Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re: Irony on Yahoo Wants To Know If FBI Ordered Yahoo To Scan Emails (onthewire.io) · · Score: 1

    They obviously know, but are legally forbidden from commenting.

    Maybe.

    I think people often forget that corporations are about the furthest thing possible from monolithic. It's entirely possible for one organization within a corporation to receive a request that is within its own ability and authority and to handle it without bothering to tell anyone else, or with only brief consultations with legal, who may not have kept any records. Given government secrecy requests/demands, that possibility grows even more likely. Further, corporations aren't static. They're constantly reorganized and even without reorgs people move around a lot, and even leave the company. There are some records of what people and organizations do, but they're usually scattered and almost never comprehensive.

    It's entirely possible that they did something like this, that the system was installed and later removed, and that the only people who know about it have left the company or aren't speaking up because they were told at the time that they could never speak about it, and that the organization that was responsible for doing it and/or undoing it no longer even exists. It's possible that Yahoo's leadership's only option for finding out whether it happened is to scan old email to see if anyone discussed it via email (which may not have happened; see "government secrecy requests/demands") or to look in system configuration changleogs to find out if the system was ever deployed (and it may have been hidden under an innocuous-sounding name)... or to ask the government if the request was ever made.

    Of course, my supposition here depends on a culture of cooperation with the government. I don't know if that existed at Yahoo. I think most of the major tech corporations at this point have a strong bias towards NON-cooperation, which would cause any request like this to go immediately to legal who would immediately notify the relevant C-level execs. But I have worked for corporations where the scenario I describe is totally plausible.

  2. Re:Warrant canary on Chrome For Android Gets Its Own Canary Channel (betanews.com) · · Score: 1

    I was expecting a Warrant canary. e.g. something to say they have not yet been been given secret orders by the NSA/CIA to install a backdoor for spying on users.

    Like Apple used to have. Is there some reason Google cannot do that?

    I think their absence of an existing Warrant Canary speaks volumes. (That is - they've already been issued such an order or warrant.)

    Google's head lawyer, David Drummond, has explicitly said that Google has done no such thing. Of course, if the government could order him to lie, then that doesn't mean anything. But if the government could order corporations to lie, then it could order them to publish a false warrant canary statement.

  3. Re: I hope Apple Pay will die on Apple is 'Intransigent, Closed and Controlling' Say Banks (afr.com) · · Score: 1

    I'm sorry but that's just not true. The two systems are vastly different in implementation. Google are acting as a financial intermediary for every transaction through use of a "virtual credit card" which is what is on your phone and what the vendors see (they never see your actual cards as they are only on Google'a servers). As a result, Google have access and knowledge of every detail of every transaction you make using their system. This aligns with their panopticon business model. By effectively acting as a middleman financial institution they don't need any agreement with banks etc. Every transaction you make actually becomes two 1. Google pays vendor, 2. Google charges your bank.

    Your information is out of date.

    What you say was the mechanism that Google Wallet used, in its second version. The evolution of Google's NFC payment system went as follows:

    1. The initial release used a secure element (essentially a smart card chip) and installed your actual credit card information in the SE, using the standardized EMV solution straight up. (EMV is EuroPay/Mastercard/Visa, a consortium that creates payment standards). Initially only Chase cards were supported because this approach requires support from the issuer.

    In this version Google was not a middleman.

    2. Due to banks being very slow to get on board with SE-based NFC payments, and due to lots of opposition from carriers (who wanted to become the new payments infrastructure, see ISIS/SoftPay), Google abandoned the SE-based solution and invented something called Host Card Emulation (HCE). In this model, your actual credit card information was kept off the phone entirely, stored only in Google's servers. A proxy card was used to make payments at the point of sale, using pre-computed single-use cryptographic tokens computed on the server and stored on the phone. The proxy card allowed Google Wallet to support any and all credit and debit cards -- in theory any payment mechanism that Google's back-end payment infrastructure could support.

    In this version Google acted as a middleman, as you say.

    3. AndroidPay deployed after ApplePay and uses a payment architecture very similar to ApplePay, called "network tokenization". The idea is that the interchange networks can produce cryptographic credentials which can be validated by the network, which then passes the validated transaction back to the card issuer. This means that the issuing banks have dramatically less work to do to support NFC payments than in the original EMV-specified model (the one used by Google Wallet). Network tokenization was under development when Google Pay deployed initially, but far from ready to go. Apple waited until it was before launching, and as soon as it was available Google shifted to it as well. They still work somewhat differently, in that Apple uses long-lived multi-use tokens stored in the secure enclave, while Google uses short-lived, single-use tokens stored in Android, and encrypted with a key kept only in RAM and re-downloaded after each reboot.

    In this version Google is no longer a middleman.

    I expect that a future iteration of AndroidPay will shift to using tokens stored in the Trusted Execution Environment (TEE), discarding the RAM-only key, but that will have to wait until all of the devices using AndroidPay have the TEE with the necessary software.

  4. Re:It's actually worse than you think on UK Police Begins Deployment of 22,000 Police Body Cameras (thestack.com) · · Score: 1

    On the other hand, I agree that there needs to be a rule requiring officers to turn the cameras on -- but I don't think that arrests without the camera on should be invalid. Police have been making valid arrests without cameras for a long time.

    Over time, that may take care of itself. When judges and juries become accustomed to always having footage of the arrest, often from multiple angles, they may begin to consciously or unconsciously discount the officer's statements if not supported by video evidence.

    Also, unless they have a very specific reason to turn it off, most cops will realize they're better off having it on because the fact that they're not recording doesn't mean someone *else* isn't, and that someone else may well produce carefully selected out-of-context footage that shows the officer in a bad light. In various articles I've read from around the US, police on the street are overwhelmingly in favor of body cameras. They feel like the cameras do more to protect them than to harm them.

  5. Re:Who would have thought? on Google Reveals It Received Secret FBI Subpoena (theintercept.com) · · Score: 1

    I know of several times that the US govt paid for data, but the data wasn't exactly private data, and the purchase wasn't secret. They may also have done it with private data, or have kept their purchase secret, but I don't know about those cases. And it may well depend on which arm of the federal government you are dealing with.

    What, you mean like above-board purchase of GIS mapping data or such? What we're talking about is purchase of information about people that would normally require a court order to compel. There's a common belief that companies have been selling user data to government agencies as a secret profit center, but I can't find any example. We know that telcos were giving them huge amounts of data, but there doesn't seem to have been any fee for it.

  6. Re:What happens, when a gag order is violated? on Google Reveals It Received Secret FBI Subpoena (theintercept.com) · · Score: 1

    Third, it's safe to assume Google tracks revisions to their pages, so yes, they would soon know who made the 'mistake'. Also, a letter like this should be shared with extremely few people within the company, so it shouldn't be hard to follow the chain until suspicious activity is found. Punishment for this sort of mishandling would be limited to a fine, however, so the FBI would go after Google's deep pockets rather than try to pin the crime on an individual. The employee should be safe from criminal charges, though not, presumably, from Google discipline.

    Also, it's very likely that the set of people with access to the letter and the set of people with access to the systems to publish the letter are disjoint.

  7. Re:Who would have thought? on Google Reveals It Received Secret FBI Subpoena (theintercept.com) · · Score: 1

    What changed post-2011 is that it's now easier for US government agencies to get data without bidding for it.

    Implying that pre-2011 agencies paid for data. This is a common notion on /. and elsewhere, but I've seen no evidence anywhere that government agencies ever paid for data.

    Do you know of some?

  8. Re:No, it's not time. on It's Time For Laptop Companies To Switch To Precision Touchpad (arstechnica.com) · · Score: 1

    I've watched most users with multi-touch devices. They almost NEVER use the features. Why? Because pointing and pressing is so goddamned easy.

    Get with the times. the most I see people use multi-touch is pinch/spread to zoom. Rarely do I even find a use for more than that.

    You've never seen a use for two-finger scrolling on a laptop trackpad? Really? You actually prefer to move the pointer over to the scroll bar and click-and-drag it?

  9. Re:"Better" or just "Different"? on Google To Divide Its Index, Giving Mobile Users Better and Fresher Content (searchengineland.com) · · Score: 1

    I can understand that most folks can't figure out how to use actual full-text search. But for those of us who actually do know and realize it's generally the most efficient and fastest way to find precisely tailored results

    I'm not convinced that this is the case. Actual full-text search is great when you're looking for something which will match very few pages, which is true only if the precise set of terms being searched for is rare, either because some of the terms are rare, or because their particular combination is rare. If neither of those are true, then what you really need is a search engine that can understand the context of your query, and give you that. And that is precisely what Google is evolving towards.

    The way we learned to search back in the mid-90s is no longer effective, and not just because search engines now suck. It's because the web is so much bigger than it was then, and has so much duplication of content. Search engines have evolved to try to deal with that, but if you continue just giving them keyword lists you don't give them the context they need to do a better job. This is why Google's recommendation -- even for highly technical queries -- is to type out a full English sentence, in the form of a question, including all of the conjunctions, articles, etc. that used to be completely ignored by search engines. That way the search engine can use the structure of the question to give it additional clues about what it is that you're looking for.

    I can't think of any examples right now, but I've seen this in my own searches, that simple keyword lists -- even when I try to apply various operators, or quote things -- are far less likely to find me the obscure results that I'm looking for than if I just type out my question in pretty much exactly the way I'd pose it to a human. That's what Google recommends that you do, it's what the search engine is optimized for, and it works quite well. Better, IMO, than circa-2000 search engines managed with verbatim searches.

  10. I can see that this has application in some areas, but to be a good member of society shouldn't we want certain aspects of co-existence, values and social behaviour to come from rules, rather than each person or computer coming too its own conclusion about co-operating?

    Sure we do, and we learn those rules rather than having them programmed into us. Machines can do the same. Actually, that will probably make machine-learned rules align better with human-learned rules, because our rules tend to be fuzzy around the edges while programmed rules are crisp. Some humans undergo special training to teach them how to apply absolute, non-fuzzy, rules. Machines could do the same... or we could probably use a combination of learned behavior and programming to achieve a similar result more easily.

  11. It didn't take him 11 hours of trying to randomly get it to work, it took 11 hours of complex system integration effort to make something do something it didn't already do. Duh. I spent at least that much time on enabling remote control of my garage door from my Android phone. That doesn't mean it takes me hours to close or open my door from my phone; it takes seconds, at most. But making it work took hours... so that I could do it in seconds from my phone.

    Hmm. Clearly I need to figure out how to integrate with Google Assistant so I can do it by voice...

  12. In the study the doctors knew they had to perform well. In the real world you're lucky if they even listen to you for two minutes before prescribing what ever the pharma rep recommended at the free lunch yesterday

    If that's the service you get, find a better doctor. There are good ones out there.

    The main thing to look for is a physician who takes the time to listen to you and to explain his reasoning and approach, and is willing to discuss the pros and cons of various alternatives with you. Ask a lot of good questions and you should get a serious, thoughtful and thorough answers that don't attempt to shut you up by burying you in technical language. If that's not your experience, find another doc, and keep looking until you do find it.

    Of course, this method doesn't tell you if the doctor is good, just if he or she is willing to take time with you and treat you as an intelligent human being, and is willing to put in some effort. To find out how good they are, look up their outcome statistics. Oh, wait... those aren't published. Grr.

  13. Re:People casting votes decide nothing on Senator Wants Nationwide, All-Mail Voting To Counter Election Hacks (arstechnica.com) · · Score: 1

    As Stalin once put it:

    People casting votes decide nothing. People counting votes decide everything.

    The only hope for the electorate is to keep the latter group decentralized and otherwise disconnected from each other — to keep both fraud and honest mistakes small-scale and thus unprofitable. Any attempts to centralize vote-counting is the end of Democracy.

    That used to be the only hope. Today we have math. We can fully centralize vote counting while fully distributing count verification.

    You should look into end-to-end verifiable voting systems like Scantegrity II. Every voter gets a voting receipt that allows them to verify that their vote was correctly counted in the final tally, but does not allow them to prove to anyone else how they voted (to avoid vote buying/coercion, which is a potential problem with mail-in ballots). Anyone can also verify the integrity of the entire counting process after the election, and before and during the election anyone can verify the integrity of the ballots by requesting some chosen at random for auditing.

    Cryptographers have applied their attack-oriented style of thinking to the voting problem and have devised numerous solutions which are incredibly resilient even in the face of massive, deep corruption at all levels. Early election security research produced systems that were extremely secure but impractical, but the later ones (like Scantegrity II) are both very secure and eminently practical for real-world elections.

    It's interesting that there seems to be very little interest in using them.

  14. Before I started navigating on the phone, my nav interface was my wife screaming at me.

    I now get to listen to my wife arguing with my phone.

    In fairness to her, she's actually a really good navigator, with an excellent sense of which route is faster... for a human. Who doesn't have access to real-time traffic data. She doesn't often beat Google, but her approach is never a bad one.

  15. Re:Harassing the security apparatus is pointless on As Contradictions Mount, Experts Call For Declassification of Yahoo's Email-Scanning Order (onthewire.io) · · Score: 1, Insightful

    Trump isn't going to get rid of representative elections in the next 4-8 years, if that's what you mean.

    No, I'm thinking mostly of the damage he can do as command in chief, and as our chief diplomat.

    Clinton...who knows. I actually don't have 100% confidence that that wouldn't be the result of her election.

    There's no way a president could do that, short of declaring martial law, and I think Trump is far more likely to do that than Clinton. In either case, I don't think it would stand if they did.

  16. So, is there any dummy-friendly video call software for Linux out there that supports conferencing with multiple users?

    Google Hangouts. Works great. I use it for all of my meetings -- usually 2-3 hours per day (I work for Google). Works on Linux, OS X, Windows, ChromeOS, Android and iOS, supports up to tens of users in one call (limit is 50, IIRC). There are dedicated systems available for it as well, based on Chromeboxes. It allows any user to cast their screen/window for presentations or whatnot.

    If you use Google Calendar, Hangouts is integrated with your calendar; there's a URL you can go to that shows your calendar entries for the day and clicking on one of them automatically enters that video call. Companies that use the system can integrate it with meeting room management, so each room has its own calendar and people can schedule rooms when they create/edit calendar entries, and rooms can likewise be connected to a meeting with one tap/click.

    It's quite a nice system. The best I've used, and I've used several of them. Yes, I work for Google so I'm not unbiased, but this is my honest opinion.

    Obviously it does require all users to have a Google account (gmail or GSuite), and you get the very best results with a set of GSuite accounts all in the same domain (e.g. the same company) where everyone uses the calendar, meeting rooms are in the system, etc. But for ad-hoc use with a bunch of gmail accounts the basic video conferencing works fine, and it's free.

  17. Re:Neither Necessary Nor Sufficient on Tesla's Sales Increase - But Next Will We Need Smart Roads? (backchannel.com) · · Score: 1

    You do realize that driving 100mph takes twice as much energy per unit distance traveled (and almost three times the required drivetrain power) compared to 70mph, right?

    Only for the lead (and, to a lesser extent, trail) vehicle in a train of cars that are close enough to draft. Of course you can draft at 70 mph as well, but given the time savings and reduction in road surface needed at higher speeds, there's a lot of value in 100mph+ vehicle trains, and the amortized cost isn't that high. People may not want their vehicle in the lead position, though. Perhaps the others in the train could automatically pay them to offset their higher energy costs.

  18. Re:Harassing the security apparatus is pointless on As Contradictions Mount, Experts Call For Declassification of Yahoo's Email-Scanning Order (onthewire.io) · · Score: 1

    At this point, any change is better than the status quo.

    "Any". I do not think that word means what you think it means. You must be mentally bounding "any" with some sort of limitations on what it could mean, because your statement is clearly false on its face. I can think of lots of things that the president of the United States could do that would leave us far worse off than the status quo.

  19. Re:This is the problem on Sean Parker Contributes $9 Million As States Push To Legalize Marijuana (gazettenet.com) · · Score: 1

    Or just hacking the highly insecure voting machines.

    Again, money is neither required or even very useful. That's all about access.

  20. But you will let Hillary around military forces? Has she ever met a war she didn't like?

    She's hawkish, but stable, will listen to advisers and understands why nukes are better in theory than in practice.

    Don't mistake my position as any sort of support for the woman. I'd have been a rabid #neverhillary type, if she weren't running against Trump.

  21. I think they're repugnant in different ways. I wouldn't let Trump around my wife or daughter, and I wouldn't let Clinton around my wallet, or anything that will let her arm terrorists and destabilize secular governments. Thankfully the election isn't about who gets to date my daughter.

    I wouldn't let Trump around control of military forces or weapons of mass destruction. Unfortunately, the election is about that.

  22. Re:So the bureaucrats have solved all the problems on Germany Calls For a Ban On Combustion Engine Cars By 2030 (engadget.com) · · Score: 1

    For personal transportation the issue is and always will be recharging. Until we get 400kW chargers, it's kind of a step back in personal transportation. That is, basically until we get full-range (300mile / 500km) recharge times down to 15 minutes or less... boo.

    Spoken like someone with no experience of owning/using an electric vehicle.

    For the vast majority of vehicle usage you don't need 300 miles of range, and you certainly don't need 15-minute recharge times. You need enough range to get to and from work, plus a bit for running errands, etc. And you need to be able to recharge overnight. There's no need for fast recharge times, you just need your car to be full every morning, and to have enough range to last until it's time for you to sleep.

    Obviously, you also need to be able to plug the car in while you sleep, and I understand that for many apartment-dwellers that's currently a problem. It's far from an insuperable problem, though, it just requires that charging infrastructure be deployed to wherever it is that you park your car.

    Where fast charging and long ranges are needed is for long-distance trips. There are various solutions for that, including networks of fast chargers (like Tesla's) or alternative means of long-distance travel (e.g. flying, or trains, assuming we ever make train travel usable in the US again -- which I think may happen. Car-carrying trains with vehicle chargers, anyone?), or ICE vehicle rental, or EV battery swaps, or...

    Personally, I usually rent a car for long trips. It's convenient, and cheap.

  23. Trump is less vulnerable simply because he's not as repugnant of a person as is Hillary

    No, Trump is less vulnerable because everyone knows he's utterly repugnant. Indeed, his personal repugnance is what many of his supporters most like about him. It's his core brand, which means it's difficult to make political hay of it. Those who support him because of it or in spite of it aren't going to change their opinions just because more of it comes to light. Those who oppose him obviously aren't going to change their opinions, either. And there's basically no one who is undecided about Trump. The only question that undecideds are trying to answer is whether Clinton is worse. You have answered that question for yourself. So have I (and we have reached opposite conclusions).

  24. Re:Slashdot editors. a little editing goes a long on Sean Parker Contributes $9 Million As States Push To Legalize Marijuana (gazettenet.com) · · Score: 2

    Hyperbole much?

    Many people don't know who Sean Parker is.

    Some people don't even remember what Napster is anymore. C'mon. One sentence.

    https://en.wikipedia.org/wiki/...

    FTFY.

  25. Re:This is the problem on Sean Parker Contributes $9 Million As States Push To Legalize Marijuana (gazettenet.com) · · Score: 2

    I am all for legalizing it.The issue I have is that people buy the laws. Because that way you end up in a pissing contest where only the rich decide what becomes law.

    The money only buys advertising. It can raise visibility and work to convince voters, but it can't ultimately buy anything the voters oppose. If you want to bypass the voters' will, you need to focus on backroom negotiations and parliamentary tricks. Money can be useful there -- though it isn't strictly necessary -- but not open money like this.