Hospital e-mail should be restricted to the hospital network. If you have a legitimate need to check this e-mail from home, the hospital should provide you with a netbook or a PDA or something that allows you to do that. The device would be supported by the hospital, and could have full-disk encryption on well-tested hardware. Use VPN to connect to the hospital network. If things break, it should be easy for them to fix or to swap out.
When you're at the hospital, there should be a clear separation of the hospital (confidential) and a guest (non-confidential) network. Only hospital-owned and -supported devices get to connect to the hospital network. Your personal laptop should connect to the guest network, which should not have these security requirements.
If they're trying to be cheap by making you use personal hardware to do hospital business, you should be allowed to refuse. If they need you to have one, they can buy it for you. Netbooks are cheap and should be sufficient for what you're describing. If they still won't budge, and you cave, at least talk to a tax person to see if you can write it off the costs of the machine and your Internet access as a business expense.
Individual attitudes and corporate culture matter a LOT here. If your work culture forbids an occasional trip to Facebook or a Flash game to unwind, people are going to be opposed to the loss of privacy that working in a communal setting usually means. Culture changes are difficult and slow. Some people have attitude or distraction problems and are annoyed by every little sound that their neighbors make, to say nothing about the occasional interruption by a coworker actually taking advantage of the new work arrangement to ask a question. You should probably find a way to accommodate them.
Build flexibility into the new arrangement. This may mean giving your employees an open space with no (or half-height) cube walls, and let them decide how they want the interior arranged. This may mean new (half-height) cube walls and desk arrangements where some are pointed at walls or windows, and others are pointed at the center, or at someone else. This allows each person to create a space that's as private or accessible as they want. Create a budget for the team to decorate or furnish the space (their own desk and the shared area). Let people order headphones.
To deal with situations where people just need a break from the group and want to focus, set up wireless and put in some couches in different areas of the floor. If you live in a sunny area and have an accessible patio, put in some furniture and make sure wireless extends out there as well. Each person works differently, and while your boss might be able to measure some aggregate increase in productivity by forcing everyone into their idea of the most productive work arrangement, you're going to make some people annoyed, upset, and less productive. Try to be accommodating.
His comments cannot be extrapolated to other fields because they were specific to the Internet. Again, read the fucking interview, including the question that was asked. He was saying that every 3rd party that you provide information to records that information. Governments can and do request and receive that information, sometimes without your knowledge. This includes searches. If you don't want anyone to know what you're doing, don't do it, because you're not going to be able to hide your online behavior.
Not all requests from law enforcement for "private" information you've provided to 3rd parties on the Internet involve things that are actually illegal. Sometimes that information is abused. Sometimes it's used during the course of investigating something, but sometimes the investigators call their buddies over and have a good laugh. Sometimes that information leaks. If you don't want anyone to know what you're doing online, including searches, don't do it.
Isn't that a little like complaining because someone can see the color of the light shining through your curtains? After all, the light is inside my abode. The color of that light (which would indicate the type of bulbs I buy--that would be useful for a light bulb marketer) is just as much private information as what I chose for an SSID, right? What would you say if someone drove through your neighborhood, stopping every 100 ft, and wrote down a location and the different colors of light they saw (not even your address)?
If you're not OK beaming information through your neighborhood, either shield your residence to keep your private RF signals from leaving your abode, or stop using wireless and switch back to ethernet. It's faster, anyway. Or, alternatively, stop using an SSID that contains private information.
Yes, but they can do that with the SSIDs, which are more likely to have extra uses as you can look for common service provider SSIDs to annotate your map with, say, the nearest retail chain offering a complimentary WiFi service without having to mooch.
I think these services come and go more often than a street view car comes by to update pictures.
The only uses I can see for capturing the MACs is to tell identical SSIDs such as "LinkSys" apart
So you agree that SSIDs alone are insufficient to tell APs apart, which makes them nearly useless for geolocation. Isn't that enough of a reason, since that's what Google's stated goal is?
It is technically possible to manufacture a phone to do these things, but phones are not normally capable of doing this. Perhaps they were concerned about people bringing in fake phones, or phones that were tampered with or otherwise designed to pretend that they were off? Or maybe they've heard all of the urban legends and, being a "government" facility, they adopt security practices that assume even urban legends are true? Isn't there a phone OS out there that's open source?
Your concerns have nothing to do with the Cloud Print service and everything to do with storing your data in the cloud. If you don't want to store your data in the cloud, neither Chrome OS nor the services associated with it are for you.
For those that are OK adopting this model, your data already exists in the cloud, so adding the ability to send that data to a printer doesn't do anything to reduce your privacy.
Did you read the article? The problem has to do with the installation and management of printer drivers, effectively printing documents from a device that by its very nature has no local storage, and printing remotely (to a home or office printer while you're on the road).
This isn't going to work with any of my home or office printers unless I (at home) or the IT department (at the office) do a lot of "behind the scenes" configuration and setup to make this work.
I think the idea is that if this printing standard catches on, printers will be updated or will ship with this functionality, so that little configuration/setup should be necessary. In the mean time, a proxy can be installed on any machines that act as print servers. But you're right: this means extra setup for now (just like zeroconf/Bonjour did before it gained traction).
If I'm going to do all of that work to provide the ability to print from anywhere, why wouldn't I just us up the VPN to provide access to ALL network resources?
I think one of the ideas is to eliminate the need to use VPN. If your data is stored on "the cloud", why not have "the cloud" initiate the printing operation rather than the device? That simplifies setup and management of the device, eliminates the need for complex network configurations, VPNs, firewall holes, and the authentication/authorization mess that comes along with that.
And do it without sending potentially confidential data through some Magic Box controlled by a third party.
If the data is already stored in the cloud, the only place it's going to be sent is from the cloud to the printer. The idea behind Chrome OS is that the device shouldn't really be the repository of your data, so it will be rare to send data from the device, to the print service, and then back to your printer.
I don't think you understand what people are saying when they say "the cloud". This isn't something new that will appear only when people start using Google Chrome OS. Anything stored in Google Docs, or in Gmail, today, is considered "in the cloud". Plenty of people use these applications. If you think the cloud is evil and dangerous, feel free to hold and spread that opinion, but I think that attitude sort of precludes you from even using Chrome OS, right? Which precludes you from using any cloud printing service, right?
If you do happen to have your data in the cloud, you have two options to print it:
1) Download it to your workstation, and have your workstation print using locally-installed drivers on a locally-reachable printer; or 2) Have the cloud notify a designated "cloud-capable" printer anywhere on the Internet, which then authenticates itself to the cloud, downloads the print job, and prints it
I don't see the privacy implications between (1) and (2). Am I missing something?
How does one take those technologies and use them to print on a home or office printer while on the road? Set up a VPN? Call an "IT guy" to make sure your DSL router has all of the firewall holes it needs to allow printing over the Internet, and then have someone at home try to discover the IP address of the printer and program that into your device? What do you do about authentication/authorization? I think you're still thinking in terms of a complex, general-purpose, ultra-capable personal computing device when Google seems to be trying to push all of the actual work into the cloud. I think the idea is that you shouldn't need to worry about VPN and firewalls when all of your work is being done on central servers.
I think the idea is that since Chrome OS is intended to work with data in the cloud, it's not the device (the Chrome OS instance) that's doing the printing, it's the service running in the cloud. In other words, you click on the Print link in Google Docs, and Google Docs itself contacts Google's "Cloud Print" service, and sends the document to a cloud-enabled printer (native or via a proxy) associated with your Google account.
Hear, hear. It never ceases to amaze me how virtually every new Google "service" further erodes people's concept of privacy. And people just eat it up. If someone ever wanted to intentionally socially engineer away the concept of "privacy" to begin with, this is how to do it. Makes you wonder...
Presumably, every document being printed on Chrome OS already exists in "the cloud". What additional erosion of privacy is created by adding the ability to take those documents and send them to a printer? If you're using Google's cloud, they already have the data. If you're using someone else's "cloud", I think the idea is that they'd implement their own printing service. None of your data should be shuttled around the Internet promiscuously except to your printer. Am I missing something?
Strictness allows people to realize what isn't broken in an endless morass of crippled partial implementations.
Yes.
Eventually, things can be fixed.
Realistically, this is the part that never happens. From the perspective of a business, paying someone to generate web content, producing strictly-conforming XHTML content is more expensive than HTML tag soup, and browsers render them exactly the same way. Why should a business go the more expensive route? Are you really suggesting that the costs of not moving to XHTML are worth what we paid to send men to the moon?
Computers and the internet do not have to be something for which everyone has resigned to being broken.
As a software developer, my job is to make my software robust in its interactions with the real world. Being strict means everyone else's bugs become your problem. At some point you have to expect that it's just not practical to strive for global perfection. How many times will you close a bug as "invalid, it's the other software's fault" before your customers realize that competing products don't have these "problems" and start to use them instead?
I think this has been a solved problem for many, many years. We have the technology to burn explosive fuels without generally causing an explosion. There are also these things called fuel cells.
This only follows if the only way to obtain money is to mug someone for it. Sort of by definition, it is not possible to produce (actual) child pornography without abusing a child. It is possible to hold a legal job and obtain money that you can then give to someone that asks for it.
(The punishment amounted to more than a fine, by the way.)
Can't you say the same thing about people, though? If people commit a premeditated crime, they're usually considering the possible sentences and the risks of getting caught. For some, it's worth the risk.
You seem to be advocating a figurative death penalty regardless of the nature of the crime? Why not apply that to people as well?
The ISP shouldn't be handing out IPv6 addresses to normal end-users unless they plan on dealing with outages like they would for IPv4.
But they do, and IPv6 content providers can't fix that.
Rather than this "whitelist" idea, a better solution is simply to make more major services available via IPv6.
IPv6 content providers can't do that either. They already have their stuff available over IPv6. They can't force everyone else to do the same thing.
What you're describing sounds great, if there were such a thing as centralized control over the Internet, where you could dictate that everyone start moving to IPv6, but there isn't.
This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.
You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.
before that communications was already using SI kilo
If you're talking about "communication" terms like megabits, this is because the base is 'bit', not 'byte'. The confusion only exists when you're talking about bytes. Anything dealing with bits has always been base-10.
Until everyone operating in controlled airspace is equipped with these new instruments, there will certainly be radar coverage for those that are not, and the same rules of separation for those planes will likely continue to apply. The point is that when the controller finds that adjacent aircraft are reporting high-resolution positions, the controller can rely on that and decrease separation between them safely, while maintaining more conservative separation between the aircraft not capable of high-resolution positions (observed via radar). This will have the biggest impact in class A airspace, since you can't fly VFR there anyway, so in theory every aircraft in class A airspace will have the legal minimum instruments. There are existing rules about what pilots need to do when their instruments fail during an IFR flight, and there will continue to be similar rules that will apply to this new system.
You know what else doesn't work over long ocean routes? Radios, curve of the Earth prevents communication with land stations
Shouldn't aircraft over the ocean be equipped with HF radios? HF radio waves are ducted by the atmosphere and allow communication to land stations without a direct line of sight.
clearly don't understand why aircraft spacing over the ocean is like it is. They can't see or communicate with each other easy, GPS does nothing at all to change that,
Doesn't ADS-B broadcast those GPS positions to any nearby aircraft? If two aircraft are close enough for a collision risk, they're close enough to receive each other's ADS-B messages. If you're panicking because of the probability that a plane could completely lose electrical, over the ocean, and there's no way for you to see them at night or in IMC, we already have that problem today. Is this really any worse?
"primary radar OTS", so a lost transponder means invisible.
If a lost transponder implies invisible, then what does a working transponder buy you? Mode C transponders don't report position, only altitude. How are you "visible" to ATC with a transponder but no radar coverage?
Slashdot Mirror
Hospital e-mail should be restricted to the hospital network. If you have a legitimate need to check this e-mail from home, the hospital should provide you with a netbook or a PDA or something that allows you to do that. The device would be supported by the hospital, and could have full-disk encryption on well-tested hardware. Use VPN to connect to the hospital network. If things break, it should be easy for them to fix or to swap out.
When you're at the hospital, there should be a clear separation of the hospital (confidential) and a guest (non-confidential) network. Only hospital-owned and -supported devices get to connect to the hospital network. Your personal laptop should connect to the guest network, which should not have these security requirements.
If they're trying to be cheap by making you use personal hardware to do hospital business, you should be allowed to refuse. If they need you to have one, they can buy it for you. Netbooks are cheap and should be sufficient for what you're describing. If they still won't budge, and you cave, at least talk to a tax person to see if you can write it off the costs of the machine and your Internet access as a business expense.
Individual attitudes and corporate culture matter a LOT here. If your work culture forbids an occasional trip to Facebook or a Flash game to unwind, people are going to be opposed to the loss of privacy that working in a communal setting usually means. Culture changes are difficult and slow. Some people have attitude or distraction problems and are annoyed by every little sound that their neighbors make, to say nothing about the occasional interruption by a coworker actually taking advantage of the new work arrangement to ask a question. You should probably find a way to accommodate them.
Build flexibility into the new arrangement. This may mean giving your employees an open space with no (or half-height) cube walls, and let them decide how they want the interior arranged. This may mean new (half-height) cube walls and desk arrangements where some are pointed at walls or windows, and others are pointed at the center, or at someone else. This allows each person to create a space that's as private or accessible as they want. Create a budget for the team to decorate or furnish the space (their own desk and the shared area). Let people order headphones.
To deal with situations where people just need a break from the group and want to focus, set up wireless and put in some couches in different areas of the floor. If you live in a sunny area and have an accessible patio, put in some furniture and make sure wireless extends out there as well. Each person works differently, and while your boss might be able to measure some aggregate increase in productivity by forcing everyone into their idea of the most productive work arrangement, you're going to make some people annoyed, upset, and less productive. Try to be accommodating.
His comments cannot be extrapolated to other fields because they were specific to the Internet. Again, read the fucking interview, including the question that was asked. He was saying that every 3rd party that you provide information to records that information. Governments can and do request and receive that information, sometimes without your knowledge. This includes searches. If you don't want anyone to know what you're doing, don't do it, because you're not going to be able to hide your online behavior.
Not all requests from law enforcement for "private" information you've provided to 3rd parties on the Internet involve things that are actually illegal. Sometimes that information is abused. Sometimes it's used during the course of investigating something, but sometimes the investigators call their buddies over and have a good laugh. Sometimes that information leaks. If you don't want anyone to know what you're doing online, including searches, don't do it.
Isn't that a little like complaining because someone can see the color of the light shining through your curtains? After all, the light is inside my abode. The color of that light (which would indicate the type of bulbs I buy--that would be useful for a light bulb marketer) is just as much private information as what I chose for an SSID, right? What would you say if someone drove through your neighborhood, stopping every 100 ft, and wrote down a location and the different colors of light they saw (not even your address)?
If you're not OK beaming information through your neighborhood, either shield your residence to keep your private RF signals from leaving your abode, or stop using wireless and switch back to ethernet. It's faster, anyway. Or, alternatively, stop using an SSID that contains private information.
They've enabled locations in HTML5.
Yes, but they can do that with the SSIDs, which are more likely to have extra uses as you can look for common service provider SSIDs to annotate your map with, say, the nearest retail chain offering a complimentary WiFi service without having to mooch.
I think these services come and go more often than a street view car comes by to update pictures.
The only uses I can see for capturing the MACs is to tell identical SSIDs such as "LinkSys" apart
So you agree that SSIDs alone are insufficient to tell APs apart, which makes them nearly useless for geolocation. Isn't that enough of a reason, since that's what Google's stated goal is?
It is technically possible to manufacture a phone to do these things, but phones are not normally capable of doing this. Perhaps they were concerned about people bringing in fake phones, or phones that were tampered with or otherwise designed to pretend that they were off? Or maybe they've heard all of the urban legends and, being a "government" facility, they adopt security practices that assume even urban legends are true? Isn't there a phone OS out there that's open source?
Congratulations, you've just described the very thing that Google is announcing.
http://www.chromium.org/developers/design-documents/google-cloud-print-proxy-design
I think the idea is that, in the future, printers will start to implement these services natively, eliminating the need for such a proxy.
Your concerns have nothing to do with the Cloud Print service and everything to do with storing your data in the cloud. If you don't want to store your data in the cloud, neither Chrome OS nor the services associated with it are for you.
For those that are OK adopting this model, your data already exists in the cloud, so adding the ability to send that data to a printer doesn't do anything to reduce your privacy.
Did you read the article? The problem has to do with the installation and management of printer drivers, effectively printing documents from a device that by its very nature has no local storage, and printing remotely (to a home or office printer while you're on the road).
This isn't going to work with any of my home or office printers unless I (at home) or the IT department (at the office) do a lot of "behind the scenes" configuration and setup to make this work.
I think the idea is that if this printing standard catches on, printers will be updated or will ship with this functionality, so that little configuration/setup should be necessary. In the mean time, a proxy can be installed on any machines that act as print servers. But you're right: this means extra setup for now (just like zeroconf/Bonjour did before it gained traction).
If I'm going to do all of that work to provide the ability to print from anywhere, why wouldn't I just us up the VPN to provide access to ALL network resources?
I think one of the ideas is to eliminate the need to use VPN. If your data is stored on "the cloud", why not have "the cloud" initiate the printing operation rather than the device? That simplifies setup and management of the device, eliminates the need for complex network configurations, VPNs, firewall holes, and the authentication/authorization mess that comes along with that.
And do it without sending potentially confidential data through some Magic Box controlled by a third party.
If the data is already stored in the cloud, the only place it's going to be sent is from the cloud to the printer. The idea behind Chrome OS is that the device shouldn't really be the repository of your data, so it will be rare to send data from the device, to the print service, and then back to your printer.
I don't think you understand what people are saying when they say "the cloud". This isn't something new that will appear only when people start using Google Chrome OS. Anything stored in Google Docs, or in Gmail, today, is considered "in the cloud". Plenty of people use these applications. If you think the cloud is evil and dangerous, feel free to hold and spread that opinion, but I think that attitude sort of precludes you from even using Chrome OS, right? Which precludes you from using any cloud printing service, right?
If you do happen to have your data in the cloud, you have two options to print it:
1) Download it to your workstation, and have your workstation print using locally-installed drivers on a locally-reachable printer; or
2) Have the cloud notify a designated "cloud-capable" printer anywhere on the Internet, which then authenticates itself to the cloud, downloads the print job, and prints it
I don't see the privacy implications between (1) and (2). Am I missing something?
How does one take those technologies and use them to print on a home or office printer while on the road? Set up a VPN? Call an "IT guy" to make sure your DSL router has all of the firewall holes it needs to allow printing over the Internet, and then have someone at home try to discover the IP address of the printer and program that into your device? What do you do about authentication/authorization? I think you're still thinking in terms of a complex, general-purpose, ultra-capable personal computing device when Google seems to be trying to push all of the actual work into the cloud. I think the idea is that you shouldn't need to worry about VPN and firewalls when all of your work is being done on central servers.
I think the idea is that since Chrome OS is intended to work with data in the cloud, it's not the device (the Chrome OS instance) that's doing the printing, it's the service running in the cloud. In other words, you click on the Print link in Google Docs, and Google Docs itself contacts Google's "Cloud Print" service, and sends the document to a cloud-enabled printer (native or via a proxy) associated with your Google account.
Hear, hear. It never ceases to amaze me how virtually every new Google "service" further erodes people's concept of privacy. And people just eat it up. If someone ever wanted to intentionally socially engineer away the concept of "privacy" to begin with, this is how to do it. Makes you wonder...
Presumably, every document being printed on Chrome OS already exists in "the cloud". What additional erosion of privacy is created by adding the ability to take those documents and send them to a printer? If you're using Google's cloud, they already have the data. If you're using someone else's "cloud", I think the idea is that they'd implement their own printing service. None of your data should be shuttled around the Internet promiscuously except to your printer. Am I missing something?
Strictness allows people to realize what isn't broken in an endless morass of crippled partial implementations.
Yes.
Eventually, things can be fixed.
Realistically, this is the part that never happens. From the perspective of a business, paying someone to generate web content, producing strictly-conforming XHTML content is more expensive than HTML tag soup, and browsers render them exactly the same way. Why should a business go the more expensive route? Are you really suggesting that the costs of not moving to XHTML are worth what we paid to send men to the moon?
Computers and the internet do not have to be something for which everyone has resigned to being broken.
As a software developer, my job is to make my software robust in its interactions with the real world. Being strict means everyone else's bugs become your problem. At some point you have to expect that it's just not practical to strive for global perfection. How many times will you close a bug as "invalid, it's the other software's fault" before your customers realize that competing products don't have these "problems" and start to use them instead?
I think this has been a solved problem for many, many years. We have the technology to burn explosive fuels without generally causing an explosion. There are also these things called fuel cells.
This only follows if the only way to obtain money is to mug someone for it. Sort of by definition, it is not possible to produce (actual) child pornography without abusing a child. It is possible to hold a legal job and obtain money that you can then give to someone that asks for it.
Kindly RTFA.
(The punishment amounted to more than a fine, by the way.)
Can't you say the same thing about people, though? If people commit a premeditated crime, they're usually considering the possible sentences and the risks of getting caught. For some, it's worth the risk.
You seem to be advocating a figurative death penalty regardless of the nature of the crime? Why not apply that to people as well?
But they do, and IPv6 content providers can't fix that.
IPv6 content providers can't do that either. They already have their stuff available over IPv6. They can't force everyone else to do the same thing.
What you're describing sounds great, if there were such a thing as centralized control over the Internet, where you could dictate that everyone start moving to IPv6, but there isn't.
This is to deal with cases where an ISP sets up "trial" or "beta" IPv6 services for their users, and they don't support it as well as their existing IPv4 service. They might have an IPv6 outage for hours or days, but nobody cares because it's just a trial, right? Meanwhile, the user is having an awful experience trying to pull up www.google.com, and they don't know why, and since every other web site seems to come up without a problem (because they're all still on IPv4), they conclude that it's a problem with Google.
You can avoid much of this by whitelisting ISPs that have demonstrated that they actually care about IPv6.
If you're talking about "communication" terms like megabits, this is because the base is 'bit', not 'byte'. The confusion only exists when you're talking about bytes. Anything dealing with bits has always been base-10.
Until everyone operating in controlled airspace is equipped with these new instruments, there will certainly be radar coverage for those that are not, and the same rules of separation for those planes will likely continue to apply. The point is that when the controller finds that adjacent aircraft are reporting high-resolution positions, the controller can rely on that and decrease separation between them safely, while maintaining more conservative separation between the aircraft not capable of high-resolution positions (observed via radar). This will have the biggest impact in class A airspace, since you can't fly VFR there anyway, so in theory every aircraft in class A airspace will have the legal minimum instruments. There are existing rules about what pilots need to do when their instruments fail during an IFR flight, and there will continue to be similar rules that will apply to this new system.
Shouldn't aircraft over the ocean be equipped with HF radios? HF radio waves are ducted by the atmosphere and allow communication to land stations without a direct line of sight.
Doesn't ADS-B broadcast those GPS positions to any nearby aircraft? If two aircraft are close enough for a collision risk, they're close enough to receive each other's ADS-B messages. If you're panicking because of the probability that a plane could completely lose electrical, over the ocean, and there's no way for you to see them at night or in IMC, we already have that problem today. Is this really any worse?
If a lost transponder implies invisible, then what does a working transponder buy you? Mode C transponders don't report position, only altitude. How are you "visible" to ATC with a transponder but no radar coverage?