Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re:Where are the ChromeBoxes? on Here Come the Chromebooks, As Google and Intel Cozy-Up On Haswell · · Score: 1

    Yea cause enterprises really wanna outsource * to Google. Have fun getting that one past any serious security, financial or accounting audit.

    Google sells (IIRC) ~$1B per year worth of services to enterprises who want to outsource to Google, and growing fast.

  2. Re:25% improvement in space ... on Seagate's Shingled Magnetic Recording Tech Boosts HDD Capacities to 5TB and Up · · Score: 1

    Only write speed, it sounds like. So storing one-write/many-read files might be a good use case; such as videos, photos, music, etc...

    Add a good-sized solid-state non-volatile cache and that write speed degradation can be made invisible... or even reversed. Writes can appear to be extremely fast -- no need to wait for seeks -- and fully reliable. There may be pathological workloads which continuously write small, scattered pieces to many different locations on disk, such that eventually the cache fills up with unpersisted changes and new writes have to be delayed, so the resulting drive would be inappropriate for those workloads. About the only example I can think of is a heavily-loaded database server, and not even most of those would have the pathological workload characteristic.

  3. Re:Google is in partnership with the NSA on Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes · · Score: 1

    We now know that Google is an active partner of the NSA and the U.S. government

    We do? I don't. In fact I see no evidence of that whatsoever. There was one slide showing that the NSA was collecting data from Google back before Google started using SSL for everything. That's it.

    From my perspective as a Google employee, I also see no evidence from the inside of any partnership with the NSA, and I see a whole lot of cultural opposition and pragmatic difficulties with doing any such thing and successfully hiding it from the employees (like me) who build Google's security infrastructure.

  4. Re:That's a relief on Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes · · Score: 2

    Great business model, terrible for privacy advocates.

    Is it really? Assuming Google does a good job of protecting user data (it does) and doesn't sell or otherwise distribute it to others (it doesn't, except as required by law*), then where is the harm to user privacy? Does it harm you to see ads that are relevant to you, rather than random ads?

    * I think we currently have a problem with laws that compel companies to hand over too much, but that's a flaw in our laws, and one we should fix.

    (Disclaimer: I work for Google, though I don't speak for Google and they don't speak for me.)

  5. Re:Arms race on Google's Encryption Plan To Stifle NSA's Dragnet Will Raise the Stakes · · Score: 1

    They are making some noises now that it became apparent that they handed over the data

    There is no evidence of that, and Google categorically denies handing over any data except in response to narrowly-tailored and proper legal requests.

    Snowden's PRISM slide is the only thing that even points at Google handing over data, and given the time frame shown on the slide it's more likely that the NSA was snooping their network links without their knowledge -- until they switched to SSL by default for nearly everything.

  6. Re:You know that things are bad... on Yahoo and Facebook Join Google In FISC Petition After Government Talks Fail · · Score: 1

    Your'e ridiculous. I'm done. You can have the last word.

  7. Re:You know that things are bad... on Yahoo and Facebook Join Google In FISC Petition After Government Talks Fail · · Score: 1

    He also acknowledged that Google complies with lawful requests... but with the caveat that each request is scrutinized.

    (a) There has never been a question of "lawfulness"

    I'm not sure what you mean there. I think FISA orders are constitutionally suspect, but barring a ruling otherwise, they're lawful. NSA wire-level snooping is clearly not legal, though the NSA's choice to distinguish between data acquisition and "collection" (meaning reading what they acquired) may provide them a crack to slip through.

    (b) His broad-but-not-broad denial doesn't address how specific each request must be. We already know the FISA court was OK with a single request covering basically every customer at each telco

    But Drummond said "no free for all", which is what that would be. The fact that other companies did engage in a free for all (and never denied it, BTW -- a point which seems lost on all-corps-are-NSA-allies conspiracy theorists), doesn't mean that Google did.

    Also, the published transparency numbers make clear that isn't what's going on, even when stated in the broad ranges that are all that Google has been able to get permission to publish. For example, in 2012 there were between 0 and 999 NSLs, affecting between 1000 and 1999 user accounts. Taking the upper ends of those ranges, that means that each NSL affected ~2 accounts, on average. Assuming the worst case, one NSL for 1999 user accounts, that's still hardly free access, given that it comprises about 0.0002% of Google's user base.

    Unless, of course, the numbers are fabrications which the government has somehow forced Google to publish.

    I guess if you're bound and determined to find duplicity, you'll keep looking until you do.

    Fool me once...

    When did Google fool you? Google has always been upfront about government user data requests, that they existed and that Google had to honor them, and was the first to start publishing numbers. Google was also the company who negotiated permission to loosen the gag order to the extent that they can publish ranges for that as well, and the first company to file suit to get permission to publish full numbers. With everything except the suit, all of that was done on Google's own initiative, without any specific catalyst beyond Google employees and leaders being annoyed about having to comply with user data requests, and wanting people to know about it.

    The problem here is that both narratives -- the one in which Google is a government stooge AND the one in which Google has acted to protect its users while grudgingly complying with the requirements of the law -- are compatible with the externally-observable facts. From the inside, I'll tell you that the stooge theory looks like a real stretcher, to the point of being basically impossible, but of course I could be lying. After all, Google does happen to be paying me as I type this.

    Bah. Speaking of that, I'd better get back to doing what they pay me for.

    Have a nice day. I'll be sure to ask the NSA agent sitting in the next cubicle to report back to me on how your evening went. Bob's helpful that way.

  8. Re:Really? on How To Foil NSA Sabotage: Use a Dead Man's Switch · · Score: 1

    Some elaborate dead man switch about a gag order? No judge will take kindly to such shenanigans. Just make it simple, contact a trusted news reporter/Wikileaks securely or via an anonymous 3rd/4th party you have arranged ahead of time and have them publish.

    Or... just publicly state that you have received some number of requests, but can't talk about them due to a gag order. That's what all of the Internet companies have done. Lavabits explicitly said that it was legally unable to discuss the issues.

    There don't appear to be any consequences to publicly admitting that you can't say anything.

  9. Re:You know that things are bad... on Yahoo and Facebook Join Google In FISC Petition After Government Talks Fail · · Score: 1

    Drummond specifically addressed that aspect in the sentence immediately prior to the one you quoted.

    That's funny, you are now arguing that Drummond was parsing his words. That his broad and sweeping denials were actually limited.

    Huh? I guess if you're bound and determined to find duplicity, you'll keep looking until you do.

    His broad denials flatly contradicted any sort of open access. Period. He also acknowledged that Google complies with lawful requests... but with the caveat that each request is scrutinized.

    How is that hard to understand?

  10. Re:You know that things are bad... on Yahoo and Facebook Join Google In FISC Petition After Government Talks Fail · · Score: 1

    There is no free-for-all, no direct access, no indirect access, no back door, no drop box.

    If that strikes you as "ultra-parsed", I submit that you're the one doing the parsing, not Drummond.

    You are right, that particular statement does not sound ultra-parsed. Given what we know about CALEA it sounds like a lie, particularly the "no indirect access" part.

    Based on what we know about CALEA, that conclusion makes no sense.

    The PRISM claims were about sweeping, general access that grabbed basically all data. CALEA requires telecoms providers to provide intercepts when presented with a warrant. Though the law doesn't say so, I'd suppose that a National Security Letter would do as well, but neither case requires broad access, only specific, targeted intercepts when presented with a lawful request.

    Drummond specifically addressed that aspect in the sentence immediately prior to the one you quoted. You snipped it, so allow me to re-quote it: "We review each of those requests and push back when the request is overly broad or doesn't follow the correct process." That's what CALEA and NSLs require.

  11. Re:You know that things are bad... on Yahoo and Facebook Join Google In FISC Petition After Government Talks Fail · · Score: 1

    Oh, forgot the link.

  12. Re:You know that things are bad... on Yahoo and Facebook Join Google In FISC Petition After Government Talks Fail · · Score: 2

    So far their public statements have felt like they were as ultra-parsed as the NSA's own denials.

    You mean like this one, from David Drummond's (Google's chief legal counsel) live Q&A with the Guardian:

    I'm not sure I can say this more clearly: we're not in cahoots with the NSA and there’s is no government program that Google participates in that allows the kind of access that the media originally reported. Note that I say "originally" because you'll see that many of those original sources corrected their articles after it became clear that the PRISM slides were not accurate. Now, what does happen is that we get specific requests from the government for user data. We review each of those requests and push back when the request is overly broad or doesn't follow the correct process. There is no free-for-all, no direct access, no indirect access, no back door, no drop box.

    If that strikes you as "ultra-parsed", I submit that you're the one doing the parsing, not Drummond.

  13. Re: Meaningless ... on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    You're too funny! Speaking for Brin but then admitting you have NFI about him or his views.

    His reputation is pretty well-known, inside and outside of Google, but particularly inside.

  14. Re:reality show rejects on The iPhone 5S Hasn't Been Officially Announced, Already Has Line · · Score: 1

    Because you already know what they're coming out with? Amazing!

    More because Apple has a history of delivering reasonably decent stuff, and, again, this is an update to an old line.

  15. Re:Meaningless ... on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    Blah blah, unsupported assertions, blah blah. Trust us.

    Yeah, ok.

    Dude, that's up to you. I gave you what I know. You can believe I'm lying if you like. I assert that I wouldn't lie for my employer, but of course that's just another unsupported assertion.

  16. Re:reality show rejects on The iPhone 5S Hasn't Been Officially Announced, Already Has Line · · Score: 1

    While these guys (or whoever is paying them) is silly, I hardly think you can characterize a minor update to the sixth-generation of a widely used device as "bleeding edge".

  17. Re:Meaningless ... on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 2

    So, fucking, what? How do we know every one of you is not on the NSA payroll?

    I guess at some level, you can't. However, Google does have a non-trivial number of independently-wealth employees, who would be hard for the NSA to buy out, at least with money. Virtually everyone who was here pre-IPO. And I think that if any hint of anything like you describe made it's way to the ears of the upper management -- especially Sergey Brin, who has a real thing about government surveillance and control, and way too much money for anyone to manipulate -- it would be outed.

    No way we can ever trust you again. Even if you don't work for NSA, NSA can come tell you what to do, while also preventing you from talking about it. It's a shame, and not your fault, but it still is.

    I don't think that's true, actually. National Security Letters come with gag orders, true, but that's not what we're talking about here. What we're talking about is traffic monitoring that has no basis in any sort of legal process, not even from a secret court. Absent legal process, I don't think there's any way that people could legally be forced to keep quiet. Further, even with the NSL gag orders, I don't think people (or companies) can actually be compelled to lie.

    That's all just my own belief and speculation, of course. I am not a lawyer, and I'm certainly not Google's lawyer. I also don't personally know Brin, or have any basis other than my own perceptions about the ease with which various Google employees could be manipulated.

  18. Re:Appalling on Australia Elects Libertarian-Leaning Senator (By Accident) · · Score: 1

    Any system that lets someone be elected by accident is absolutely appalling.

    Yet it was done in the US in 2000 and 2004. "accidental" votes (hanging chads, pregnant chads, etc.) got counted or discarded, affecting the election.

    Different situation. That was a case where the electorate was so closely divided that it could go either way based on trivial differences in vote counting. In the Australia case under discussion the effect of the alleged voter error was much, much larger.

    It should always be remembered that voting is inevitably subject to error, like any other measurement process. As long as the margin of error of the measurement process is smaller than the win margin, that's perfectly fine, and it's arguably true that when the win margin gets so close that it's below a reasonable measurement margin of error that the decision can legitimately go either way because the electorate is fundamentally undecided. In this case it appears that the error created by the combination of similar names and the ballot ordering created a measurement error that was significantly larger than would normally be considered acceptable.

  19. Re:Yes. Meaningless. on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 2

    TFA is pretty short on technical details, but this sounds like it's end-to-end between Google datacenters, not customers. So when the NSA comes a-knocking with the inevitable secret court order to hand over keys, they'll be right back to capturing everything and filtering on the NSA side.

    Not meaningless.

    Without encryption, the NSA may be able to get access to all of the data without bothering with any sort of judicial process. With encryption, they'll have to get said secret court order. That's a big difference, even if it's not as big as it should be.

    Then we have to fix the FISA process such that there's real oversight, but that's not something Google can do. That requires voters to care and politicians to do their jobs. Google is doing what they can.

  20. Re:Meaningless ... on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    It's an admirable goal, but it comes down to trust. How does Google know, or more importantly how do we know, that someone from the NSA has not embedded themselves in the implementation team in order to weaken the encryption or insert a back door?

    For one thing, all code at Google is reviewed before being submitted, and nearly all code at Google is in a single source repository that is accessible to all 20,000 Google engineers. It's effectively open source, internally, with a pretty large population of smart people looking at it, including a non-trivial number of serious security geeks, up to and including world-class cryptanalysts.

    Google is particularly well-suited to be able to achieve something like this.

    (Disclaimer: I work for Google on cryptographic security infrastructure. I am not one of said world-class talents, but I work with them.)

  21. Re:The relationship between Google and Uncle Sam on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 1

    I think we should probably treat it as if they had cooperated until we have evidence that suggests otherwise (beyond them saying "We didn't").

    What if the NSA acquired said data by tapping the companies' network connections? Unless the NSA volunteers an explanation of how they were getting the data, in that case there will never be any evidence.

  22. Re:The relationship between Google and Uncle Sam on Google Speeding Up New Encryption Project After Latest Snowden Leaks · · Score: 4, Insightful

    Well, only if you ignore that early Snowden-leaked slide from the NSA presentation that showed Google to be one of the earlier companies they had direct access to....

    Or if you believe Google, who consistently insist they didn't provide said access, and whose insistence is consistent with the rest of their actions. My guess is that the NSA was tapping Google's network connections. Remember that back in 2008 (when the slide said PRISM started getting Google data) Google hadn't yet started using SSL by default on everything.

  23. Re:SSH? on NSA Foils Much Internet Encryption · · Score: 1

    How much are current certificate rotations just the CAs making sure they keep getting money year-on-year? I bet if the option was there for a non-expiring certificate, many places would do that.

    They probably would, but that would be stupid. Key lifetimes need to be limited to ensure they they stay secret. Even if your key is large enough that it can never be brute-forced, there are other ways for keys to escape.

  24. Re:Never forget... on Yahoo Issues Its First Transparency Report · · Score: 1

    Internet companies are composed of people, and most of those people do care about user privacy. Google in particular takes it very seriously, and not only because it's important for the business.

    Not intended as a personal criticism, but you seem to have some cognitive dissonance there. Google's whole business model is based on invading the privacy of users; saying Google takes users' privacy seriously sounds to me similar to a pimp being concerned about the chastity of his girls.

    Nonsense. Google doesn't invade its' users' privacy. Google offers users an open trade: services in exchange for the ability to deliver advertising to you. Google provides a dashboard where you can see exactly what Google has or has not collected about you, and even provides tools you can use to opt out of personalized tracking and advertising, and to get your data out of Google's tools.

    Also, if you decide that the trade is good for you, Google takes extreme care to ensure that information about you is only used to provide you with services and ads, and does not leak. Your analogy is completely wrong, because the pimp sells his girls' chastity, but Google does not sell users' privacy. The information it gathers about them is only used to select advertising to present to them. Effectively, your information is presented only to you.

    Of course, Google will provide information about your activity on Google products (e-mails, web history, etc.) to government when served with a lawful, narrow and specific order -- and Google pushes back on those where it believes they don't comply with the law or are overly broad.

    I stand by my statement that Google takes its users' privacy very seriously. My day job is building and maintaining the infrastructure that keeps Google users' most sensitive data secret, and I can tell you that Google does a far better job of it than anyone else I've ever seen, and since I was an IBM security consultant for 15 years, working with all sorts of large public and private institutions, I've seen a lot.

  25. Re:Never forget... on Yahoo Issues Its First Transparency Report · · Score: 1

    The problem is either we can have private comms or not. Right now the US government is saying that private communication is flat out illegal.

    That's an overstatement. Right now, you can PGP or S/MIME-encrypt all of your e-mail and they can't, and won't, do anything about it. There are a thousand ways you can have private communications, if you care to.

    If you have a service that is hardened against snooping they will force you to open it to them.

    What are you basing that claim on? We have reports that the NSA has been sneaking back doors into things, but clandestine operations being done without the support (or opposition) of law isn't the same as legal compulsion. If you're talking about Lavabits, that's also a bad example: Lavabits, as best we can tell, shut down rather than to comply with orders (perhaps lawful, perhaps not -- the secrecy and lack of oversight around NSLs is a huge problem) to provide information which they actually had access to. It wasn't hardened against snooping, it just promised not to allow snooping and discovered it couldn't fulfill that promise, and so chose to shut down.

    I have seen no evidence that the government has tried, much less been able to, shut down services which truly are hardened. I'm involved (well, used to be, I haven't done much lately) in the Tahoe LAFS secure distributed file system, and a friend of mine is leading the development and running a company which provides secure cloud-based storage using Tahoe. It is also used to provide strongly-secure communications. No one is shutting him, or the project, down.

    If they have the capability to snoop, they will. Its a human fact.

    Why do you assume that the citizenry is powerless to control its government?

    The time has come to stop this madness and tell the government private comms are a right. That CALEA-style laws ordering access is not in the best interests of our nation and has been proven to be repeatedly and unbelievably abused.

    First, CALEA doesn't apply to Internet services. Second, I'm not so sure that you're right. There is a lot of value to society in providing limited, controlled ways for law enforcement to request access to private information, in precisely the same way as there is value in allowing them to search people's homes, vehicles, etc. The key is get rid of the mechanisms that allow them to do it without oversight or opposition. The problem isn't government access, it's unconstrained and secret government access.

    There is no middle ground.

    The middle ground is the one we've used for centuries. The catch is that it requires that we actually care to require our elected officials to rein in the agencies they create to police us.

    While we're at it we also need to de-militarize the police, restore fourth amendment rights in the border zones and just generally roll back all of the civil liberties infringements we've allowed in the name of the wars on drugs and terror. This Internet communications bit is just one small piece of a much larger problem, and even if we can solve the Internet issue by encrypting everything, that won't address the rest of it.

    US citizens need to retake control of our government. Personally, I think the best way to do that is by massively scaling back the federal government and moving much of its functions to the states, to decentralize the power, but regardless of that, we need to insist on strong limitations on government authority across the board.