Good analogy, but there are two critical differences: 1. Google continues to develop Chrome (IE6 stayed stagnant for a long time) 2. New versions of Chrome don't break your Web site like new versions of IE.
You're partly right, in that hackers can potentially find a way to get around these security keys. But password-based security is SO easy to defeat that it's barely better than just SHUTTING your car doors, without locking them. If you have no password to type, you can't be tempted to type it into a fake Web site linked by a suspicious email. You won't have a password to supply to the fake Web site. That's the point. Using hardware keys eliminates the weakest link in security: the human.
My company conducted a penetration test, which began with the security company sending a phishing email to all employees. AT LEAST one person in EVERY department clicked the link, except software development. That was enough. They got in to multiple servers and were able to harvest some passwords from memory.
As long as you have a connection, serial port or otherwise, it's not "air-gapped." If it can be remote-controlled by employees, it can be remote-controlled by Russians.
In any case, in these days of wifi built in to everything, what's the use of an air gap?
A hard link (similar to a shortcut for you Windows users) was created.
Windows has hard links, most users just don't know how to make or use them. I'll bet for the same reason (lack of knowledge of command lines), most Mac users don't know how to do this either.
Employees were never asked to sign anything. Instead, employers made agreements between each other. Employees never knew why they didn't get the job they had applied for.
Notepad is only lightweight and instant if you use it for small files. Anything bigger than about a megabyte, and it starts to choke.
What I hate most, and why I use Notepad++ for everything, is its limitations with search and replace. This little update to Notepad isn't going to be enough to win me back.
In the US and elsewhere, cell phone data is often used to exclude or include people who might be under suspicion of a crime. It doesn't necessarily lead to arrests, and may not be used in court, but it helps reduce the amount of work needed to be done during the process of an investigation. This data is usually used after the fact, not at the moment police are swooping in. Facial recognition likely falls into this category.
Just because the system didn't lead to any arrests, doesn't mean that no one was recognized, and doesn't mean the system has no usefulness.
Most of the companies mentioned are Silicon Valley tech firms, where the competition for jobs is fierce, and hours are brutal. In the rest of the country, my impression is that stress levels are much lower. I personally can't imagine a better job than the one I have, and I know many who agree.
If this analytics tool lives up to its promise, it would seem to offer more and better opportunities for ME the employee.
Employers have been slowly eroding benefits for decades, because it "costs too much." Many of them forget that when you reduce costs somewhere, there are unintended consequences.
I had switched to Chrome because Firefox was...slow. But a few months ago, Firefox started making dramatic improvements in performance. But the most important feature that brought me back was the setting that lets you prevent videos from automatically playing. I wish they would make it not even load the video, but at least stopping the playback will do, until then.
FOSS acknowledges that copying software doesn't cost money
This is a simplistic view.
If the software's "user" is technically-inclined, and perhaps willing to modify the source code of the software he copied, then in a sense the copying didn't cost the author any money. But if the software is intended to be used by large numbers of people, including those who are not so technical, then copies do indeed cost money, in the form of customer support and bug fixes for disparate configurations.
Now, it would be nice to have an easier mechanism for 1,000 people to each pay for 1,000th of the cost of developing a new feature
This is an unusual recognition that free software isn't actually free. I love free and open source software, I use it regularly, and have contributed to open source efforts. But one thing the FOSS community sometimes forgets is that creating software costs time and money, lots of it...at least, for anything that's any good. SOMEBODY has to pay for it. If somebody is motivated to pay for it, great! We ALL benefit! But if nobody wants to pay for it, maybe it isn't worth so much, or maybe it needs to be...sold...as commercial software. If nobody wants to buy it, clearly, its value isn't as high as the author would like to think it is.
I tried one of those apps a few years ago. I liked it, but I didn't trust the app maker to respect the privacy of my messages. For all I knew, they could sell the company to any old sleezebag who wanted to send spam to me.
You might argue that it's no different with Google. Well, it is. For one thing, Google already knows everything about me, including my texting, so what's the difference using Google software to sync to my computer? Also, Google isn't going away, and every one of their moves is scrutinized by the world. I feel much safer with my data in Google's hands, than a company called "Pulse" or whatever other vendors are out there.
Slashdot Mirror
Good analogy, but there are two critical differences:
1. Google continues to develop Chrome (IE6 stayed stagnant for a long time)
2. New versions of Chrome don't break your Web site like new versions of IE.
Clearly, you've never experienced a REAL penetration test. There is ALWAYS at least one door left open somewhere. Including your company.
That is the whole point. With a hardware key, you no longer type a password.
https://www.yubico.com/start/m...
You're partly right, in that hackers can potentially find a way to get around these security keys. But password-based security is SO easy to defeat that it's barely better than just SHUTTING your car doors, without locking them. If you have no password to type, you can't be tempted to type it into a fake Web site linked by a suspicious email. You won't have a password to supply to the fake Web site. That's the point. Using hardware keys eliminates the weakest link in security: the human.
Like a hotel key, IT can just associate a new key with your account.
Also, passwords are not free when they result in data breaches.
My company conducted a penetration test, which began with the security company sending a phishing email to all employees. AT LEAST one person in EVERY department clicked the link, except software development. That was enough. They got in to multiple servers and were able to harvest some passwords from memory.
Not everyone is as "smart" as you are.
As long as you have a connection, serial port or otherwise, it's not "air-gapped." If it can be remote-controlled by employees, it can be remote-controlled by Russians.
In any case, in these days of wifi built in to everything, what's the use of an air gap?
The whole point of the internet is to be able to route around obstacles, like severed connections in and out of Russia.
A hard link (similar to a shortcut for you Windows users) was created.
Windows has hard links, most users just don't know how to make or use them. I'll bet for the same reason (lack of knowledge of command lines), most Mac users don't know how to do this either.
Employees were never asked to sign anything. Instead, employers made agreements between each other. Employees never knew why they didn't get the job they had applied for.
Notepad is only lightweight and instant if you use it for small files. Anything bigger than about a megabyte, and it starts to choke.
What I hate most, and why I use Notepad++ for everything, is its limitations with search and replace. This little update to Notepad isn't going to be enough to win me back.
Are there any computer languages that are well-designed and well-documented?
C# might not be popular on slashdot, but it is well-designed and incredibly well-documented.
In the US and elsewhere, cell phone data is often used to exclude or include people who might be under suspicion of a crime. It doesn't necessarily lead to arrests, and may not be used in court, but it helps reduce the amount of work needed to be done during the process of an investigation. This data is usually used after the fact, not at the moment police are swooping in. Facial recognition likely falls into this category.
Just because the system didn't lead to any arrests, doesn't mean that no one was recognized, and doesn't mean the system has no usefulness.
Amazon releases an update, on average, every second.
Google updates its search algorithm about twice a day.
Do you have a Windows computer? Microsoft updates the OS and many of its desktop applications on a weekly schedule through Windows updates.
Release frequency is not related to desktop vs. Web. It's related to the budget a company has for software development.
Just wait, they'll file a design patent to make sure Samsung can't copy their colors!
Most of the companies mentioned are Silicon Valley tech firms, where the competition for jobs is fierce, and hours are brutal. In the rest of the country, my impression is that stress levels are much lower. I personally can't imagine a better job than the one I have, and I know many who agree.
It's an arms race. Each new iteration of security is presumably stronger, but the bad actors also get smarter. There will never be a "final" version.
If this analytics tool lives up to its promise, it would seem to offer more and better opportunities for ME the employee.
Employers have been slowly eroding benefits for decades, because it "costs too much." Many of them forget that when you reduce costs somewhere, there are unintended consequences.
This tool sounds like a good thing to me!
I had switched to Chrome because Firefox was...slow. But a few months ago, Firefox started making dramatic improvements in performance. But the most important feature that brought me back was the setting that lets you prevent videos from automatically playing. I wish they would make it not even load the video, but at least stopping the playback will do, until then.
FOSS acknowledges that copying software doesn't cost money
This is a simplistic view.
If the software's "user" is technically-inclined, and perhaps willing to modify the source code of the software he copied, then in a sense the copying didn't cost the author any money. But if the software is intended to be used by large numbers of people, including those who are not so technical, then copies do indeed cost money, in the form of customer support and bug fixes for disparate configurations.
Now, it would be nice to have an easier mechanism for 1,000 people to each pay for 1,000th of the cost of developing a new feature
I think you just invented software license fees.
This is an unusual recognition that free software isn't actually free. I love free and open source software, I use it regularly, and have contributed to open source efforts. But one thing the FOSS community sometimes forgets is that creating software costs time and money, lots of it...at least, for anything that's any good. SOMEBODY has to pay for it. If somebody is motivated to pay for it, great! We ALL benefit! But if nobody wants to pay for it, maybe it isn't worth so much, or maybe it needs to be...sold...as commercial software. If nobody wants to buy it, clearly, its value isn't as high as the author would like to think it is.
I tried one of those apps a few years ago. I liked it, but I didn't trust the app maker to respect the privacy of my messages. For all I knew, they could sell the company to any old sleezebag who wanted to send spam to me.
You might argue that it's no different with Google. Well, it is. For one thing, Google already knows everything about me, including my texting, so what's the difference using Google software to sync to my computer? Also, Google isn't going away, and every one of their moves is scrutinized by the world. I feel much safer with my data in Google's hands, than a company called "Pulse" or whatever other vendors are out there.
Sending texts is only one piece of the functionality of text messaging.
Being able to send texts from your computer isn't very useful, if you can't see replies on your computer.
Another feature missing from your solution is being able to sync stored messages between your phone and your computer.
Sorry, your solution doesn't work for me.
How is this any different from GMail scanning all your emails from non-consenting people?
You mean, absolutely anything, like JSLinux? https://bellard.org/jslinux/
If Javascript can run a Linux distro in your Web browser, what can't it do?