which sucks for them.

So... you didn't actually look at the size of WikiMedia Foundation's bank account.

WikiMedia absolutely has enough money to run Wikipedia indefinitely if they treated their current pile of money as an endowment and just used the income from it to support the site. They don't have "billions upon billions", but they do have almost $300M, and they spend about $3M per year on hosting, and probably about that much again on technical staff to run the site, so about $6M per year. That's 2% per year. Assuming they can get a 6% average return on their assets, they can fully fund Wikipedia forever, and then some.

So, what do they do with all of the donations instead, if the money isn't needed to run Wikipedia? It funds the foundation's grant programs. Of course, you might actually like their grant programs. I think some of their grants are great, myself, and if they were honest about what they're using it for I might be inclined to give. But they're not, and the fact that they continue lying to Wikipedia's user base really pisses me off, so I don't give and I strongly discourage everyone I can from giving, at every opportunity.