a necessary part of being a sysadmin: you have control over user profiles.
Is it really, though. Wouldn't it be technically possible to create a system where not even root is able to login as a user (or atleast be unable to do anything when logged in) yet is still able to manage the system?
Sort of.
To do it, you need to make it possible to do the bulk of administration without the highest-level administrative account, and to make that secure you need something like Mandatory Access Control (google it -- and note that the NSA invented it). You still have to have a "god" level which can manage the MAC configuration, but the key is to make the need for that very rare, and then limit the number of people who can use that to a handful, and audit their usage of the account thoroughly -- which may mean that they have to be observed every minute they're using it. Nothing is foolproof, but (barring exploitable bugs), that approach ensures that no single admin can do what they're no supposed to. They have to collude with someone else.
Oh, one more comment: I should also mention in the interest of full disclosure that I find targeted advertising to be a good thing. I don't particularly like ads, and I'd rather not see them at all, but given that advertising is the model that pays for pretty much all of the web content I enjoy, since I have to see ads I'd much rather see ads about things that actually interest me.
This was driven home a couple of days ago when I was semi-forced to watch TV for a few hours, during the afternoon. One particular sequence of commercials contained (1) an ad for a legal firm specializing in getting social security disability benefits for people, (2) an ad for catheters, with women gushing about how compact and easy to carry and insert they were and (3) an ad for some medication for some gynecological disorder, prompted me to turn to my colleague who was sitting nearby and point out that I really like targeted advertising. That sequence was just the final straw, too, after many other ads that I found not just uninteresting but distasteful.
Show me ads for hiking shoes, bicycle gear, boats, guns, gadgets, etc. -- stuff that I might actually want to know about and may even want to buy, thank you very much.
when they analyze your data so that they can sell you to advertisers
I think the wording of this statement is misleading. It implies that some information about you is being sent to advertisers, which is not the case.
their method is to build a profile of you based on your communications that they can sell to advertisers
And again, this is not the case. Google doesn't sell user profiles to advertisers.
this is not simply some filtering system like a spam filter, it is a system to catalog every bit of information about you to be able to understand who you are, what you do, where you go, what interests you have and who you communicate with so they can show you more effective advertising.
I changed the bolded words in your statement, to make it more accurate. Yes, Google's intent is to understand you in some depth, in order to both provide you with better services, and to show you advertising that is relevant to your interests.
Of course, if you don't want targeted advertising from Google, you're free to opt out, even while still receiving the free services.
Does this corrected understanding of what Google does and doesn't do change anything for you? Based on the line that I described in my previous post (GP to this one), it makes all the difference to me. If that's not where you draw the line, I pose the same question to you that I posed to rtb61: Where do you draw the line? Is analysis for the purpose of targeted advertising different from analysis for spam filtering or automatic categorization, and, if so, why? Is it just a distaste for advertising driving your attitude, or is there actually some privacy consideration that I'm missing?
Those show nothing of the sort. Wish someone would actually read the materials before writing the summary.
Well, the second image does show ads for Filemaker and Peoplesoft, sandwiched between ads for help with learning or using Access. The Filemaker ad specifically positions it as an alternative to Access, and it can be assumed that the Peoplesoft ad is also offering an alternative, though I don't really see Access and Peoplesoft as competitors.
The first image is an example e-mail that actually suggests that Excel and Access files are so valuable to the business that they should be protected from loss by getting them backed up to a network drive, with no implication that the files pose security risks, so the summary's characterization of that is completely off-base.
Out of curiosity, what is your position on the non-advertising content suggestions mentioned in the patent? For example, if someone e-mails an address to a Gmail user, does it constitute reaming of the sender's privacy for Google's systems to recognize that it's an address and to offer the user a map?
What about other sorts of automated analysis not mentioned in the patent? For example, content analysis for automatic classification, such as the priority inbox feature which sorts e-mail into "important" and "everything else" categories, or the new inbox that optionally sorts e-mail into "primary", "social", "promotions", "updates" and "forums" categories, presented on different tabs. Is that reaming of the sender's privacy, too? The content analysis seems like it would be quite similar in procedure, just a different application. Probably a bit more personalized than the advertising analysis, actually.
While I'm at it, what about automated content analysis for spam filtering and virus detection? Is that also privacy reaming?
I'm curious where you draw the line, and on what basis. Personally, I don't see any sort of automated analysis whose results are presented only to the recipient of the e-mail as a breach of privacy of the sender, who sent the information to the recipient. I draw the line based on who sees the information, both original and the results of the analysis, and especially on what information made available to third parties can be tied to the people/accounts from which it originated or to which it is related. On that basis, I don't see any privacy issues with Gmail.
But others see things differently, so I'd like to understand what your criteria are.
(Disclaimer: I work for Google, though the above represents only my personal opinion, not any sort of company policy statement. For that matter, I held the same opinion before I began working for Google, so I can safely say that my employment has not altered it.)
Much as everyone on here loved to crow about how Google were being evil and locking the device down, isn't this the far more likely reason? An undocumented API has changed. Now can we stop overreacting? Locking down this device isn't really their style.
No, their style will be to cancel the device/services with some warning and litle explanation.
Cancel the system that's bringing YouTube (and its ads) into the living room? Seems very unlikely. In general, Google only discontinues services that aren't very successful (no, Reader wasn't very widely used, in spite of the heat generated by its fans). Successful services that are generating revenue are expanded. Successful services that aren't generating revenue are monetized. Unsuccessful services are discontinued if it looks like they're not going to become successful.
The Chromecast seems to be very successful, and to have an obvious and successful revenue model in place (YouTube). I don't think it's going anywhere.
(Disclaimer: I work for Google, but don't speak for Google.)
A modest suggestion - whenever you feel like someone has made a basic math error in their own field, or doesn't know basic facts about the technology in their own field, and they are a high-level professional in that field, say, a mission manager talking to the press, and you are not, you should consider the possibility that you might be the one who is mistaken.
OTOH, the Terra press kit distributed by NASA includes the following statement:
The science data recorded onboard will be transmitted via Kuband at 150 Megabits per second.
I don't think that latency was due to filtering being slow, I think adding latency was the goal. If the Chinese firewall simply blocks large swaths of the Internet, there's the potential of citizen backlash. If, instead, they can just degrade the sites they don't want people looking at, they can gently nudge people towards using other sites that provide the same general services but which are willing to cooperate with the Chinese authorities with respect to what content they provide.
Meh. I'll have a job as long as I want to have a job. It may not always be exactly the job I want, but I'll always be employed. Not to deride saving, of course. Saving aggressively is important at all ages.
We're talking about jobs where geezers are retiring. Nobody retires from.com jobs as a geezer. They quit, cash out, opt out, are laid off or are forced out a-la Microsoft's Stack Ranking while they're still in their 30's. There is no retirement in private sector tech. If you're old enough to worry about that, you're on your way out.
Bah.
I'm 44 and quite productively employed in private sector tech... and work with many people significantly older than I am, some into their 60s.
Actually that means that thieves have to steal two objects (that NFC thing added to your phone) instead of one (your phone alone).
Harder for thieves maybe, but the harder it becomes for them, the more violent towards you they can become. I don't think it's a very wise idea...
It's always amusing to see the lengths to which some slashdotters will go to criticize an idea.
Keep in mind that the stable kernel releases are not expected to be production-ready. Linus just produces the input to the actual testing and validation processes, which are performed by the distributions. That assumption is built into the kernel dev team's processes. Not that they intentionally release crap, but they don't perform the sort of in-depth testing that is required before you push a foundational piece of software onto millions of machines.
Or you could read the article and see that in the areas considered for the tests, many of the common safety tests wouldn't even work, they couldn't roll the car over with standard techniques, they couldn't crush the passenger compartment with a standard crusher, and they had a HUGE crumple zone.
Also, for the roof crush test the crushing machine broke before the roof did.
The Tesla Model S is an extremely well-engineered machine. It's expensive, yes, but in most respects it's simply superior to equivalently-priced luxury cars. I'm really looking forward to their next generation, which is intended to be priced more mid-market (probably in the 30s).
I don't find it convincing, particularly this bit: "there is now no private way, evidently, to collaborate". Of course there is. Setup a forum on Tor, Freenet or some other darknet and collaborate there, then publish the results on the open web.
Using PGP to encrypt your e-mail would be more secure.
Nitpick: Nearly all ciphers are symmetric ciphers (except for the asymmetric ones:-)), and many of them are very vulnerable to known plaintext attacks. But there are plenty of symmetric ciphers which are, as far as we know, resistant to known plaintext, chosen plaintext and even more sophisticated attacks. Such as AES-256, which seems to be the cipher used here.
Turns out the NSA has worked out a practical known plaintext break for AES (including -256), it's at offset 459139182 of the insurance file.
:-)
Seriously, it's very, very unlikely that the NSA can break AES, because if they could they'd have to be concerned that someone else might be able to do it as well. The NSA's job is national security, which means protecting important national resources, including the economy, not just spying. So the only way they'd let us keep using AES all over the place after breaking it themselves is if they could be absolutely certain that no one else could do what they did, which would require an unimaginable level of arrogance -- and a very unspook-like way of thinking.
I would assume the files are encrypted with a symmetric cipher like AES.
Known plaintext attacks are not very effective against symmetric ciphers.
Indeed they're designed to be resilient to chosen plaintext attacks.
Nitpick: Nearly all ciphers are symmetric ciphers (except for the asymmetric ones:-)), and many of them are very vulnerable to known plaintext attacks. But there are plenty of symmetric ciphers which are, as far as we know, resistant to known plaintext, chosen plaintext and even more sophisticated attacks. Such as AES-256, which seems to be the cipher used here.
a necessary part of being a sysadmin: you have control over user profiles.
Is it really, though. Wouldn't it be technically possible to create a system where not even root is able to login as a user (or atleast be unable to do anything when logged in) yet is still able to manage the system?
Sort of.
To do it, you need to make it possible to do the bulk of administration without the highest-level administrative account, and to make that secure you need something like Mandatory Access Control (google it -- and note that the NSA invented it). You still have to have a "god" level which can manage the MAC configuration, but the key is to make the need for that very rare, and then limit the number of people who can use that to a handful, and audit their usage of the account thoroughly -- which may mean that they have to be observed every minute they're using it. Nothing is foolproof, but (barring exploitable bugs), that approach ensures that no single admin can do what they're no supposed to. They have to collude with someone else.
Oh, one more comment: I should also mention in the interest of full disclosure that I find targeted advertising to be a good thing. I don't particularly like ads, and I'd rather not see them at all, but given that advertising is the model that pays for pretty much all of the web content I enjoy, since I have to see ads I'd much rather see ads about things that actually interest me.
This was driven home a couple of days ago when I was semi-forced to watch TV for a few hours, during the afternoon. One particular sequence of commercials contained (1) an ad for a legal firm specializing in getting social security disability benefits for people, (2) an ad for catheters, with women gushing about how compact and easy to carry and insert they were and (3) an ad for some medication for some gynecological disorder, prompted me to turn to my colleague who was sitting nearby and point out that I really like targeted advertising. That sequence was just the final straw, too, after many other ads that I found not just uninteresting but distasteful.
Show me ads for hiking shoes, bicycle gear, boats, guns, gadgets, etc. -- stuff that I might actually want to know about and may even want to buy, thank you very much.
when they analyze your data so that they can sell you to advertisers
I think the wording of this statement is misleading. It implies that some information about you is being sent to advertisers, which is not the case.
their method is to build a profile of you based on your communications that they can sell to advertisers
And again, this is not the case. Google doesn't sell user profiles to advertisers.
this is not simply some filtering system like a spam filter, it is a system to catalog every bit of information about you to be able to understand who you are, what you do, where you go, what interests you have and who you communicate with so they can show you more effective advertising.
I changed the bolded words in your statement, to make it more accurate. Yes, Google's intent is to understand you in some depth, in order to both provide you with better services, and to show you advertising that is relevant to your interests.
Of course, if you don't want targeted advertising from Google, you're free to opt out, even while still receiving the free services.
Does this corrected understanding of what Google does and doesn't do change anything for you? Based on the line that I described in my previous post (GP to this one), it makes all the difference to me. If that's not where you draw the line, I pose the same question to you that I posed to rtb61: Where do you draw the line? Is analysis for the purpose of targeted advertising different from analysis for spam filtering or automatic categorization, and, if so, why? Is it just a distaste for advertising driving your attitude, or is there actually some privacy consideration that I'm missing?
Those show nothing of the sort. Wish someone would actually read the materials before writing the summary.
Well, the second image does show ads for Filemaker and Peoplesoft, sandwiched between ads for help with learning or using Access. The Filemaker ad specifically positions it as an alternative to Access, and it can be assumed that the Peoplesoft ad is also offering an alternative, though I don't really see Access and Peoplesoft as competitors.
The first image is an example e-mail that actually suggests that Excel and Access files are so valuable to the business that they should be protected from loss by getting them backed up to a network drive, with no implication that the files pose security risks, so the summary's characterization of that is completely off-base.
Out of curiosity, what is your position on the non-advertising content suggestions mentioned in the patent? For example, if someone e-mails an address to a Gmail user, does it constitute reaming of the sender's privacy for Google's systems to recognize that it's an address and to offer the user a map?
What about other sorts of automated analysis not mentioned in the patent? For example, content analysis for automatic classification, such as the priority inbox feature which sorts e-mail into "important" and "everything else" categories, or the new inbox that optionally sorts e-mail into "primary", "social", "promotions", "updates" and "forums" categories, presented on different tabs. Is that reaming of the sender's privacy, too? The content analysis seems like it would be quite similar in procedure, just a different application. Probably a bit more personalized than the advertising analysis, actually.
While I'm at it, what about automated content analysis for spam filtering and virus detection? Is that also privacy reaming?
I'm curious where you draw the line, and on what basis. Personally, I don't see any sort of automated analysis whose results are presented only to the recipient of the e-mail as a breach of privacy of the sender, who sent the information to the recipient. I draw the line based on who sees the information, both original and the results of the analysis, and especially on what information made available to third parties can be tied to the people/accounts from which it originated or to which it is related. On that basis, I don't see any privacy issues with Gmail.
But others see things differently, so I'd like to understand what your criteria are.
(Disclaimer: I work for Google, though the above represents only my personal opinion, not any sort of company policy statement. For that matter, I held the same opinion before I began working for Google, so I can safely say that my employment has not altered it.)
Much as everyone on here loved to crow about how Google were being evil and locking the device down, isn't this the far more likely reason? An undocumented API has changed. Now can we stop overreacting? Locking down this device isn't really their style.
No, their style will be to cancel the device/services with some warning and litle explanation.
Cancel the system that's bringing YouTube (and its ads) into the living room? Seems very unlikely. In general, Google only discontinues services that aren't very successful (no, Reader wasn't very widely used, in spite of the heat generated by its fans). Successful services that are generating revenue are expanded. Successful services that aren't generating revenue are monetized. Unsuccessful services are discontinued if it looks like they're not going to become successful.
The Chromecast seems to be very successful, and to have an obvious and successful revenue model in place (YouTube). I don't think it's going anywhere.
(Disclaimer: I work for Google, but don't speak for Google.)
Latitue
Latitude isn't cancelled, it's just moving into Google+. Granted that in the short term it's lost some functionality, but I'm sure it'll be back.
Makes sense. Thanks.
A modest suggestion - whenever you feel like someone has made a basic math error in their own field, or doesn't know basic facts about the technology in their own field, and they are a high-level professional in that field, say, a mission manager talking to the press, and you are not, you should consider the possibility that you might be the one who is mistaken.
OTOH, the Terra press kit distributed by NASA includes the following statement:
The science data recorded onboard will be transmitted via Kuband at 150 Megabits per second.
Wait till you reach 50-55.
You mean like all of the 50-55 year olds that I work with? They're also fully and productively-employed software engineers. So are those in their 60s.
What am I waiting for?
I don't think that latency was due to filtering being slow, I think adding latency was the goal. If the Chinese firewall simply blocks large swaths of the Internet, there's the potential of citizen backlash. If, instead, they can just degrade the sites they don't want people looking at, they can gently nudge people towards using other sites that provide the same general services but which are willing to cooperate with the Chinese authorities with respect to what content they provide.
Meh. I'll have a job as long as I want to have a job. It may not always be exactly the job I want, but I'll always be employed. Not to deride saving, of course. Saving aggressively is important at all ages.
Did you mean this to be a response to a different post?
I got hired by my current employer at age 42... and I'm headhunted regularly.
We're talking about jobs where geezers are retiring. Nobody retires from .com jobs as a geezer. They quit, cash out, opt out, are laid off or are forced out a-la Microsoft's Stack Ranking while they're still in their 30's. There is no retirement in private sector tech. If you're old enough to worry about that, you're on your way out.
Bah.
I'm 44 and quite productively employed in private sector tech... and work with many people significantly older than I am, some into their 60s.
The role of of the comments is to stimulate debates. There are no debates without people for and against a concept.
If I had more time, I'd invent some bizarre and ridiculous counterargument.
Actually that means that thieves have to steal two objects (that NFC thing added to your phone) instead of one (your phone alone). Harder for thieves maybe, but the harder it becomes for them, the more violent towards you they can become. I don't think it's a very wise idea ...
It's always amusing to see the lengths to which some slashdotters will go to criticize an idea.
How frustrating that the NHTSA caps at 5/5, as if that makes a car perfectly safe.
You incorrectly assume that a higher score means it's more safe.
What an unreasonable assumption, that higher scores on a scale that attempts to measure safety indicate more safety.
Keep in mind that the stable kernel releases are not expected to be production-ready. Linus just produces the input to the actual testing and validation processes, which are performed by the distributions. That assumption is built into the kernel dev team's processes. Not that they intentionally release crap, but they don't perform the sort of in-depth testing that is required before you push a foundational piece of software onto millions of machines.
Wasn't the next tesla vehicle going to compete against the $50k luxury SUV's?
Next vehicle, yes. I said next-generation, meaning their next sedan.
Or you could read the article and see that in the areas considered for the tests, many of the common safety tests wouldn't even work, they couldn't roll the car over with standard techniques, they couldn't crush the passenger compartment with a standard crusher, and they had a HUGE crumple zone.
Also, for the roof crush test the crushing machine broke before the roof did.
The Tesla Model S is an extremely well-engineered machine. It's expensive, yes, but in most respects it's simply superior to equivalently-priced luxury cars. I'm really looking forward to their next generation, which is intended to be priced more mid-market (probably in the 30s).
I don't find it convincing, particularly this bit: "there is now no private way, evidently, to collaborate". Of course there is. Setup a forum on Tor, Freenet or some other darknet and collaborate there, then publish the results on the open web.
Using PGP to encrypt your e-mail would be more secure.
I don't have any pirated material.
Turns out the NSA has worked out a practical known plaintext break for AES (including -256), it's at offset 459139182 of the insurance file.
:-)
Seriously, it's very, very unlikely that the NSA can break AES, because if they could they'd have to be concerned that someone else might be able to do it as well. The NSA's job is national security, which means protecting important national resources, including the economy, not just spying. So the only way they'd let us keep using AES all over the place after breaking it themselves is if they could be absolutely certain that no one else could do what they did, which would require an unimaginable level of arrogance -- and a very unspook-like way of thinking.
I would assume the files are encrypted with a symmetric cipher like AES. Known plaintext attacks are not very effective against symmetric ciphers. Indeed they're designed to be resilient to chosen plaintext attacks.
Nitpick: Nearly all ciphers are symmetric ciphers (except for the asymmetric ones :-)), and many of them are very vulnerable to known plaintext attacks. But there are plenty of symmetric ciphers which are, as far as we know, resistant to known plaintext, chosen plaintext and even more sophisticated attacks. Such as AES-256, which seems to be the cipher used here.