Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re:Missing the point. on In UK, Google Glass To Be Banned While Driving · · Score: 1

    Care to make a wager on it?

  2. Re:Jobs had to pull music industry into the Web on YouTube Co-founder Calls For Global Access To TV Online · · Score: 1

    yes thats right 20 whole gb.

    Hehe. And you actually think that was small.

  3. Re:Information shouldn't be free on YouTube Co-founder Calls For Global Access To TV Online · · Score: 1

    Life should be unfair. It is better that way.

    Absolutely. And artists must starve, else where will they acquire the angst needed to create art?

  4. Re:Age of the glaciers on Glaciers Protect Alpine Peaks From Erosion · · Score: 1

    Most of the area of these glaciers is less than 13,000 years old. On the level of erosion of mountains, not significant. The glacier cover is quite new on this scale of time.

    Just what I was going to say. The summary is conflating massively different time scales. Just because both of them are far longer than our lives doesn't mean they're the same.

  5. Re:xkcd is overrated on Creator of xkcd Reveals Secret Back-story of His Epic, 3,099-Panel 'Time' Comic · · Score: 1

    I thought I was alone in this until a few weeks ago I found a site called xkcdsucks, and it appears I'm not alone in thinking this.

    Hey, look at me! My opinion is valid because I found a website that says the same thing.

    I'm making a sig out of that.

    I want a t-shirt that says that.

  6. Re:Missing the point. on In UK, Google Glass To Be Banned While Driving · · Score: 1

    Seeing is believing. In this case, quite literally so.

    Actually, I think in this case the announcement is a stronger indicator than the lack of ads on current devices.

  7. Re:This could well be search suggestions. on Surveillance Story Turns Into a Warning About Employer Monitoring · · Score: 1

    Typing "pressure cooker" lists pressure cooker bomb as the 3rd suggestion in Google.

    Hmm. It's the top suggestion for me. Does that indicate what Google thinks about me?

  8. Re:Missing the point. on In UK, Google Glass To Be Banned While Driving · · Score: 1

    Google has specifically stated on the Google Glass blog that it will not put ads on Glass, in the same post where it was announced that third party apps will not be allowed to show ads on Glass. Google it.

    Google's business model is advertising.

    Google's primary business model is advertising, in the sense that it brings in 90% of revenues, but Google is fundamentally a technology company, not an advertising company, and has no objection whatsoever to pursuing other business models. It has been pursuing other approaches, and advertising's share of the revenues has declined from basically 100% to about 90% (enterprise apps licensing being the biggest single other source). In fact, the Google founders and most of the employees aren't particularly enamored of advertising. It brings in large revenues, and it enables end-user services to be free, and therefore low-friction, and done right it can even offer some value to end users as well as advertisers, but it will always be somewhat distasteful to engineers -- and Google is an engineer-driven company, bottom to top.

    Google has stated that the Glass experience needs to be ad-free to be of value. Whether that means it'll be monetized strictly through hardware sales, or whether it's just another link binding people into the Google ecosystem (like Google+) which will facilitate ad targeting accuracy or something else, I don't know. But Google has said that it won't allow ads on the platform, theirs or others'.

  9. Re:Missing the point. on In UK, Google Glass To Be Banned While Driving · · Score: 1

    Of course they've banned third parties. Google's own advertising is the sole reason for the device.

    Google is also not putting any ads on Glass.

  10. Re:Prediction on Surveillance Story Turns Into a Warning About Employer Monitoring · · Score: 1

    Nice quote.

  11. Re:A question worth asking, other half of Google i on Surveillance Story Turns Into a Warning About Employer Monitoring · · Score: 1

    What makes you think that the woman's search history was involved at all?

  12. Prediction on Surveillance Story Turns Into a Warning About Employer Monitoring · · Score: 4, Insightful

    Prediction: this article will not get 850 comments, and many people will continue pointing to this story as proof that Google lets the federal government rifle through all of everyone's data.

  13. Re:Using google... on Google Pressure Cookers and Backpacks: Get a Visit From the Feds · · Score: 1

    If the feds have compromised the CAs, that https gets you nothing.

    If the feds were using compromised CAs to perform man-in-the-middle attacks, we'd notice, unless they did it very, very rarely. If they're going to restrict themselves to using this capability only in circumstances when they have strong reason to believe their target is a criminal or planning to be one, they'd probably be able to just get a warrant.

  14. Re:Missing the point. on In UK, Google Glass To Be Banned While Driving · · Score: 1

    a) Google glass already has ads.

    Cite? Last I heard, Google was not only no putting ads on Glass, but had banned third party developers from incorporating ads into their apps.

  15. Re:It has been known for years on Google Pressure Cookers and Backpacks: Get a Visit From the Feds · · Score: 1

    Another possibility (though I think yours is more likely): Do you use HTTPS to access Google? If you use the search bar on major web browsers, you do. If you are signed into a Google account, you do. Otherwise, if you're not logged in and you manually direct your browser to google.com and then do a search, the query goes to Google unencrypted.

    Assuming Google searches had anything to do with this story (which I doubt), I think it's more likely that non-SSL queries were intercepted.

  16. Re:Did you even RTFA? on Google Pressure Cookers and Backpacks: Get a Visit From the Feds · · Score: 1

    Except they said they do this "100 times a week". The implications of that are staggering. 100 times a week? That is 5200 raids a year.... if they are not putting terrorists away by the truckload then they have some serious explaining to do.

    Even more staggering when you realize this was carried out by a county Sheriff's department. So is this one department carrying out 100 raids per week? Assuming they're not the only PD doing it, we much have hundred of thousands of raids per year. Millions, maybe.

    Color me skeptical.

  17. Re:Nature of the Internet: Information exploitatio on Google Pressure Cookers and Backpacks: Get a Visit From the Feds · · Score: 1

    Just like every other company that does ads, they buy the info from Google.

    Google doesn't sell data. Not to advertisers, not to anyone. The only exception is market research data which is aggregated and anonymized and cannot be used to target specific individuals.

    Of course, once weak selectors have triggered from the google data, the gov't has other systems (e.g. let's say telco info) to get the location and possibly user of the IP address that google recorded.

    I strongly doubt that Google was involved at all. I see two realistic possibilities:

    1. The supposition that the content of a Google search was involved at all is simply false. The visit was provoked by something else, and the targets just assumed it was related to Google queries.

    2. The search was done over HTTP, and the connection was intercepted at the ISP or any other point in the chain between browser and Google.

    That's pretty much it. Google says it doesn't supply data to the government without lawful orders, and that it doesn't supply broad data at all, only specific data about specific individuals given specific legal documentation. You may not believe it, but there's really no evidence otherwise. As a Google employee with some visibility into relevant infrastructure, I have evidence to support it.

    Call me a shill, naive, whatever. This is just my honest, and fairly well-informed, opinion.

  18. Re:Key size not the flaw... on Google Starts Upgrading Its SSL Certificates To 2048-bit Keys · · Score: 1

    WIth physical access and knowledge of the hardware sure it's extractable

    With good tamper-reactive hardware? Well... in theory, sure, anything is possible. In practice, good luck getting in without triggering the tamper response, which zeros the master key. Note that freezing attacks don't work, because getting the device outside of a certain temperature range triggers the tamper response, as does physical penetration, exposure to radiation, improper input voltage or loss of battery power or... good FIPS 140-2 level 4 hardware is very touchy.

    ... this is assuming there's no backdoor in the HSM, always a large assumption.

    Actually, I worked a bit on the IBM 4758 and know a bunch of the people involved throughout its design and development, and I'd say it's extremely unlikely that there's a back door. There's a published paper on the 4758 design (Google it); go read that and then come back and we'll talk. I can tell you about all of the code control and layered reviews at every point in the design, implementation and testing process. It would be fantastically hard to sneak a back door in through that.

  19. Server doesn't create the session key on More Encryption Is Not the Solution · · Score: 4, Informative

    Umm... you should go re-read the SSL/TLS specs. The server doesn't get to dictate the session key.

    The session key (AKA master key) is computed from a "pre-master" secret key and two random numbers, one provided by client the other from the server. Both sides perform this computation independently, and the server has no control over the client random -- nor the client over the server random. Also, the pre-master secret is either generated entirely by the client, or else generated through a Diffie Hellman key agreement protocol, which again involves input from both sides.

    There may be other attacks, but the one described in the summary doesn't work.

  20. Re:Key size not the flaw... on Google Starts Upgrading Its SSL Certificates To 2048-bit Keys · · Score: 1

    The root key is in an HSM, and can't be extracted.

    For disaster recovery purposes it must also exist elsewhere.

    Other HSMs. There is a secure mechanism for syncing keys between devices that ensures that it is still impossible to ever extract them in cleartext. All major HSM devices can do this.

  21. Re:Key size not the flaw... on Google Starts Upgrading Its SSL Certificates To 2048-bit Keys · · Score: 2

    The root key is in an HSM, and can't be extracted. I think I can say that without compromising anything confidential.

  22. Re:Key size not the flaw... on Google Starts Upgrading Its SSL Certificates To 2048-bit Keys · · Score: 1

    The largest risk isn't during transmission, it is at the user's end... and Google's end. 2 million bit encryption wouldn't be enough if you had a keylogger, or if google got served a National Security Letter that it decided to honor.

    Yeah, but the NIST recommendations suggest that 1024-bit keys aren't adequate any more, so it's just good security hygiene to upgrade, even if they're not actually the current weak point, which I agree is almost certainly at the user's end.

  23. Re:Butt ugly and another car designed for CAFE on BMW Debuts First Electric Vehicle Made Primarily of Carbon Fiber · · Score: 1

    I tend to try to give people the benefit of the doubt, because it makes my life better than if I assumed the worst and walked around angry all of the time, but it's nice to get confirmation that the Volt owner most likely wasn't being rude.

    I think maybe I'll print up a little sign to leave under my windshield wiper when I'm parked at the airport, explaining how to interpret the lights. Or maybe I can put it over the charging port; that would be even better.

    Thanks for the information.

  24. Re:Butt ugly and another car designed for CAFE on BMW Debuts First Electric Vehicle Made Primarily of Carbon Fiber · · Score: 4, Insightful

    On the Leaf vs Volt access to the charging station, I think the Leaf owners have a point. Charging is optional for the Volt, not so for the Leaf.

    Of course, I own a Leaf, and have had the experience of having a Volt owner unplug my car at the airport parking lot, 15 minutes after I plugged in. When I got back from my trip it was questionable if I had enough juice to get home. Well, to be fair, I don't know for sure that it was the Volt owner who unplugged me, but it was a day trip and the charger was plugged into a Volt when I got home in the evening. On the assumption the Volt owner was uninformed rather than rude, I left a nice note explaining that the Leaf does not have a gasoline engine, and how the blue lights on the dash indicate charge state, pointing out that when you see a car with a single blue light flashing, you should probably leave it plugged in.

  25. Re:Mimicing does not make art on Robot Produces Paintings With That 'Imperfect' Human Look · · Score: 1

    The flaw in your thinking is that the ability to detect creativity matters.

    The flaw in your thinking is that you don't get to judge what constitutes creativity. Thus, you don't get to decide what is "the ability to detect creativity" either. So yeah, try again?

    Who said I (or anyone) needs to judge what constitutes creativity?