The same reason behind Chrome, Android, Google Public DNS, etc. The idea is to make the Internet better, faster, more open, and with more users. I think the idea is that this translates into more usage of (better, faster) Google products.
The one time I did have a short outage, the DSL went too, so it would have killed a "pure" land line
Not all DSL outages are caused by power events (mitigated by a UPS) or a cut line (also killing an analog phone line). A line could become noisy or the DSL equipment itself could suffer a hardware problem. These will easily kill Internet connectivity without affecting the voice capabilities of the line. To add my own anecdote, I've had three DSL (AT&T Uverse) outages in the last year of >12h duration that were not power-related and where the line itself could still support analog voice calls.
At the very least, if you're going to run your own DNS server, have it forward queries to a DNS server that actually sees a lot of traffic. Otherwise, when you visit your popular web sites, their DNS records with low TTLs will be stale and require a trip to the Internet to resolve. Even if your ISP's DNS servers are slow and distant, they probably still see a lot of use from the ISP's other customers, and likely have all of your popular web sites' DNS records freshly cached.
So Google is telling a bald-faced lie when they say this data will not be used or aggregated in any way outside of DNS, personally identifiable information will be deleted after 48 hours, and only a random sampling of the resulting anonymized data kept permanently?
Gaming is still up in the air, but they're not stupid, and I'm sure they've considered the need.
High-performance gaming is likely out of scope for devices of the size and performance that Google seems to be looking at. But for those that say that this is a reason a PC alternative won't take off, consider that there are plenty of people already using dedicated gaming consoles like the Xbox and PS3. With a dedicated gaming console, and a dedicated web device, the reasons I need to go into the office to fire up my PC start to dwindle...
Consumers won't be able to download Google Chrome OS. Anyone can freely download the source to Chromium OS, and any builds produced from Chromium OS. At least that's how I read it.
All apps on Chrome OS are web apps, not just Google apps. Being open source, you're free to use whatever cloud(s) you want, or hard-wire it to only use applications hosted on your own web servers.
Joe can read his mail and continue on with his work - or play - even when his Internet connection or Google's servers are down for the count.
Isn't that what Gears (or whatever its Chrome version is called) is for? To allow the application to load and interact with cached data, and do a bidirectional sync-up when connectivity is restored? You can't receive new e-mail in Outlook either when your network connection is down.
The Google OS is lock-in on a scale that Apple and Microsoft have never even contemplated.
Could you explain this a little more? Google certainly isn't blocking access to web pages that aren't hosted at google.com, and all applications on Chrome OS are web applications, right? I'm not following this objection, sorry.
It interests me that the geek is comfortable with the Monolith so long as it is his own creation.
I look at it more from the perspective that Google is trying to engineer a new class of device. I don't care about the inner workings of every consumer electronics device in my house, nor do I care that my DVR or microwave oven can't run arbitrary applications. Google is betting that most people will be happy running web apps on a cheap, fast, secure web appliance. Some people have a legitimate need for a "real" computer capable of running "real" applications. Others are just set in their ways and unable to imagine a need for these newfangled gizmos. For these people, normal PCs will continue to exist.
That's great for the apps, but what of the OS itself, the sandbox VM, drivers, browser etc. Are you saying they will never have security holes and need replacing?
The OS is stripped down to the essentials. Drivers are minimal. Conceivably, you're right: there could be some vulnerability that allows someone to mess with the OS, the VM, drivers, etc. I fully expect that with Google's approach here, these vulnerabilities will be far fewer and far less impactful than you would see with a full-fledged OS. This would suggest that any security updates you might need will be infrequent (cf. Xbox 360 or OTA OS updates on a cell phone).
Except there will be processes in memory with execute permission and there will be security holes and buffer overflows and some form of persistent storage somewhere. Saying there will never be a virus is naive.
There's a difference between having an exploitable flaw in an application, and having a piece of code able to abuse that flaw to self-propagate. With the right security model, you can reduce the impact of every one of these types of flaws to a mere denial of service. Before, if you visited the wrong web site, you got 0wned and a rootkit in place before you could blink an eye. With Chrome OS, I believe the promise is that the same type of web site simply crashes your browser (or the OS). The device resets itself (in seconds) and you're back where you started.
Yeah, the OS will be open, but what of their web apps? How will we find the backdoors and trojans in them?
The same way we find them today? These "web apps" aren't some new invention that comes with Chrome OS.
At the same time DNSSEC obsoletes SSL certificate authorities.
DNSSEC only allows authentication of a hostname. It's more useful to be able to authenticate a domain name with a real-world identity, however, which still (today) relies on trusted third parties signing certificates with those real-world identities.
This all lead to NSEC3, where you can sign each subdomain individually and thereby preserve the business model of charging each client.
??? NSEC3 is just an extension of NSEC (authenticated NXDOMAIN). It has nothing to do with signing subdomains. The whole signature delegation thing has been in DNSSEC since the beginning, since that's how you get from the root to the GTLDs, and from the GTLDs to the second-level domains. There's nothing special/magical/new about continuing that chain of delegation.
According to http://code.google.com/opensource/, Google has released 1M lines of source code across 100 projects. Are you disappointed in the volume of contributions, or because they aren't releasing software that you're interested in? Sure, Google could open source their entire search product, but that's kind of a critical part of their revenue stream, yeah?
It always amazes me that people can be against a regulation that costs almost nothing and saves lives. If you could catch a serial killer for almost no investment, you'd do it.
Please quantify "almost nothing", the number of "lives" saved, and the value of a human life. The latter is subjective, of course, but critical in determining whether a regulation intended to save lives is worth the cost.
Some would say that $1 is "almost no investment". So should we tax the entire population of the US (300M people), and spend that 300M to catch a single serial killer? Maybe save 5 lives? But it's just $1 right? Surely $1 is worth 5 lives!
They are not able to meet the SLA's required for a business
Citation needed. What theoretical "business-class" SLA are you holding Google to, and can you demonstrate that they haven't met it? Doing some hand waving about two or three outages this year, without quantifying how long they were, or what percentage of users were affected, is insufficient.
but this could seriously interrupt procedures - what if cases weren't tried in due time?
If unusually high availability of e-mail/documents is truly that important, if the brief unavailability of these services would bring justice to its knees, then I might question any decision not to invest in a hyper-available infrastructure. Simply not moving to Google Apps wouldn't be enough, in this case. I would expect the government to construct their own infrastructure with multiple levels of redundancy and code diversity, redundant networks and power systems. Obviously, they aren't going to do that. I strongly suspect (but, I admit, don't know for sure) that the city is choosing between managing a "standard" business-class infrastructure, and Google. If you're truly asserting that Google Apps does a poorer job than a typical business setup, I'd appreciate seeing some actual numbers to back up your assertion.
Duncan was talking about the schedule of the school year. He's implying that the 3-month summer vacation was, historically, intended to allow children to help with the harvest (a popularly held view, though I'm not sure it's accurate). He's simply saying that children don't do that anymore and that it's time we revised the structure of the school year.
Don't schools get some of their educational funding from the federal government? The same tactic can apply here, just like you suggest: "Make your school years longer, or you don't get federal funding."
I personally hate the fact that the federal government, unable to find the authority to legislate something, can instead just raise taxes, and redistribute those taxes back to those states that agree to their terms. I'm all for taxing everyone to raise the standard of education in poor states (that otherwise wouldn't be able to afford it), but that shouldn't come with strings attached. Every state and locality is different, with different cultures and different problems with education. Having the federal government make everyone's education decisions is too nanny-state for me.
Indeed, but the problem we have here is that the bank is going to do whatever the customer asks. If the bank takes a hard line on insecurely e-mailing customers loan details, and the customer wants to deal over gmail, for instance, they're likely to walk away and go to another "e-mail friendly" bank. People think insecure e-mail is "good enough", so customer demand will drive the bank's behavior.
If a particularly saavy customer said, "I prefer that this be encrypted," then the bank should try to accommodate them. (That being said, I'd be interested to see what bank employees would do if you walked in and wanted to exchange PGP keys.)
I think you have misunderstood the original poster's question:
G-Mail? Why is the bank sending sensitive customer information to an email account hosted by a provider known for rifling though it's user's emails for information?
The poster is not asking why 1300 bits of sensitive account details were e-mailed. That would be a stupid question, because it's explicitly discussed in the article and the summary, and should be obvious to anyone with half a brain (and perhaps that's why you're so annoyed with the poster and are responding in the manner in which you are).
Instead, the poster is asking why "sensitive customer information" generally is going to an address at an insecure web mail service. This interpretation becomes clearer if you take in the poster's chosen title along with the content of the post. That is a more interesting question, with a more nuanced answer.
I realize that a lot of Slashdot posters are idiots, but it helps if you don't assume that all of them are.
This is exactly why local e-mail hosting is probably one of the worst ideas to come about. There was a distinct reason that computing moved from a locally-supported model to a centralized one. Imagine being in the position that you were depending upon your local mail server for your small to medium sized business and you can no longer take orders and communicate with vendors and customers. I could imagine the loss would be quite heavy and the impact felt. This is why it is always better to do a thorough cost-benefit analysis, estimate likely downtime in either scenario, and outsource when it makes sense to do so.
Slashdot Mirror
The same reason behind Chrome, Android, Google Public DNS, etc. The idea is to make the Internet better, faster, more open, and with more users. I think the idea is that this translates into more usage of (better, faster) Google products.
The one time I did have a short outage, the DSL went too, so it would have killed a "pure" land line
Not all DSL outages are caused by power events (mitigated by a UPS) or a cut line (also killing an analog phone line). A line could become noisy or the DSL equipment itself could suffer a hardware problem. These will easily kill Internet connectivity without affecting the voice capabilities of the line. To add my own anecdote, I've had three DSL (AT&T Uverse) outages in the last year of >12h duration that were not power-related and where the line itself could still support analog voice calls.
At the very least, if you're going to run your own DNS server, have it forward queries to a DNS server that actually sees a lot of traffic. Otherwise, when you visit your popular web sites, their DNS records with low TTLs will be stale and require a trip to the Internet to resolve. Even if your ISP's DNS servers are slow and distant, they probably still see a lot of use from the ISP's other customers, and likely have all of your popular web sites' DNS records freshly cached.
This would require that their privacy policy be a bald-faced lie:
http://code.google.com/speed/public-dns/privacy.html
Possible, yes, but we've now entered the realm of a conspiracy theory.
So Google is telling a bald-faced lie when they say this data will not be used or aggregated in any way outside of DNS, personally identifiable information will be deleted after 48 hours, and only a random sampling of the resulting anonymized data kept permanently?
http://code.google.com/speed/public-dns/privacy.html
Why would it not?
Why?
High-performance gaming is likely out of scope for devices of the size and performance that Google seems to be looking at. But for those that say that this is a reason a PC alternative won't take off, consider that there are plenty of people already using dedicated gaming consoles like the Xbox and PS3. With a dedicated gaming console, and a dedicated web device, the reasons I need to go into the office to fire up my PC start to dwindle...
Why does it have to be on Google's servers? Why doesn't Apple just create a web version of iTunes?
Personally, both my work and play are heavily Internet-oriented, so when the network goes down, my PC sits idle anyway.
Consumers won't be able to download Google Chrome OS. Anyone can freely download the source to Chromium OS, and any builds produced from Chromium OS. At least that's how I read it.
All apps on Chrome OS are web apps, not just Google apps. Being open source, you're free to use whatever cloud(s) you want, or hard-wire it to only use applications hosted on your own web servers.
Isn't that what Gears (or whatever its Chrome version is called) is for? To allow the application to load and interact with cached data, and do a bidirectional sync-up when connectivity is restored? You can't receive new e-mail in Outlook either when your network connection is down.
Could you explain this a little more? Google certainly isn't blocking access to web pages that aren't hosted at google.com, and all applications on Chrome OS are web applications, right? I'm not following this objection, sorry.
I look at it more from the perspective that Google is trying to engineer a new class of device. I don't care about the inner workings of every consumer electronics device in my house, nor do I care that my DVR or microwave oven can't run arbitrary applications. Google is betting that most people will be happy running web apps on a cheap, fast, secure web appliance. Some people have a legitimate need for a "real" computer capable of running "real" applications. Others are just set in their ways and unable to imagine a need for these newfangled gizmos. For these people, normal PCs will continue to exist.
The OS is stripped down to the essentials. Drivers are minimal. Conceivably, you're right: there could be some vulnerability that allows someone to mess with the OS, the VM, drivers, etc. I fully expect that with Google's approach here, these vulnerabilities will be far fewer and far less impactful than you would see with a full-fledged OS. This would suggest that any security updates you might need will be infrequent (cf. Xbox 360 or OTA OS updates on a cell phone).
There's a difference between having an exploitable flaw in an application, and having a piece of code able to abuse that flaw to self-propagate. With the right security model, you can reduce the impact of every one of these types of flaws to a mere denial of service. Before, if you visited the wrong web site, you got 0wned and a rootkit in place before you could blink an eye. With Chrome OS, I believe the promise is that the same type of web site simply crashes your browser (or the OS). The device resets itself (in seconds) and you're back where you started.
The same way we find them today? These "web apps" aren't some new invention that comes with Chrome OS.
DNSSEC only allows authentication of a hostname. It's more useful to be able to authenticate a domain name with a real-world identity, however, which still (today) relies on trusted third parties signing certificates with those real-world identities.
??? NSEC3 is just an extension of NSEC (authenticated NXDOMAIN). It has nothing to do with signing subdomains. The whole signature delegation thing has been in DNSSEC since the beginning, since that's how you get from the root to the GTLDs, and from the GTLDs to the second-level domains. There's nothing special/magical/new about continuing that chain of delegation.
According to http://code.google.com/opensource/, Google has released 1M lines of source code across 100 projects. Are you disappointed in the volume of contributions, or because they aren't releasing software that you're interested in? Sure, Google could open source their entire search product, but that's kind of a critical part of their revenue stream, yeah?
Please quantify "almost nothing", the number of "lives" saved, and the value of a human life. The latter is subjective, of course, but critical in determining whether a regulation intended to save lives is worth the cost.
Some would say that $1 is "almost no investment". So should we tax the entire population of the US (300M people), and spend that 300M to catch a single serial killer? Maybe save 5 lives? But it's just $1 right? Surely $1 is worth 5 lives!
Citation needed. What theoretical "business-class" SLA are you holding Google to, and can you demonstrate that they haven't met it? Doing some hand waving about two or three outages this year, without quantifying how long they were, or what percentage of users were affected, is insufficient.
If unusually high availability of e-mail/documents is truly that important, if the brief unavailability of these services would bring justice to its knees, then I might question any decision not to invest in a hyper-available infrastructure. Simply not moving to Google Apps wouldn't be enough, in this case. I would expect the government to construct their own infrastructure with multiple levels of redundancy and code diversity, redundant networks and power systems. Obviously, they aren't going to do that. I strongly suspect (but, I admit, don't know for sure) that the city is choosing between managing a "standard" business-class infrastructure, and Google. If you're truly asserting that Google Apps does a poorer job than a typical business setup, I'd appreciate seeing some actual numbers to back up your assertion.
Duncan was talking about the schedule of the school year. He's implying that the 3-month summer vacation was, historically, intended to allow children to help with the harvest (a popularly held view, though I'm not sure it's accurate). He's simply saying that children don't do that anymore and that it's time we revised the structure of the school year.
Don't schools get some of their educational funding from the federal government? The same tactic can apply here, just like you suggest: "Make your school years longer, or you don't get federal funding."
I personally hate the fact that the federal government, unable to find the authority to legislate something, can instead just raise taxes, and redistribute those taxes back to those states that agree to their terms. I'm all for taxing everyone to raise the standard of education in poor states (that otherwise wouldn't be able to afford it), but that shouldn't come with strings attached. Every state and locality is different, with different cultures and different problems with education. Having the federal government make everyone's education decisions is too nanny-state for me.
http://www.youtube.com/watch?v=Itc4253kjhw
Indeed, but the problem we have here is that the bank is going to do whatever the customer asks. If the bank takes a hard line on insecurely e-mailing customers loan details, and the customer wants to deal over gmail, for instance, they're likely to walk away and go to another "e-mail friendly" bank. People think insecure e-mail is "good enough", so customer demand will drive the bank's behavior.
If a particularly saavy customer said, "I prefer that this be encrypted," then the bank should try to accommodate them. (That being said, I'd be interested to see what bank employees would do if you walked in and wanted to exchange PGP keys.)
I think you have misunderstood the original poster's question:
The poster is not asking why 1300 bits of sensitive account details were e-mailed. That would be a stupid question, because it's explicitly discussed in the article and the summary, and should be obvious to anyone with half a brain (and perhaps that's why you're so annoyed with the poster and are responding in the manner in which you are).
Instead, the poster is asking why "sensitive customer information" generally is going to an address at an insecure web mail service. This interpretation becomes clearer if you take in the poster's chosen title along with the content of the post. That is a more interesting question, with a more nuanced answer.
I realize that a lot of Slashdot posters are idiots, but it helps if you don't assume that all of them are.
In other words, you're exactly as well off as you would be without Google Health in the first place, right?
This is exactly why local e-mail hosting is probably one of the worst ideas to come about. There was a distinct reason that computing moved from a locally-supported model to a centralized one. Imagine being in the position that you were depending upon your local mail server for your small to medium sized business and you can no longer take orders and communicate with vendors and customers. I could imagine the loss would be quite heavy and the impact felt. This is why it is always better to do a thorough cost-benefit analysis, estimate likely downtime in either scenario, and outsource when it makes sense to do so.