Strongly concur with recent comments, here, that the embedded market tends to be a completely different mentality, where the notion of anyone being selective about what one is willing to run is simply an alien concept. Back when I was working at Cadence Design Systems (a big EDA-industry company), I found myself being told by my new boss that he would like me to install various bits of proprietary software on my home laptop for company purposes. I very politely informed him that (1) my laptop ran Debian and not MS-Windows or Mac OS X, but also (2) for reasons of local privacy and security policy, only software I had approved and selected would be installed and run there. However, I said, if he wanted to issue me a company machine to run company-specified software, that would perhaps work. And I remember the look of intense surprise. The 'I installed [foo] because a Web site told me I needed to' population is, actually, almost everyone except us freaks. It's well to remember that, because it's easy to forget. Date: Thu, 25 Jul 2013 13:12:24 -0700 From: Rick Moen <rick@linuxmafia.com> To: skeptic@lists.johnshopkins.edu Subject: Re: nukemap Quoting Leonard R. Cleavelin (leonard@cleavelin.net):

Quoting Lawrence Crowell (goldenfieldquaternions@gmail.com):

...

This little morbid program http://54.213.55.143/nukemap3d/ is interesting. You can enter in any city in the world set the yield of a nuclear bomb and let 'er rip. You need Google Earth 3-D to run this.

I used it to "nuke" the FedEx Forum in Memphis with a "Davy Crockett" (smallest nuke the US forces have ever fielded; IIRC it has a 20 ton--not mega-, not kilo-, not even hecto, just ton--yield). It felt good. ;-)

I'm delighted that people enjoy cool Internet-enabled applications like this, and under no circumstances would tell a devotee he/she shouldn't run them.[0] At the same time, I keep being bemused by the security and privacy implications of such things -- by which I don't mean the little morbid program so much as I do the Google Earth engine needed to run it. Google Earth in either its browser plugin or standalone form isn't just a proprietary opaque (by which I mean unauditable by anyone outside Google, Inc.) binary program but also such an offering _specifically_ from one of the most prying, nosy, large Internet corporations on Earth, a corporation whose entire business model is based on data-mining computer users to glean data valuable to them and to their customers. The Google Earth program[1] must be installed with root (for Unixes) or administrator (for Windows) privilege, hence will have total access to everything on your machine, and hooks directly into the video software layers (for 3D imaging) and sends real-time data (into which you have no visibility) from your computer back to Google. And you're being told you can do this as a non-customer of Google: Google's _actual_ customers (the people who pay them money for services) are entitled by law to an implied warranty of good faith and fair dealing. Users who elect to download their 'free' proprietary programs or use their 'free' Web services have no such entitlment, and are (as the saying goes) not customers but rather product. tl;dr: Google Earth is a huge 'trust me' from the most prominent data-mining enterprise in existence, one that for quite a few years has made quite clear that it will intrude on user privacy whenever and wherever it wants.[2] And _that_, Ben Avery, is one of the things one avoids by sticking to open source offerings from trustworthy (and cross-checked) sources, even if you don't get to see dancing hamsters, animated birthday cards, and nuclear explosions requiring one to download and run an 'app' from nowhere-in-particular (or worse, from someone you know whom you have _no_ reason to trust). _Or_ one can just not bother being careful, and good luck with that. [0] Not because you shouldn't, but just because I don't want to waste time arguing with people who enjoy the benefits of being careless about software and are effectively treating Internet and software security as Someone Else's Problem. [1] The standalone version, at least. The browser plugin version can presumably be installed with only user-level authorisation -- which is quite bad enough. [2] http://wendy.seltzer.org/blog/archives/2009/12/08/personalized-search-opacit... http://joeyh.name/blog/entry/adieu_google/