Slashdot Mirror

The idea behind the United States Space Camp is to give kids (and some adults) a chance to do astronaut training-type things that will get them jazzed on science and technology, in addition to getting away from home for a while. Security Camp is sort of like that that, says instigator Marc Tobias, but is about security stuff rather than space, and somehow interviewer Timothy Lord didn't ask Tobias about plans to teach security, computer or otherwise, for space travelers, when he talked with Tobias at HOPE (Hackers on Planet Earth) in New York. Since Tobias is an expert in physical security (locks), and locksmithing is going to be taught at Security Camp along with electronic/hacking-type security skills, it's a good thing all participants will be checked for criminal records and tendencies before they're allowed to participate. If there are plans to make a movie about Security Camp, which Tobias didn't mention one way or the other during this interview, we hope it's better than the 1986 movie, Space Camp.

D H NG writes "Marissa Mayer, Google's employee #20 and Vice President of Local, has been appointed CEO of Yahoo. She was Google's public face for years, famously being responsible for the look and feel of Google's most popular products: the famously unadorned white search homepage, Gmail, Google News and Google Images. Mayer resigned from Google Monday afternoon and will begin her new job on Tuesday."

In a world increasingly dominated by the cloud, privacy is often sacrificed for convenience. Imagine a world where you could use cloud services without allowing the provider to read your data. Author of Cryptocat (a browser-based secure chat system) Nadim Kobeissi shared the problems he faced developing Cryptocat, his solutions, and future of client-side cryptography. Read on for more.

Update: 07/18 03:48 GMT by U L : Slides (PDF) from and video of the talk are now online.

Despite giving workshops on Off- the-Record messaging to Middle Eastern Activists, Kobeissi found that adoption was low because of the complexity of installing new chat software, plugins, generating keys, verifying your friends, etc. Especially when the person on the other end had not been taught how to use OTR. At the end of the talk he gave some reasons why North American users may find it easier: we develop this software and export it so we have a community of developers available for support, whereas in the Middle East this is foreign software lacking context.

Since he was interested in client-side cryptography and there was a clear problem getting people to securely communicate, he set out to experiment with the former while solving the latter. He identified several problems thwarting success:

• Code delivery is insecure (will it be intercepted and modified? Can you trust the original server?). Compounding this, code in browsers is ephemeral, making it nigh impossible to trust.
• The JavaScript random number generator, while fine for most uses, is not good enough for encryption (its only seed is the current time, making it vulnerable to attack).
• There are no standardized primitives for working with cryptography algorithms in JavaScript, and libraries available at the time were not very good.
• Browser sandboxing was often incomplete and exploitable (a situation which has improved, but new bugs are still occasionally found). If the sandbox breaks, all bets are off.

To each problem there is a solution. For code delivery, Chrome apps proved ideal. There are interesting client side security features, bundles can be signed, sandboxing is effective (aside from the occasional convoluted exploit), and you only have to verify the source once. For encryption, he developed his own implementation of the Fortuna CSPRNG and several cryptography primitives in JavaScript, using keypress timing, mouse movement, window position, etc. for entropy (on mobile devices, the accelerometer has proven useful). Chrome later added their own implementation (which has access to the system entropy source) with Firefox support coming soon.

But where to go from here?

We need an API for transparent encryption: it should be as enforceable and easy as https. We need a full crypto toolkit in the browser, protected key storage (the author suggested protected JavaScript variables), OpenSSL compatibility (certificate formats, not the horrendous C API). And we need secure communications usable by mere mortals.

The W3C formed a web cryptography working group six months ago, with a specification due in 18 months.

Working with the Guardian project, the Cryptocat developers hope to introduce AweSoMe (always secure messaging), which aims to build a suite of utilities for easy and secure messaging (guaranteed message delivery, verifiable end-to-end encryption, and control over logging).

Development of Cryptocat2 is in progress, using XMPP rather than their experimental protocol, and mpOTR which extends OTR with group chat features and newer ciphers. The specification is half complete, and contributions were encouraged.

Although secure chat for the masses is being worked on, there is still much work to be done on securely storing data in the cloud. Luckily, the lessons learned developing Cryptocat will apply to future projects.

Phoghat writes "A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them. 'Let's just say that in some places you find guys with body piercings and nonregulation haircuts,' says U.S. Naval Postgraduate School professor John Arquilla . 'But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them.'"

An anonymous reader writes "Valve Software, in their Linux Steam / Source Engine effort, plus the rumored Steam Box, is continuing to hire top Linux developers. So far they have poached the lead developers of the DarkPlaces open-source engine used by Nexuiz/Xonotic, the founder of Battle for Wesnoth, and just yesterday they hired Sam latinga, creator of Simple DirectMedia Layer. According to Michael Larabel, they are still trying to hire more Linux kernel developers, driver experts, and other 'extremely talented Linux developers.'"

New submitter k(wi)r(kipedia) writes "A BBC investigation has found evidence of fake users skewing the results of Facebook's 'Like' recommendation system. The BBC set up a Facebook page for a fake business called VirtualBagel and invited users to 'like' it. The page reportedly attracted 'over 1,600 likes' within twenty-four hours. The test appeared to confirm the claims of a social media marketing consultant who contacted the BBC after he noticed a disparity in the distribution of users 'liking' the products of his clients. 'While they had been targeting Facebook users around the world, all their "likes" appeared to be coming from countries such as the Philippines and Egypt.'"

An anonymous reader writes "Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'" One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.

Reader Thom Stark (thomst) writes with a pointed review of this year's Americanized version of (awesome) Japanese TV show "Sasuke." "I've been a fan of the program the G4 channel calls "Ninja Warrior" since I first encountered it in mid-2005. For those who are unfamiliar with the show, it's a re-edited-for-American-TV version of a Japanese show called "Sasuke," with often-snarky English commentary and graphics overlaid on the Japanese original. "Ninja Warrior" is a fast-paced, wildly-entertaining program in which 100 contestants of varying skill levels pit themselves against a 4-stage obstacle course that grows ever more fiendishly difficult with each passing season. There've been 27 such seasons to date, and the most current incarnation has become so incredibly taxing that Batman himself would have trouble completing it. Now G4 has teamed up with its corporate parent, NBCUniversal, to bring the world's toughest obstacle course to America, and the resulting show, "American Ninja Warrior" turns out to be distinctly inferior to its Japanese progenitor. The final broadcast in a series that has run for six previous weekly installments appeared on July 9, with segments on both G4 and NBC, and I thought it was fitting that I mark the occasion with a critique of what I believe to be "American Ninja Warrior"'s fatal philosophical and production missteps, and contrast them with the original pitch-perfect product." (Read on below.)

First, it's important to understand that the Japanese program's name has nothing to do with either ninjas or warriors. "Sasuke" means something like "excellence" in Japanese. It has much the same flavor as the Greek concept of arete, the pursuit of excellence as a defining life goal. G4's marketeers clearly decided that their ADHD-addled core audience of video gamers was unlikely to find a show called "Excellence" compelling enough to warrant paying attention, so they decided to jazz it up by invoking ninjas, instead. Oh, and warriors, too, to make it more appealing to the World of Warcraft fanatics. And that was fine, as far as it went, because G4 had the good sense not to mess with the program content itself (other than to poorly translate much of the Japanese-language commentary, again in an apparent attempt to inject some good ol' American zazz).

As a side note, commentary is not the only translational sin of which G4 is guilty. The competition takes place at Midoriyama, a Japanese place name that G4 insists on referring to as "Mount Midoriyama." The problem with that is that "yama" is a Japanese suffix meaning "mountain." Thus, "Fujiyama" means "Mount Fuji" and "Midoriyama" means "Mount Midori" — which, in turn, means that G4's translation is not only redundant, with its repeating of the word "mountain" in both English and Japanese, it's wildly inaccurate, because the Japanese word means "Mount Midori."

But I digress.

"American Ninja Warrior" — the strictly-domestic production — suffers badly from human interest bloat. The Japanese program (at least as it is presented on G4) frequently features mini-portraits of the competitors, but these segments are very short — typically under 20 seconds — and they help to put a human face on the often-superhuman efforts of the program's contenders. In "American Ninja Warrior," the corresponding segments too often are near-epic mini-documentaries that run a minute or longer, and they seriously impair the program's flow — especially because there are so flinkin' many of them. The producers badly need to rein in their out-of-control bathos machinery and reduce both the number and the running time of their athlete portraiture.

But the worst mistake that the brainiacs behind "American Ninja Warrior" have made is to Americanize the competition. The most endearing philosophical quality of "Sasuke" is that the participants compete, not against each other, but individually against the course itself. There is no zero-sum in the game of Sasuke. Should more than one contestant complete the nigh-impossible series of obstacles (an outcome that has never yet occurred on "Sasuke"), both would be equally celebrated, both would be equally entitled to claim the title of "winner," and the accomplishment of one would in no way diminish the glory of the other. To the contrary, such an event would be cause for national celebration, since winners of "Sasuke" are considered national heroes in Japan.

By contrast, not only have the American producers chosen to have the participants compete against each other in regional qualifying events for a spot in the "finals" competition in Las Vegas (not an unreasonable choice, given that they needed to whittle the field down to a manageable number of contestants for the trials at the actual Mount Midori course), but they've made it a zero-sum game. Like the Highlander, there can be only one American Ninja Warrior — which reduces the exalted pursuit of excellence to just another athletic competition, with the top prize of half-a-million dollars going to the one contestant who not only completes the course, but does so in the fastest time. Anyone else who makes it to the top of Mount Midori is, basically, just another chump. An also-ran. A footnote.

And that's what's really wrong with "American Ninja Warrior."

Hugh Pickens writes "The Christian Science Monitor reports that Gnathia marleyi, a tiny crustacean that feeds off the blood of reef-dwelling Caribbean fish, has been named in honor – for lack of a better term – of the Jamaican musician Bob Marley. Marley, who died in 1981, was an iconic exponent of the Jamaican-born music known as reggae. One of his standards is 'No Woman, No Cry.' Marley joins the 'I have a species named after me' club, which includes Barack Obama, Stephen Colbert, Mick Jagger, and Beyonce. 'I named this species, which is truly a natural wonder, after Marley because of my respect and admiration for Marley's music,' says Paul Sikkel, an assistant professor of marine ecology at Arkansas State University. 'Plus, this species is as uniquely Caribbean as was Marley.' Juvenile gnathid isopods hide within coral rubble or algae so they can launch surprise attacks on fish, and then infest them. As adults, the parasites don't eat. 'We believe that adults subsist for two to three weeks on the last feedings they had as juveniles and then die, hopefully after they have reproduced,' says Sikkel. Specimens of Gnathia marleyi will be housed indefinitely at the American Museum of Natural History in New York City. 'We are currently discussing with AMNH the possibility of creating an exhibit featuring this species that could be viewed by the public.'"

CowboyNeal writes "Unless you don't care about PC gaming at all, by now you're aware of Valve's entry into the MOBA/ARTS genre, Dota 2. Despite still being in a closed beta, it's currently the number one game on Valve's Steam gaming service, and judging from Valve's earlier declaration regarding Steam on Linux, it's only a matter of time, even if that time be a year or more, before we see Dota 2 come to Linux as well as Mac. Valve has big plans for Dota 2, no less big than what happened with Team Fortress 2, even if it took them a few years to get to where Team Fortress 2 is today. What makes the current state of Dota 2 noteworthy, however, is that it has managed to displace Team Fortress 2 as Steam's most popular game, while still being tested in a closed beta." Read on for the rest of CowboyNeal's thoughts on games, and what it's like being a Slashdot poll option. The term "closed beta" here doesn't really directly apply, either. Starting already last summer, Valve invited sixteen Dota teams from around the world to compete in a Dota 2 tournament, which naturally, featured the then-current state of Dota 2. What's interesting to note is that while Dota 2 at that time didn't sport all of the available heroes from its Dota All-Stars ancestor, everyone involved felt comfortable enough with the game to stage a tournament. Even if the game was lacking dozens of heroes at the time, players from the professional Dota scene were able to adjust to Dota 2 quickly, given that Valve had successfully recreated the nuances of the original mod within the Source engine. Following The International 2011, Valve resolved to open up the beta to more people, and sent out several waves of invites last fall, over the winter, and this spring. They gave out beta access as prizes during their Christmas Sale event. And now, for $39.99, or whatever that equates to in your local currency, you can buy an invite to the beta, directly from the Dota 2 store in-game. In this way, it's not very closed anymore, save for in name.

All of this is a long way from how games, and software in general, were handled in days of yore. In the before-time, the long-long-ago, one would go to the store or mail order some disks with the software on it, install it, and that was that. Patches were next to unheard of. After the advent of the internet, one would still likely go to the store and buy a game on discs, and then begin the process of downloading patches off of the internet, if one was so lucky to have their product see post-launch support. Today, it's not uncommon to see a game be patched once or twice in a week's time, especially so if it's a game with an online component to it.

With games like Dota 2, and recently-released Tribes Ascend, and the wildly successful Minecraft before that, the entire software development cycle gets hazy at best. PC Gamer recently asked its readers whether or not they should review Dota 2. There's still a list of things to come for Dota 2. There's also already a selection of purely cosmetic items available for purchase for your heroes, tying in closely to Valve's hat-based strategy for revenue. It's no wonder that reviewers are left wondering. Buyers are wondering too. There are plenty of people playing Dota 2, and presumably some of those players are having fun doing it. I think it could also be successfully argued that Minecraft was "done" long before Mojang slapped a 1.0 version number on it. On the flip side of the coin, it's been five years since Valve released Team Fortress 2, and the TF2 that players play today is very little like the one that was bundled with the Orange Box on release. Games developed, or even merely published by Bethesda are notorious for launch-day bugs, some of which are so egregious that they come perilously close to breaking the "sacred bond of trust between gamer and gaming mega-corporation." Sometimes Bethesda fixed up their games with a post-game patch, other times we have to just wait and bear it, and eventually at some point, like the days of yore, post-launch support just ends, and bugfixes are left to the community to handle.

I think that in the end, the "release early, patch often" approach is beneficial to consumers. It allows developers to get player feedback in an early and ongoing fashion, and adjust their product accordingly. In the long run, it makes it easier to decide whether or not it's worth plunking down our cash for a game. It does, however, make it much more difficult to decide to do so on launch day. It's difficult to see the future and know if and how a given title will be supported post-launch, which is now a reasonable issue to consider before purchasing a AAA title that can cost between $50 and $60. The hard part, of course, is waiting for our old ideas about game reviews to catch up, since a review doesn't get patched, unlike the games they cover. The best a review can hope for is to be revised during an expansion pack.

CowboyNeal writes "Unless you don't care about PC gaming at all, by now you're aware of Valve's entry into the MOBA/ARTS genre, Dota 2. Despite still being in a closed beta, it's currently the number one game on Valve's Steam gaming service, and judging from Valve's earlier declaration regarding Steam on Linux, it's only a matter of time, even if that time be a year or more, before we see Dota 2 come to Linux as well as Mac. Valve has big plans for Dota 2, no less big than what happened with Team Fortress 2, even if it took them a few years to get to where Team Fortress 2 is today. What makes the current state of Dota 2 noteworthy, however, is that it has managed to displace Team Fortress 2 as Steam's most popular game, while still being tested in a closed beta." Read on for the rest of CowboyNeal's thoughts on games, and what it's like being a Slashdot poll option. The term "closed beta" here doesn't really directly apply, either. Starting already last summer, Valve invited sixteen Dota teams from around the world to compete in a Dota 2 tournament, which naturally, featured the then-current state of Dota 2. What's interesting to note is that while Dota 2 at that time didn't sport all of the available heroes from its Dota All-Stars ancestor, everyone involved felt comfortable enough with the game to stage a tournament. Even if the game was lacking dozens of heroes at the time, players from the professional Dota scene were able to adjust to Dota 2 quickly, given that Valve had successfully recreated the nuances of the original mod within the Source engine. Following The International 2011, Valve resolved to open up the beta to more people, and sent out several waves of invites last fall, over the winter, and this spring. They gave out beta access as prizes during their Christmas Sale event. And now, for $39.99, or whatever that equates to in your local currency, you can buy an invite to the beta, directly from the Dota 2 store in-game. In this way, it's not very closed anymore, save for in name.

All of this is a long way from how games, and software in general, were handled in days of yore. In the before-time, the long-long-ago, one would go to the store or mail order some disks with the software on it, install it, and that was that. Patches were next to unheard of. After the advent of the internet, one would still likely go to the store and buy a game on discs, and then begin the process of downloading patches off of the internet, if one was so lucky to have their product see post-launch support. Today, it's not uncommon to see a game be patched once or twice in a week's time, especially so if it's a game with an online component to it.

With games like Dota 2, and recently-released Tribes Ascend, and the wildly successful Minecraft before that, the entire software development cycle gets hazy at best. PC Gamer recently asked its readers whether or not they should review Dota 2. There's still a list of things to come for Dota 2. There's also already a selection of purely cosmetic items available for purchase for your heroes, tying in closely to Valve's hat-based strategy for revenue. It's no wonder that reviewers are left wondering. Buyers are wondering too. There are plenty of people playing Dota 2, and presumably some of those players are having fun doing it. I think it could also be successfully argued that Minecraft was "done" long before Mojang slapped a 1.0 version number on it. On the flip side of the coin, it's been five years since Valve released Team Fortress 2, and the TF2 that players play today is very little like the one that was bundled with the Orange Box on release. Games developed, or even merely published by Bethesda are notorious for launch-day bugs, some of which are so egregious that they come perilously close to breaking the "sacred bond of trust between gamer and gaming mega-corporation." Sometimes Bethesda fixed up their games with a post-game patch, other times we have to just wait and bear it, and eventually at some point, like the days of yore, post-launch support just ends, and bugfixes are left to the community to handle.

I think that in the end, the "release early, patch often" approach is beneficial to consumers. It allows developers to get player feedback in an early and ongoing fashion, and adjust their product accordingly. In the long run, it makes it easier to decide whether or not it's worth plunking down our cash for a game. It does, however, make it much more difficult to decide to do so on launch day. It's difficult to see the future and know if and how a given title will be supported post-launch, which is now a reasonable issue to consider before purchasing a AAA title that can cost between $50 and $60. The hard part, of course, is waiting for our old ideas about game reviews to catch up, since a review doesn't get patched, unlike the games they cover. The best a review can hope for is to be revised during an expansion pack.

Hugh Pickens writes "Megan Garber writes that last weekend, a US Airways flight taxiing for takeoff from Washington's Reagan National Airport got stuck on the tarmac for three hours because the tarmac had softened from the heat, and the plane had created — and then sunk into — a groove from which it couldn't, at first, be removed. So what makes an asphalt tarmac, the foundation of our mighty air network, turn to sponge? The answer is that our most common airport surface might not be fully suited to its new, excessively heated environment. One of asphalt's main selling points is precisely the fact that, because of its pitchy components, it's not quite solid: It's 'viscoelastic,' which makes it an ideal surface for the airport environment. As a solid, asphalt is sturdy; as a substance that can be made from — and transitioned back to — liquid, it's relatively easy to work with. And, crucially, it makes for runway repair work that is relatively efficient. But those selling points can also be asphalt's Achilles heel. Viscoelasticity means that the asphalt is always capable of liquefying. The problem, for National Airport's tarmac and the passengers who were stuck on it, was that this weekend's 100+-degree temperatures were a little less room temperature-like than they'd normally be, making the asphalt a little less solid that it would normally be. 'As ironic and as funny as the imgur seen round the world is, it may also be a hint at what's in store for us in a future of weirding weather. An aircraft sinking augurs the new challenges we'll face as temperatures keep rising.'"

New submitter xSander writes "Is anyone really surprised by this? ACTA may have been rejected by the European Parliment, but it is far from dead yet. Apparently, the EU is trying to revive ACTA through the Canada-EU Trade Agreement (CETA)." The article contains a handy side-by-side comparison of the CETA clauses that are nearly identical to ones found in ACTA.

decora writes "If you visit Russian Wikipedia today you will be forgiven for thinking the entire site has crashed. It is not a crash, but a protest of the Russian State Duma's Bill 89417-6 According to Ria Novosti, the bill is 'proposing a unified digital blacklist of all websites containing pornography, drug ads and promoting suicide or extremist ideas.' Russian Wikipedia's main page has been replaced with a redacted logo and a protest text, part of which says 'The Wikipedia community protests against censorship, dangerous to free knowledge, open to all mankind. We ask you to support us in opposing this bill.' (translation by Google Translate)"

Hugh Pickens writes writes "Alexander Abad-Santos writes that in any other country, the late Dr. Abdus Salam would be a national hero: he's the Nobel laureate in physics who laid the groundwork for the biggest physics discovery in the past 30 years--the Higgs boson. But that isn't the case in Pakistan, where Salam has been wiped from textbooks and history for not being fundamentalist enough. 'He belonged to the Ahmadi sect, which has been persecuted by the government and targeted by Taliban militants who view its members as heretics,' says Sebastian Abbot. 'His grand unification theory of strong, weak and electromagnetic fields opened the gateway for the discovery of bosons and laid down the basis for this quantum electrodynamics project,' writes Anam Khalid Alvi for Pakistan's Express Tribune. But Pakistan can't celebrate his achievements, since Ahmadis like Salam are and were prevented from 'posing as Muslims,' and can be punished with prison and even death. By contrast, fellow Pakistani physicist A.Q. Khan, who played a key role in developing the country's nuclear bomb and later confessed to spreading nuclear technology to Iran, North Korea and Libya, is considered a national hero. Khan is a Muslim."

Hugh Pickens writes writes "Alexander Abad-Santos writes that in any other country, the late Dr. Abdus Salam would be a national hero: he's the Nobel laureate in physics who laid the groundwork for the biggest physics discovery in the past 30 years--the Higgs boson. But that isn't the case in Pakistan, where Salam has been wiped from textbooks and history for not being fundamentalist enough. 'He belonged to the Ahmadi sect, which has been persecuted by the government and targeted by Taliban militants who view its members as heretics,' says Sebastian Abbot. 'His grand unification theory of strong, weak and electromagnetic fields opened the gateway for the discovery of bosons and laid down the basis for this quantum electrodynamics project,' writes Anam Khalid Alvi for Pakistan's Express Tribune. But Pakistan can't celebrate his achievements, since Ahmadis like Salam are and were prevented from 'posing as Muslims,' and can be punished with prison and even death. By contrast, fellow Pakistani physicist A.Q. Khan, who played a key role in developing the country's nuclear bomb and later confessed to spreading nuclear technology to Iran, North Korea and Libya, is considered a national hero. Khan is a Muslim."

New submitter smugfunt writes "A number of incidents at schools in Afghanistan, especially girls' schools, have been attributed to poisoning by the Taliban. The World Health Organization has investigated 32 of them but found no poison. "Mass Psychological Illness is the most probable cause," they conclude, the Telegraph reports. The Taliban has consistently denied poisoning schools and have even consented to allow the education of girls in a deal with the government which allows significant Taliban control over the curriculum."

An anonymous reader writes "A year ago, we discussed this on Slashdot: E-Voting Reform In an Out Year?. The point was that due to the hoard of problems with electronic (and mechanical) voting, it is best to approach reform in an out year, when it is not on everyone's mind yet too late to do anything about it. Well, we failed, didn't we? Another election year is upon us, and our vote is less secure, less reliable, and less meaningful than ever. To reference the last article, we still have no open source voting, no end-to-end auditable voting systems and no open source governance. So don't complain if this election is stolen. You forgot to fix the system."

An anonymous reader writes "A year ago, we discussed this on Slashdot: E-Voting Reform In an Out Year?. The point was that due to the hoard of problems with electronic (and mechanical) voting, it is best to approach reform in an out year, when it is not on everyone's mind yet too late to do anything about it. Well, we failed, didn't we? Another election year is upon us, and our vote is less secure, less reliable, and less meaningful than ever. To reference the last article, we still have no open source voting, no end-to-end auditable voting systems and no open source governance. So don't complain if this election is stolen. You forgot to fix the system."

First time accepted submitter Optic7 writes "Many gamers have probably dreamed about the idea of an old favorite game or other no longer supported or developed commercial software being converted to an open-source license so that it could be updated to add new features, support new hardware, other operating systems, etc. However, this type of change of license seems exceedingly rare, unless the copyright holder itself decides on its own that it would be beneficial. The only examples I could think of or was able to find in a brief internet search were Blender (3D animation software that had its source code bought from creditors after a crowd-funding campaign) and Warzone 2100 (Game that had its source code released after a successful petition). With those two examples of different strategies in mind, have any of you ever participated in any efforts of this kind, and what did you learn from it that may be useful to someone else attempting the same thing? Even if you have not participated, do you have any suggestions or ideas that may be useful to such an effort?"

First time accepted submitter Optic7 writes "Many gamers have probably dreamed about the idea of an old favorite game or other no longer supported or developed commercial software being converted to an open-source license so that it could be updated to add new features, support new hardware, other operating systems, etc. However, this type of change of license seems exceedingly rare, unless the copyright holder itself decides on its own that it would be beneficial. The only examples I could think of or was able to find in a brief internet search were Blender (3D animation software that had its source code bought from creditors after a crowd-funding campaign) and Warzone 2100 (Game that had its source code released after a successful petition). With those two examples of different strategies in mind, have any of you ever participated in any efforts of this kind, and what did you learn from it that may be useful to someone else attempting the same thing? Even if you have not participated, do you have any suggestions or ideas that may be useful to such an effort?"

Bootsy Collins writes "The predominant narrative of the Fukushima Daiichi nuclear disaster has been that the accident was caused by a one-in-a-million tsunami, an event so unlikely that TEPCO could not reasonably have been expected to plan for it. However, a Parliamentary inquiry in Japan has concluded that this description is flawed — that the disaster was preventable through a reasonable and justifiable level of preparation, and that initial responses were horribly bungled. The inquiry report points a finger at collusion between industry executives and regulators in Japan as well as 'the worst conformist conventions of Japanese culture.' It also raises the question of whether the failed units at Fukushimi Daiichi were already damaged by the earthquake before the tsunami even hit, going so far as to say that 'We cannot rule out the possibility that a small-scale LOCA (loss-of-coolant accident) occurred at the reactor No 1 in particular.' This is an explosive question in quake-prone Japan, appearing in the news just as Japan begins to restart reactors that have been shut down nationwide since the disaster."

Bootsy Collins writes "The predominant narrative of the Fukushima Daiichi nuclear disaster has been that the accident was caused by a one-in-a-million tsunami, an event so unlikely that TEPCO could not reasonably have been expected to plan for it. However, a Parliamentary inquiry in Japan has concluded that this description is flawed — that the disaster was preventable through a reasonable and justifiable level of preparation, and that initial responses were horribly bungled. The inquiry report points a finger at collusion between industry executives and regulators in Japan as well as 'the worst conformist conventions of Japanese culture.' It also raises the question of whether the failed units at Fukushimi Daiichi were already damaged by the earthquake before the tsunami even hit, going so far as to say that 'We cannot rule out the possibility that a small-scale LOCA (loss-of-coolant accident) occurred at the reactor No 1 in particular.' This is an explosive question in quake-prone Japan, appearing in the news just as Japan begins to restart reactors that have been shut down nationwide since the disaster."

Google is retiring the iGoogle page, but on a much shorter time scale, Apple is shutting down an iService of its own: the cloud-storage site iWork.com (linked to Apple's office apps suite iWork) is slated to go offline at the end of this month. Says the article, over at SlashCloud: "As of that date, 'you will no longer be able to access your documents on the iWork.com site or view them on the Web,' reads Apple’s note on the matter, followed by a recommendation that anyone with documents on iWork download them to the desktop." Both of these announcements remind me why I covet local storage for documents and the ability to set my own GUI prefs.

Google is retiring the iGoogle page, but on a much shorter time scale, Apple is shutting down an iService of its own: the cloud-storage site iWork.com (linked to Apple's office apps suite iWork) is slated to go offline at the end of this month. Says the article, over at SlashCloud: "As of that date, 'you will no longer be able to access your documents on the iWork.com site or view them on the Web,' reads Apple’s note on the matter, followed by a recommendation that anyone with documents on iWork download them to the desktop." Both of these announcements remind me why I covet local storage for documents and the ability to set my own GUI prefs.

Dynamoo writes "Charles Carreon has reportedly dropped his lawsuit against the creator of The Oatmeal, Matthew Inman. This bizarre lawsuit (dubbed a SLAPP suit by the EFF) kicked off after a dispute between Inman and FunnyJunk.com which spun rapidly out of control. Perhaps Carreon has seen sense, but it turns out that there might be an even more bizarre twist in this tale."

Hugh Pickens writes "Thomas Jefferson, the author of the Declaration of Independence, whose signing we celebrate today, was considered an expert in architecture, civil engineering, geography, mathematics, ethnology, anthropology, mechanics, and the sciences. Although Jefferson never failed to acknowledge that in science he was 'an amateur,' Jefferson's home at Monticello was filled with examples of his scientific philosophy. An inventor and gadgeteer of great ingenuity, Jefferson's practical innovations or improvements on others inventions included: the swivel chair, the polygraph, letter press, hemp break. pedometer, mouldboard plow, sulky, folding chair, dumb-waiter, double acting doors, and a seven day clock. Throughout his life Jefferson experimented in agriculture with studies in crop rotation, soil cultivation, animal breeding, pest control, agricultural implements and improvement of seeds. Jefferson promoted science as President by recommending to Congress a coast survey to accurately chart the coast of America that later evolved into the United States Coast and Geodetic Survey. Jefferson's expert testimony before Congress led to the establishment of the Naval Observatory and the Hydrographic Office and Jefferson's report to Congress on a plan of coinage and weights and measures based on the decimal system was expanded into the National Bureau of Standards. Jefferson never applied for a patent, which was consistent in his belief in the natural right of all mankind to share useful improvements without restraint."

arisvega writes with news that the European Parliament has pass a resolution in support of eCall, an initiative to install devices in vehicles that automatically contact emergency services in the event of a crash. The resolution calls on the European Condition to make it mandatory for all new cars starting in 2015. "The in-vehicle eCall system uses 112 emergency call technology to alert the emergency services automatically to the location of serious road accidents. This should save lives and reduce the severity of injuries by enabling qualified and equipped paramedics to get to the scene within the first “golden hour” of the accident, says the resolution. The eCall system could save up to 2,500 lives a year and reduce injury severity by 10 to 15%, it adds."

Hugh Pickens points out a report from Jamie Smith Hopkins that "The unusual nature of the 'derecho' is complicating efforts to get everyone's much-needed air conditioning up and running again as more than 1.4 million people from Illinois to Virginia still remain without power and power companies warn some customers could be without power for the rest of the week in the worst hit areas. Utilities don't have enough staff to handle severe-storm outages – the expense would send rates soaring – so they rely on out-of-state utilities to send help, says Stephen Woerner, Baltimore Gas and Electric's (BGE) chief operating officer. Hurricane forecasts offer enough advanced warning for utilities to 'pre-mobilize' and get the out-of-state assistance in place but the forecast for Friday's walloping wind was merely scattered thunderstorms. 'No utility was prepared for what we saw in terms of having staff available that first day,' says Woerner. But is it a given that a strong storm would cause this magnitude of damage to the electricity grid? 'Even without pursuing the extremely expensive option of burying all of the region's electrical lines, the utilities can and do take steps between bouts of severe weather to prevent outages,' writes the Baltimore Sun, adding that consumer advocates are concerned that utilities invest sufficiently in preventive maintenance. 'Tree trimming and replacement of old infrastructure — particularly in areas that have been shown to be vulnerable to previous storms — helps prevent outages.'"

wiredmikey writes "The popular Blackhole exploit kit, assumed to be created and maintained by an individual going by the online moniker of 'Paunch,' who continuously updates the browser exploit software, looks like it has just received another upgrade. The exploit works by infecting a user when they visit a Blackhole-infected site, and their browser runs the JavaScript code, usually via a hidden iframe. If the location or URL for the malicious iframe changes or is taken down, all of the compromised sites will have to be updated to point to this new location, making it hard for the attackers. To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain. Moreover, the kit's recent upgrade also added a new attack. According to Sophos, sometime in early June Blackhole was updated to include an attack that targets a flaw in Microsoft's XML Core Services, which remains unpatched. Unfortunately, the changes prove once again that the criminal economy online is alive and well."

Once upon a time, it was easy to characterize Google’s domain and business model: they provided well-organized internet search results through a simple, friendly interface, and made money through targeted advertising. Over the years, the company has grown more complex even faster than has the — still admirably spare — Google home page, as it’s either assimilated or originated all kinds of adjuncts to pure search. The Nexus Q, as the company’s first-ever fully home-grown consumer electronics product (as opposed to Google-branded but jointly developed phones and tablets) shows just how far that path has led, and hints at cooler things to come. By default, though, the device is severely limited, intended basically as an overqualified gateway to content stored at Google’s Play media store, or at (Google-controlled) YouTube. And if that weren’t constrained enough, it requires another Android device (phone or tablet, say) as a remote control. The Q is equipped with impressive hardware internally, though, which might soon be exploited with software more flexible than that which comes loaded. The Q was announced at the recent Google I/O conference, and instantly drew both admiring gasps and dismissive chortling. The case is distinctively odd: it looks a bit like a Death Star the size of a Magic 8 Ball, with an equator lit by a string of 32 LEDs, with a bit sliced off to provide a base. You can link it to an HDMI-equipped screen with a longer cable, if you’d like, but you won’t be stacking anything on top. It combines a fast processor, a 1GB chunk of RAM, and 16GB of solid-state storage with an integrated power supply (which means no wall wart) and — probably the most interesting of its hardware features — a built-in stereo amplifier, described as 12.5 watts per channel, or (a bit coyly) as “25W.”

Aside: Since stereo amps are commonly described by their per-channel rating (so a “100 watt stereo amp” doesn’t typically mean 50 watts per *channel* but rather “100 watts per channel), I’m glad the specs at least call this out in the same size of typeface. They should also specify the total harmonic distortion when driven at their rated power; that’s one place that other class D amps especially tend toward misleading figures. (I’ve asked Google to supply this information.) On the other hand, it’s worth mentioning that a decent 12.5W/channel isn’t necessarily something to sneeze at. Just because some receivers have 7 or more channels and behemoth claimed power ratings, with efficient speakers just a few watts can fill any less-than-cavernous room with decent sound, especially if it won’t be pushing giant bass drivers. Google recommends bookshelf speakers as a good match, which makes sense both because they tend toward efficiency and small-to-medium rooms and because users with more complex systems probably don’t want to be tied to the internal amplifier anyhow.

With a dual-core Cortex A9 and a full gig of RAM, this is severalfold more capable than a mere gadget needs to be — or, rather, it *could* be more capable. Which brings me to this: biggest problem I see with the Q isn’t the price, even though a lower price would no doubt bring it closer to an impulse buy for more people.

No, The real drawback to an eccentrically shaped, limited purpose, $300 piece of home entertainment gear is that it’s got to overcome a raft of competitive alternatives as well as wallet friction. This is the electronics version of “Extraordinary claims require extraordinary evidence.” The total worth of owning it has to compensate (and then some) for not using the same money on other stuff — or simply saving it, and particularly for the risk that for all its potential the Q will end up orphaned. (See also, Chumby.)

By restricting the feature set to Google’s own media store, Google is placing a bet that users (enough of them, at least) will be satisfied with that as their sole source, and guaranteeing a revenue stream. They’ve also bet at least some small piece of the farm that users will appreciate what strikes me as a hyper-specific music-sharing scenario. As demonstrated on the I/O stage, multiple users with Android devices as controllers can each add items to the device’s playlist, and take advantage of predictive search to find more items that might appeal. This “social streaming” is nifty, but requires a fiddly involvement in the “play music over speakers” process than typical users might find tiresome and twee, and it limits the in group with control of the device to Android users. That cuts out the huge chunk of smartphone users with some version of That Other Phone. It’s hard to know to predict sometimes what will become popular enough to spawn massive sales (cf Pet Rocks, hula hoops, and Scientology), but based on that demo this seems like a feature likely to be disproportionately enjoyed by Silicon-Valley style tech-heads rather than typical (“mere”) users.

It looks flexible with that collection of parts and ports, though, and Google’s explicitly announced that hacking is encouraged, which sounds impressive and provides hope that the 16GB of storage will have a use more interesting than as a giant cache. It’s easy to come up with cool scenarios for a tiny computer-with-amplifier, from zone controller for a flexible home audio system to the brains of a lightweight browsing station (perhaps with a purpose-built version of Cyanogen Mod?) or a home-control infobot like 3com's short-lived Audrey. A security system or weather app (think of a display for weather sensors mounted outside the house, coupled with a crowdsourced alert system for severe weather, and grabbing data from Weather Underground, too) would make it more appealing to me. The multicolor LED band could serve the same function that Ambient Devices pushed for its connected gadgets that used color and other indicators to convey information based on data streams from stock tickers to holiday calendars. Liliputing reports on some partial success in loading Android apps, but heavy on the partial: getting a game to appear on screen isn’t the same as being able to play it.

Why so difficult? Besides the lack of a touch-screen input, the version of Android 4.0 on the Q isn’t the does-everything Ice Cream Sandwich that many users are used to. The Nexus series of phones and tablets has first-class access to a collection of hundreds of thousands of apps; for the Q, exactly three apps are listed in the specs: Google Play Music; Google Play Movies and TV; and YouTube.

Until a greater selection of apps appears (whether from outside developers or from Google), the Q’s software is pared down to a degree likely to frustrate users who are used to playing all kinds of media from other devices — including smartphones that aren’t even as musically gifted on the hardware side.

In some ways, and especially with the intentionally sparse software set, Google will be competing with itself with this device, especially for users who’d rather employ separate sound amplification: the current generation of Chromebook plays streaming video just fine (and has a screen and a keyboard), and does a lot more besides. If you want to hook up to a larger screen permanently and thus don’t need a smaller one at all, the Samsung-made Chromebox costs only about 10 percent more, and seems a more flexible choice, since besides being a full-featured web-centric smart client, the Chromebox outputs video via a (full sized, no less!) HDMI port, and will play content from providers other than Google’s Play, like Netflix and Vimeo — and that’s just for video sources — as well as from locally stored media. Similarly, Google TV hardware fills much of the same niche, and it comes with a browser.

Also in competition, of course, are dedicated network media players from Boxee, Roku, and Apple, and (at prices that start a touch lower, thanks to the subsidize-then-sell-games business model) consoles like Microsoft’s Xbox 360. All of these offer a mature interface for streaming music and movies that might be less state of the art and exotic than the Q’s, but more accessible and more flexible.

I do have an Android phone, and have been considering a Roku box; now, I’m planning to set up the Q with a set of bookshelf speakers to see how livable (or frustrating) it turns out to be. I hope that the touted hackability means that its capabilities really do get a boost soon from tinkerers: for this Death Star, that may be the only hope.

Once upon a time, it was easy to characterize Google’s domain and business model: they provided well-organized internet search results through a simple, friendly interface, and made money through targeted advertising. Over the years, the company has grown more complex even faster than has the — still admirably spare — Google home page, as it’s either assimilated or originated all kinds of adjuncts to pure search. The Nexus Q, as the company’s first-ever fully home-grown consumer electronics product (as opposed to Google-branded but jointly developed phones and tablets) shows just how far that path has led, and hints at cooler things to come. By default, though, the device is severely limited, intended basically as an overqualified gateway to content stored at Google’s Play media store, or at (Google-controlled) YouTube. And if that weren’t constrained enough, it requires another Android device (phone or tablet, say) as a remote control. The Q is equipped with impressive hardware internally, though, which might soon be exploited with software more flexible than that which comes loaded. The Q was announced at the recent Google I/O conference, and instantly drew both admiring gasps and dismissive chortling. The case is distinctively odd: it looks a bit like a Death Star the size of a Magic 8 Ball, with an equator lit by a string of 32 LEDs, with a bit sliced off to provide a base. You can link it to an HDMI-equipped screen with a longer cable, if you’d like, but you won’t be stacking anything on top. It combines a fast processor, a 1GB chunk of RAM, and 16GB of solid-state storage with an integrated power supply (which means no wall wart) and — probably the most interesting of its hardware features — a built-in stereo amplifier, described as 12.5 watts per channel, or (a bit coyly) as “25W.”

Aside: Since stereo amps are commonly described by their per-channel rating (so a “100 watt stereo amp” doesn’t typically mean 50 watts per *channel* but rather “100 watts per channel), I’m glad the specs at least call this out in the same size of typeface. They should also specify the total harmonic distortion when driven at their rated power; that’s one place that other class D amps especially tend toward misleading figures. (I’ve asked Google to supply this information.) On the other hand, it’s worth mentioning that a decent 12.5W/channel isn’t necessarily something to sneeze at. Just because some receivers have 7 or more channels and behemoth claimed power ratings, with efficient speakers just a few watts can fill any less-than-cavernous room with decent sound, especially if it won’t be pushing giant bass drivers. Google recommends bookshelf speakers as a good match, which makes sense both because they tend toward efficiency and small-to-medium rooms and because users with more complex systems probably don’t want to be tied to the internal amplifier anyhow.

With a dual-core Cortex A9 and a full gig of RAM, this is severalfold more capable than a mere gadget needs to be — or, rather, it *could* be more capable. Which brings me to this: biggest problem I see with the Q isn’t the price, even though a lower price would no doubt bring it closer to an impulse buy for more people.

No, The real drawback to an eccentrically shaped, limited purpose, $300 piece of home entertainment gear is that it’s got to overcome a raft of competitive alternatives as well as wallet friction. This is the electronics version of “Extraordinary claims require extraordinary evidence.” The total worth of owning it has to compensate (and then some) for not using the same money on other stuff — or simply saving it, and particularly for the risk that for all its potential the Q will end up orphaned. (See also, Chumby.)

By restricting the feature set to Google’s own media store, Google is placing a bet that users (enough of them, at least) will be satisfied with that as their sole source, and guaranteeing a revenue stream. They’ve also bet at least some small piece of the farm that users will appreciate what strikes me as a hyper-specific music-sharing scenario. As demonstrated on the I/O stage, multiple users with Android devices as controllers can each add items to the device’s playlist, and take advantage of predictive search to find more items that might appeal. This “social streaming” is nifty, but requires a fiddly involvement in the “play music over speakers” process than typical users might find tiresome and twee, and it limits the in group with control of the device to Android users. That cuts out the huge chunk of smartphone users with some version of That Other Phone. It’s hard to know to predict sometimes what will become popular enough to spawn massive sales (cf Pet Rocks, hula hoops, and Scientology), but based on that demo this seems like a feature likely to be disproportionately enjoyed by Silicon-Valley style tech-heads rather than typical (“mere”) users.

It looks flexible with that collection of parts and ports, though, and Google’s explicitly announced that hacking is encouraged, which sounds impressive and provides hope that the 16GB of storage will have a use more interesting than as a giant cache. It’s easy to come up with cool scenarios for a tiny computer-with-amplifier, from zone controller for a flexible home audio system to the brains of a lightweight browsing station (perhaps with a purpose-built version of Cyanogen Mod?) or a home-control infobot like 3com's short-lived Audrey. A security system or weather app (think of a display for weather sensors mounted outside the house, coupled with a crowdsourced alert system for severe weather, and grabbing data from Weather Underground, too) would make it more appealing to me. The multicolor LED band could serve the same function that Ambient Devices pushed for its connected gadgets that used color and other indicators to convey information based on data streams from stock tickers to holiday calendars. Liliputing reports on some partial success in loading Android apps, but heavy on the partial: getting a game to appear on screen isn’t the same as being able to play it.

Why so difficult? Besides the lack of a touch-screen input, the version of Android 4.0 on the Q isn’t the does-everything Ice Cream Sandwich that many users are used to. The Nexus series of phones and tablets has first-class access to a collection of hundreds of thousands of apps; for the Q, exactly three apps are listed in the specs: Google Play Music; Google Play Movies and TV; and YouTube.

Until a greater selection of apps appears (whether from outside developers or from Google), the Q’s software is pared down to a degree likely to frustrate users who are used to playing all kinds of media from other devices — including smartphones that aren’t even as musically gifted on the hardware side.

In some ways, and especially with the intentionally sparse software set, Google will be competing with itself with this device, especially for users who’d rather employ separate sound amplification: the current generation of Chromebook plays streaming video just fine (and has a screen and a keyboard), and does a lot more besides. If you want to hook up to a larger screen permanently and thus don’t need a smaller one at all, the Samsung-made Chromebox costs only about 10 percent more, and seems a more flexible choice, since besides being a full-featured web-centric smart client, the Chromebox outputs video via a (full sized, no less!) HDMI port, and will play content from providers other than Google’s Play, like Netflix and Vimeo — and that’s just for video sources — as well as from locally stored media. Similarly, Google TV hardware fills much of the same niche, and it comes with a browser.

Also in competition, of course, are dedicated network media players from Boxee, Roku, and Apple, and (at prices that start a touch lower, thanks to the subsidize-then-sell-games business model) consoles like Microsoft’s Xbox 360. All of these offer a mature interface for streaming music and movies that might be less state of the art and exotic than the Q’s, but more accessible and more flexible.

I do have an Android phone, and have been considering a Roku box; now, I’m planning to set up the Q with a set of bookshelf speakers to see how livable (or frustrating) it turns out to be. I hope that the touted hackability means that its capabilities really do get a boost soon from tinkerers: for this Death Star, that may be the only hope.

Let's pretend for a moment that your name is Google. You want to have lots of developers working with your stuff. So you hold a Google Input|Output 2012 event. You have Sergey Brin showing off Google Glass, but most of your show consists of talks with titles like Integrate Web Intents into Your Web Application Today and What's New in Android?... which is all great fun, but also a tad boring. Luckily, somebody at Google piped up and said, "I know! We need Android-controlled fighting robots!" And they contacted the Stupid Fun Club, and Lo! There were Android-controlled robots fighting on the show floor, and all was right with the world.

New submitter busyqth writes "After the injunction against the Galaxy Tab 10.1 earlier in the week, A U.S. district court judge has now also granted an injunction against the sale of Google's flagship ICS phone, the Galaxy Nexus. Is Steve Jobs laughing in the great beyond? Is this the beginning of the end for Android?" Two blows to Samsung in one week, and now the FTC is investigating Google for misuse of Motorola Mobility patents in relation to RAND standards.

Lasrick writes "Yun Zhou writes about the end result of China's long reconsideration of nuclear power safety in the wake of Fukushima. Important details about the decision to adopt designs created in China, and incorporate Gen III in those designs." The short version is that they won't be building more Generation II reactors, opting instead to only build Generation III reactors (which have passive safety systems). Instead of relying entirely on the AP1000, China is speeding up the design of their own Generation III reactors. Plans are still in place for 70GW by 2020, but that date will likely slip due to regulatory delays and the temporary construction moratorium.

Lasrick writes "Yun Zhou writes about the end result of China's long reconsideration of nuclear power safety in the wake of Fukushima. Important details about the decision to adopt designs created in China, and incorporate Gen III in those designs." The short version is that they won't be building more Generation II reactors, opting instead to only build Generation III reactors (which have passive safety systems). Instead of relying entirely on the AP1000, China is speeding up the design of their own Generation III reactors. Plans are still in place for 70GW by 2020, but that date will likely slip due to regulatory delays and the temporary construction moratorium.

thomst writes "Rob Coppinger of Space.com reports that UK-based private company Excalibur Almaz plans to offer commercial lunar-orbital tourist missions based on recycled Soviet-era Soyuz vehicle and Salyut space stations, using Hall Effect thrusters to power the ensemble from Earth orbit to the Moon and back. The company estimates ticket prices at $150 million per seat (with a 50% profit margin), and expects to sell about 30 of them. Excalibur Almaz has other big plans, too, including ISS crew transport, Lagrange Point scientific missions, and Lunar surface payload deliveries. It expects to launch its first tourist trip to the Moon in 2014."

Not too many years ago, people who carried on conversations with folks the rest of us couldn't hear were considered demented (or drunk). Then came the cellular phone headset, which meant normal people could walk along, carrying on conversations with people we couldn't hear, although many researchers came to believe that a large percentage of so-called "normal" cell phone users were also demented (or drunk). Now Google's Project Glass means people can walk along, seeing things no one else can -- and carrying on conversations with them. Are Google's Project Glass users demented? Are they drunk? Or are they looking at heads-up displays mounted on glasses frames or attached to prescription glasses? Inquiring Slashdot editor Timothy Lord wanted to know, so he joined a Glass demonstration hosted by Google co-founder Sergey Brin (whose company is not related to Barney Google, as far as we know) to find out for himself -- and to share his findings with you.

Not too many years ago, people who carried on conversations with folks the rest of us couldn't hear were considered demented (or drunk). Then came the cellular phone headset, which meant normal people could walk along, carrying on conversations with people we couldn't hear, although many researchers came to believe that a large percentage of so-called "normal" cell phone users were also demented (or drunk). Now Google's Project Glass means people can walk along, seeing things no one else can -- and carrying on conversations with them. Are Google's Project Glass users demented? Are they drunk? Or are they looking at heads-up displays mounted on glasses frames or attached to prescription glasses? Inquiring Slashdot editor Timothy Lord wanted to know, so he joined a Glass demonstration hosted by Google co-founder Sergey Brin (whose company is not related to Barney Google, as far as we know) to find out for himself -- and to share his findings with you.

Not too many years ago, people who carried on conversations with folks the rest of us couldn't hear were considered demented (or drunk). Then came the cellular phone headset, which meant normal people could walk along, carrying on conversations with people we couldn't hear, although many researchers came to believe that a large percentage of so-called "normal" cell phone users were also demented (or drunk). Now Google's Project Glass means people can walk along, seeing things no one else can -- and carrying on conversations with them. Are Google's Project Glass users demented? Are they drunk? Or are they looking at heads-up displays mounted on glasses frames or attached to prescription glasses? Inquiring Slashdot editor Timothy Lord wanted to know, so he joined a Glass demonstration hosted by Google co-founder Sergey Brin (whose company is not related to Barney Google, as far as we know) to find out for himself -- and to share his findings with you.

Yesterday Timothy was at Google I/O watching the keynote but there is still plenty of announcements on day two. Today's first big theme: Chrome. Tim reports: "Brian Rakowski VP for (and inventor of) Chrome, shows device transferability among devices of tabs, bookmarks, with a multi-part contrived story, looking at his opened tabs from home and work, etc. from a phone running Chrome. Not only can open tabs from there, but (and this is cool), 'we've made sure the back button works as well.' So you can open a page from a different computer, and have the browsing history of that tab as well. This Chrome syncing affects settings, bookmarks, etc. Also, for those transferred tab pages, pre-loading! So when you click on a tab, it's been loading and now should be read, BAM." As before we'll be updating the story live (below the fold) with his updates as they stream in. Update: by Sam : And now the big One More Thing from Rokowski: iOS version is here. "Later today, Chrome will be rolling out in the Appstore." Works as it does on other devices -- nicely draggable, etc. "Makes browsing the web on your iPhone really fun." After showing iPhone, says "While we were at it ..." And Yep, on the iPad, too. More space to work with there.

Shows that syncing works here, too: his other devices' tabs and bookmarks are all listed. And (nice); credentials, too, are synced and auto-filled across devices. So a NYT login can work if you were logged in to it on an another device, even if you've never logged in there on the one you're using now.

Incognito ("a feature near and dear to my heart") works, too: Scattered laughter at "I hope you find that using incognito on a touch device is a great experience."

Going Google: Pichai talks up the use of the Google Apps infrastructure, throws out some stats for adopters: Govt. agencies in 45 states, 66 of top 100 univs, and over 5m businesses. A few cute commercials follow: a business meeting via Google, and a few funny examples of multi-person collaboration (Hall and Oates coming up, word by not-quite-right word, with the line "Oh, oh, here she comes, she's a man eater").

Next big topic: Google Drive. Example shown of searching text stored on Google Drive, from an iPad -- for the words "certified mail." Only, and this is the applause point, those words weren't stored as text: they were in a scanned document, which Google has OCR'd.

More applause for the next step: "It works for things that aren't even text." Searches for "pyramid," knowing he has some pictures taken in Egypt (but not tagged or labeled); up comes the pyramid he was looking for, also automatically tagged for content just based on the image itself. it's a demo, but even with the skepticism that should invite, it's impressive.

Demo next of showing multiple logins to Google Drive (hard to not call it Google Docs); shows that updating on a laptop instantly, smoothly updates the same document open on a phone's screen.

And, bigger news: Google apps now work offline. (Hoots of joy from the audience.) Gives an example of working offline (unplugs ethernet, shows New York Times is unreachable as proof), saving, closing Chrome, reconnecting to a network, and on network reconnection, the offline changes are pushed, synced across devices.

Works on Windows, Mac, iOS, ChromeOS, "all your devices" says Pichai. What about Linux? Editing docs work, and ChromeOS has Linux core, but what about Ubuntu, Red Hat / Fedora, etc? I'd like these to be 1st-class options.

Chromebook updates: "We're very excited by the new model we're working on" -- 3x faster than early Chromebooks. Also, as of today, to be available in retail outlets, in particular at 100 Best Buy locations "all across the country."

Google's 1st VP of engineering Urs Hoelzle, talks about App Engine, says "we want to give everyone out there the kind of infrastructure we have at Google." Throws out more stats: 1 million active apps; 7.5 billion hits/day. Announces Google Compute Engine: on-demand (Linux?) virtual machines. Screaming and standing from audience: "You haven't seen anything yet." His bullet points: "Scale, Performance, Value" are a bit business-pamphlet cliche sounding -- even includes the line "Passing these savings on to you." But neat stuff.

Compares in-house 1000-core cluster (more figures comparing cost would have been good) to 10,000 core, doing genomics research, finding likely matches in a large dataset. Instead of waiting 10 minutes between matches found by the algorithm, connected to virtual machines of Compute Engine, the displays illustrates with moving lines and clicks a new match ever few seconds.

A few minutes later, he reveals that a mysterious counter in the background (counting up, reaching large numbers) is showing the cores available to the genome research project of the first example. Switching back to that, the illustrated matches are now clicking like castanets, the lines per-match are filling the display.

Back to Pichai, Evolution of Chrome apps:

• always avaliable
• authentic app experience
• enhanced device access (this mostly for developers, of course.) Making sure that apps can access and use all the capabilities of the device they're running on.

Now, 2 performers from Circ du Soleil on stage, while images from their shows play in the background; I wonder where this is going to go.

Demo is a preview: a surreal game / VR world with complex, photo-realistic gymnasts and layers of flowers moving in 3D space, built in HTML with CSS animations / filters. Fast; the high-res video, controlled in real time by using a camera -- user turning head, or shifting body, serve as controller. "Wonderfully portable" -- works just as well on a tablet, vs. a conventional browser.

Says casually that this is running on a Chromebook -- that I think should have drawn big applause, but didn't.

New Chromebox flashed on screen, Pichai exits rather abruptly with a plea for the gathered developers to keep making cool apps, and now ... on video, we're back to the same rooftop where yesterday wing-suited skydivers landed on the roof. Sergey is wearing his Glass headset, and they switch occasionally to his (low rez, view). It looks like they're going to repeat the jump, but with more explanation: Sergey is walking around the roof, demoing how they tracked those jumpers and maintained network connection to their transmitted video -- looks like around a dozen people wrangling parabolic antennas at the edge of the roof, trying to catch those signals. In the background (this is much cleaner than Caligula, but nearly as extravagant), the trick bikers are rolling around the roof, warming up with small tricks. :For those of you in downtown San Francisco," he says, "this would be a good time to peek out your windows."

We're occasionally switched to a view of the inside of the blimp, and another shot of the outside, and are promised a countdown. 30 second count-down about to start. Lucky, they say, that the fog is holding back.

The starship Heart of Gold! They're in the air, to massive applause, flying and weaving ... the 3d chute opens, with a puff of smoke; Sergey provides an explanation -- that gives a cue for the folks with antennas about how to aim them. One chute down! All chutes down; Camera following around Sergey falls, he makes a wounded sound "awww!" but it's picked up quickly. Or wait, was that his Glass headset that fell? Maybe so. Now he's switched to the sun-glass version.

New submitter pays-vert writes "On Saturday, France will turn off the Minitel service. A forerunner of the world wide web, Minitel provided news, online banking and, yes, porn via a chic plug'n'play terminal. The service remained massively popular for a while even after the rise of the Internet, but ultimately has lost out to technological innovation. 'About 400,000 of the machines are still in use across the country, but perhaps most affected will be Brittany, where the devices were developed, and where many farmers still depend on them. ... Internet service spread much more slowly in France than it did elsewhere in Europe or in the United States, largely because of the popularity of the Minitel, historians say. Only around the turn of the century did the Internet come to much of this soggy western region, an expanse of green that bulges out into the Atlantic Ocean. The Minitel was hugely useful to farmers. Realizing that the devices could save time and money, local agricultural organizations developed programs for farmers to, say, track pork prices, inform the authorities of animal births and deaths, or consult the results of chemical tests on milk.'"

a_n_d_e_r_s writes "The ongoing saga of Microsoft's misuse of their dominant position in the EU marketplace to block competitors may be finally over, with the fine set to 860 million euros (just over 1 billion dollars). In 2004 Microsoft was ordered to provide certain information to competitors but failed to do so and was given an hefty fine. Now the EU General Court in Luxembourg has upheld the EU Commission decision and ruled against Microsoft." This is a minor reduction (4.3%) of the original fine because of a minor technicality. Microsoft, naturally, is unhappy with the result.

ananyo writes "Two anti-clotting compounds already approved for use in humans may have a surprising role in treating radiation sickness. Last year's nuclear accident in Fukushima, Japan renewed anxiety over the lack of treatments for radiation poisoning. It was long thought that the effects of exposure to high doses of radiation were instantaneous and irreversible, leading to destruction of the gut and loss of bone marrow cells, which damages blood-cell production and the immune system. The two compounds are thrombomodulin (Solulin/Recomodulin), currently approved in Japan to prevent thrombosis, and activated protein C (Xigris). Treating mice with either drug post-exposure led to an eightfold increase in key bone marrow cells needed for the production of white blood cells, and improved the survival rates of mice receiving lethal radiation doses by 40–80% (abstract). And yes, the lead author's name really is Geiger."

Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

I immediately wrote back:

But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

I immediately wrote back:

But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

I immediately wrote back:

But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

I immediately wrote back:

But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

I immediately wrote back:

But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

itwbennett writes "Confirming the rumor that emerged earlier this month, Microsoft has bought enterprise social networking software maker Yammer for $1.2 billion. Yammer will become part of Microsoft's Office Division." If you're not familiar with Yammer, it's essentially a messaging system that gives more control to administrators than does using an outside company's service, like AOL's AIM. "Enterprise social networking software," as Wikipedia explains it, means that Yammer "is used for private communication within organizations or between organizational members and pre-designated groups, making it an example of enterprise social software. ... Access to a Yammer network is determined by a user's Internet domain, so only those with appropriate email addresses may join their respective networks."