Did you read the response? What a classic case of corporate misdirection. They redefine history stealing as "segment verification", which presumably means that they are using this technique to verify that a visitor is part of a particular segment of people that advertisers are trying to reach.
Clue: It doesn't matter what you do with the information, if your process involves checking to see whether a user has visited any of a list of sites in the past, that technique is known as history stealing and it is wrong. As in unethical. As in, shame on you, and browser makers should be working very hard to prevent you from doing it.
To try to claim that "segment verification" doesn't leak personally identifiable information is also disingenuous. If you were just checking one or two sites, maybe you could make that claim. But the whole point of this exercise is verifying which marketing segments a visitor is in. The full set of those segments can be used to build a detailed profile of who the visitor is and what she does with her browser. Combine with IP address, browser version, and any number of other available factors, and you get a remarkably unique fingerprint that will be, in many cases, unique to that person.
They should just say, "Yes, we use your browsing history to determine more or less who you are. It's very clever and completely legal." But being in advertising, they can't help but try to spin their way into looking like the good guys, being harassed by evil academics. Telling a story to sell bullshit, that's the game.
I live on the 12th floor of a building in Harlem, which is mostly 6- and 8-story apartment buildings. Many of the buildings in my neighborhood participate in the "Cool Roofs" program run by the city, which gives owners a tax break (or rebate or something) for painting their roof white.
Except they don't use white paint. All of the roofs I can see are painted in a metallic-style silver color. It's really quite striking.
Markdown is a set of shorthand codes and writing practices that maps to HTML tags. It allows you to write blog posts and such using natural language in a text editor that will be correctly formatted when rendered in HTML.
Reading through the list of known issues, and none of them are really show-stoppers, just bad housekeeping. Stuff like, when you block someone, their existing posts stick around. That's actually expected behavior in some systems. I might block you for being crazy today, but still want to go back and read what you posted three years ago when you were sane.
Of course the biggest privacy issue of all is missing:
When using Google+, one company has unfettered access to your searches, page views, ad clicks, social graph, email, calendar, chats, documents, photos, location, and interests.
Apple and Microsoft have (theoretically) had access to all of this via your desktop OS for years, and so has the NSA (via AT&T) so maybe it's no big deal. Still, Google, like Facebook, is an advertising company. You are not the customer -- you are the product.
In the future, we'll actually want live news and live sports, the two areas where subscription Internet video has lagged behind cable and satellite TV.
Live video is probably the easiest problem to solve, future-wise, because support for multicast streaming is baked into ipv6. Live streams scale in a way that on-demand video doesn't -- the more people are watching a stream, the more efficient the network becomes at delivering it.
This whole BitCoin thing is fiction. An over-zealous Slashdot editor got the idea to produce original episodic content for the site, and signed up some hardware vendors and electric utilities to sponsor it. BitCoin doesn't actually exist, and anyone who claims it does is obviously part of the production team. Or one of the sponsors.
Now I can sit back and enjoy the daily BitCoin story, secure in the knowledge that it is all just entertainment, and not actually a Glenn Beck-style ploy to involve gullible Slashdot readers in an elaborate Ponzi scheme. I was starting to get worried about unnecessary power consumption and the misapplication of scientific computing clusters, but it's all just CGI, isn't it? Bravo!
Anyway, good luck guys, it's been a great series so far. Hope you win that Emmy!
Me, I want to commit suicide by having sex with a young nymphomaniac on my 115th birthday.
Oh I know! My great-granddaughters' friends are so hot!
Of course, you risk snapping both hipbones before your heart stops... and that's assuming you can get the youngster to take off your diaper in the first place.
On the other hand, if you have an evil admin, nothing will help.
Well this is the heart of the problem, isn't it?
If my company hires an evil admin, we suffer the consequences, and move on.
But if Google hires an evil admin, potentially millions of people suffer the consequences.
What's more likely: an evil admin in my staff of three, or an evil admin in Google's staff of hundreds? I'm not really picking on Goog, it could be any BIG target, like Amazon, SalesForce, Dropbox. And not just evil admins: spies are going to be attracted to big cloud shops like moths to a flame.
The "Incognito Window" option in Chrome 12 is private browsing done right. Nothing is shared with other windows / tabs. Not even session cookies.
It's not a single-site browser option, but it's as close as we may get for a while. Bravo, Google, you nailed it... EXCEPT WAIT. If you open multiple incognito windows, they all share the same set of cookies. Which is kinda fail.
The end result would be the same, all its going to do is effect a single user.
Can we retire this meme?
Nobody besides IT gives a shit if the trojan can hack into the kernel or system libraries. If it can run in user space it has access to my contacts, my photos, my browser history, my bookmarks, my email, my music, and pretty much every-fscking-thing I care about on the computer. It can send mail as me, post to websites as me, drop files in my downloads folder, and put stuff on my desktop.
I mean, great that it can't infest drivers and start servers below port 1024. But the primary user of the computer (the non-admin shlub who actually needs to get work done) is infected.
They were also helped by a Military-Industrial Complex in the west bent on exaggerating the Soviet threat to sell more weapons.
Well exactly. It probably wasn't a surprise so much as a PR blunder when the real numbers got out. As in, "Oh, sorry, I guess you could have spent more on schools and healthcare. But we really thought they were a threat!"
Meanwhile, the propaganda in the USSR was in the other direction, with big, government sanctioned peace marches. According to the Russians I've talked to, their mindset was much more defensive than our so-called Defense Department's.
Given the BSD underpinnings of OS X and iOS, a successful attack would be easily portable to all unix-like OSes.
So it doesn't really matter if Linux becomes popular or not. An exploit in OpenSSL's certificate handling, for instance, will affect Linux and Mac users alike.
Yes, but the point is that with these apps, you don't really have a choice. They connect to Google services in the background, using unencrypted channels. The end user doesn't realize that this is the case.
What kind of idiot uses unencrypted WiFi on their phones these days?
Any idiot who wanders into range of an unencrypted WiFi access point with the same SSID as one of their trusted, encrypted access points.
It's not like your phone is going to be all "Hey, why isn't this network encrypted anymore?" and refuse to connect, or even bring it to your attention.
Exactly. The RIAA has completely digital music innovation to the point where people STILL think iTunes is magical.
So what about integration with other Google Apps? - Use tracks as hold music or ringtones in Voice - Post tracks on Blogger - Add tracks to party invitations in Calendar etc.
You should be able to embed an mp3 anywhere you can put an image or video now. But will they finally have the balls to do that?
What is wrong with these guys? Do I have to write the damn thing myself?
I think we all know the answer to those questions, unfortunately: they aren't you, and yes.
The worst part of writing great software is knowing that you could build a better mousetrap, for any value of mousetrap, and at the same time realizing just how mind-numbingly long it will take you to do so. This is why good coders eventually give up and go into management.
Do you store financial, personally identifiable, or other must-be-kept-private information?
If yes, hire a pro to audit your setup and cover your ass. You can call said pro when you do get hacked to help with cleanup. If no, stay small, don't piss off your users, and stay on top of those logs.
Oh, and in either case, make sure you have current, offline backups that can be used to recover from an incident.
Even if I have to register, I can just use multiple email addresses - gmail makes that trivial, I can have "myname+nytimes1@gmail.com, myname+nytimes2@gmail.com, etc. and they all go to my inbox.
Ya know, there might be *someone* in the IT dept there who could figure out how to ignore everything after the + on a gmail address.
Of course, anyone that smart would probably want to let you get away with it.
After all, this whole "paying for news" thing sounds like a Stupidity Trap, avoidable by anyone who is even a little bit clever.
Will the subscription come without ads, or perhaps at least without any ads you would not see in the newspaper? Doubtful of course, but I'm not going to pay that kind of subscription fee and still be blinked at.
Hear, hear!
On the bright side, $15/mo is a relatively big stick that we can wield to make demands about the quality of both the content and the user interface. As it stands now, we have no economic leverage aside from the nanoamount of ad revenue that NYT will lose if you or I stop reading their rag online.
But as paying customers, we can actually demand changes. Stop showing blinky ads. Stop adding annoying user interface controls that no one asked for. Stop running stories that are obviously paid-for PR placements. These are the kinds of things that you used to be able to write in about, and get heard, when you were a paying subscriber.
And if $15/mo isn't enough to get their attention, it is now trivially easy to form a NYT Readers Union and make demands collectively. 5000 readers threatening to unsubscribe at that price is bound to get somebody's attention.
Slashdot Mirror
Did you read the response? What a classic case of corporate misdirection. They redefine history stealing as "segment verification", which presumably means that they are using this technique to verify that a visitor is part of a particular segment of people that advertisers are trying to reach.
Clue: It doesn't matter what you do with the information, if your process involves checking to see whether a user has visited any of a list of sites in the past, that technique is known as history stealing and it is wrong. As in unethical. As in, shame on you, and browser makers should be working very hard to prevent you from doing it.
To try to claim that "segment verification" doesn't leak personally identifiable information is also disingenuous. If you were just checking one or two sites, maybe you could make that claim. But the whole point of this exercise is verifying which marketing segments a visitor is in. The full set of those segments can be used to build a detailed profile of who the visitor is and what she does with her browser. Combine with IP address, browser version, and any number of other available factors, and you get a remarkably unique fingerprint that will be, in many cases, unique to that person.
They should just say, "Yes, we use your browsing history to determine more or less who you are. It's very clever and completely legal." But being in advertising, they can't help but try to spin their way into looking like the good guys, being harassed by evil academics. Telling a story to sell bullshit, that's the game.
I live on the 12th floor of a building in Harlem, which is mostly 6- and 8-story apartment buildings. Many of the buildings in my neighborhood participate in the "Cool Roofs" program run by the city, which gives owners a tax break (or rebate or something) for painting their roof white.
Except they don't use white paint. All of the roofs I can see are painted in a metallic-style silver color. It's really quite striking.
Anyway, the NYC program is here, and is pretty successful if my neighborhood is any indication: http://www.nyc.gov/html/coolroofs/html/home/home.shtml
Markdown is a set of shorthand codes and writing practices that maps to HTML tags. It allows you to write blog posts and such using natural language in a text editor that will be correctly formatted when rendered in HTML.
Called markdown because HTML is markup.
It took thousands of highly-skilled engineers millions of man-hours to piggy-back on someone else's product in such an non-innovative way!
Reading through the list of known issues, and none of them are really show-stoppers, just bad housekeeping. Stuff like, when you block someone, their existing posts stick around. That's actually expected behavior in some systems. I might block you for being crazy today, but still want to go back and read what you posted three years ago when you were sane.
Of course the biggest privacy issue of all is missing:
When using Google+, one company has unfettered access to your searches, page views, ad clicks, social graph, email, calendar, chats, documents, photos, location, and interests.
Apple and Microsoft have (theoretically) had access to all of this via your desktop OS for years, and so has the NSA (via AT&T) so maybe it's no big deal. Still, Google, like Facebook, is an advertising company. You are not the customer -- you are the product.
There's video of Stanford's autonomous vehicle doing a power slide into a parking space. Repeatably.
How much would you pay for a real-life car that handles like a Crazy Taxi?
Skid around corners, get air from hilltops, and power slide into parking spots--all without killing bystanders or other drivers. Awesome!
In the future, we'll actually want live news and live sports, the two areas where subscription Internet video has lagged behind cable and satellite TV.
Live video is probably the easiest problem to solve, future-wise, because support for multicast streaming is baked into ipv6. Live streams scale in a way that on-demand video doesn't -- the more people are watching a stream, the more efficient the network becomes at delivering it.
I just figured this out: spoiler alert.
This whole BitCoin thing is fiction. An over-zealous Slashdot editor got the idea to produce original episodic content for the site, and signed up some hardware vendors and electric utilities to sponsor it. BitCoin doesn't actually exist, and anyone who claims it does is obviously part of the production team. Or one of the sponsors.
Now I can sit back and enjoy the daily BitCoin story, secure in the knowledge that it is all just entertainment, and not actually a Glenn Beck-style ploy to involve gullible Slashdot readers in an elaborate Ponzi scheme. I was starting to get worried about unnecessary power consumption and the misapplication of scientific computing clusters, but it's all just CGI, isn't it? Bravo!
Anyway, good luck guys, it's been a great series so far. Hope you win that Emmy!
Me, I want to commit suicide by having sex with a young nymphomaniac on my 115th birthday.
Oh I know! My great-granddaughters' friends are so hot!
Of course, you risk snapping both hipbones before your heart stops... and that's assuming you can get the youngster to take off your diaper in the first place.
On the other hand, if you have an evil admin, nothing will help.
Well this is the heart of the problem, isn't it?
If my company hires an evil admin, we suffer the consequences, and move on.
But if Google hires an evil admin, potentially millions of people suffer the consequences.
What's more likely: an evil admin in my staff of three, or an evil admin in Google's staff of hundreds? I'm not really picking on Goog, it could be any BIG target, like Amazon, SalesForce, Dropbox. And not just evil admins: spies are going to be attracted to big cloud shops like moths to a flame.
The "Incognito Window" option in Chrome 12 is private browsing done right. Nothing is shared with other windows / tabs. Not even session cookies.
It's not a single-site browser option, but it's as close as we may get for a while. Bravo, Google, you nailed it... EXCEPT WAIT. If you open multiple incognito windows, they all share the same set of cookies. Which is kinda fail.
Damn! They were so close! Oh well.
I was never an Ayn Rand fan, but she nailed that one. I leave it others to argue whether it was actual prescience or the "stopped clock" effect.
Try history repeating itself. She witnessed the Russian Revolution and its subsequent twisting by Stalin first-hand.
The end result would be the same, all its going to do is effect a single user.
Can we retire this meme?
Nobody besides IT gives a shit if the trojan can hack into the kernel or system libraries. If it can run in user space it has access to my contacts, my photos, my browser history, my bookmarks, my email, my music, and pretty much every-fscking-thing I care about on the computer. It can send mail as me, post to websites as me, drop files in my downloads folder, and put stuff on my desktop.
I mean, great that it can't infest drivers and start servers below port 1024. But the primary user of the computer (the non-admin shlub who actually needs to get work done) is infected.
They were also helped by a Military-Industrial Complex in the west bent on exaggerating the Soviet threat to sell more weapons.
Well exactly. It probably wasn't a surprise so much as a PR blunder when the real numbers got out. As in, "Oh, sorry, I guess you could have spent more on schools and healthcare. But we really thought they were a threat!"
Meanwhile, the propaganda in the USSR was in the other direction, with big, government sanctioned peace marches. According to the Russians I've talked to, their mindset was much more defensive than our so-called Defense Department's.
Given the BSD underpinnings of OS X and iOS, a successful attack would be easily portable to all unix-like OSes.
So it doesn't really matter if Linux becomes popular or not. An exploit in OpenSSL's certificate handling, for instance, will affect Linux and Mac users alike.
Yes, but the point is that with these apps, you don't really have a choice. They connect to Google services in the background, using unencrypted channels. The end user doesn't realize that this is the case.
What kind of idiot uses unencrypted WiFi on their phones these days?
Any idiot who wanders into range of an unencrypted WiFi access point with the same SSID as one of their trusted, encrypted access points.
It's not like your phone is going to be all "Hey, why isn't this network encrypted anymore?" and refuse to connect, or even bring it to your attention.
Exactly. The RIAA has completely digital music innovation to the point where people STILL think iTunes is magical.
So what about integration with other Google Apps?
- Use tracks as hold music or ringtones in Voice
- Post tracks on Blogger
- Add tracks to party invitations in Calendar
etc.
You should be able to embed an mp3 anywhere you can put an image or video now. But will they finally have the balls to do that?
What is wrong with these guys? Do I have to write the damn thing myself?
I think we all know the answer to those questions, unfortunately: they aren't you, and yes.
The worst part of writing great software is knowing that you could build a better mousetrap, for any value of mousetrap, and at the same time realizing just how mind-numbingly long it will take you to do so. This is why good coders eventually give up and go into management.
I agree, totally. Even introverts can enjoy hanging out with friends for a while every day, as long as there is no pressure to do so.
It just means you take a longer nap^h^h^hbreak after lunch.
Do you store financial, personally identifiable, or other must-be-kept-private information?
If yes, hire a pro to audit your setup and cover your ass. You can call said pro when you do get hacked to help with cleanup. If no, stay small, don't piss off your users, and stay on top of those logs.
Oh, and in either case, make sure you have current, offline backups that can be used to recover from an incident.
You gotta be shittin' me!
Wow, nice bit of mil history there.
That problem solves itself -- no one actually drinks Pepsi.
But Mountain Dew--a Pepsi product--is greedily consumed by addicts worldwide.
Even if I have to register, I can just use multiple email addresses - gmail makes that trivial, I can have "myname+nytimes1@gmail.com, myname+nytimes2@gmail.com, etc. and they all go to my inbox.
Ya know, there might be *someone* in the IT dept there who could figure out how to ignore everything after the + on a gmail address.
Of course, anyone that smart would probably want to let you get away with it.
After all, this whole "paying for news" thing sounds like a Stupidity Trap, avoidable by anyone who is even a little bit clever.
Will the subscription come without ads, or perhaps at least without any ads you would not see in the newspaper? Doubtful of course, but I'm not going to pay that kind of subscription fee and still be blinked at.
Hear, hear!
On the bright side, $15/mo is a relatively big stick that we can wield to make demands about the quality of both the content and the user interface. As it stands now, we have no economic leverage aside from the nanoamount of ad revenue that NYT will lose if you or I stop reading their rag online.
But as paying customers, we can actually demand changes. Stop showing blinky ads. Stop adding annoying user interface controls that no one asked for. Stop running stories that are obviously paid-for PR placements. These are the kinds of things that you used to be able to write in about, and get heard, when you were a paying subscriber.
And if $15/mo isn't enough to get their attention, it is now trivially easy to form a NYT Readers Union and make demands collectively. 5000 readers threatening to unsubscribe at that price is bound to get somebody's attention.