Strongly concur with recent comments, here, that the embedded market
tends to be a completely different mentality, where the notion of anyone
being selective about what one is willing to run is simply an alien
Back when I was working at Cadence Design Systems (a big EDA-industry
company), I found myself being told by my new boss that he would like me
to install various bits of proprietary software on my home laptop for
company purposes. I very politely informed him that (1) my laptop ran
Debian and not MS-Windows or Mac OS X, but also (2) for reasons of local
privacy and security policy, only software I had approved and selected
would be installed and run there. However, I said, if he wanted to
issue me a company machine to run company-specified software, that would
perhaps work. And I remember the look of intense surprise.
The 'I installed [foo] because a Web site told me I needed to'
population is, actually, almost everyone except us freaks. It's well to
remember that, because it's easy to forget.
Date: Thu, 25 Jul 2013 13:12:24 -0700
From: Rick Moen <rick(a)linuxmafia.com>
Subject: Re: nukemap
Quoting Leonard R. Cleavelin (leonard(a)cleavelin.net):
Quoting Lawrence Crowell
This little morbid program
You can enter in any city in the world set the yield of a nuclear bomb and
let 'er rip. You need Google Earth 3-D to run this.
I used it to "nuke" the FedEx Forum in Memphis with a "Davy
(smallest nuke the US forces have ever fielded; IIRC it has a 20
ton--not mega-, not kilo-, not even hecto, just ton--yield). It felt
I'm delighted that people enjoy cool Internet-enabled applications like
this, and under no circumstances would tell a devotee he/she shouldn't
run them. At the same time, I keep being bemused by the security and
privacy implications of such things -- by which I don't mean the little
morbid program so much as I do the Google Earth engine needed to run it.
Google Earth in either its browser plugin or standalone form isn't just
a proprietary opaque (by which I mean unauditable by anyone outside
Google, Inc.) binary program but also such an offering _specifically_
from one of the most prying, nosy, large Internet corporations on Earth,
a corporation whose entire business model is based on data-mining
computer users to glean data valuable to them and to their customers.
The Google Earth program must be installed with root (for Unixes) or
administrator (for Windows) privilege, hence will have total access to
everything on your machine, and hooks directly into the video software
layers (for 3D imaging) and sends real-time data (into which you have
no visibility) from your computer back to Google.
And you're being told you can do this as a non-customer of Google:
Google's _actual_ customers (the people who pay them money for services)
are entitled by law to an implied warranty of good faith and fair
dealing. Users who elect to download their 'free' proprietary programs
or use their 'free' Web services have no such entitlment, and are (as
the saying goes) not customers but rather product.
tl;dr: Google Earth is a huge 'trust me' from the most prominent
data-mining enterprise in existence, one that for quite a few years has
made quite clear that it will intrude on user privacy whenever and
wherever it wants.
And _that_, Ben Avery, is one of the things one avoids by sticking to
open source offerings from trustworthy (and cross-checked) sources, even
if you don't get to see dancing hamsters, animated birthday cards, and
nuclear explosions requiring one to download and run an 'app' from
nowhere-in-particular (or worse, from someone you know whom you have
_no_ reason to trust).
_Or_ one can just not bother being careful, and good luck with that.
 Not because you shouldn't, but just because I don't want to waste
time arguing with people who enjoy the benefits of being careless about
software and are effectively treating Internet and software security as
Someone Else's Problem.
 The standalone version, at least. The browser plugin version can
presumably be installed with only user-level authorisation -- which is
quite bad enough.