Google+ has about a third as many actual people as Facebook at this point, and growing.
90% of whom would tell you they don't if you asked them.
They'd lie?
They wouldn't know. There are LOTS of people that ended up with G+ accounts without realizing it. It's just the way Google's services work.
The numbers Google quotes are 30-day active users in the stream. Meaning they've read and posted to their stream (e.g. plus.google.com, or the Google+ mobile apps) in the last 30 days, not people who didn't realize they have G+ accounts.
SSL would work a lot better if client certificates were used by banks and payment websites... but since the client can't be authenticated, the key exchange can always be MitM attacked.
An attacker who can successfully fake the server cert can MITM the connection. Client certs would mitigate that... but only if the attacker couldn't also fake the client cert. I don't see why an attacker with access to a CA signing key capable of creating a bogus server cert couldn't also create a bogus client cert.
I am a Chrome app developer (a bad one, but whatever), and all of the apps I've made work offline.
Cool. Please feel free to correct anything I misrepresented. Like I said, I'm speaking from a two year-old memory of a one-hour talk, not any kind of actual knowledge.
It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.
Actually, that's a difference between Chrome Apps and web pages... it's up to the App developer to code for it, but if they do the work Apps can work just fine offline, and the data model[*] is such that changes made offline can almost always be merged seamlessly to the online copy when a data connection becomes available, even if someone else has modified the online copy in the meantime.
[*] I haven't looked at it in detail, but I attended a talk about App development a couple of years ago, in which the presenter explained that all documents are managed as a sequence of changes and that the current version is always constructed by applying the change history. I believe there's also infrastructure for caching snapshots at points in time, so the current version can be constructed from the latest snapshot plus subsequent changes, but the snapshots are only considered caches. This makes for a little more complex development model, but it's gives you arbitrary undo, full document history and is necessary for real-time collaboration.
Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.
Sure, sure. But, then again... I can log into my online ebanking account from any computer. But, why would I even do such a thing unless I want someone to eventually hijack my account?
It's not just about using random Internet cafes. Most people today use multiple devices. I'm kind of an outlier, but still useful as an example: I have two desktop machines, one laptop, one netbook (Chromebook), a tablet and a smartphone, all of which I use regularly. But many, many people have both a laptop and a phone, or a phone and a tablet, or all three, and the trend toward more devices is accelerating as devices get cheaper. So for Syme, users will have to be able to easily and securely move their keys between devices. Can it be made both really easy and secure? And even if it is, will users actually be willing to do it if they have to take some step?
Actually, it's perhaps even worse for people who have only one device, because they really need to back up their keys. Otherwise, when their single device dies, they're locked out of their account forever. How many users make backups?
I'm not saying these problems can't be solved, but the solutions are not obvious.
Ignoring that small detail... it's always possible to store the crypto keys as a file in a USB pen, no?
Absolutely. But how many people will do it? My wife won't. Some of my kids would and others wouldn't. One of them would but couldn't because he's incapable of keeping track of small objects. My parents absolutely wouldn't.
If the goal is to create a secure system that everyone can and will use, tying keys to a device isn't going to work.
PS: Google+ is shite. And, even if it wasn't, I'd never join simply for the fact that Google keeps NAGGING (and downright trying to trick) people into making a Google+ account.
It's not a Google+ account. It's a Google account. Like it or not, it's the single account for all Google services. Whether or not you use the social network site is up to you, of course. Actually, whether or not you use Google's services at all is up to you.
Facebook is as shitty as your shite, but at least it contains ACTUAL PEOPLE, so it's marginally more useful than your piece of shit.
Google+ has about a third as many actual people as Facebook at this point, and growing. Perhaps not people you know, but that will change. Or perhaps it already has changed and you haven't realized it yet. I like it, myself, and not because I work for Google. But I'm not really interested in talking about Google+. It's much less interesting than Syme.
Well, It was impressive to me how the claim that SSL "work really well" was dropped as if it was actually the truth. Obviously truth is not a concern for you. That's ok. I'm not looking to change any dug-in mindsets.
I understand the issues you raised, however ham-fistedly. But they don't change the facts that it's widely used by ordinary people and it does work. It could work better, it could work in more cases, but it does work. And there is no other encryption scheme that has those two characteristics. None. So you can complain all you like about how SSL isn't quite what it ought to be, it's still a model worth looking at, because it's the only real success story we have.
Thanks, that is hugely reassuring that it disturbs some employee(s) of Google. Hope you are listened to at the TGIF.
I do realize that it is less of an issue if it was a public post. I don't particularly share your enthusiasm to report victimless crimes. But I guess I don't have a leg to stand on, as lots of countries have severe laws against victimless crimes, including mine.
Child pornography is not a victimless crime. Perhaps sharing the pictures is, once it's made, but the making is definitely not victimless. And shutting down the sharing reduces the incentive to make it -- even better, in the process of shutting it down it may be possible to track it back to the source.
The flaws of SSL are well-known, but the fact is that in practice it mostly works really well
The flaws of SSL are well-known, but the fact is that [the system cripples those who object] really well [via a conspiracy among browser authorship implementing bogus scare-the-user dialogs for perfectly normal implementations of SSL]
FTFY.
It's impressive how completely you missed the point.
So it's a social network that "protects your data"... and requires Google Chrome.:/
Why am I skeptical?
The extension should work just fine with Chromium, I would expect. And they said Firefox is in the works.
Personally, I think the idea is an interesting one. In general, I think it's on the right track. The only way to get the masses to use encryption is to make it invisible. The flaws of SSL are well-known, but the fact is that in practice it mostly works really well, and it is used by basically everyone on the web. Making it invisible means that you have to embed key management seamlessly into the infrastructure, and making it have some hope of being secure means that it has to be pushed out to the endpoints -- including key management.
On the right track, but this is a really, really hard problem to solve fully.
One issue is that although the keys are generated in the browser plugins, they're obviously exchanged through the Syme server, putting it in an ideal position to completely subvert the claimed security. Making security both transparent and strong is hard.
Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.
Still, I like to see initiatives like this. The only way hard problems get solved is by clever people trying.
(Disclaimer: Since this post mentions Google+ and Chrome, I should probably mention that I'm a Google engineer, but I'm not speaking for Google.)
Tesla already issued a fix. Thanks to the excellent design of the car, they were able to do it with a software change, which was delivered to all of the vehicles over the air in a few hours.
they will no doubt listen to everything you say, not just what you search for
I strongly doubt that, and it is really easy to test. Install the extension and monitor your network traffic. I predict that what you'll see is that the hotword recognition is performed locally, and nothing is sent to Google until after you say the hotword and speak your query -- exactly the same way it's done on phones.
Do you really think Google would dare try to sneak something like that past all the privacy scrutiny focused on them, even assuming they want to?
(Disclaimer: I work for Google, but don't have any inside knowledge of how this extension works. The above is my own opinions and not an official statement.)
It's not exactly "general" fiction, but if you like what they sell, all Baen titles (baen.com) have always been DRM-free. Tor went DRM-free last year. Also, you have to check the details but many books on Google Play and Amazon are DRM-free. And of course you can strip the DRM off of the others, though it's probably technically illegal.
I like reading regular books because I can arrange several of them on my desk or sit on the floor, arrange them around me and easy to flip back and forth inside any individual book or instantly context switch between books. With e-books flipping and switching from book to book is way more clumsy to do.
The AC's point is important, though: the fact is that the webmail interface is so good that essentially all Googlers use it, even though it's easy to use something else.
Pretty much everyone just keeps gmail tab open all the time, usually pinned.
If I was at Google I would strenuously object to doing all my documentation by using Google Docs, or read mail via Google Mail, even if I was working on those products to make them better.
If you were at Google you'd know that Google Mail is the only realistic way to deal with the massive flood of e-mail that you would receive. Seriously, the automatic sorting and filtering available in Gmail, especially the phenomenal ability of Priority Inbox to pick out the stuff that matters from the thousand+ e-mails per day I receive (including huge numbers from automated monitoring systems) is all that makes it possible for me to manage, and I'm far from a mail client n00b.
Of course, Gmail is also a lot of the reason I get so many e-mails. Everyone knows that you can't realistically read that much, especially not if you want to get anything else done. So why send it? Because everyone also knows that Gmail is great at archiving and searching. So everyone receives far more than they can handle and automatically archives off 99% of it, but can very quickly find anything that they later discover they needed to see.
In any case the typical Google e-mail flow and Gmail are highly co-adapted. It would be very hard to be productive at Google using anything else.
Similarly, Googlers also tend to really like using Google Docs for documentation, because work (especially engineering work) at Google is highly collaborative, and the benefits of the Docs collaboration tools far outweigh any limitations due to missing formatting features. Personally, I think the lack of formatting features enhances productivity, because people don't waste time trying to create beautiful documents, and instead focus on content.
Docs' real-time collaboration capabilities is especially useful in design reviews and planning meetings. Rather than having one person take notes on the decisions and then later update the doc for circulation, it's common that everyone in the room has the doc open in their laptop and makes updates on the fly. So, by the time the meeting is over, the doc is already updated, for simple changes, at least. Obviously there are issues that require someone to go away and think for a few hours, so those just get placeholders during the meeting "Sam is going to figure out how to scorple the flugs such that the frobnitz doesn't get mungled". And when Sam has figured it out, he updates the doc -- the only copy of the doc, no versioning and merging nightmares -- and everyone who cares gets e-mail notifications (yes this contributes to the e-mail flood).
If anything, I'd say that Gmail and Google Docs suffer from being too narrowly tailored to the needs of Google employees. Of course there are usability studies and lots of data collected from the hundreds of millions of non-Googler users, too, but stuff that causes headaches for the particular workflows of Googlers -- and especially Google engineers -- tends to get fixed the fastest, at least with the products Googlers use heavily for work.
Actually, I wasn't aware of that, and it disturbs me.
I want to know if the photos were shared publicly. If so, then I have no problem with this, just as I have no problem with Google telling law enforcement (or, actually, the National Center for Missing and Exploited Children, which is who actually informed law enforcement) about kiddie porn web sites the Google spider finds while crawling the web. I see no reason why the same logic shouldn't be applied to public postings on Picasa, Google+, etc.
But if the photos were merely stored in a private account, though, I think that's a different story. If that was the case here, then I think Google did cross line, and should stop, and I think lots of other Googlers will agree. I'll raise this question at TGIF* next week (no meeting this week due to the holidays), assuming someone else doesn't (which someone almost certainly will). Thanks.
(*TGIF is a weekly company-wide meeting which includes a 15-20 minute Q&A where anyone can put any question to Larry Page.)
Google+ has about a third as many actual people as Facebook at this point, and growing.
90% of whom would tell you they don't if you asked them.
They'd lie?
They wouldn't know. There are LOTS of people that ended up with G+ accounts without realizing it. It's just the way Google's services work.
The numbers Google quotes are 30-day active users in the stream. Meaning they've read and posted to their stream (e.g. plus.google.com, or the Google+ mobile apps) in the last 30 days, not people who didn't realize they have G+ accounts.
SSL would work a lot better if client certificates were used by banks and payment websites ... but since the client can't be authenticated, the key exchange can always be MitM attacked.
An attacker who can successfully fake the server cert can MITM the connection. Client certs would mitigate that... but only if the attacker couldn't also fake the client cert. I don't see why an attacker with access to a CA signing key capable of creating a bogus server cert couldn't also create a bogus client cert.
I am a Chrome app developer (a bad one, but whatever), and all of the apps I've made work offline.
Cool. Please feel free to correct anything I misrepresented. Like I said, I'm speaking from a two year-old memory of a one-hour talk, not any kind of actual knowledge.
Google+ has about a third as many actual people as Facebook at this point, and growing.
90% of whom would tell you they don't if you asked them.
They'd lie?
It still becomes a brick when you have no wi-fi or you don't have an over-priced GSM subscription.
Actually, that's a difference between Chrome Apps and web pages... it's up to the App developer to code for it, but if they do the work Apps can work just fine offline, and the data model[*] is such that changes made offline can almost always be merged seamlessly to the online copy when a data connection becomes available, even if someone else has modified the online copy in the meantime.
[*] I haven't looked at it in detail, but I attended a talk about App development a couple of years ago, in which the presenter explained that all documents are managed as a sequence of changes and that the current version is always constructed by applying the change history. I believe there's also infrastructure for caching snapshots at points in time, so the current version can be constructed from the latest snapshot plus subsequent changes, but the snapshots are only considered caches. This makes for a little more complex development model, but it's gives you arbitrary undo, full document history and is necessary for real-time collaboration.
Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.
Sure, sure. But, then again... I can log into my online ebanking account from any computer. But, why would I even do such a thing unless I want someone to eventually hijack my account?
It's not just about using random Internet cafes. Most people today use multiple devices. I'm kind of an outlier, but still useful as an example: I have two desktop machines, one laptop, one netbook (Chromebook), a tablet and a smartphone, all of which I use regularly. But many, many people have both a laptop and a phone, or a phone and a tablet, or all three, and the trend toward more devices is accelerating as devices get cheaper. So for Syme, users will have to be able to easily and securely move their keys between devices. Can it be made both really easy and secure? And even if it is, will users actually be willing to do it if they have to take some step?
Actually, it's perhaps even worse for people who have only one device, because they really need to back up their keys. Otherwise, when their single device dies, they're locked out of their account forever. How many users make backups?
I'm not saying these problems can't be solved, but the solutions are not obvious.
Ignoring that small detail... it's always possible to store the crypto keys as a file in a USB pen, no?
Absolutely. But how many people will do it? My wife won't. Some of my kids would and others wouldn't. One of them would but couldn't because he's incapable of keeping track of small objects. My parents absolutely wouldn't.
If the goal is to create a secure system that everyone can and will use, tying keys to a device isn't going to work.
PS: Google+ is shite. And, even if it wasn't, I'd never join simply for the fact that Google keeps NAGGING (and downright trying to trick) people into making a Google+ account.
It's not a Google+ account. It's a Google account. Like it or not, it's the single account for all Google services. Whether or not you use the social network site is up to you, of course. Actually, whether or not you use Google's services at all is up to you.
Facebook is as shitty as your shite, but at least it contains ACTUAL PEOPLE, so it's marginally more useful than your piece of shit.
Google+ has about a third as many actual people as Facebook at this point, and growing. Perhaps not people you know, but that will change. Or perhaps it already has changed and you haven't realized it yet. I like it, myself, and not because I work for Google. But I'm not really interested in talking about Google+. It's much less interesting than Syme.
Have a nice day :)
You too.
Well, It was impressive to me how the claim that SSL "work really well" was dropped as if it was actually the truth. Obviously truth is not a concern for you. That's ok. I'm not looking to change any dug-in mindsets.
I understand the issues you raised, however ham-fistedly. But they don't change the facts that it's widely used by ordinary people and it does work. It could work better, it could work in more cases, but it does work. And there is no other encryption scheme that has those two characteristics. None. So you can complain all you like about how SSL isn't quite what it ought to be, it's still a model worth looking at, because it's the only real success story we have.
Thanks, that is hugely reassuring that it disturbs some employee(s) of Google. Hope you are listened to at the TGIF.
I do realize that it is less of an issue if it was a public post. I don't particularly share your enthusiasm to report victimless crimes. But I guess I don't have a leg to stand on, as lots of countries have severe laws against victimless crimes, including mine.
Child pornography is not a victimless crime. Perhaps sharing the pictures is, once it's made, but the making is definitely not victimless. And shutting down the sharing reduces the incentive to make it -- even better, in the process of shutting it down it may be possible to track it back to the source.
The flaws of SSL are well-known, but the fact is that [the system cripples those who object] really well [via a conspiracy among browser authorship implementing bogus scare-the-user dialogs for perfectly normal implementations of SSL]
FTFY.
It's impressive how completely you missed the point.
So it's a social network that "protects your data" ... and requires Google Chrome. :/
Why am I skeptical?
The extension should work just fine with Chromium, I would expect. And they said Firefox is in the works.
Personally, I think the idea is an interesting one. In general, I think it's on the right track. The only way to get the masses to use encryption is to make it invisible. The flaws of SSL are well-known, but the fact is that in practice it mostly works really well, and it is used by basically everyone on the web. Making it invisible means that you have to embed key management seamlessly into the infrastructure, and making it have some hope of being secure means that it has to be pushed out to the endpoints -- including key management.
On the right track, but this is a really, really hard problem to solve fully.
One issue is that although the keys are generated in the browser plugins, they're obviously exchanged through the Syme server, putting it in an ideal position to completely subvert the claimed security. Making security both transparent and strong is hard.
Another issue is portability. I can log into Google+ or Facebook from any computer. But if my browser is holding my keys, then I can only use my browser. If the keys are stored in the cloud, well, that's great for portability, but the keys then have to be secured from whoever is holding them.
Still, I like to see initiatives like this. The only way hard problems get solved is by clever people trying.
(Disclaimer: Since this post mentions Google+ and Chrome, I should probably mention that I'm a Google engineer, but I'm not speaking for Google.)
Slashdot predicts that everything will fail.
So, yes, Slashdot is highly accurate predictor for Microsoft.
Tesla already issued a fix. Thanks to the excellent design of the car, they were able to do it with a software change, which was delivered to all of the vehicles over the air in a few hours.
Maybe there wouldn't have been a fire with the gasoline cars in these situation, but in terms of hazard or financial damage
lol wat.
"If you ignore the fire, Teslas are safer..."
Your argument would be a lot stronger if there had been any injuries.
they will no doubt listen to everything you say, not just what you search for
I strongly doubt that, and it is really easy to test. Install the extension and monitor your network traffic. I predict that what you'll see is that the hotword recognition is performed locally, and nothing is sent to Google until after you say the hotword and speak your query -- exactly the same way it's done on phones.
Do you really think Google would dare try to sneak something like that past all the privacy scrutiny focused on them, even assuming they want to?
(Disclaimer: I work for Google, but don't have any inside knowledge of how this extension works. The above is my own opinions and not an official statement.)
It's not exactly "general" fiction, but if you like what they sell, all Baen titles (baen.com) have always been DRM-free. Tor went DRM-free last year. Also, you have to check the details but many books on Google Play and Amazon are DRM-free. And of course you can strip the DRM off of the others, though it's probably technically illegal.
I like reading regular books because I can arrange several of them on my desk or sit on the floor, arrange them around me and easy to flip back and forth inside any individual book or instantly context switch between books. With e-books flipping and switching from book to book is way more clumsy to do.
You just need more e-book readers.
Get out of the US :)
Touché.
I blame the US equal opportunity employment laws. It's illegal to preferentially hire pretty women. (Not really, but almost).
You are a sissy.
I routinely have a T430s and a W520 in the same bag and even a good looking Stewardess can put it in the overhead bin ;)
I call bullshit. I haven't seen a good-looking stewardess (or flight attendant) for years.
I know one who uses EMACS
but she's hardcore
How was this not marked troll?
Because it's not the slightest bit trollish?
The AC's point is important, though: the fact is that the webmail interface is so good that essentially all Googlers use it, even though it's easy to use something else.
Pretty much everyone just keeps gmail tab open all the time, usually pinned.
I work at Google and I've never seen anyone here use anything besides gmail for corporate mail.
I know one who uses EMACS (Gnus, I think) for e-mail, but she's hardcore. And she still uses the web UI for many tasks.
If I was at Google I would strenuously object to doing all my documentation by using Google Docs, or read mail via Google Mail, even if I was working on those products to make them better.
If you were at Google you'd know that Google Mail is the only realistic way to deal with the massive flood of e-mail that you would receive. Seriously, the automatic sorting and filtering available in Gmail, especially the phenomenal ability of Priority Inbox to pick out the stuff that matters from the thousand+ e-mails per day I receive (including huge numbers from automated monitoring systems) is all that makes it possible for me to manage, and I'm far from a mail client n00b.
Of course, Gmail is also a lot of the reason I get so many e-mails. Everyone knows that you can't realistically read that much, especially not if you want to get anything else done. So why send it? Because everyone also knows that Gmail is great at archiving and searching. So everyone receives far more than they can handle and automatically archives off 99% of it, but can very quickly find anything that they later discover they needed to see.
In any case the typical Google e-mail flow and Gmail are highly co-adapted. It would be very hard to be productive at Google using anything else.
Similarly, Googlers also tend to really like using Google Docs for documentation, because work (especially engineering work) at Google is highly collaborative, and the benefits of the Docs collaboration tools far outweigh any limitations due to missing formatting features. Personally, I think the lack of formatting features enhances productivity, because people don't waste time trying to create beautiful documents, and instead focus on content.
Docs' real-time collaboration capabilities is especially useful in design reviews and planning meetings. Rather than having one person take notes on the decisions and then later update the doc for circulation, it's common that everyone in the room has the doc open in their laptop and makes updates on the fly. So, by the time the meeting is over, the doc is already updated, for simple changes, at least. Obviously there are issues that require someone to go away and think for a few hours, so those just get placeholders during the meeting "Sam is going to figure out how to scorple the flugs such that the frobnitz doesn't get mungled". And when Sam has figured it out, he updates the doc -- the only copy of the doc, no versioning and merging nightmares -- and everyone who cares gets e-mail notifications (yes this contributes to the e-mail flood).
If anything, I'd say that Gmail and Google Docs suffer from being too narrowly tailored to the needs of Google employees. Of course there are usability studies and lots of data collected from the hundreds of millions of non-Googler users, too, but stuff that causes headaches for the particular workflows of Googlers -- and especially Google engineers -- tends to get fixed the fastest, at least with the products Googlers use heavily for work.
There's really no point in flying solar cells, they don't work any better than down on Earth
Actually, they do. Solar irradiance increases with altitude, at a rate of about 8% per 1000m.
My understanding is that cooler temperatures also increase solar cell efficiency, so getting them up into cooler air may be useful as well.
Actually, I wasn't aware of that, and it disturbs me.
I want to know if the photos were shared publicly. If so, then I have no problem with this, just as I have no problem with Google telling law enforcement (or, actually, the National Center for Missing and Exploited Children, which is who actually informed law enforcement) about kiddie porn web sites the Google spider finds while crawling the web. I see no reason why the same logic shouldn't be applied to public postings on Picasa, Google+, etc.
But if the photos were merely stored in a private account, though, I think that's a different story. If that was the case here, then I think Google did cross line, and should stop, and I think lots of other Googlers will agree. I'll raise this question at TGIF* next week (no meeting this week due to the holidays), assuming someone else doesn't (which someone almost certainly will). Thanks.
(*TGIF is a weekly company-wide meeting which includes a 15-20 minute Q&A where anyone can put any question to Larry Page.)
the people you follow on Twitter or Youtube being publicly visible information
FYI, the people you follow in YouTube is not publicly-visible unless you set it that way. That's not the default.