Tangential, but I was wondering if it's maybe related: why doesn't google maps and google earth want to show satellite images of the ocean? It just overlays those areas with blue color.
Part of it is just because the ocean is difficult to photograph. The parts of coastline that do have ocean surface imagery have crazy artifacting from the sun reflection, and the color is inconsistent from constantly changing sediment and algae levels.
By not providing imagery of the ocean surface, it also gets to display ocean floor topography data it wouldn't otherwise get to show without having to add another mode.
I assume another reason is that it reduces the total size of the imagery, which would have been a plus on the 2001 computers that Google Earth was originally developed on.
I believe you can get this imagery from other sources (aside from things that are government-censored), but you face the same problem Google did in how to stitch it together without it being a patchwork of different moments in time.
Which ones, though? Dropping patented codecs from software sounds great, but it may just make the industry angry about the ones that seem open but are likely to have patent risks.
> However, our recent analysis found over 90 times more malware from sideloaded sources than on Google Play
Google has seemingly never seen an elderly person's phone, where it is completely infected with crap including literal popup ads (that somehow overlay other apps), yet all of it was downloaded from GPlay.
100.00% this take. Google is redefining "malware" to fit their corporate narrative so ads-with-ads-with-tracking is labeled as fine wine. It simply cannot be malware because that truth would decimate their shareholders. Malware by any other definition remains software that disrupts the user's ability to operate the device:
Both things might be true. Sideloaded apps are probably way more likely to be malicious, but also most installed malware/crapware is quite likely coming from Google Play.
To be honest the limited popularity of F-Droid also helps it be less targetted by bad actors. If it was more popular I would bet the situation would surely be different
This argument can be refuted by considering Debian repositories. No malware exists there despite it being a good target. It's the FLOSS that solves the malware problem, with a bit of moderation.
I'd argue OSS isn't sufficient on its own and that I suspect moderation only plays a small role. I think it's primarily the separation of roles. For a complete outsider whose only interest is exploiting users publishing a sufficiently popular piece of software and also gaining the ability to add things to the debian repos is a huge barrier. You'd have to invest years of work to do both of those things and then hope that no one happened to notice anything before it was too late.
Of course the FLOSS aspect adds an additional hurdle that this popular piece of software will have to somehow avoid having much of a contributor community around it since that would greatly increase the risks of your malicious changeset being reviewed. I guess what happened with XZ was about the best case scenario that an attacker could realistically hope for.
There were a few mishaps with PyPI and npm - including in the past week and even today. Not sure if those meet your criteria of FLOSS, but if it does I wouldn't call it solved.
Yeah but supply chain attacks like that can hit literally anything. Debian repos, Play store, an individual publishing on his own website, it's all vulnerable.
F-Droid is a teeny store and requires extra steps like open sourcing such that it is not an appealing vector for malware authors.
Either you want to target the Play store so that you can get a wider install base but need to deal with tighter controls or you want to distribute flagrantly malicious stuff to people for banking trojans or whatever via social engineering to get them to sideload. F-Droid doesn't help with either of these things.
Google already knows whether an app is being installed from an app store, such as fdroid, or not.
Just like they allow installing apps from the Play Store without the 24h verification, they should allow installing apps from F-Droid or the Epic Games Store without verification.
They don't care about F-Droid but they do care to choke out any potential competitors to their ecosystem before they can get a foothold. See their behavior surrounding device certification for example. They want to abuse the network effects of their ecosystem to prevent consumers from leaving. This is just more of that - vendor lock-in masquerading as an unfortunate necessity.
F-Droid still works the same as it did before. This just means that McDonald's can distribute its apps on its website without showing a scary warning on install on Google's Android builds.
Likely true, but also many technically oriented people (myself included) would turn away from Android if f-droid stopped working. And I would actively start recommending friends and family against it. What is the benefit of Android at this point? an extended Ads platform, controlled by Google.
I never actually thought about this. How are people making HTML emails so responsive? Email HTML is stuck in the IE6 era, right? So everything is just a horrible workaround with tables and ancient CSS?
Sorta reminds me of the i3lock screen locker. It shows an incredibly confusing circle UI where every keystroke randomizes the position of the sector on a circle, with no explanatory text on the screen (^1). To new users, it's not clear at all that you are entering your user password or even that it's a screen locker at all, because it just looks like a cryptic puzzle.
Of course, once you do understand that it's just a password prompt, it's great. Completely confuses the hell out of any shoulder surfers, who will for sure think it's a confusing puzzle, and eventually they will get rate limited.
Now that you mention i3lock, if sudo showed a symbol changing with each keystroke, it could show it's working (not frozen, accepting input) without revealing the length, similarly to i3lock. I've seen ascii loading spinners from package managers by changing between slashes and hypens and such. Something of that sort would probably do the trick.
You should have lost your respect for the "rationalist" "community" a long time ago. They are aggressively wrong about everything, and most of them are eugenicists.
That's not been my observation at all. Rationalists are some of the only people to really embrace fuzzy and probabilistic thinking. Am I missing something?
Maybe rationalists aren’t homogeneous? Unfortunately there are a rather concerning amount of news articles detailing cases where some subset of the rationalist community has gone off the deep end.
They were right about Bitcoin getting big (though I'm not aware of anyone putting their money where their mouth was), and they were a decent source of information leading up to the peak of the COVID-19 pandemic (which probably saved a handful of lives). Just because they're almost always aggressively wrong, that doesn't mean they're aggressively wrong about everything.
It means I shouldn't listen to them in general. The LessWrongers are mainly wrong about things they think they understand: when they aren't overconfident, their improvisational skills tend to be decent. They were an excellent source of information about COVID-19, but they're a terrible source of information in the areas where they think they have expertise.
When there's a crisis, it's still worth checking in to see what the LessWrongers are saying about it, because it might be very useful, and it's pretty easy to tell: you just check whether it looks like they're doing science, or Rationalism™®, and only investigate further in the rare cases where it's the former.
Rationalists were talking about AI decades before anyone else were talking about it. They were also early on COVID and crypto. They are only "aggressively wrong" about "everything" if you are, ironically, not thinking rationally about it.
reply